1 /** 2 * Copyright 2005-2012 The Kuali Foundation 3 * 4 * Licensed under the Educational Community License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.opensource.org/licenses/ecl2.php 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.kuali.rice.kim.api.permission; 17 18 import org.kuali.rice.core.api.criteria.QueryByCriteria; 19 import org.kuali.rice.core.api.exception.RiceIllegalArgumentException; 20 import org.kuali.rice.core.api.exception.RiceIllegalStateException; 21 import org.kuali.rice.core.api.util.jaxb.MapStringStringAdapter; 22 import org.kuali.rice.kim.api.KimConstants; 23 import org.kuali.rice.kim.api.common.assignee.Assignee; 24 import org.kuali.rice.kim.api.common.template.Template; 25 import org.kuali.rice.kim.api.common.template.TemplateQueryResults; 26 import org.springframework.cache.annotation.CacheEvict; 27 import org.springframework.cache.annotation.Cacheable; 28 29 import javax.jws.WebMethod; 30 import javax.jws.WebParam; 31 import javax.jws.WebResult; 32 import javax.jws.WebService; 33 import javax.jws.soap.SOAPBinding; 34 import javax.xml.bind.annotation.XmlElement; 35 import javax.xml.bind.annotation.XmlElementWrapper; 36 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; 37 import java.util.List; 38 import java.util.Map; 39 40 /** 41 * This service provides operations for evaluating permissions and querying for permission data. 42 * 43 * <p>A permission is the ability to perform an action. All permissions have a permission template. 44 * Both permissions and permission templates are uniquely identified by a namespace code plus a name. 45 * The permission template defines the course-grained permission and specifies what additional 46 * permission details need to be collected on permissions that use that template. For example, a 47 * permission template might have a name of "Initiate Document" which requires a permission detail 48 * specifying the document type that can be initiated. A permission created from the "Initiate Document" 49 * template would define the name of the specific Document Type that can be initiated as a permission 50 * detail. 51 * 52 * <p>The isAuthorized and isAuthorizedByTemplate operations 53 * on this service are used to execute authorization checks for a principal against a 54 * permission. Permissions are always assigned to roles (never directly to a principal or 55 * group). A particular principal will be authorized for a given permission if the permission 56 * evaluates to true (according to the permission evaluation logic and based on any supplied 57 * permission details) and that principal is assigned to a role which has been granted the permission. 58 * 59 * <p>The actual logic for how permission evaluation logic is defined and executed is dependent upon 60 * the permission service implementation. However, it will typically be associated with the permission 61 * template used on the permission. 62 * 63 * @author Kuali Rice Team (rice.collab@kuali.org) 64 */ 65 @WebService(name = "permissionService", targetNamespace = KimConstants.Namespaces.KIM_NAMESPACE_2_0) 66 @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED) 67 public interface PermissionService { 68 69 /** 70 * This will create a {@link org.kuali.rice.kim.api.permission.Permission} exactly like the permission passed in. 71 * 72 * @param permission the permission to create 73 * @return the newly created object. will never be null. 74 * @throws RiceIllegalArgumentException if the permission is null 75 * @throws RiceIllegalStateException if the permission is already existing in the system 76 */ 77 @WebMethod(operationName="createPermission") 78 @WebResult(name = "permission") 79 @CacheEvict(value={Permission.Cache.NAME, Template.Cache.NAME + "{Permission}"}, allEntries = true) 80 Permission createPermission(@WebParam(name = "permission") Permission permission) 81 throws RiceIllegalArgumentException, RiceIllegalStateException; 82 83 /** 84 * This will update a {@link Permission}. 85 * 86 * @param permission the permission to update 87 * @return the updated object. will never be null 88 * @throws RiceIllegalArgumentException if the permission is null 89 * @throws RiceIllegalStateException if the permission does not exist in the system 90 */ 91 @WebMethod(operationName="updatePermission") 92 @WebResult(name = "permission") 93 @CacheEvict(value={Permission.Cache.NAME, Template.Cache.NAME + "{Permission}"}, allEntries = true) 94 Permission updatePermission(@WebParam(name = "permission") Permission permission) 95 throws RiceIllegalArgumentException, RiceIllegalStateException; 96 97 // -------------------- 98 // Authorization Checks 99 // -------------------- 100 101 /** 102 * Checks in a given principal id has a permission using the passed in permission information. 103 * This method should not be used for true authorization checks since a principal 104 * may only have this permission within a given context. It could be used to 105 * identify that the user would have some permissions within a certain area. 106 * Later checks would identify exactly what permissions were granted. 107 * 108 * It can also be used when the client application KNOWS that this is a role which 109 * is never qualified. 110 * 111 * @param principalId the principal id to check. cannot be null or blank. 112 * @param namespaceCode the namespace code. cannot be null or blank. 113 * @param permissionName the permission name. cannot be null or blank. 114 * @return true is principal has permission 115 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank 116 */ 117 @WebMethod(operationName = "hasPermission") 118 @WebResult(name = "hasPermission") 119 boolean hasPermission( @WebParam(name="principalId") String principalId, 120 @WebParam(name="namespaceCode") String namespaceCode, 121 @WebParam(name="permissionName") String permissionName) throws RiceIllegalArgumentException; 122 123 124 125 /** 126 * Checks whether the given qualified permission is granted to the principal given 127 * the passed roleQualification. If no roleQualification is passed (null or empty) 128 * then this method behaves the same as {@link #hasPermission(String, String, String)}. 129 * 130 * Each role assigned to the principal is checked for qualifications. If a qualifier 131 * exists on the principal's membership in that role, that is checked first through 132 * the role's type service. Once it is determined that the principal has the role 133 * in the given context (qualification), the permissions are examined. 134 * 135 * 136 * @param principalId the principal id to check. cannot be null or blank. 137 * @param namespaceCode the namespace code. cannot be null or blank. 138 * @param permissionName the permission name. cannot be null or blank. 139 * @param qualification the qualifications to test against. 140 * @return true is principal has permission 141 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank 142 */ 143 @WebMethod(operationName = "isAuthorized") 144 @WebResult(name = "isAuthorized") 145 @Cacheable(value= Permission.Cache.NAME, key="'{isAuthorized}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionName=' + #p2 + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3)") 146 boolean isAuthorized( @WebParam(name="principalId") String principalId, 147 @WebParam(name="namespaceCode") String namespaceCode, 148 @WebParam(name="permissionName") String permissionName, 149 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) 150 @WebParam(name="qualification") Map<String, String> qualification ) throws RiceIllegalArgumentException; 151 152 /** 153 * Checks whether the principal has been granted a permission matching the given details 154 * without taking role qualifiers into account. 155 * 156 * This method should not be used for true authorization checks since a principal 157 * may only have this permission within a given context. It could be used to 158 * identify that the user would have some permissions within a certain area. 159 * Later checks would identify exactly what permissions were granted. 160 * 161 * It can also be used when the client application KNOWS that this is a role which 162 * is never qualified. 163 * 164 * @param principalId the principal id to check. cannot be null or blank. 165 * @param namespaceCode the namespace code. cannot be null or blank. 166 * @param permissionTemplateName the permission name. cannot be null or blank. 167 * @param permissionDetails the permission details 168 * @return true is principal has permission 169 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank 170 */ 171 @WebMethod(operationName = "hasPermissionByTemplate") 172 @WebResult(name = "hasPermission") 173 boolean hasPermissionByTemplate(@WebParam(name = "principalId") String principalId, 174 @WebParam(name = "namespaceCode") String namespaceCode, 175 @WebParam(name = "permissionTemplateName") String permissionTemplateName, 176 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam( 177 name = "permissionDetails") Map<String, String> permissionDetails) throws RiceIllegalArgumentException; 178 179 180 /** 181 * Checks whether the given qualified permission is granted to the principal given 182 * the passed roleQualification. If no roleQualification is passed (null or empty) 183 * then this method behaves the same as {@link #hasPermission(String, String, String)}. 184 * 185 * Each role assigned to the principal is checked for qualifications. If a qualifier 186 * exists on the principal's membership in that role, that is checked first through 187 * the role's type service. Once it is determined that the principal has the role 188 * in the given context (qualification), the permissions are examined. 189 * 190 * Each permission is checked against the permissionDetails. The PermissionTypeService 191 * is called for each permission with the given permissionName to see if the 192 * permissionDetails matches its details. 193 * 194 * @param principalId the principal id to check. cannot be null or blank. 195 * @param namespaceCode the namespace code. cannot be null or blank. 196 * @param permissionTemplateName the permission name. cannot be null or blank. 197 * @param permissionDetails the permission details 198 * @param qualification the permission qualifications 199 * @return true is principal has permission 200 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank 201 */ 202 @WebMethod(operationName = "isAuthorizedByTemplate") 203 @WebResult(name = "isAuthorized") 204 @Cacheable(value= Permission.Cache.NAME, key="'{isAuthorizedByTemplate}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionTemplateName=' + #p2 + '|' + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3) + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p4)") 205 boolean isAuthorizedByTemplate(@WebParam(name = "principalId") String principalId, 206 @WebParam(name = "namespaceCode") String namespaceCode, 207 @WebParam(name = "permissionTemplateName") String permissionTemplateName, 208 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) 209 @WebParam(name = "permissionDetails") Map<String, String> permissionDetails, 210 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) 211 @WebParam(name = "qualification") Map<String, String> qualification) 212 throws RiceIllegalArgumentException; 213 214 215 /** 216 * Get the list of principals/groups who have a given permission. This also returns delegates 217 * for the given principals/groups who also have this permission given the context in the 218 * qualification parameter. 219 * 220 * Each role assigned to the principal is checked for qualifications. If a qualifier 221 * exists on the principal's membership in that role, that is checked first through 222 * the role's type service. Once it is determined that the principal has the role 223 * in the given context (qualification), the permissions are examined. 224 * 225 * @param namespaceCode the namespace code. cannot be null or blank. 226 * @param permissionName the permission name. cannot be null or blank. 227 * @param qualification the permission qualifications 228 * @return list of assignees that have been assigned the permissions 229 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank 230 */ 231 @WebMethod(operationName = "getPermissionAssignees") 232 @XmlElementWrapper(name = "assignees", required = true) 233 @XmlElement(name = "assignee", required = false) 234 @WebResult(name = "assignees") 235 @Cacheable(value= Permission.Cache.NAME, key="'{getPermissionAssignees}' + 'namespaceCode=' + #p0 + '|' + 'permissionName=' + #p1 + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p2)") 236 List<Assignee> getPermissionAssignees( @WebParam(name="namespaceCode") String namespaceCode, 237 @WebParam(name="permissionName") String permissionName, 238 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) 239 @WebParam(name="qualification") Map<String, String> qualification ) 240 throws RiceIllegalArgumentException; 241 242 /** 243 * Get the list of principals/groups who have a given permission that match the given 244 * permission template and permission details. This also returns delegates 245 * for the given principals/groups who also have this permission given the context in the 246 * qualification parameter. 247 * 248 * Each role assigned to the principal is checked for qualifications. If a qualifier 249 * exists on the principal's membership in that role, that is checked first through 250 * the role's type service. Once it is determined that the principal has the role 251 * in the given context (qualification), the permissions are examined. 252 * 253 * @param namespaceCode the namespace code. cannot be null or blank. 254 * @param permissionTemplateName the permission name. cannot be null or blank. 255 * @param permissionDetails the permission details. 256 * @param qualification the permission qualifications 257 * @return list of assignees that have been assigned the permissions by template 258 * @throws RiceIllegalArgumentException if the principalId, namespaceCode, permissionName is null or blank 259 */ 260 @WebMethod(operationName = "getPermissionAssigneesByTemplate") 261 @XmlElementWrapper(name = "assignees", required = true) 262 @XmlElement(name = "assignee", required = false) 263 @WebResult(name = "assignees") 264 @Cacheable(value= Permission.Cache.NAME, key="'{getPermissionAssigneesByTemplate}' + 'namespaceCode=' + #p0 + '|' + 'permissionTemplateName=' + #p1 + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p2) + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3)") 265 List<Assignee> getPermissionAssigneesByTemplate(@WebParam(name = "namespaceCode") String namespaceCode, 266 @WebParam(name = "permissionTemplateName") String permissionTemplateName, 267 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam( 268 name = "permissionDetails") Map<String, String> permissionDetails, 269 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam( 270 name = "qualification") Map<String, String> qualification) throws RiceIllegalArgumentException; 271 272 /** 273 * Returns true if the given permission is defined on any Roles. 274 * 275 * @param namespaceCode the namespace code. cannot be null or blank. 276 * @param permissionName the permission name. cannot be null or blank. 277 * @return true if given permission is defined on any Roles 278 * @throws RiceIllegalArgumentException if the namespaceCode or permissionName is null or blank 279 */ 280 @WebMethod(operationName = "isPermissionDefined") 281 @WebResult(name = "isPermissionDefined") 282 @Cacheable(value= Permission.Cache.NAME, key="'{isPermissionDefined}' + 'namespaceCode=' + #p0 + '|' + 'permissionName=' + #p1") 283 boolean isPermissionDefined( @WebParam(name="namespaceCode") String namespaceCode, 284 @WebParam(name="permissionName") String permissionName) 285 throws RiceIllegalArgumentException; 286 287 /** 288 * Returns true if the given permission template is defined on any Roles. 289 * 290 * @param namespaceCode the namespace code. cannot be null or blank. 291 * @param permissionTemplateName the permission name. cannot be null or blank. 292 * @param permissionDetails the permission template details 293 * @return true if given permission template is defined on any Roles 294 * @throws RiceIllegalArgumentException if the namespaceCode or permissionName is null or blank 295 */ 296 @WebMethod(operationName = "isPermissionDefinedByTemplate") 297 @WebResult(name = "isPermissionDefinedByTemplate") 298 @Cacheable(value= Permission.Cache.NAME, key="'{isPermissionDefinedByTemplate}' + 'namespaceCode=' + #p0 + '|' + 'permissionTemplateName=' + #p1 + '|' + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p2)") 299 boolean isPermissionDefinedByTemplate(@WebParam(name = "namespaceCode") 300 String namespaceCode, 301 @WebParam(name = "permissionTemplateName") 302 String permissionTemplateName, 303 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) 304 @WebParam(name = "permissionDetails") 305 Map<String, String> permissionDetails) 306 throws RiceIllegalArgumentException; 307 308 /** 309 * Returns permissions (with their details) that are granted to the principal given 310 * the passed qualification. If no qualification is passed (null or empty) 311 * then this method does not check any qualifications on the roles. 312 * 313 * After the permissions are determined, the roles that hold those permissions are determined. 314 * Each role that matches between the principal and the permission objects is checked for 315 * qualifications. If a qualifier 316 * exists on the principal's membership in that role, that is checked through 317 * the role's type service. 318 * 319 * @param principalId the principal Id. cannot be null or blank. 320 * @param namespaceCode the namespace code. cannot be null or blank. 321 * @param permissionName the permission name. cannot be null or blank. 322 * @param qualification the permission qualifications 323 * @return list of permissions that are authorized with the given parameters 324 * @throws RiceIllegalArgumentException if the principalId, namespaceCode or permissionName is null or blank 325 */ 326 @WebMethod(operationName = "getAuthorizedPermissions") 327 @XmlElementWrapper(name = "permissions", required = true) 328 @XmlElement(name = "permission", required = false) 329 @WebResult(name = "permissions") 330 @Cacheable(value= Permission.Cache.NAME, key="'{getAuthorizedPermissions}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionName=' + #p2 + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3)") 331 List<Permission> getAuthorizedPermissions( @WebParam(name="principalId") String principalId, 332 @WebParam(name="namespaceCode") String namespaceCode, 333 @WebParam(name="permissionName") String permissionName, 334 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) 335 @WebParam(name="qualification") Map<String, String> qualification ) 336 throws RiceIllegalArgumentException; 337 338 /** 339 * Returns permissions (with their details) that are granted to the principal given 340 * the passed qualification. If no qualification is passed (null or empty) 341 * then this method does not check any qualifications on the roles. 342 * 343 * All permissions with the given name are checked against the permissionDetails. 344 * The PermissionTypeService is called for each permission to see if the 345 * permissionDetails matches its details. 346 * 347 * An asterisk (*) as a value in any permissionDetails key-value pair will match any value. 348 * This forms a way to provide a wildcard to obtain multiple permissions in one call. 349 * 350 * After the permissions are determined, the roles that hold those permissions are determined. 351 * Each role that matches between the principal and the permission objects is checked for 352 * qualifications. If a qualifier 353 * exists on the principal's membership in that role, that is checked through 354 * the role's type service. 355 * 356 * @param principalId the principal Id. cannot be null or blank. 357 * @param namespaceCode the namespace code. cannot be null or blank. 358 * @param permissionTemplateName the permission name. cannot be null or blank. 359 * @param permissionDetails the permission template details. 360 * @param qualification the permission qualifications 361 * @return list of permissions that are authorized with the given parameters 362 * @throws RiceIllegalArgumentException if the principalId, namespaceCode or permissionTemplateName is null or blank 363 */ 364 @WebMethod(operationName = "getAuthorizedPermissionsByTemplate") 365 @XmlElementWrapper(name = "permissions", required = true) 366 @XmlElement(name = "permission", required = false) 367 @WebResult(name = "permissions") 368 @Cacheable(value= Permission.Cache.NAME, key="'{getAuthorizedPermissionsByTemplate}' + 'principalId=' + #p0 + '|' + 'namespaceCode=' + #p1 + '|' + 'permissionTemplateName=' + #p2 + '|' + 'permissionDetails=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p3) + '|' + 'qualification=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p4)") 369 List<Permission> getAuthorizedPermissionsByTemplate(@WebParam(name = "principalId") String principalId, 370 @WebParam(name = "namespaceCode") String namespaceCode, 371 @WebParam(name = "permissionTemplateName") String permissionTemplateName, 372 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam( 373 name = "permissionDetails") Map<String, String> permissionDetails, 374 @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) @WebParam( 375 name = "qualification") Map<String, String> qualification) throws RiceIllegalArgumentException; 376 377 // -------------------- 378 // Permission Data 379 // -------------------- 380 381 /** 382 * Gets a {@link org.kuali.rice.kim.api.permission.Permission} from an id. 383 * 384 * <p> 385 * This method will return null if the permission does not exist. 386 * </p> 387 * 388 * @param id the unique id to retrieve the permission by. cannot be null or blank. 389 * @return a {@link org.kuali.rice.kim.api.permission.Permission} or null 390 * @throws RiceIllegalArgumentException if the id is null or blank 391 */ 392 @WebMethod(operationName = "getPermission") 393 @WebResult(name = "permission") 394 @Cacheable(value=Permission.Cache.NAME, key="'id=' + #p0") 395 Permission getPermission( @WebParam(name="id") String id ); 396 397 /** 398 * Gets a {@link org.kuali.rice.kim.api.permission.Permission} with the unique combination of namespace and name. 399 * 400 * <p> 401 * This method will return null if the permission does not exist. 402 * </p> 403 * 404 * @param namespaceCode namespace code for permission. cannot be null or blank. 405 * @param name name of permission. cannot be null or blank. 406 * @return a {@link org.kuali.rice.kim.api.permission.Permission} or null 407 * @throws RiceIllegalArgumentException if the namespaceCode or name is null or blank 408 */ 409 @WebMethod(operationName = "findPermByNamespaceCodeAndName") 410 @WebResult(name = "permission") 411 @Cacheable(value=Permission.Cache.NAME, key="'namespaceCode=' + #p0 + '|' + 'name=' + #p1") 412 Permission findPermByNamespaceCodeAndName( 413 @WebParam(name = "namespaceCode") String namespaceCode, 414 @WebParam(name = "name") String name) 415 throws RiceIllegalArgumentException; 416 417 /** 418 * Return the permissions for the given unique combination of namespace, 419 * component and permission template name. 420 * 421 * @param namespaceCode namespace code for permission. cannot be null or blank. 422 * @param templateName name of permission template. cannot be null or blank. 423 * @return a list of {@link org.kuali.rice.kim.api.permission.Permission} or null 424 * @throws RiceIllegalArgumentException if the namespaceCode or name is null or blank 425 */ 426 @WebMethod(operationName = "findPermissionsByTemplate") 427 @XmlElementWrapper(name = "permissions", required = true) 428 @XmlElement(name = "permission", required = false) 429 @WebResult(name = "permissions") 430 @Cacheable(value=Permission.Cache.NAME, key="'namespaceCode=' + #p1 + '|' + 'templateName=' + #p2") 431 List<Permission> findPermissionsByTemplate( 432 @WebParam(name = "namespaceCode") String namespaceCode, 433 @WebParam(name = "templateName") String templateName) 434 throws RiceIllegalArgumentException; 435 436 /** 437 * Gets a {@link Template} from an id. 438 * 439 * <p> 440 * This method will return null if the template does not exist. 441 * </p> 442 * 443 * @param id the unique id to retrieve the template by. cannot be null or blank. 444 * @return a {@link Template} or null 445 * @throws RiceIllegalArgumentException if the id is null or blank 446 */ 447 @WebMethod(operationName = "getPermissionTemplate") 448 @WebResult(name = "id") 449 @Cacheable(value=Template.Cache.NAME + "{Permission}", key="'id=' + #p0") 450 Template getPermissionTemplate( @WebParam(name="id") String id ) throws RiceIllegalArgumentException; 451 452 /** 453 * Finds a {@link Template} for namespaceCode and name. 454 * 455 * @param namespaceCode the namespace code. cannot be null or blank. 456 * @param name the template name. cannot be null or blank. 457 * @return a {@link Template} or null 458 * @throws RiceIllegalArgumentException if the id or namespaceCode is null or blank 459 */ 460 @WebMethod(operationName = "findPermTemplateByNamespaceCodeAndName") 461 @WebResult(name = "permissionTemplate") 462 @Cacheable(value=Template.Cache.NAME + "{Permission}", key="'namespaceCode=' + #p0 + '|' + 'name=' + #p1") 463 Template findPermTemplateByNamespaceCodeAndName( 464 @WebParam(name = "namespaceCode") String namespaceCode, 465 @WebParam(name = "name") String name) throws RiceIllegalArgumentException; 466 467 468 /** 469 * Finds a {@link Template} for namespaceCode and name. 470 * 471 * @return a list of {@link Template} or an empty list if none found 472 */ 473 @WebMethod(operationName = "getAllTemplates") 474 @XmlElementWrapper(name = "templates", required = true) 475 @XmlElement(name = "template", required = false) 476 @WebResult(name = "templates") 477 @Cacheable(value=Template.Cache.NAME + "{Permission}", key="'all'") 478 List<Template> getAllTemplates(); 479 480 /** 481 * Get the role IDs for the given permission. 482 * 483 * @param namespaceCode the permission namespace code. cannot be null or blank. 484 * @param permissionName the permission name. cannot be null or blank. 485 * @return a list of role Ids, or an empty list if none found 486 * @throws RiceIllegalArgumentException if the namespaceCode or permissionName is null or blank 487 */ 488 @WebMethod(operationName = "getRoleIdsForPermission") 489 @XmlElementWrapper(name = "roleIds", required = true) 490 @XmlElement(name = "roleId", required = false) 491 @WebResult(name = "roleIds") 492 List<String> getRoleIdsForPermission( @WebParam(name="namespaceCode") String namespaceCode, 493 @WebParam(name="permissionName") String permissionName) throws RiceIllegalArgumentException; 494 495 /** 496 * This method find Permissions based on a query criteria. The criteria cannot be null. 497 * 498 * @param queryByCriteria the criteria. Cannot be null. 499 * @return query results. will never return null. 500 * @throws RiceIllegalArgumentException if the queryByCriteria is null 501 */ 502 @WebMethod(operationName = "findPermissions") 503 @WebResult(name = "results") 504 PermissionQueryResults findPermissions(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException; 505 506 507 /** 508 * This method find Permission Templates based on a query criteria. The criteria cannot be null. 509 * 510 * @param queryByCriteria the criteria. Cannot be null. 511 * @return query results. will never return null. 512 * @throws RiceIllegalArgumentException if the queryByCriteria is null 513 */ 514 @WebMethod(operationName = "findPermissionTemplates") 515 @WebResult(name = "results") 516 TemplateQueryResults findPermissionTemplates(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException; 517 }