001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.kernel.exception.SystemException; 019 import com.liferay.portal.model.ResourceConstants; 020 import com.liferay.portal.model.Role; 021 import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl; 022 023 import java.util.Map; 024 025 /** 026 * Provides the remote service for adding, granting, and revoking resource 027 * permissions. Its methods include permission checks. 028 * 029 * <p> 030 * Before attempting to read any of the documentation for this class, first read 031 * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an 032 * explanation of scoping. 033 * </p> 034 * 035 * @author Brian Wing Shun Chan 036 */ 037 public class ResourcePermissionServiceImpl 038 extends ResourcePermissionServiceBaseImpl { 039 040 /** 041 * Grants the role permission at the scope to perform the action on 042 * resources of the type. Existing actions are retained. 043 * 044 * <p> 045 * This method cannot be used to grant individual scope permissions, but is 046 * only intended for adding permissions at the company, group, and 047 * group-template scopes. For example, this method could be used to grant a 048 * company scope permission to edit message board posts. 049 * </p> 050 * 051 * <p> 052 * If a company scope permission is granted to resources that the role 053 * already had group scope permissions to, the group scope permissions are 054 * deleted. Likewise, if a group scope permission is granted to resources 055 * that the role already had company scope permissions to, the company scope 056 * permissions are deleted. Be aware that this latter behavior can result in 057 * an overall reduction in permissions for the role. 058 * </p> 059 * 060 * <p> 061 * Depending on the scope, the value of <code>primKey</code> will have 062 * different meanings. For more information, see {@link 063 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 064 * </p> 065 * 066 * @param groupId the primary key of the group 067 * @param companyId the primary key of the company 068 * @param name the resource's name, which can be either a class name or a 069 * portlet ID 070 * @param scope the scope. This method only supports company, group, and 071 * group-template scope. 072 * @param primKey the primary key 073 * @param roleId the primary key of the role 074 * @param actionId the action ID 075 * @throws PortalException if the user did not have permission to add 076 * resource permissions, or if scope was set to individual scope or 077 * if a role with the primary key or a resource action with the name 078 * and action ID could not be found 079 * @throws SystemException if a system exception occurred 080 */ 081 @Override 082 public void addResourcePermission( 083 long groupId, long companyId, String name, int scope, 084 String primKey, long roleId, String actionId) 085 throws PortalException, SystemException { 086 087 permissionService.checkPermission( 088 groupId, Role.class.getName(), roleId); 089 090 resourcePermissionLocalService.addResourcePermission( 091 companyId, name, scope, primKey, roleId, actionId); 092 } 093 094 /** 095 * Revokes permission at the scope from the role to perform the action on 096 * resources of the type. For example, this method could be used to revoke a 097 * group scope permission to edit blog posts. 098 * 099 * <p> 100 * Depending on the scope, the value of <code>primKey</code> will have 101 * different meanings. For more information, see {@link 102 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 103 * </p> 104 * 105 * @param groupId the primary key of the group 106 * @param companyId the primary key of the company 107 * @param name the resource's name, which can be either a class name or a 108 * portlet ID 109 * @param scope the scope 110 * @param primKey the primary key 111 * @param roleId the primary key of the role 112 * @param actionId the action ID 113 * @throws PortalException if the user did not have permission to remove 114 * resource permissions, or if a role with the primary key or a 115 * resource action with the name and action ID could not be found 116 * @throws SystemException if a system exception occurred 117 */ 118 @Override 119 public void removeResourcePermission( 120 long groupId, long companyId, String name, int scope, 121 String primKey, long roleId, String actionId) 122 throws PortalException, SystemException { 123 124 permissionService.checkPermission( 125 groupId, Role.class.getName(), roleId); 126 127 resourcePermissionLocalService.removeResourcePermission( 128 companyId, name, scope, primKey, roleId, actionId); 129 } 130 131 /** 132 * Revokes all permissions at the scope from the role to perform the action 133 * on resources of the type. For example, this method could be used to 134 * revoke all individual scope permissions to edit blog posts from site 135 * members. 136 * 137 * @param groupId the primary key of the group 138 * @param companyId the primary key of the company 139 * @param name the resource's name, which can be either a class name or a 140 * portlet ID 141 * @param scope the scope 142 * @param roleId the primary key of the role 143 * @param actionId the action ID 144 * @throws PortalException if the user did not have permission to remove 145 * resource permissions, or if a role with the primary key or a 146 * resource action with the name and action ID could not be found 147 * @throws SystemException if a system exception occurred 148 */ 149 @Override 150 public void removeResourcePermissions( 151 long groupId, long companyId, String name, int scope, long roleId, 152 String actionId) 153 throws PortalException, SystemException { 154 155 permissionService.checkPermission( 156 groupId, Role.class.getName(), roleId); 157 158 resourcePermissionLocalService.removeResourcePermissions( 159 companyId, name, scope, roleId, actionId); 160 } 161 162 /** 163 * Updates the role's permissions at the scope, setting the actions that can 164 * be performed on resources of the type. Existing actions are replaced. 165 * 166 * <p> 167 * This method can be used to set permissions at any scope, but it is 168 * generally only used at the individual scope. For example, it could be 169 * used to set the guest permissions on a blog post. 170 * </p> 171 * 172 * <p> 173 * Depending on the scope, the value of <code>primKey</code> will have 174 * different meanings. For more information, see {@link 175 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 176 * </p> 177 * 178 * @param groupId the primary key of the group 179 * @param companyId the primary key of the company 180 * @param name the resource's name, which can be either a class name or a 181 * portlet ID 182 * @param primKey the primary key 183 * @param roleId the primary key of the role 184 * @param actionIds the action IDs of the actions 185 * @throws PortalException if the user did not have permission to set 186 * resource permissions, or if a role with the primary key or a 187 * resource action with the name and action ID could not be found 188 * @throws SystemException if a system exception occurred 189 */ 190 @Override 191 public void setIndividualResourcePermissions( 192 long groupId, long companyId, String name, String primKey, 193 long roleId, String[] actionIds) 194 throws PortalException, SystemException { 195 196 permissionService.checkPermission(groupId, name, primKey); 197 198 resourcePermissionLocalService.setResourcePermissions( 199 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 200 roleId, actionIds); 201 } 202 203 /** 204 * Updates the role's permissions at the scope, setting the actions that can 205 * be performed on resources of the type. Existing actions are replaced. 206 * 207 * <p> 208 * This method can be used to set permissions at any scope, but it is 209 * generally only used at the individual scope. For example, it could be 210 * used to set the guest permissions on a blog post. 211 * </p> 212 * 213 * <p> 214 * Depending on the scope, the value of <code>primKey</code> will have 215 * different meanings. For more information, see {@link 216 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 217 * </p> 218 * 219 * @param groupId the primary key of the group 220 * @param companyId the primary key of the company 221 * @param name the resource's name, which can be either a class name or a 222 * portlet ID 223 * @param primKey the primary key 224 * @param roleIdsToActionIds a map of role IDs to action IDs of the actions 225 * @throws PortalException if the user did not have permission to set 226 * resource permissions, or if a role with the primary key or a 227 * resource action with the name and action ID could not be found 228 * @throws SystemException if a system exception occurred 229 */ 230 @Override 231 public void setIndividualResourcePermissions( 232 long groupId, long companyId, String name, String primKey, 233 Map<Long, String[]> roleIdsToActionIds) 234 throws PortalException, SystemException { 235 236 permissionService.checkPermission(groupId, name, primKey); 237 238 resourcePermissionLocalService.setResourcePermissions( 239 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 240 roleIdsToActionIds); 241 } 242 243 }