001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.model.impl; 016 017 /** 018 * Stores the actions a role has permission to perform on all resources of the 019 * type within the group/company. 020 * 021 * <p> 022 * Resource type permissions can exist at either company or group scope. They 023 * are roughly equivalent to resource permissions with company, group, or 024 * group-template scope. However, resource type permissions make no distinction 025 * between company and group-template scope, storing both as company scope 026 * permissions. The reason for this simplification is that regular roles cannot 027 * have group-template scope permissions, and site/organization roles can only 028 * have group-template scope permissions. Therefore, resource type permissions 029 * depend on the type of their associated role to distinguish between the two 030 * scopes. 031 * </p> 032 * 033 * <p> 034 * Do not confuse resource type permissions with resource block permissions; 035 * they serve very different purposes. Resource block permissions store the 036 * permissions on a single resource block, and are simply a representation of 037 * who can do what to the resources within the block. Resource type permissions 038 * grant permissions to perform actions on all resources of a type within a 039 * group or company. Any permissions granted to a role with a resource type 040 * permission are automatically added to all the resource blocks for that 041 * resource type within the group/company. 042 * </p> 043 * 044 * <p> 045 * For example, if a company scope resource type permission is granted to a role 046 * to edit blog entries, all the resource blocks within the company for blog 047 * entries are modified to grant the role permission to edit the blog entries 048 * they contain. Thus, granting and revoking resource type permissions will also 049 * cause those same permissions to be granted/revoked at the resource block 050 * permission level. 051 * </p> 052 * 053 * <p> 054 * Copying permissions from the company and group scope to the resource block 055 * scope eliminates the need to check multiple scopes when determining if a role 056 * has permission to perform an action on a resource. All the necessary 057 * information is cached at the most granular level. 058 * </p> 059 * 060 * <p> 061 * Rather than using a separate "scope" attribute as {@linkplain 062 * ResourcePermissionImpl resource permissions} do, company scope resource type 063 * permissions simply have a <code>groupId</code> of <code>0</code> 064 * </p> 065 * 066 * <p> 067 * The type of resource the permission grants access to is specified by the 068 * <code>name</code> attribute, which must be the fully qualified class name of 069 * a model (such as a blog entry). 070 * </p> 071 * 072 * <p> 073 * The <code>actionIds</code> attribute stores the bitwise IDs of all the 074 * actions allowed by this permission. 075 * </p> 076 * 077 * @author Connor McKay 078 */ 079 public class ResourceTypePermissionImpl extends ResourceTypePermissionBaseImpl { 080 081 @Override 082 public boolean isCompanyScope() { 083 if (getGroupId() == 0) { 084 return true; 085 } 086 else { 087 return false; 088 } 089 } 090 091 @Override 092 public boolean isGroupScope() { 093 return !isCompanyScope(); 094 } 095 096 }