001    /**
002     * Copyright 2005-2014 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.kuali.rice.kim.impl.jaxb;
017    
018    import java.io.Serializable;
019    
020    import javax.xml.bind.annotation.XmlAccessType;
021    import javax.xml.bind.annotation.XmlAccessorType;
022    import javax.xml.bind.annotation.XmlElement;
023    import javax.xml.bind.annotation.XmlType;
024    
025    /**
026     * This class represents a &lt;roleData&gt; element.
027     * 
028     * <p>The expected XML structure is as follows:
029     * 
030     * <br>
031     * <br>&lt;roleData&gt;
032     * <br>&nbsp;&nbsp;&lt;roles&gt;
033     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;role&gt;
034     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleName namespaceCode=""&gt;&lt;/roleName&gt;
035     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;kimTypeName namespaceCode=""&gt;&lt;/kimTypeName&gt;
036     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;description&gt;&lt;/description&gt;
037     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;active&gt;&lt;/active&gt;
038     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleMembers&gt;
039     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleMember&gt;
040     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;principalId&gt;&lt;/principalId&gt;
041     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;principalName&gt;&lt;/principalName&gt;
042     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;groupId&gt;&lt;/groupId&gt;
043     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;groupName namespaceCode=""&gt;&lt;/groupName&gt;
044     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleIdAsMember&gt;&lt;/roleIdAsMember&gt;
045     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleNameAsMember namespaceCode=""&gt;&lt;/roleNameAsMember&gt;
046     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;activeFromDate&gt;&lt;/activeFromDate&gt;
047     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;activeToDate&gt;&lt;/activeToDate&gt;
048     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;qualifications&gt;
049     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;qualification key=""&gt;&lt;/qualification&gt;
050     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/qualifications&gt;
051     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/roleMember&gt;
052     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/roleMembers&gt;
053     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;rolePermissions&gt;
054     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;rolePermission&gt;
055     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;permissionId&gt;&lt;/permissionId&gt;
056     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;permissionName namespaceCode=""&gt;&lt;/permissionName&gt;
057     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/rolePermission&gt;
058     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/rolePermissions&gt;
059     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/role&gt;
060     * <br>&nbsp;&nbsp;&lt;/roles&gt;
061     * <br>&nbsp;&nbsp;&lt;roleMembers&gt;
062     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleMember&gt;
063     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleId&gt;&lt;/roleId&gt;
064     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleName namespaceCode=""&gt;&lt;/roleName&gt;
065     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;principalId&gt;&lt;/principalId&gt;
066     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;principalName&gt;&lt;/principalName&gt;
067     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;groupId&gt;&lt;/groupId&gt;
068     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;groupName namespaceCode=""&gt;&lt;/groupName&gt;
069     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleIdAsMember&gt;&lt;/roleIdAsMember&gt;
070     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleNameAsMember namespaceCode=""&gt;&lt;/roleNameAsMember&gt;
071     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;activeFromDate&gt;&lt;/activeFromDate&gt;
072     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;activeToDate&gt;&lt;/activeToDate&gt;
073     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;qualifications&gt;
074     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;qualification key=""&gt;&lt;/qualification&gt;
075     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/qualifications&gt;
076     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/roleMember&gt;
077     * <br>&nbsp;&nbsp;&lt;/roleMembers&gt;
078     * <br>&nbsp;&nbsp;&lt;rolePermissions&gt;
079     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;rolePermission&gt;
080     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleId&gt;&lt;/roleId&gt;
081     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;roleName namespaceCode=""&gt;&lt;/roleName&gt;
082     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;permissionId&gt;&lt;/permissionId&gt;
083     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;permissionName namespaceCode=""&gt;&lt;/permissionName&gt;
084     * <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/rolePermission&gt;
085     * <br>&nbsp;&nbsp;&lt;/rolePermissions&gt;
086     * <br>&lt;/roleData&gt;
087     * 
088     * <p>Note the following:
089     * <ul>
090     *   <li>The &lt;roles&gt; element is optional, and can contain zero or more &lt;role&gt; elements.
091     *   <li>The &lt;roleName&gt; element on the &lt;role&gt; element and its "namespaceCode" attribute
092     *   are required, and must be non-blank. The namespace code must map to a valid namespace.
093     *   If the name and namespace combo matches an existing role, then the role in the XML will
094     *   overwrite the existing role.
095     *   <li>The &lt;kimTypeName&gt; and its "namespaceCode" attribute are both required, and the
096     *   name and namespace combo must match an existing KIM type.
097     *   <li>The &lt;description&gt; element is required, and must be non-blank.
098     *   <li>The &lt;active&gt; element is optional, and will be set to true if not specified.
099     *   <li>Both &lt;roleMembers&gt; elements are optional, and can contain zero or more
100     *   &lt;roleMember&gt; elements. If the &lt;roleMembers&gt; element within the &lt;role&gt;
101     *   element is specified, then any role members that are not within that element will be removed
102     *   from the role if the XML is overwriting an existing one. (The &lt;roleMembers&gt; element
103     *   outside of the &lt;role&gt; element can still add or re-add members that are not located
104     *   within the other &lt;roleMembers&gt; element.)
105     *   <li>For both &lt;roleMember&gt; elements:
106     *     <ul>
107     *       <li>Exactly one of these sets of member identification must be specified:
108     *         <ol>
109     *           <li>A &lt;principalId&gt; and/or &lt;principalName&gt; element, where the former
110     *           must contain a valid principal ID and the latter must contain a valid principal name.
111     *           <li>A &lt;groupId&gt; and/or &lt;groupName&gt; element, where the former must contain
112     *           a valid group ID and the latter must contain a valid group name and namespace.
113     *           <li>A &lt;roleIdAsMember&gt; and/or &lt;roleNameAsMember&gt; element, where the former
114     *           must contain a valid role ID and the latter must contain a valid role name and namespace.
115     *         </ol>
116     *       <li>The &lt;activeFromDate&gt; element is optional, and its content must be a date String
117     *       that can be parsed by the DateTimeService.
118     *       <li>The &lt;activeToDate&gt; element is optional, and its content must be a date String
119     *       that can be parsed by the DateTimeService.
120     *       <li>The &lt;qualifications&gt; element is optional, and can contain zero or more
121     *       &lt;qualification&gt; elements.
122     *       <li>The &lt;qualification&gt; element's "key" attribute is required, and must be non-blank.
123     *       Duplicate keys within a &lt;qualifications&gt; element are not permitted.
124     *     </ul>
125     *   <li>For both &lt;rolePermission&gt; elements:
126     *     <ul>
127     *       <li>A &lt;permissionId&gt; and/or &lt;permissionName&gt; element must be specified, where the
128     *       former must contain a valid permission ID and the latter must contain a valid permission
129     *       name and namespace.
130     *     </ul>
131     *   <li>For the &lt;roleMember&gt; and &lt;rolePermission&gt; elements not inside a &lt;role&gt; element:
132     *     <ul>
133     *       <li>A &lt;roleId&gt; and/or &lt;roleName&gt; element must be specified, where the former must
134     *       contain a valid role ID and the latter must contain a valid role name and namespace.
135     *     </ul>
136     *   <li>The ingestion process is currently order-dependent, which should be kept in mind when adding
137     *   roles as members of another role or assigning permissions to roles. (The permission XML always
138     *   gets ingested prior to the role XML.)
139     *   <li>The assignments of permissions to roles can only be added, not removed or deactivated.
140     *   (TODO: Improve the role/permission-updating API to allow for updates and removals.)
141     *   <li>The same roles, role members, and role permissions can be ingested within the same file,
142     *   where subsequent ones will overwrite previous ones. (TODO: Is this acceptable?)
143     *   <li>The IDs of principals, groups, roles, and permissions are not included when exporting the XML.
144     *   <li>Delegations and responsibility actions are currently not supported by the ingestion process.
145     * </ul>
146     * 
147     * TODO: Verify that the above behavior is correct.
148     * 
149     * @author Kuali Rice Team (rice.collab@kuali.org)
150     */
151    @XmlAccessorType(XmlAccessType.FIELD)
152    @XmlType(name="RoleDataType", propOrder={"roles", "roleMembers", "rolePermissions"})
153    public class RoleDataXmlDTO implements Serializable {
154    
155        private static final long serialVersionUID = 1L;
156    
157        @XmlElement(name="roles")
158        private RolesXmlDTO roles;
159        
160        @XmlElement(name="roleMembers")
161        private RoleMembersXmlDTO.OutsideOfRole roleMembers;
162    
163        @XmlElement(name="rolePermissions")
164        private RolePermissionsXmlDTO.OutsideOfRole rolePermissions;
165        
166        public RoleDataXmlDTO() {}
167        
168        public RoleDataXmlDTO(RolesXmlDTO roles) {
169            this.roles = roles;
170        }
171    
172        /**
173         * @return the roles
174         */
175        public RolesXmlDTO getRoles() {
176            return this.roles;
177        }
178    
179        /**
180         * @param roles the roles to set
181         */
182        public void setRoles(RolesXmlDTO roles) {
183            this.roles = roles;
184        }
185    
186        /**
187         * @return the roleMembers
188         */
189        public RoleMembersXmlDTO.OutsideOfRole getRoleMembers() {
190            return this.roleMembers;
191        }
192    
193        /**
194         * @param roleMembers the roleMembers to set
195         */
196        public void setRoleMembers(RoleMembersXmlDTO.OutsideOfRole roleMembers) {
197            this.roleMembers = roleMembers;
198        }
199    
200        /**
201         * @return the rolePermissions
202         */
203        public RolePermissionsXmlDTO.OutsideOfRole getRolePermissions() {
204            return this.rolePermissions;
205        }
206    
207        /**
208         * @param rolePermissions the rolePermissions to set
209         */
210        public void setRolePermissions(RolePermissionsXmlDTO.OutsideOfRole rolePermissions) {
211            this.rolePermissions = rolePermissions;
212        }
213            
214    }