001 /*
002 * Copyright 2008-2009 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.kim.api.services;
017
018 import org.kuali.rice.core.api.criteria.QueryByCriteria;
019 import org.kuali.rice.kim.api.group.Group;
020 import org.kuali.rice.kim.api.identity.Type;
021 import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
022 import org.kuali.rice.kim.api.identity.entity.Entity;
023 import org.kuali.rice.kim.api.identity.entity.EntityDefault;
024 import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
025 import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
026 import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
027 import org.kuali.rice.kim.api.identity.principal.Principal;
028 import org.kuali.rice.kim.api.permission.Permission;
029 import org.kuali.rice.kim.api.responsibility.Responsibility;
030 import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
031 import org.kuali.rice.kim.bo.role.dto.PermissionAssigneeInfo;
032
033 import java.util.List;
034 import java.util.Map;
035
036 /**
037 * This is the front end for the KIM module. Clients of KIM should access this service from
038 * their applications. If KIM is not running on the same machine (VM) as the application
039 * (as would be the case with a standalone Rice server), then this service should be implemented
040 * locally within the application and access the core KIM services
041 * (Authentication/Authorization/Identity/Group) via the service bus.
042 *
043 * For efficiency, implementations of this interface should add appropriate caching of
044 * the information retrieved from the core services for load and performance reasons.
045 *
046 * Most of the methods on this interface are straight pass-thrus to methods on the four core services.
047 *
048 * @author Kuali Rice Team (rice.collab@kuali.org)
049 *
050 */
051 public interface IdentityManagementService {
052
053 // *******************************
054 // IdentityService
055 // *******************************
056
057 Principal getPrincipal( String principalId);
058 Principal getPrincipalByPrincipalName( String principalName);
059
060 Principal getPrincipalByPrincipalNameAndPassword(
061 String principalName,
062 String password
063 );
064
065 EntityDefault getEntityDefaultInfo( String entityId);
066 EntityDefault getEntityDefaultInfoByPrincipalId( String principalId);
067 EntityDefault getEntityDefaultInfoByPrincipalName( String principalName);
068
069 EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria);
070
071 //KimEntityPrivacyPreferencesInfo getEntityPrivacyPreferences(String entityId);
072
073 Entity getEntity( String entityId);
074 Entity getEntityByPrincipalId( String principalId);
075 Entity getEntityByPrincipalName( String principalName);
076
077 EntityQueryResults findEntities(QueryByCriteria queryByCriteria);
078
079 Type getAddressType( String code);
080 EntityAffiliationType getAffiliationType( String code);
081 Type getCitizenshipStatus( String code);
082 Type getEmailType( String code);
083 Type getEmploymentStatus( String code);
084 Type getEmploymentType( String code);
085 Type getEntityNameType( String code);
086 Type getEntityType( String code);
087 EntityExternalIdentifierType getExternalIdentifierType( String code);
088 Type getPhoneType( String code);
089
090 // *******************************
091 // GroupService
092 // *******************************
093
094 Group getGroup( String groupId);
095
096 Group getGroupByName(
097 String namespaceCode,
098 String groupName
099 );
100
101 List<String> getParentGroupIds( String groupId);
102 List<String> getDirectParentGroupIds( String groupId);
103
104
105 List<String> getGroupIdsForPrincipal( String principalId);
106
107
108 List<String> getGroupIdsForPrincipal(
109 String principalId,
110 String namespaceCode
111 );
112
113
114 List<? extends Group> getGroupsForPrincipal( String principalId);
115
116
117 List<? extends Group> getGroupsForPrincipal(
118 String principalId,
119 String namespaceCode
120 );
121
122 List<String> getMemberGroupIds( String groupId);
123 List<String> getDirectMemberGroupIds( String groupId);
124
125
126 boolean isMemberOfGroup(
127 String principalId,
128 String groupId
129 );
130
131
132 boolean isMemberOfGroup(
133 String principalId,
134 String namespaceCode,
135 String groupName
136 );
137
138 boolean isGroupMemberOfGroup(
139 String potentialMemberGroupId,
140 String potentialParentId
141 );
142
143 List<String> getGroupMemberPrincipalIds( String groupId);
144 List<String> getDirectGroupMemberPrincipalIds( String groupId);
145
146 boolean addGroupToGroup(
147 String childId,
148 String parentId
149 );
150
151 boolean removeGroupFromGroup(
152 String childId,
153 String parentId
154 );
155
156 boolean addPrincipalToGroup(
157 String principalId,
158 String groupId
159 );
160
161 boolean removePrincipalFromGroup(
162 String principalId,
163 String groupId
164 );
165
166 Group createGroup( Group group);
167 void removeAllMembers( String groupId);
168
169 Group updateGroup(
170 String groupId,
171 Group group
172 );
173
174 // --------------------
175 // Authorization Checks
176 // --------------------
177
178 boolean hasPermission(
179 String principalId,
180 String namespaceCode,
181 String permissionName,
182 Map<String, String> permissionDetails
183 );
184
185 boolean isAuthorized(
186 String principalId,
187 String namespaceCode,
188 String permissionName,
189 Map<String, String> permissionDetails,
190 Map<String, String> qualification
191 );
192
193 boolean hasPermissionByTemplateName(
194 String principalId,
195 String namespaceCode,
196 String permissionTemplateName,
197 Map<String, String> permissionDetails
198 );
199
200 boolean isAuthorizedByTemplateName(
201 String principalId,
202 String namespaceCode,
203 String permissionTemplateName,
204 Map<String, String> permissionDetails,
205 Map<String, String> qualification
206 );
207
208 /**
209 * Returns the matching permission objects for a principal.
210 */
211 List<Permission> getAuthorizedPermissions(
212 String principalId,
213 String namespaceCode,
214 String permissionName,
215 Map<String, String> permissionDetails,
216 Map<String, String> qualification
217 );
218
219 List<Permission> getAuthorizedPermissionsByTemplateName(
220 String principalId,
221 String namespaceCode,
222 String permissionTemplateName,
223 Map<String, String> permissionDetails,
224 Map<String, String> qualification
225 );
226
227 List<PermissionAssigneeInfo> getPermissionAssignees(
228 String namespaceCode,
229 String permissionName,
230 Map<String, String> permissionDetails,
231 Map<String, String> qualification
232 );
233
234 List<PermissionAssigneeInfo> getPermissionAssigneesForTemplateName(
235 String namespaceCode,
236 String permissionTemplateName,
237 Map<String, String> permissionDetails,
238 Map<String, String> qualification
239 );
240
241 // ----------------------
242 // Responsibility Methods
243 // ----------------------
244
245 /**
246 * Get the responsibility object with the given ID.
247 */
248 Responsibility getResponsibility( String responsibilityId);
249
250 /**
251 * Return the responsibility object for the given unique combination of namespace,
252 * component and responsibility name.
253 */
254 Responsibility getResponsibilityByName(
255 String namespaceCode,
256 String responsibilityName
257 );
258
259 /**
260 * Check whether the principal has the given responsibility within the passed qualifier.
261 */
262 boolean hasResponsibility(
263 String principalId,
264 String namespaceCode,
265 String responsibilityName,
266 Map<String, String> qualification,
267 Map<String, String> responsibilityDetails
268 );
269
270 /**
271 * Check whether the principal has the given responsibility within the passed qualifier.
272 */
273 boolean hasResponsibilityByTemplateName(
274 String principalId,
275 String namespaceCode,
276 String responsibilityTemplateName,
277 Map<String, String> qualification,
278 Map<String, String> responsibilityDetails
279 );
280
281 List<ResponsibilityAction> getResponsibilityActions(
282 String namespaceCode,
283 String responsibilityName,
284 Map<String, String> qualification,
285 Map<String, String> responsibilityDetails
286 );
287
288 List<ResponsibilityAction> getResponsibilityActionsByTemplateName(
289 String namespaceCode,
290 String responsibilityTemplateName,
291 Map<String, String> qualification,
292 Map<String, String> responsibilityDetails
293 );
294
295 /**
296 * Returns true if there are any assigned permissions with the given template.
297 */
298 boolean isPermissionDefinedForTemplateName(
299 String namespaceCode,
300 String permissionTemplateName,
301 Map<String, String> permissionDetails
302 );
303
304
305 // ----------------------
306 // Cache Flush Methods
307 // ----------------------
308
309 void flushAllCaches();
310 void flushEntityPrincipalCaches();
311 void flushGroupCaches();
312 void flushPermissionCaches();
313 void flushResponsibilityCaches();
314
315 }