001 /**
002 * Copyright 2005-2012 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.kim.api.permission;
017
018 import org.kuali.rice.core.api.criteria.QueryByCriteria;
019 import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
020 import org.kuali.rice.core.api.exception.RiceIllegalStateException;
021 import org.kuali.rice.core.api.util.jaxb.MapStringStringAdapter;
022 import org.kuali.rice.kim.api.KimConstants;
023 import org.kuali.rice.kim.api.common.assignee.Assignee;
024 import org.kuali.rice.kim.api.common.template.Template;
025 import org.kuali.rice.kim.api.common.template.TemplateQueryResults;
026 import org.springframework.cache.annotation.CacheEvict;
027 import org.springframework.cache.annotation.Cacheable;
028
029 import javax.jws.WebMethod;
030 import javax.jws.WebParam;
031 import javax.jws.WebResult;
032 import javax.jws.WebService;
033 import javax.jws.soap.SOAPBinding;
034 import javax.xml.bind.annotation.XmlElement;
035 import javax.xml.bind.annotation.XmlElementWrapper;
036 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
037 import java.util.List;
038 import java.util.Map;
039
040 /**
041 * This service provides operations for evaluating permissions and querying for permission data.
042 *
043 * <p>A permission is the ability to perform an action. All permissions have a permission template.
044 * Both permissions and permission templates are uniquely identified by a namespace code plus a name.
045 * The permission template defines the course-grained permission and specifies what additional
046 * permission details need to be collected on permissions that use that template. For example, a
047 * permission template might have a name of "Initiate Document" which requires a permission detail
048 * specifying the document type that can be initiated. A permission created from the "Initiate Document"
049 * template would define the name of the specific Document Type that can be initiated as a permission
050 * detail.
051 *
052 * <p>The isAuthorized and isAuthorizedByTemplate operations
053 * on this service are used to execute authorization checks for a principal against a
054 * permission. Permissions are always assigned to roles (never directly to a principal or
055 * group). A particular principal will be authorized for a given permission if the permission
056 * evaluates to true (according to the permission evaluation logic and based on any supplied
057 * permission details) and that principal is assigned to a role which has been granted the permission.
058 *
059 * <p>The actual logic for how permission evaluation logic is defined and executed is dependent upon
060 * the permission service implementation. However, it will typically be associated with the permission
061 * template used on the permission.
062 *
063 * @author Kuali Rice Team (rice.collab@kuali.org)
064 */
065 @WebService(name = "permissionService", targetNamespace = KimConstants.Namespaces.KIM_NAMESPACE_2_0)
066 @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
067 public interface PermissionService {
068
069 /**
070 * This will create a {@link org.kuali.rice.kim.api.permission.Permission} exactly like the permission passed in.
071 *
072 * @param permission the permission to create
073 * @return the newly created object. will never be null.
074 * @throws RiceIllegalArgumentException if the permission is null
075 * @throws RiceIllegalStateException if the permission is already existing in the system
076 */
077 @WebMethod(operationName="createPermission")
078 @WebResult(name = "permission")
079 @CacheEvict(value={Permission.Cache.NAME, Template.Cache.NAME + "{Permission}"}, allEntries = true)
080 Permission createPermission(@WebParam(name = "permission") Permission permission)
081 throws RiceIllegalArgumentException, RiceIllegalStateException;
082
083 /**
084 * This will update a {@link Permission}.
085 *
086 * @param permission the permission to update
087 * @return the updated object. will never be null
088 * @throws RiceIllegalArgumentException if the permission is null
089 * @throws RiceIllegalStateException if the permission does not exist in the system
090 */
091 @WebMethod(operationName="updatePermission")
092 @WebResult(name = "permission")
093 @CacheEvict(value={Permission.Cache.NAME, Template.Cache.NAME + "{Permission}"}, allEntries = true)
094 Permission updatePermission(@WebParam(name = "permission") Permission permission)
095 throws RiceIllegalArgumentException, RiceIllegalStateException;
096
097 // --------------------
098 // Authorization Checks
099 // --------------------
100
101 /**
102 * Checks in a given principal id has a permission using the passed in permission information.
103 * This method should not be used for true authorization checks since a principal
104 * may only have this permission within a given context. It could be used to
105 * identify that the user would have some permissions within a certain area.
106 * Later checks would identify exactly what permissions were granted.
107 *
108 * It can also be used when the client application KNOWS that this is a role which
109 * is never qualified.
110 *
111 * @param principalId the principal id to check. cannot be null or blank.
112 * @param namespaceCode the namespace code. cannot be null or blank.
113 * @param permissionName the permission name. cannot be null or blank.
114 * @return true is principal has permission
115 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank
116 */
117 @WebMethod(operationName = "hasPermission")
118 @WebResult(name = "hasPermission")
119 boolean hasPermission( @WebParam(name="principalId") String principalId,
120 @WebParam(name="namespaceCode") String namespaceCode,
121 @WebParam(name="permissionName") String permissionName) throws RiceIllegalArgumentException;
122
123
124
125 /**
126 * Checks whether the given qualified permission is granted to the principal given
127 * the passed roleQualification. If no roleQualification is passed (null or empty)
128 * then this method behaves the same as {@link #hasPermission(String, String, String)}.
129 *
130 * Each role assigned to the principal is checked for qualifications. If a qualifier
131 * exists on the principal's membership in that role, that is checked first through
132 * the role's type service. Once it is determined that the principal has the role
133 * in the given context (qualification), the permissions are examined.
134 *
135 *
136 * @param principalId the principal id to check. cannot be null or blank.
137 * @param namespaceCode the namespace code. cannot be null or blank.
138 * @param permissionName the permission name. cannot be null or blank.
139 * @param qualification the qualifications to test against.
140 * @return true is principal has permission
141 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank
142 */
143 @WebMethod(operationName = "isAuthorized")
144 @WebResult(name = "isAuthorized")
145 @Cacheable(value= Permission.Cache.NAME, key="'{isAuthorized}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionName=' + #p2 + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3)")
146 boolean isAuthorized( @WebParam(name="principalId") String principalId,
147 @WebParam(name="namespaceCode") String namespaceCode,
148 @WebParam(name="permissionName") String permissionName,
149 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
150 @WebParam(name="qualification") Map<String, String> qualification ) throws RiceIllegalArgumentException;
151
152 /**
153 * Checks whether the principal has been granted a permission matching the given details
154 * without taking role qualifiers into account.
155 *
156 * This method should not be used for true authorization checks since a principal
157 * may only have this permission within a given context. It could be used to
158 * identify that the user would have some permissions within a certain area.
159 * Later checks would identify exactly what permissions were granted.
160 *
161 * It can also be used when the client application KNOWS that this is a role which
162 * is never qualified.
163 *
164 * @param principalId the principal id to check. cannot be null or blank.
165 * @param namespaceCode the namespace code. cannot be null or blank.
166 * @param permissionTemplateName the permission name. cannot be null or blank.
167 * @param permissionDetails the permission details
168 * @return true is principal has permission
169 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank
170 */
171 @WebMethod(operationName = "hasPermissionByTemplate")
172 @WebResult(name = "hasPermission")
173 boolean hasPermissionByTemplate(@WebParam(name = "principalId") String principalId,
174 @WebParam(name = "namespaceCode") String namespaceCode,
175 @WebParam(name = "permissionTemplateName") String permissionTemplateName,
176 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam(
177 name = "permissionDetails") Map<String, String> permissionDetails) throws RiceIllegalArgumentException;
178
179
180 /**
181 * Checks whether the given qualified permission is granted to the principal given
182 * the passed roleQualification. If no roleQualification is passed (null or empty)
183 * then this method behaves the same as {@link #hasPermission(String, String, String)}.
184 *
185 * Each role assigned to the principal is checked for qualifications. If a qualifier
186 * exists on the principal's membership in that role, that is checked first through
187 * the role's type service. Once it is determined that the principal has the role
188 * in the given context (qualification), the permissions are examined.
189 *
190 * Each permission is checked against the permissionDetails. The PermissionTypeService
191 * is called for each permission with the given permissionName to see if the
192 * permissionDetails matches its details.
193 *
194 * @param principalId the principal id to check. cannot be null or blank.
195 * @param namespaceCode the namespace code. cannot be null or blank.
196 * @param permissionTemplateName the permission name. cannot be null or blank.
197 * @param permissionDetails the permission details
198 * @param qualification the permission qualifications
199 * @return true is principal has permission
200 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank
201 */
202 @WebMethod(operationName = "isAuthorizedByTemplate")
203 @WebResult(name = "isAuthorized")
204 @Cacheable(value= Permission.Cache.NAME, key="'{isAuthorizedByTemplate}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionTemplateName=' + #p2 + '|' + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3) + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p4)")
205 boolean isAuthorizedByTemplate(@WebParam(name = "principalId") String principalId,
206 @WebParam(name = "namespaceCode") String namespaceCode,
207 @WebParam(name = "permissionTemplateName") String permissionTemplateName,
208 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
209 @WebParam(name = "permissionDetails") Map<String, String> permissionDetails,
210 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
211 @WebParam(name = "qualification") Map<String, String> qualification)
212 throws RiceIllegalArgumentException;
213
214
215 /**
216 * Get the list of principals/groups who have a given permission. This also returns delegates
217 * for the given principals/groups who also have this permission given the context in the
218 * qualification parameter.
219 *
220 * Each role assigned to the principal is checked for qualifications. If a qualifier
221 * exists on the principal's membership in that role, that is checked first through
222 * the role's type service. Once it is determined that the principal has the role
223 * in the given context (qualification), the permissions are examined.
224 *
225 * @param namespaceCode the namespace code. cannot be null or blank.
226 * @param permissionName the permission name. cannot be null or blank.
227 * @param qualification the permission qualifications
228 * @return list of assignees that have been assigned the permissions
229 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank
230 */
231 @WebMethod(operationName = "getPermissionAssignees")
232 @XmlElementWrapper(name = "assignees", required = true)
233 @XmlElement(name = "assignee", required = false)
234 @WebResult(name = "assignees")
235 @Cacheable(value= Permission.Cache.NAME, key="'{getPermissionAssignees}' + 'namespaceCode=' + #p0 + '|' + 'permissionName=' + #p1 + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p2)")
236 List<Assignee> getPermissionAssignees( @WebParam(name="namespaceCode") String namespaceCode,
237 @WebParam(name="permissionName") String permissionName,
238 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
239 @WebParam(name="qualification") Map<String, String> qualification )
240 throws RiceIllegalArgumentException;
241
242 /**
243 * Get the list of principals/groups who have a given permission that match the given
244 * permission template and permission details. This also returns delegates
245 * for the given principals/groups who also have this permission given the context in the
246 * qualification parameter.
247 *
248 * Each role assigned to the principal is checked for qualifications. If a qualifier
249 * exists on the principal's membership in that role, that is checked first through
250 * the role's type service. Once it is determined that the principal has the role
251 * in the given context (qualification), the permissions are examined.
252 *
253 * @param namespaceCode the namespace code. cannot be null or blank.
254 * @param permissionTemplateName the permission name. cannot be null or blank.
255 * @param permissionDetails the permission details.
256 * @param qualification the permission qualifications
257 * @return list of assignees that have been assigned the permissions by template
258 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank
259 */
260 @WebMethod(operationName = "getPermissionAssigneesByTemplate")
261 @XmlElementWrapper(name = "assignees", required = true)
262 @XmlElement(name = "assignee", required = false)
263 @WebResult(name = "assignees")
264 @Cacheable(value= Permission.Cache.NAME, key="'{getPermissionAssigneesByTemplate}' + 'namespaceCode=' + #p0 + '|' + 'permissionTemplateName=' + #p1 + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p2) + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3)")
265 List<Assignee> getPermissionAssigneesByTemplate(@WebParam(name = "namespaceCode") String namespaceCode,
266 @WebParam(name = "permissionTemplateName") String permissionTemplateName,
267 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam(
268 name = "permissionDetails") Map<String, String> permissionDetails,
269 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam(
270 name = "qualification") Map<String, String> qualification) throws RiceIllegalArgumentException;
271
272 /**
273 * Returns true if the given permission is defined on any Roles.
274 *
275 * @param namespaceCode the namespace code. cannot be null or blank.
276 * @param permissionName the permission name. cannot be null or blank.
277 * @return true if given permission is defined on any Roles
278 * @throws RiceIllegalArgumentException if the namespaceCode or permissionName is null or blank
279 */
280 @WebMethod(operationName = "isPermissionDefined")
281 @WebResult(name = "isPermissionDefined")
282 @Cacheable(value= Permission.Cache.NAME, key="'{isPermissionDefined}' + 'namespaceCode=' + #p0 + '|' + 'permissionName=' + #p1")
283 boolean isPermissionDefined( @WebParam(name="namespaceCode") String namespaceCode,
284 @WebParam(name="permissionName") String permissionName)
285 throws RiceIllegalArgumentException;
286
287 /**
288 * Returns true if the given permission template is defined on any Roles.
289 *
290 * @param namespaceCode the namespace code. cannot be null or blank.
291 * @param permissionTemplateName the permission name. cannot be null or blank.
292 * @param permissionDetails the permission template details
293 * @return true if given permission template is defined on any Roles
294 * @throws RiceIllegalArgumentException if the namespaceCode or permissionName is null or blank
295 */
296 @WebMethod(operationName = "isPermissionDefinedByTemplate")
297 @WebResult(name = "isPermissionDefinedByTemplate")
298 @Cacheable(value= Permission.Cache.NAME, key="'{isPermissionDefinedByTemplate}' + 'namespaceCode=' + #p0 + '|' + 'permissionTemplateName=' + #p1 + '|' + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p2)")
299 boolean isPermissionDefinedByTemplate(@WebParam(name = "namespaceCode")
300 String namespaceCode,
301 @WebParam(name = "permissionTemplateName")
302 String permissionTemplateName,
303 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
304 @WebParam(name = "permissionDetails")
305 Map<String, String> permissionDetails)
306 throws RiceIllegalArgumentException;
307
308 /**
309 * Returns permissions (with their details) that are granted to the principal given
310 * the passed qualification. If no qualification is passed (null or empty)
311 * then this method does not check any qualifications on the roles.
312 *
313 * After the permissions are determined, the roles that hold those permissions are determined.
314 * Each role that matches between the principal and the permission objects is checked for
315 * qualifications. If a qualifier
316 * exists on the principal's membership in that role, that is checked through
317 * the role's type service.
318 *
319 * @param principalId the principal Id. cannot be null or blank.
320 * @param namespaceCode the namespace code. cannot be null or blank.
321 * @param permissionName the permission name. cannot be null or blank.
322 * @param qualification the permission qualifications
323 * @return list of permissions that are authorized with the given parameters
324 * @throws RiceIllegalArgumentException if the principalId, namespaceCode or permissionName is null or blank
325 */
326 @WebMethod(operationName = "getAuthorizedPermissions")
327 @XmlElementWrapper(name = "permissions", required = true)
328 @XmlElement(name = "permission", required = false)
329 @WebResult(name = "permissions")
330 @Cacheable(value= Permission.Cache.NAME, key="'{getAuthorizedPermissions}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionName=' + #p2 + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3)")
331 List<Permission> getAuthorizedPermissions( @WebParam(name="principalId") String principalId,
332 @WebParam(name="namespaceCode") String namespaceCode,
333 @WebParam(name="permissionName") String permissionName,
334 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
335 @WebParam(name="qualification") Map<String, String> qualification )
336 throws RiceIllegalArgumentException;
337
338 /**
339 * Returns permissions (with their details) that are granted to the principal given
340 * the passed qualification. If no qualification is passed (null or empty)
341 * then this method does not check any qualifications on the roles.
342 *
343 * All permissions with the given name are checked against the permissionDetails.
344 * The PermissionTypeService is called for each permission to see if the
345 * permissionDetails matches its details.
346 *
347 * An asterisk (*) as a value in any permissionDetails key-value pair will match any value.
348 * This forms a way to provide a wildcard to obtain multiple permissions in one call.
349 *
350 * After the permissions are determined, the roles that hold those permissions are determined.
351 * Each role that matches between the principal and the permission objects is checked for
352 * qualifications. If a qualifier
353 * exists on the principal's membership in that role, that is checked through
354 * the role's type service.
355 *
356 * @param principalId the principal Id. cannot be null or blank.
357 * @param namespaceCode the namespace code. cannot be null or blank.
358 * @param permissionTemplateName the permission name. cannot be null or blank.
359 * @param permissionDetails the permission template details.
360 * @param qualification the permission qualifications
361 * @return list of permissions that are authorized with the given parameters
362 * @throws RiceIllegalArgumentException if the principalId, namespaceCode or permissionTemplateName is null or blank
363 */
364 @WebMethod(operationName = "getAuthorizedPermissionsByTemplate")
365 @XmlElementWrapper(name = "permissions", required = true)
366 @XmlElement(name = "permission", required = false)
367 @WebResult(name = "permissions")
368 @Cacheable(value= Permission.Cache.NAME, key="'{getAuthorizedPermissionsByTemplate}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionTemplateName=' + #p2 + '|' + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3) + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p4)")
369 List<Permission> getAuthorizedPermissionsByTemplate(@WebParam(name = "principalId") String principalId,
370 @WebParam(name = "namespaceCode") String namespaceCode,
371 @WebParam(name = "permissionTemplateName") String permissionTemplateName,
372 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam(
373 name = "permissionDetails") Map<String, String> permissionDetails,
374 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam(
375 name = "qualification") Map<String, String> qualification) throws RiceIllegalArgumentException;
376
377 // --------------------
378 // Permission Data
379 // --------------------
380
381 /**
382 * Gets a {@link org.kuali.rice.kim.api.permission.Permission} from an id.
383 *
384 * <p>
385 * This method will return null if the permission does not exist.
386 * </p>
387 *
388 * @param id the unique id to retrieve the permission by. cannot be null or blank.
389 * @return a {@link org.kuali.rice.kim.api.permission.Permission} or null
390 * @throws RiceIllegalArgumentException if the id is null or blank
391 */
392 @WebMethod(operationName = "getPermission")
393 @WebResult(name = "permission")
394 @Cacheable(value=Permission.Cache.NAME, key="'id=' + #p0")
395 Permission getPermission( @WebParam(name="id") String id );
396
397 /**
398 * Gets a {@link org.kuali.rice.kim.api.permission.Permission} with the unique combination of namespace and name.
399 *
400 * <p>
401 * This method will return null if the permission does not exist.
402 * </p>
403 *
404 * @param namespaceCode namespace code for permission. cannot be null or blank.
405 * @param name name of permission. cannot be null or blank.
406 * @return a {@link org.kuali.rice.kim.api.permission.Permission} or null
407 * @throws RiceIllegalArgumentException if the namespaceCode or name is null or blank
408 */
409 @WebMethod(operationName = "findPermByNamespaceCodeAndName")
410 @WebResult(name = "permission")
411 @Cacheable(value=Permission.Cache.NAME, key="'namespaceCode=' + #p0 + '|' + 'name=' + #p1")
412 Permission findPermByNamespaceCodeAndName(
413 @WebParam(name = "namespaceCode") String namespaceCode,
414 @WebParam(name = "name") String name)
415 throws RiceIllegalArgumentException;
416
417 /**
418 * Return the permissions for the given unique combination of namespace,
419 * component and permission template name.
420 *
421 * @param namespaceCode namespace code for permission. cannot be null or blank.
422 * @param templateName name of permission template. cannot be null or blank.
423 * @return a list of {@link org.kuali.rice.kim.api.permission.Permission} or null
424 * @throws RiceIllegalArgumentException if the namespaceCode or name is null or blank
425 */
426 @WebMethod(operationName = "findPermissionsByTemplate")
427 @XmlElementWrapper(name = "permissions", required = true)
428 @XmlElement(name = "permission", required = false)
429 @WebResult(name = "permissions")
430 @Cacheable(value=Permission.Cache.NAME, key="'namespaceCode=' + #p1 + '|' + 'templateName=' + #p2")
431 List<Permission> findPermissionsByTemplate(
432 @WebParam(name = "namespaceCode") String namespaceCode,
433 @WebParam(name = "templateName") String templateName)
434 throws RiceIllegalArgumentException;
435
436 /**
437 * Gets a {@link Template} from an id.
438 *
439 * <p>
440 * This method will return null if the template does not exist.
441 * </p>
442 *
443 * @param id the unique id to retrieve the template by. cannot be null or blank.
444 * @return a {@link Template} or null
445 * @throws RiceIllegalArgumentException if the id is null or blank
446 */
447 @WebMethod(operationName = "getPermissionTemplate")
448 @WebResult(name = "id")
449 @Cacheable(value=Template.Cache.NAME + "{Permission}", key="'id=' + #p0")
450 Template getPermissionTemplate( @WebParam(name="id") String id ) throws RiceIllegalArgumentException;
451
452 /**
453 * Finds a {@link Template} for namespaceCode and name.
454 *
455 * @param namespaceCode the namespace code. cannot be null or blank.
456 * @param name the template name. cannot be null or blank.
457 * @return a {@link Template} or null
458 * @throws RiceIllegalArgumentException if the id or namespaceCode is null or blank
459 */
460 @WebMethod(operationName = "findPermTemplateByNamespaceCodeAndName")
461 @WebResult(name = "permissionTemplate")
462 @Cacheable(value=Template.Cache.NAME + "{Permission}", key="'namespaceCode=' + #p0 + '|' + 'name=' + #p1")
463 Template findPermTemplateByNamespaceCodeAndName(
464 @WebParam(name = "namespaceCode") String namespaceCode,
465 @WebParam(name = "name") String name) throws RiceIllegalArgumentException;
466
467
468 /**
469 * Finds a {@link Template} for namespaceCode and name.
470 *
471 * @return a list of {@link Template} or an empty list if none found
472 */
473 @WebMethod(operationName = "getAllTemplates")
474 @XmlElementWrapper(name = "templates", required = true)
475 @XmlElement(name = "template", required = false)
476 @WebResult(name = "templates")
477 @Cacheable(value=Template.Cache.NAME + "{Permission}", key="'all'")
478 List<Template> getAllTemplates();
479
480 /**
481 * Get the role IDs for the given permission.
482 *
483 * @param namespaceCode the permission namespace code. cannot be null or blank.
484 * @param permissionName the permission name. cannot be null or blank.
485 * @return a list of role Ids, or an empty list if none found
486 * @throws RiceIllegalArgumentException if the namespaceCode or permissionName is null or blank
487 */
488 @WebMethod(operationName = "getRoleIdsForPermission")
489 @XmlElementWrapper(name = "roleIds", required = true)
490 @XmlElement(name = "roleId", required = false)
491 @WebResult(name = "roleIds")
492 List<String> getRoleIdsForPermission( @WebParam(name="namespaceCode") String namespaceCode,
493 @WebParam(name="permissionName") String permissionName) throws RiceIllegalArgumentException;
494
495 /**
496 * This method find Permissions based on a query criteria. The criteria cannot be null.
497 *
498 * @param queryByCriteria the criteria. Cannot be null.
499 * @return query results. will never return null.
500 * @throws RiceIllegalArgumentException if the queryByCriteria is null
501 */
502 @WebMethod(operationName = "findPermissions")
503 @WebResult(name = "results")
504 PermissionQueryResults findPermissions(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException;
505
506
507 /**
508 * This method find Permission Templates based on a query criteria. The criteria cannot be null.
509 *
510 * @param queryByCriteria the criteria. Cannot be null.
511 * @return query results. will never return null.
512 * @throws RiceIllegalArgumentException if the queryByCriteria is null
513 */
514 @WebMethod(operationName = "findPermissionTemplates")
515 @WebResult(name = "results")
516 TemplateQueryResults findPermissionTemplates(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException;
517 }