View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.api.services;
17  
18  import org.kuali.rice.core.api.criteria.QueryByCriteria;
19  import org.kuali.rice.kim.api.common.assignee.Assignee;
20  import org.kuali.rice.kim.api.group.Group;
21  import org.kuali.rice.kim.api.identity.CodedAttribute;
22  import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
23  import org.kuali.rice.kim.api.identity.entity.Entity;
24  import org.kuali.rice.kim.api.identity.entity.EntityDefault;
25  import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
26  import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
27  import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
28  import org.kuali.rice.kim.api.identity.principal.Principal;
29  import org.kuali.rice.kim.api.permission.Permission;
30  import org.kuali.rice.kim.api.responsibility.Responsibility;
31  import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
32  
33  import java.util.List;
34  import java.util.Map;
35  
36  /**
37   * This is the front end for the KIM module.  Clients of KIM should access this service from
38   * their applications.  If KIM is not running on the same machine (VM) as the application
39   * (as would be the case with a standalone Rice server), then this service should be implemented
40   * locally within the application and access the core KIM services
41   * (Authentication/Authorization/Identity/Group) via the service bus.
42   *
43   *  For efficiency, implementations of this interface should add appropriate caching of
44   *  the information retrieved from the core services for load and performance reasons.
45   *
46   *  Most of the methods on this interface are straight pass-thrus to methods on the four core services.
47   *
48   * @author Kuali Rice Team (rice.collab@kuali.org)
49   *
50   */
51  public interface IdentityManagementService {
52  
53  	// *******************************
54  	// IdentityService
55  	// *******************************
56  
57  	Principal getPrincipal( String principalId);
58  	Principal getPrincipalByPrincipalName( String principalName);
59  
60  	Principal getPrincipalByPrincipalNameAndPassword(
61               String principalName,
62               String password
63      );
64  
65  	EntityDefault getEntityDefaultInfo( String entityId);
66  	EntityDefault getEntityDefaultInfoByPrincipalId( String principalId);
67  	EntityDefault getEntityDefaultInfoByPrincipalName( String principalName);
68  
69      EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria);
70  
71  	//KimEntityPrivacyPreferencesInfo getEntityPrivacyPreferences(String entityId);
72  
73  	Entity getEntity( String entityId);
74  	Entity getEntityByPrincipalId( String principalId);
75  	Entity getEntityByPrincipalName( String principalName);
76  
77  	EntityQueryResults findEntities(QueryByCriteria queryByCriteria);
78  
79  	CodedAttribute getAddressType( String code);
80  	EntityAffiliationType getAffiliationType( String code);
81  	CodedAttribute getCitizenshipStatus( String code);
82  	CodedAttribute getEmailType( String code);
83  	CodedAttribute getEmploymentStatus( String code);
84  	CodedAttribute getEmploymentType( String code);
85  	CodedAttribute getEntityNameType( String code);
86  	CodedAttribute getEntityType( String code);
87  	EntityExternalIdentifierType getExternalIdentifierType( String code);
88  	CodedAttribute getPhoneType( String code);
89  
90  	// *******************************
91  	// GroupService
92  	// *******************************
93  
94  	Group getGroup( String groupId);
95  
96      Group getGroupByName(
97               String namespaceCode,
98               String groupName
99      );
100 
101     List<String> getParentGroupIds( String groupId);
102     List<String> getDirectParentGroupIds( String groupId);
103 
104     
105     List<String> getGroupIdsForPrincipal( String principalId);
106 
107     
108     List<String> getGroupIdsForPrincipal(
109              String principalId,
110              String namespaceCode
111     );
112 
113     
114     List<? extends Group> getGroupsForPrincipal( String principalId);
115 
116     
117     List<? extends Group> getGroupsForPrincipal(
118              String principalId,
119              String namespaceCode
120     );
121 
122     List<String> getMemberGroupIds( String groupId);
123     List<String> getDirectMemberGroupIds( String groupId);
124 
125     
126 	boolean isMemberOfGroup(
127              String principalId,
128              String groupId
129     );
130 
131     
132 	boolean isMemberOfGroup(
133              String principalId,
134              String namespaceCode,
135              String groupName
136     );
137 
138 	boolean isGroupMemberOfGroup(
139              String potentialMemberGroupId,
140              String potentialParentId
141     );
142 
143 	List<String> getGroupMemberPrincipalIds( String groupId);
144 	List<String> getDirectGroupMemberPrincipalIds( String groupId);
145 
146     boolean addGroupToGroup(
147              String childId,
148              String parentId
149     );
150 
151     boolean removeGroupFromGroup(
152              String childId,
153              String parentId
154     );
155 
156     boolean addPrincipalToGroup(
157              String principalId,
158              String groupId
159     );
160 
161     boolean removePrincipalFromGroup(
162              String principalId,
163              String groupId
164     );
165 
166     Group createGroup( Group group);
167     void removeAllMembers( String groupId);
168 
169     Group updateGroup(
170              String groupId,
171              Group group
172     );
173 
174     // --------------------
175     // Authorization Checks
176     // --------------------
177 
178     boolean hasPermission(
179              String principalId,
180              String namespaceCode,
181              String permissionName,
182               Map<String, String> permissionDetails
183     );
184 
185     boolean isAuthorized(
186              String principalId,
187              String namespaceCode,
188              String permissionName,
189               Map<String, String> permissionDetails,
190               Map<String, String> qualification
191     );
192 
193     boolean hasPermissionByTemplateName(
194              String principalId,
195              String namespaceCode,
196              String permissionTemplateName,
197               Map<String, String> permissionDetails
198     );
199 
200     boolean isAuthorizedByTemplateName(
201              String principalId,
202              String namespaceCode,
203              String permissionTemplateName,
204              Map<String, String> permissionDetails,
205              Map<String, String> qualification
206     );
207 
208     /**
209      * Returns the matching permission objects for a principal.
210      */
211     List<Permission> getAuthorizedPermissions(
212              String principalId,
213              String namespaceCode,
214              String permissionName,
215               Map<String, String> permissionDetails,
216               Map<String, String> qualification
217     );
218 
219     List<Permission> getAuthorizedPermissionsByTemplateName(
220              String principalId,
221              String namespaceCode,
222              String permissionTemplateName,
223               Map<String, String> permissionDetails,
224               Map<String, String> qualification
225     );
226 
227     List<Assignee> getPermissionAssignees(
228              String namespaceCode,
229              String permissionName,
230               Map<String, String> permissionDetails,
231               Map<String, String> qualification
232     );
233 
234     List<Assignee> getPermissionAssigneesForTemplateName(
235              String namespaceCode,
236              String permissionTemplateName,
237              Map<String, String> permissionDetails,
238              Map<String, String> qualification
239     );
240 
241     // ----------------------
242     // Responsibility Methods
243     // ----------------------
244 
245     /**
246      * Get the responsibility object with the given ID.
247      */
248     Responsibility getResponsibility( String responsibilityId);
249 
250  	/**
251  	 * Return the responsibility object for the given unique combination of namespace,
252  	 * component and responsibility name.
253  	 */
254     Responsibility getResponsibilityByName(
255              String namespaceCode,
256              String responsibilityName
257     );
258 
259     /**
260      * Check whether the principal has the given responsibility within the passed qualifier.
261      */
262     boolean hasResponsibility(
263              String principalId,
264              String namespaceCode,
265              String responsibilityName,
266               Map<String, String> qualification,
267               Map<String, String> responsibilityDetails
268     );
269 
270     /**
271      * Check whether the principal has the given responsibility within the passed qualifier.
272      */
273     boolean hasResponsibilityByTemplateName(
274              String principalId,
275              String namespaceCode,
276              String responsibilityTemplateName,
277               Map<String, String> qualification,
278               Map<String, String> responsibilityDetails
279     );
280 
281     List<ResponsibilityAction> getResponsibilityActions(
282              String namespaceCode,
283              String responsibilityName,
284               Map<String, String> qualification,
285               Map<String, String> responsibilityDetails
286     );
287 
288     List<ResponsibilityAction> getResponsibilityActionsByTemplateName(
289              String namespaceCode,
290              String responsibilityTemplateName,
291               Map<String, String> qualification,
292               Map<String, String> responsibilityDetails
293     );
294 
295     /**
296      * Returns true if there are any assigned permissions with the given template.
297      */
298     boolean isPermissionDefinedForTemplateName(
299              String namespaceCode,
300              String permissionTemplateName,
301               Map<String, String> permissionDetails
302     );
303 
304 
305     // ----------------------
306     // Cache Flush Methods
307     // ----------------------
308 
309     void flushAllCaches();
310     void flushEntityPrincipalCaches();
311 	void flushGroupCaches();
312 	void flushPermissionCaches();
313 	void flushResponsibilityCaches();
314 
315 }