SiteMembershipPolicy (Liferay 6.2-ce-ga5 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Liferay 6.2-ce-ga5

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.liferay.portal.security.membershippolicy
Interface SiteMembershipPolicy

All Known Implementing Classes:: BaseSiteMembershipPolicy, DummySiteMembershipPolicy

public interface SiteMembershipPolicy

Provides the Site Membership Policy interface, allowing customization of user membership regarding sites and site roles.

Site Membership Policies define the sites a user is allowed to be a member of, the sites the user must be a member of, the site roles the user is allowed to be assigned, and the site roles the user must be assigned.

An implementation may include any number of rules and actions to enforce those rules. The implementation may include rules and actions like the following:

If a user is a member of the site he will automatically be a member of all its child sites.
Only the members of the parent site can become a member of this site.
If a user doesn't have the custom attribute A, he cannot be assigned to site B.
If the user is added to site A, he will automatically be added to site B.
The user must have the Administrator Role in order to be added to site "Admin Site".
All users with the custom attribute A will automatically have the site role B.
All the users with site role A cannot have site role B (incompatible roles).

Liferay's core services invoke checkMembership(long[], long[], long[]) to detect policy violations before adding the users to and removing the users from the sites. On passing the check, the service proceeds with the changes and propagates appropriate related actions in the portal by invoking propagateMembership(long[], long[], long[]). On failing the check, the service foregoes making the changes. For example, Liferay executes this logic when adding and updating sites, adding and removing users with respect to sites, and adding and removing site roles with respect to users.

Liferay's UI calls the "is*" methods, such as isMembershipAllowed(long, long), to determine appropriate options to display to the user. For example, the UI calls isMembershipAllowed(long, long) to decide whether to display the "Join" link to the user.

Liferay's core services call isMembershipProtected(PermissionChecker, long, long) and isRoleProtected(PermissionChecker, long, long, long) to protect user site memberships and site role assignments, appropriately.

Method Summary
`void`	`checkMembership(long[] userIds, long[] addGroupIds, long[] removeGroupIds)` Checks if the users can be added to and removed from the respective sites.
`void`	`checkRoles(List<UserGroupRole> addUserGroupRoles, List<UserGroupRole> removeUserGroupRoles)` Checks if the site roles can be added to or removed from their users.
`boolean`	`isMembershipAllowed(long userId, long groupId)` Returns `true` if the user can be added to the site.
`boolean`	`isMembershipProtected(PermissionChecker permissionChecker, long userId, long groupId)` Returns `true` if the policy prevents the user from being removed from the site by the user associated with the permission checker.
`boolean`	`isMembershipRequired(long userId, long groupId)` Returns `true` if site membership for the user is mandatory.
`boolean`	`isRoleAllowed(long userId, long groupId, long roleId)` Returns `true` if the role can be added to the user on the site.
`boolean`	`isRoleProtected(PermissionChecker permissionChecker, long userId, long groupId, long roleId)` Returns `true` if the policy prevents the user from being removed from the role by the user associated with the permission checker.
`boolean`	`isRoleRequired(long userId, long groupId, long roleId)` Returns `true` if the role is mandatory for the user on the site.
`void`	`propagateMembership(long[] userIds, long[] addGroupIds, long[] removeGroupIds)` Performs membership policy related actions after the users are added to and removed from the respective sites.
`void`	`propagateRoles(List<UserGroupRole> addUserGroupRoles, List<UserGroupRole> removeUserGroupRoles)` Performs membership policy related actions after the respective site roles are added to and removed from the affected users.
`void`	`verifyPolicy()` Checks the integrity of the membership policy of each of the portal's sites and performs operations necessary for the compliance of each site and site role.
`void`	`verifyPolicy(Group group)` Checks the integrity of the membership policy of the site and performs operations necessary for the site's compliance.
`void`	`verifyPolicy(Group group, Group oldGroup, List<AssetCategory> oldAssetCategories, List<AssetTag> oldAssetTags, Map<String,Serializable> oldExpandoAttributes, UnicodeProperties oldTypeSettingsProperties)` Checks the integrity of the membership policy of the site, with respect to the site's new attribute values, categories, tags, expando attributes, and type settings properties, and performs operations necessary for the compliance of the site and its site roles.
`void`	`verifyPolicy(Role role)` Checks the integrity of the membership policy of the site role and performs operations necessary for the role's compliance.
`void`	`verifyPolicy(Role role, Role oldRole, Map<String,Serializable> oldExpandoAttributes)` Checks the integrity of the membership policy of the site role, with respect to its expando attributes, and performs operations necessary for the role's compliance.

Method Detail

checkMembership

void checkMembership(long[] userIds,
                     long[] addGroupIds,
                     long[] removeGroupIds)
                     throws PortalException,
                            SystemException

Checks if the users can be added to and removed from the respective sites.

Liferay's core services call this method before adding the users to and removing the users from the respective sites. If this method throws an exception, the service foregoes making the changes.

Parameters:: userIds - the primary keys of the users to be added and removed from the sites; addGroupIds - the primary keys of the sites to which the users are to be added (optionally null); removeGroupIds - the primary keys of the sites from which the users are to be removed (optionally null)
Throws:: PortalException - if any one user could not be added to a site, if any one user could not be removed from a site, or if a portal exception occurred; SystemException - if a system exception occurred

checkRoles

void checkRoles(List<UserGroupRole> addUserGroupRoles,
                List<UserGroupRole> removeUserGroupRoles)
                throws PortalException,
                       SystemException

Checks if the site roles can be added to or removed from their users.

Liferay's core services call this method before adding the users to and removing the users from the respective site roles. If this method throws an exception, the service foregoes making the changes.

Parameters:: addUserGroupRoles - the user group roles to be added; removeUserGroupRoles - the user group roles to be removed
Throws:: PortalException - if any one user group role violated the policy or if a portal exception occurred; SystemException - if a system exception occurred

isMembershipAllowed

boolean isMembershipAllowed(long userId,
                            long groupId)
                            throws PortalException,
                                   SystemException

Returns true if the user can be added to the site. Liferay's UI calls this method.

Parameters:: userId - the primary key of the user; groupId - the primary key of the site
Returns:: true if the user can be added to the site; false otherwise
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

isMembershipProtected

boolean isMembershipProtected(PermissionChecker permissionChecker,
                              long userId,
                              long groupId)
                              throws PortalException,
                                     SystemException

Returns true if the policy prevents the user from being removed from the site by the user associated with the permission checker.

Parameters:: permissionChecker - the permission checker referencing a user; userId - the primary key of the user to check for protection; groupId - the primary key of the site
Returns:: true if the policy prevents the user from being removed from the site by the user associated with the permission checker; false otherwise
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

isMembershipRequired

boolean isMembershipRequired(long userId,
                             long groupId)
                             throws PortalException,
                                    SystemException

Returns true if site membership for the user is mandatory. Liferay's UI, for example, calls this method in deciding whether to display the option to leave the site.

Parameters:: userId - the primary key of the user; groupId - the primary key of the site
Returns:: true if site membership for the user is mandatory; false otherwise
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

isRoleAllowed

boolean isRoleAllowed(long userId,
                      long groupId,
                      long roleId)
                      throws PortalException,
                             SystemException

Returns true if the role can be added to the user on the site. Liferay's UI calls this method.

Parameters:: userId - the primary key of the user; groupId - the primary key of the site; roleId - the primary key of the role
Returns:: true if the role can be added to the user on the site; false otherwise
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

isRoleProtected

boolean isRoleProtected(PermissionChecker permissionChecker,
                        long userId,
                        long groupId,
                        long roleId)
                        throws PortalException,
                               SystemException

Returns true if the policy prevents the user from being removed from the role by the user associated with the permission checker.

Parameters:: permissionChecker - the permission checker referencing a user; userId - the primary key of the user to check for protection; groupId - the primary key of the site; roleId - the primary key of the role
Returns:: true if the policy prevents the user from being removed from the role by the user associated with the permission checker; false otherwise
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

isRoleRequired

boolean isRoleRequired(long userId,
                       long groupId,
                       long roleId)
                       throws PortalException,
                              SystemException

Returns true if the role is mandatory for the user on the site. Liferay's UI calls this method.

Parameters:: userId - the primary key of the user; groupId - the primary key of the site; roleId - the primary key of the role
Returns:: true if the role is mandatory for the user on the site; false otherwise
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

propagateMembership

void propagateMembership(long[] userIds,
                         long[] addGroupIds,
                         long[] removeGroupIds)
                         throws PortalException,
                                SystemException

Performs membership policy related actions after the users are added to and removed from the respective sites. Liferay's core services call this method after adding and removing the users to and from the respective sites.

The actions must ensure the integrity of each site's membership policy. For example, some actions for implementations to consider performing are:

Adding the users to the child sites of each site to which the users were added.
Removing the users from the child sites of each site from which the users were removed.

Parameters:: userIds - the primary key of the users that have been added or removed; addGroupIds - the primary keys of the sites to which the users were added (optionally null); removeGroupIds - the primary keys of the sites from which the users were removed (optionally null)
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

propagateRoles

void propagateRoles(List<UserGroupRole> addUserGroupRoles,
                    List<UserGroupRole> removeUserGroupRoles)
                    throws PortalException,
                           SystemException

Performs membership policy related actions after the respective site roles are added to and removed from the affected users. Liferay's core services call this method after the roles are added to and removed from the users.

The actions must ensure the membership policy of each site role. For example, some actions for implementations to consider performing are:

If the role A is added to a user, role B should be added too.
If the role A is removed from a user, role B should be removed too.

Parameters:: addUserGroupRoles - the user group roles added; removeUserGroupRoles - the user group roles removed
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

verifyPolicy

void verifyPolicy()
                  throws PortalException,
                         SystemException

Checks the integrity of the membership policy of each of the portal's sites and performs operations necessary for the compliance of each site and site role. This method can be triggered manually from the Control Panel. If the membership.policy.auto.verify portal property is true this method is triggered when starting Liferay and every time a membership policy hook is deployed.

Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

verifyPolicy

void verifyPolicy(Group group)
                  throws PortalException,
                         SystemException

Checks the integrity of the membership policy of the site and performs operations necessary for the site's compliance.

Parameters:: group - the site to verify
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

verifyPolicy

void verifyPolicy(Group group,
                  Group oldGroup,
                  List<AssetCategory> oldAssetCategories,
                  List<AssetTag> oldAssetTags,
                  Map<String,Serializable> oldExpandoAttributes,
                  UnicodeProperties oldTypeSettingsProperties)
                  throws PortalException,
                         SystemException

Checks the integrity of the membership policy of the site, with respect to the site's new attribute values, categories, tags, expando attributes, and type settings properties, and performs operations necessary for the compliance of the site and its site roles. Liferay calls this method when adding and updating sites.

The actions must ensure the integrity of the site's membership policy based on what has changed in the site's attribute values, categories, tags, expando attributes, and type settings properties.

For example, if the membership policy is that sites with the "admnistrator" tag should only allow administrators as users, then this method could enforce that policy using the following logic:

If the old tags include the "administrator" tag and the new tags include it too, then no action needs to be performed regarding the policy. Note, the new tags can be obtained by calling assetTagLocalService.getTags(Group.class.getName(), group.getGroupId());.
If the old tags include the "administrator" tag and the new tags don't include it, then no action needs to be performed regarding the policy, as non-administrator users need not be removed.
However, if the old tags don't include the "administrator" tag, but the new tags include it, any site user that does not have the Administrator role must be removed from the site.

Parameters:: group - the added or updated site to verify; oldGroup - the old site; oldAssetCategories - the old categories; oldAssetTags - the old tags; oldExpandoAttributes - the old expando attributes; oldTypeSettingsProperties - the old type settings properties
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

verifyPolicy

void verifyPolicy(Role role)
                  throws PortalException,
                         SystemException

Checks the integrity of the membership policy of the site role and performs operations necessary for the role's compliance.

Parameters:: role - the role to verify
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

verifyPolicy

void verifyPolicy(Role role,
                  Role oldRole,
                  Map<String,Serializable> oldExpandoAttributes)
                  throws PortalException,
                         SystemException

Checks the integrity of the membership policy of the site role, with respect to its expando attributes, and performs operations necessary for the role's compliance. Liferay calls this method when adding and updating site roles.

Parameters:: role - the added or updated role to verify; oldRole - the old role; oldExpandoAttributes - the old expando attributes
Throws:: PortalException - if a portal exception occurred; SystemException - if a system exception occurred

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Liferay 6.2-ce-ga5

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.liferay.portal.security.membershippolicy Interface SiteMembershipPolicy

checkMembership

checkRoles

isMembershipAllowed

isMembershipProtected

isMembershipRequired

isRoleAllowed

isRoleProtected

isRoleRequired

propagateMembership

propagateRoles

verifyPolicy

verifyPolicy

verifyPolicy

verifyPolicy

verifyPolicy

com.liferay.portal.security.membershippolicy
Interface SiteMembershipPolicy