1 /* 2 * Copyright 2011 The Kuali Foundation 3 * 4 * Licensed under the Educational Community License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.opensource.org/licenses/ecl1.php 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.kuali.rice.kim.impl.jaxb; 17 18 import java.io.Serializable; 19 20 import javax.xml.bind.annotation.XmlAccessType; 21 import javax.xml.bind.annotation.XmlAccessorType; 22 import javax.xml.bind.annotation.XmlElement; 23 import javax.xml.bind.annotation.XmlType; 24 25 /** 26 * This class represents a <roleData> element. 27 * 28 * <p>The expected XML structure is as follows: 29 * 30 * <br> 31 * <br><roleData> 32 * <br> <roles> 33 * <br> <role> 34 * <br> <roleName namespaceCode=""></roleName> 35 * <br> <kimTypeName namespaceCode=""></kimTypeName> 36 * <br> <description></description> 37 * <br> <active></active> 38 * <br> <roleMembers> 39 * <br> <roleMember> 40 * <br> <principalId></principalId> 41 * <br> <principalName></principalName> 42 * <br> <groupId></groupId> 43 * <br> <groupName namespaceCode=""></groupName> 44 * <br> <roleIdAsMember></roleIdAsMember> 45 * <br> <roleNameAsMember namespaceCode=""></roleNameAsMember> 46 * <br> <activeFromDate></activeFromDate> 47 * <br> <activeToDate></activeToDate> 48 * <br> <qualifications> 49 * <br> <qualification key=""></qualification> 50 * <br> </qualifications> 51 * <br> </roleMember> 52 * <br> </roleMembers> 53 * <br> <rolePermissions> 54 * <br> <rolePermission> 55 * <br> <permissionId></permissionId> 56 * <br> <permissionName namespaceCode=""></permissionName> 57 * <br> </rolePermission> 58 * <br> </rolePermissions> 59 * <br> </role> 60 * <br> </roles> 61 * <br> <roleMembers> 62 * <br> <roleMember> 63 * <br> <roleId></roleId> 64 * <br> <roleName namespaceCode=""></roleName> 65 * <br> <principalId></principalId> 66 * <br> <principalName></principalName> 67 * <br> <groupId></groupId> 68 * <br> <groupName namespaceCode=""></groupName> 69 * <br> <roleIdAsMember></roleIdAsMember> 70 * <br> <roleNameAsMember namespaceCode=""></roleNameAsMember> 71 * <br> <activeFromDate></activeFromDate> 72 * <br> <activeToDate></activeToDate> 73 * <br> <qualifications> 74 * <br> <qualification key=""></qualification> 75 * <br> </qualifications> 76 * <br> </roleMember> 77 * <br> </roleMembers> 78 * <br> <rolePermissions> 79 * <br> <rolePermission> 80 * <br> <roleId></roleId> 81 * <br> <roleName namespaceCode=""></roleName> 82 * <br> <permissionId></permissionId> 83 * <br> <permissionName namespaceCode=""></permissionName> 84 * <br> </rolePermission> 85 * <br> </rolePermissions> 86 * <br></roleData> 87 * 88 * <p>Note the following: 89 * <ul> 90 * <li>The <roles> element is optional, and can contain zero or more <role> elements. 91 * <li>The <roleName> element on the <role> element and its "namespaceCode" attribute 92 * are required, and must be non-blank. The namespace code must map to a valid namespace. 93 * If the name and namespace combo matches an existing role, then the role in the XML will 94 * overwrite the existing role. 95 * <li>The <kimTypeName> and its "namespaceCode" attribute are both required, and the 96 * name and namespace combo must match an existing KIM type. 97 * <li>The <description> element is required, and must be non-blank. 98 * <li>The <active> element is optional, and will be set to true if not specified. 99 * <li>Both <roleMembers> elements are optional, and can contain zero or more 100 * <roleMember> elements. If the <roleMembers> element within the <role> 101 * element is specified, then any role members that are not within that element will be removed 102 * from the role if the XML is overwriting an existing one. (The <roleMembers> element 103 * outside of the <role> element can still add or re-add members that are not located 104 * within the other <roleMembers> element.) 105 * <li>For both <roleMember> elements: 106 * <ul> 107 * <li>Exactly one of these sets of member identification must be specified: 108 * <ol> 109 * <li>A <principalId> and/or <principalName> element, where the former 110 * must contain a valid principal ID and the latter must contain a valid principal name. 111 * <li>A <groupId> and/or <groupName> element, where the former must contain 112 * a valid group ID and the latter must contain a valid group name and namespace. 113 * <li>A <roleIdAsMember> and/or <roleNameAsMember> element, where the former 114 * must contain a valid role ID and the latter must contain a valid role name and namespace. 115 * </ol> 116 * <li>The <activeFromDate> element is optional, and its content must be a date String 117 * that can be parsed by the DateTimeService. 118 * <li>The <activeToDate> element is optional, and its content must be a date String 119 * that can be parsed by the DateTimeService. 120 * <li>The <qualifications> element is optional, and can contain zero or more 121 * <qualification> elements. 122 * <li>The <qualification> element's "key" attribute is required, and must be non-blank. 123 * Duplicate keys within a <qualifications> element are not permitted. 124 * </ul> 125 * <li>For both <rolePermission> elements: 126 * <ul> 127 * <li>A <permissionId> and/or <permissionName> element must be specified, where the 128 * former must contain a valid permission ID and the latter must contain a valid permission 129 * name and namespace. 130 * </ul> 131 * <li>For the <roleMember> and <rolePermission> elements not inside a <role> element: 132 * <ul> 133 * <li>A <roleId> and/or <roleName> element must be specified, where the former must 134 * contain a valid role ID and the latter must contain a valid role name and namespace. 135 * </ul> 136 * <li>The ingestion process is currently order-dependent, which should be kept in mind when adding 137 * roles as members of another role or assigning permissions to roles. (The permission XML always 138 * gets ingested prior to the role XML.) 139 * <li>The assignments of permissions to roles can only be added, not removed or deactivated. 140 * (TODO: Improve the role/permission-updating API to allow for updates and removals.) 141 * <li>The same roles, role members, and role permissions can be ingested within the same file, 142 * where subsequent ones will overwrite previous ones. (TODO: Is this acceptable?) 143 * <li>The IDs of principals, groups, roles, and permissions are not included when exporting the XML. 144 * <li>Delegations and responsibility actions are currently not supported by the ingestion process. 145 * </ul> 146 * 147 * TODO: Verify that the above behavior is correct. 148 * 149 * @author Kuali Rice Team (rice.collab@kuali.org) 150 */ 151 @XmlAccessorType(XmlAccessType.FIELD) 152 @XmlType(name="RoleDataType", propOrder={"roles", "roleMembers", "rolePermissions"}) 153 public class RoleDataXmlDTO implements Serializable { 154 155 private static final long serialVersionUID = 1L; 156 157 @XmlElement(name="roles") 158 private RolesXmlDTO roles; 159 160 @XmlElement(name="roleMembers") 161 private RoleMembersXmlDTO.OutsideOfRole roleMembers; 162 163 @XmlElement(name="rolePermissions") 164 private RolePermissionsXmlDTO.OutsideOfRole rolePermissions; 165 166 public RoleDataXmlDTO() {} 167 168 public RoleDataXmlDTO(RolesXmlDTO roles) { 169 this.roles = roles; 170 } 171 172 /** 173 * @return the roles 174 */ 175 public RolesXmlDTO getRoles() { 176 return this.roles; 177 } 178 179 /** 180 * @param roles the roles to set 181 */ 182 public void setRoles(RolesXmlDTO roles) { 183 this.roles = roles; 184 } 185 186 /** 187 * @return the roleMembers 188 */ 189 public RoleMembersXmlDTO.OutsideOfRole getRoleMembers() { 190 return this.roleMembers; 191 } 192 193 /** 194 * @param roleMembers the roleMembers to set 195 */ 196 public void setRoleMembers(RoleMembersXmlDTO.OutsideOfRole roleMembers) { 197 this.roleMembers = roleMembers; 198 } 199 200 /** 201 * @return the rolePermissions 202 */ 203 public RolePermissionsXmlDTO.OutsideOfRole getRolePermissions() { 204 return this.rolePermissions; 205 } 206 207 /** 208 * @param rolePermissions the rolePermissions to set 209 */ 210 public void setRolePermissions(RolePermissionsXmlDTO.OutsideOfRole rolePermissions) { 211 this.rolePermissions = rolePermissions; 212 } 213 214 }