View Javadoc
1   /**
2    * Copyright 2005-2016 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.api.services;
17  
18  import org.kuali.rice.core.api.criteria.QueryByCriteria;
19  import org.kuali.rice.kim.api.common.assignee.Assignee;
20  import org.kuali.rice.kim.api.group.Group;
21  import org.kuali.rice.kim.api.identity.CodedAttribute;
22  import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
23  import org.kuali.rice.kim.api.identity.entity.Entity;
24  import org.kuali.rice.kim.api.identity.entity.EntityDefault;
25  import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
26  import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
27  import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
28  import org.kuali.rice.kim.api.identity.principal.Principal;
29  import org.kuali.rice.kim.api.permission.Permission;
30  import org.kuali.rice.kim.api.responsibility.Responsibility;
31  import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
32  
33  import java.util.List;
34  import java.util.Map;
35  
36  /**
37   * This is the front end for the KIM module.  Clients of KIM should access this service from
38   * their applications.  If KIM is not running on the same machine (VM) as the application
39   * (as would be the case with a standalone Rice server), then this service should be implemented
40   * locally within the application and access the core KIM services
41   * (Authentication/Authorization/Identity/Group) via the service bus.
42   *
43   *  For efficiency, implementations of this interface should add appropriate caching of
44   *  the information retrieved from the core services for load and performance reasons.
45   *
46   *  Most of the methods on this interface are straight pass-thrus to methods on the four core services.
47   *
48   * @author Kuali Rice Team (rice.collab@kuali.org)
49   *
50   */
51  public interface IdentityManagementService {
52  
53  	// *******************************
54  	// IdentityService
55  	// *******************************
56  
57  	Principal getPrincipal( String principalId);
58  	Principal getPrincipalByPrincipalName( String principalName);
59  
60  	Principal getPrincipalByPrincipalNameAndPassword(
61               String principalName,
62               String password
63      );
64  
65  	EntityDefault getEntityDefaultInfo( String entityId);
66  	EntityDefault getEntityDefaultInfoByPrincipalId( String principalId);
67  	EntityDefault getEntityDefaultInfoByPrincipalName( String principalName);
68  
69      EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria);
70  
71  	//KimEntityPrivacyPreferencesInfo getEntityPrivacyPreferences(String entityId);
72  
73  	Entity getEntity( String entityId);
74  	Entity getEntityByPrincipalId( String principalId);
75  	Entity getEntityByPrincipalName( String principalName);
76  
77  	EntityQueryResults findEntities(QueryByCriteria queryByCriteria);
78  
79  	CodedAttribute getAddressType( String code);
80  	EntityAffiliationType getAffiliationType( String code);
81  	CodedAttribute getCitizenshipStatus( String code);
82  	CodedAttribute getEmailType( String code);
83  	CodedAttribute getEmploymentStatus( String code);
84  	CodedAttribute getEmploymentType( String code);
85  	CodedAttribute getEntityNameType( String code);
86  	CodedAttribute getEntityType( String code);
87  	EntityExternalIdentifierType getExternalIdentifierType( String code);
88  	CodedAttribute getPhoneType( String code);
89  
90  	// *******************************
91  	// GroupService
92  	// *******************************
93  
94  	Group getGroup( String groupId);
95  
96      Group getGroupByName(
97               String namespaceCode,
98               String groupName
99      );
100 
101     List<String> getParentGroupIds( String groupId);
102     List<String> getDirectParentGroupIds( String groupId);
103 
104     
105     List<String> getGroupIdsForPrincipal( String principalId);
106 
107     
108     List<String> getGroupIdsForPrincipal(
109              String principalId,
110              String namespaceCode
111     );
112 
113     
114     List<? extends Group> getGroupsForPrincipal( String principalId);
115 
116     
117     List<? extends Group> getGroupsForPrincipal(
118              String principalId,
119              String namespaceCode
120     );
121 
122     List<String> getMemberGroupIds( String groupId);
123     List<String> getDirectMemberGroupIds( String groupId);
124 
125     
126 	boolean isMemberOfGroup(
127              String principalId,
128              String groupId
129     );
130 
131     
132 	boolean isMemberOfGroup(
133              String principalId,
134              String namespaceCode,
135              String groupName
136     );
137 
138 	boolean isGroupMemberOfGroup(
139              String potentialMemberGroupId,
140              String potentialParentId
141     );
142 
143 	List<String> getGroupMemberPrincipalIds( String groupId);
144 	List<String> getDirectGroupMemberPrincipalIds( String groupId);
145 
146     boolean addGroupToGroup(
147              String childId,
148              String parentId
149     );
150 
151     boolean removeGroupFromGroup(
152              String childId,
153              String parentId
154     );
155 
156     boolean addPrincipalToGroup(
157              String principalId,
158              String groupId
159     );
160 
161     boolean removePrincipalFromGroup(
162              String principalId,
163              String groupId
164     );
165 
166     Group createGroup( Group group);
167     void removeAllMembers( String groupId);
168 
169     Group updateGroup(
170              String groupId,
171              Group group
172     );
173 
174     // --------------------
175     // Authorization Checks
176     // --------------------
177 
178     boolean hasPermission(
179              String principalId,
180              String namespaceCode,
181              String permissionName,
182               Map<String, String> permissionDetails
183     );
184 
185     boolean isAuthorized(
186              String principalId,
187              String namespaceCode,
188              String permissionName,
189               Map<String, String> permissionDetails,
190               Map<String, String> qualification
191     );
192 
193     boolean hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
194             Map<String, String> permissionDetails);
195 
196     boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
197             Map<String, String> permissionDetails, Map<String, String> qualification);
198 
199     /**
200      * Returns the matching permission objects for a principal.
201      */
202     List<Permission> getAuthorizedPermissions(
203              String principalId,
204              String namespaceCode,
205              String permissionName,
206               Map<String, String> permissionDetails,
207               Map<String, String> qualification
208     );
209 
210     List<Permission> getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode,
211             String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification);
212 
213     List<Assignee> getPermissionAssignees(
214              String namespaceCode,
215              String permissionName,
216               Map<String, String> permissionDetails,
217               Map<String, String> qualification
218     );
219 
220     List<Assignee> getPermissionAssigneesForTemplate(String namespaceCode, String permissionTemplateName,
221             Map<String, String> permissionDetails, Map<String, String> qualification);
222 
223     // ----------------------
224     // Responsibility Methods
225     // ----------------------
226 
227     /**
228      * Get the responsibility object with the given ID.
229      */
230     Responsibility getResponsibility( String responsibilityId);
231 
232  	/**
233  	 * Return the responsibility object for the given unique combination of namespace,
234  	 * component and responsibility name.
235  	 */
236     Responsibility getResponsibilityByName(
237              String namespaceCode,
238              String responsibilityName
239     );
240 
241     /**
242      * Check whether the principal has the given responsibility within the passed qualifier.
243      */
244     boolean hasResponsibility(
245              String principalId,
246              String namespaceCode,
247              String responsibilityName,
248               Map<String, String> qualification
249     );
250 
251     /**
252      * Check whether the principal has the given responsibility within the passed qualifier.
253      */
254     boolean hasResponsibilityByTemplate(String principalId, String namespaceCode, String responsibilityTemplateName,
255             Map<String, String> qualification, Map<String, String> responsibilityDetails);
256 
257     List<ResponsibilityAction> getResponsibilityActions(
258              String namespaceCode,
259              String responsibilityName,
260               Map<String, String> qualification,
261               Map<String, String> responsibilityDetails
262     );
263 
264     List<ResponsibilityAction> getResponsibilityActionsByTemplate(String namespaceCode,
265             String responsibilityTemplateName, Map<String, String> qualification,
266             Map<String, String> responsibilityDetails);
267 
268     /**
269      * Returns true if there are any assigned permissions with the given template.
270      */
271     boolean isPermissionDefinedForTemplate(String namespaceCode, String permissionTemplateName,
272             Map<String, String> permissionDetails);
273 
274 
275     // ----------------------
276     // Cache Flush Methods
277     // ----------------------
278 
279     void flushAllCaches();
280     void flushEntityPrincipalCaches();
281 	void flushGroupCaches();
282 	void flushPermissionCaches();
283 	void flushResponsibilityCaches();
284 
285 }