001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.model.ResourceConstants; 019 import com.liferay.portal.model.Role; 020 import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl; 021 022 import java.util.Map; 023 024 /** 025 * Provides the remote service for adding, granting, and revoking resource 026 * permissions. Its methods include permission checks. 027 * 028 * <p> 029 * Before attempting to read any of the documentation for this class, first read 030 * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an 031 * explanation of scoping. 032 * </p> 033 * 034 * @author Brian Wing Shun Chan 035 */ 036 public class ResourcePermissionServiceImpl 037 extends ResourcePermissionServiceBaseImpl { 038 039 /** 040 * Grants the role permission at the scope to perform the action on 041 * resources of the type. Existing actions are retained. 042 * 043 * <p> 044 * This method cannot be used to grant individual scope permissions, but is 045 * only intended for adding permissions at the company, group, and 046 * group-template scopes. For example, this method could be used to grant a 047 * company scope permission to edit message board posts. 048 * </p> 049 * 050 * <p> 051 * If a company scope permission is granted to resources that the role 052 * already had group scope permissions to, the group scope permissions are 053 * deleted. Likewise, if a group scope permission is granted to resources 054 * that the role already had company scope permissions to, the company scope 055 * permissions are deleted. Be aware that this latter behavior can result in 056 * an overall reduction in permissions for the role. 057 * </p> 058 * 059 * <p> 060 * Depending on the scope, the value of <code>primKey</code> will have 061 * different meanings. For more information, see {@link 062 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 063 * </p> 064 * 065 * @param groupId the primary key of the group 066 * @param companyId the primary key of the company 067 * @param name the resource's name, which can be either a class name or a 068 * portlet ID 069 * @param scope the scope. This method only supports company, group, and 070 * group-template scope. 071 * @param primKey the primary key 072 * @param roleId the primary key of the role 073 * @param actionId the action ID 074 * @throws PortalException if the user did not have permission to add 075 * resource permissions, or if scope was set to individual scope or 076 * if a role with the primary key or a resource action with the name 077 * and action ID could not be found 078 */ 079 @Override 080 public void addResourcePermission( 081 long groupId, long companyId, String name, int scope, 082 String primKey, long roleId, String actionId) 083 throws PortalException { 084 085 permissionService.checkPermission( 086 groupId, Role.class.getName(), roleId); 087 088 resourcePermissionLocalService.addResourcePermission( 089 companyId, name, scope, primKey, roleId, actionId); 090 } 091 092 /** 093 * Revokes permission at the scope from the role to perform the action on 094 * resources of the type. For example, this method could be used to revoke a 095 * group scope permission to edit blog posts. 096 * 097 * <p> 098 * Depending on the scope, the value of <code>primKey</code> will have 099 * different meanings. For more information, see {@link 100 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 101 * </p> 102 * 103 * @param groupId the primary key of the group 104 * @param companyId the primary key of the company 105 * @param name the resource's name, which can be either a class name or a 106 * portlet ID 107 * @param scope the scope 108 * @param primKey the primary key 109 * @param roleId the primary key of the role 110 * @param actionId the action ID 111 * @throws PortalException if the user did not have permission to remove 112 * resource permissions, or if a role with the primary key or a 113 * resource action with the name and action ID could not be found 114 */ 115 @Override 116 public void removeResourcePermission( 117 long groupId, long companyId, String name, int scope, 118 String primKey, long roleId, String actionId) 119 throws PortalException { 120 121 permissionService.checkPermission( 122 groupId, Role.class.getName(), roleId); 123 124 resourcePermissionLocalService.removeResourcePermission( 125 companyId, name, scope, primKey, roleId, actionId); 126 } 127 128 /** 129 * Revokes all permissions at the scope from the role to perform the action 130 * on resources of the type. For example, this method could be used to 131 * revoke all individual scope permissions to edit blog posts from site 132 * members. 133 * 134 * @param groupId the primary key of the group 135 * @param companyId the primary key of the company 136 * @param name the resource's name, which can be either a class name or a 137 * portlet ID 138 * @param scope the scope 139 * @param roleId the primary key of the role 140 * @param actionId the action ID 141 * @throws PortalException if the user did not have permission to remove 142 * resource permissions, or if a role with the primary key or a 143 * resource action with the name and action ID could not be found 144 */ 145 @Override 146 public void removeResourcePermissions( 147 long groupId, long companyId, String name, int scope, long roleId, 148 String actionId) 149 throws PortalException { 150 151 permissionService.checkPermission( 152 groupId, Role.class.getName(), roleId); 153 154 resourcePermissionLocalService.removeResourcePermissions( 155 companyId, name, scope, roleId, actionId); 156 } 157 158 /** 159 * Updates the role's permissions at the scope, setting the actions that can 160 * be performed on resources of the type. Existing actions are replaced. 161 * 162 * <p> 163 * This method can be used to set permissions at any scope, but it is 164 * generally only used at the individual scope. For example, it could be 165 * used to set the guest permissions on a blog post. 166 * </p> 167 * 168 * <p> 169 * Depending on the scope, the value of <code>primKey</code> will have 170 * different meanings. For more information, see {@link 171 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 172 * </p> 173 * 174 * @param groupId the primary key of the group 175 * @param companyId the primary key of the company 176 * @param name the resource's name, which can be either a class name or a 177 * portlet ID 178 * @param primKey the primary key 179 * @param roleId the primary key of the role 180 * @param actionIds the action IDs of the actions 181 * @throws PortalException if the user did not have permission to set 182 * resource permissions, or if a role with the primary key or a 183 * resource action with the name and action ID could not be found 184 */ 185 @Override 186 public void setIndividualResourcePermissions( 187 long groupId, long companyId, String name, String primKey, 188 long roleId, String[] actionIds) 189 throws PortalException { 190 191 permissionService.checkPermission(groupId, name, primKey); 192 193 resourcePermissionLocalService.setResourcePermissions( 194 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 195 roleId, actionIds); 196 } 197 198 /** 199 * Updates the role's permissions at the scope, setting the actions that can 200 * be performed on resources of the type. Existing actions are replaced. 201 * 202 * <p> 203 * This method can be used to set permissions at any scope, but it is 204 * generally only used at the individual scope. For example, it could be 205 * used to set the guest permissions on a blog post. 206 * </p> 207 * 208 * <p> 209 * Depending on the scope, the value of <code>primKey</code> will have 210 * different meanings. For more information, see {@link 211 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 212 * </p> 213 * 214 * @param groupId the primary key of the group 215 * @param companyId the primary key of the company 216 * @param name the resource's name, which can be either a class name or a 217 * portlet ID 218 * @param primKey the primary key 219 * @param roleIdsToActionIds a map of role IDs to action IDs of the actions 220 * @throws PortalException if the user did not have permission to set 221 * resource permissions, or if a role with the primary key or a 222 * resource action with the name and action ID could not be found 223 */ 224 @Override 225 public void setIndividualResourcePermissions( 226 long groupId, long companyId, String name, String primKey, 227 Map<Long, String[]> roleIdsToActionIds) 228 throws PortalException { 229 230 permissionService.checkPermission(groupId, name, primKey); 231 232 resourcePermissionLocalService.setResourcePermissions( 233 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 234 roleIdsToActionIds); 235 } 236 237 }