|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PermissionService
This service provides operations for evaluating permissions and querying for permission data.
A permission is the ability to perform an action. All permissions have a permission template. Both permissions and permission templates are uniquely identified by a namespace code plus a name. The permission template defines the course-grained permission and specifies what additional permission details need to be collected on permissions that use that template. For example, a permission template might have a name of "Initiate Document" which requires a permission detail specifying the document type that can be initiated. A permission created from the "Initiate Document" template would define the name of the specific Document Type that can be initiated as a permission detail.
The isAuthorized and isAuthorizedByTemplate operations on this service are used to execute authorization checks for a principal against a permission. Permissions are always assigned to roles (never directly to a principal or group). A particular principal will be authorized for a given permission if the permission evaluates to true (according to the permission evaluation logic and based on any supplied permission details) and that principal is assigned to a role which has been granted the permission.
The actual logic for how permission evaluation logic is defined and executed is dependent upon the permission service implementation. However, it will typically be associated with the permission template used on the permission.
Method Summary | |
---|---|
Permission |
createPermission(Permission permission)
This will create a Permission exactly like the permission passed in. |
Permission |
findPermByNamespaceCodeAndName(String namespaceCode,
String name)
Gets a Permission with the unique combination of namespace and name. |
PermissionQueryResults |
findPermissions(QueryByCriteria queryByCriteria)
This method find Permissions based on a query criteria. |
List<Permission> |
findPermissionsByTemplate(String namespaceCode,
String templateName)
Return the permissions for the given unique combination of namespace, component and permission template name. |
TemplateQueryResults |
findPermissionTemplates(QueryByCriteria queryByCriteria)
This method find Permission Templates based on a query criteria. |
Template |
findPermTemplateByNamespaceCodeAndName(String namespaceCode,
String name)
Finds a Template for namespaceCode and name. |
List<Template> |
getAllTemplates()
Finds a Template for namespaceCode and name. |
List<Permission> |
getAuthorizedPermissions(String principalId,
String namespaceCode,
String permissionName,
Map<String,String> qualification)
Returns permissions (with their details) that are granted to the principal given the passed qualification. |
List<Permission> |
getAuthorizedPermissionsByTemplate(String principalId,
String namespaceCode,
String permissionTemplateName,
Map<String,String> permissionDetails,
Map<String,String> qualification)
Returns permissions (with their details) that are granted to the principal given the passed qualification. |
Permission |
getPermission(String id)
Gets a Permission from an id. |
List<Assignee> |
getPermissionAssignees(String namespaceCode,
String permissionName,
Map<String,String> qualification)
Get the list of principals/groups who have a given permission. |
List<Assignee> |
getPermissionAssigneesByTemplate(String namespaceCode,
String permissionTemplateName,
Map<String,String> permissionDetails,
Map<String,String> qualification)
Get the list of principals/groups who have a given permission that match the given permission template and permission details. |
Template |
getPermissionTemplate(String id)
Gets a Template from an id. |
List<String> |
getRoleIdsForPermission(String namespaceCode,
String permissionName)
Get the role IDs for the given permission. |
boolean |
hasPermission(String principalId,
String namespaceCode,
String permissionName)
Checks in a given principal id has a permission using the passed in permission information. |
boolean |
hasPermissionByTemplate(String principalId,
String namespaceCode,
String permissionTemplateName,
Map<String,String> permissionDetails)
Checks whether the principal has been granted a permission matching the given details without taking role qualifiers into account. |
boolean |
isAuthorized(String principalId,
String namespaceCode,
String permissionName,
Map<String,String> qualification)
Checks whether the given qualified permission is granted to the principal given the passed roleQualification. |
boolean |
isAuthorizedByTemplate(String principalId,
String namespaceCode,
String permissionTemplateName,
Map<String,String> permissionDetails,
Map<String,String> qualification)
Checks whether the given qualified permission is granted to the principal given the passed roleQualification. |
boolean |
isPermissionDefined(String namespaceCode,
String permissionName)
Returns true if the given permission is defined on any Roles. |
boolean |
isPermissionDefinedByTemplate(String namespaceCode,
String permissionTemplateName,
Map<String,String> permissionDetails)
Returns true if the given permission template is defined on any Roles. |
Permission |
updatePermission(Permission permission)
This will update a Permission . |
Method Detail |
---|
@CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/TemplateType{Permission}"}, allEntries=true) Permission createPermission(Permission permission) throws RiceIllegalArgumentException, RiceIllegalStateException
Permission
exactly like the permission passed in.
permission
- the permission to create
RiceIllegalArgumentException
- if the permission is null
RiceIllegalStateException
- if the permission is already existing in the system@CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/TemplateType{Permission}"}, allEntries=true) Permission updatePermission(Permission permission) throws RiceIllegalArgumentException, RiceIllegalStateException
Permission
.
permission
- the permission to update
RiceIllegalArgumentException
- if the permission is null
RiceIllegalStateException
- if the permission does not exist in the systemboolean hasPermission(String principalId, String namespaceCode, String permissionName) throws RiceIllegalArgumentException
principalId
- the principal id to check. cannot be null or blank.namespaceCode
- the namespace code. cannot be null or blank.permissionName
- the permission name. cannot be null or blank.
RiceIllegalArgumentException
- if the principalId, namespaceCode, permissionName is null or blankboolean isAuthorized(String principalId, String namespaceCode, String permissionName, Map<String,String> qualification) throws RiceIllegalArgumentException
hasPermission(String, String, String)
.
Each role assigned to the principal is checked for qualifications. If a qualifier
exists on the principal's membership in that role, that is checked first through
the role's type service. Once it is determined that the principal has the role
in the given context (qualification), the permissions are examined.
principalId
- the principal id to check. cannot be null or blank.namespaceCode
- the namespace code. cannot be null or blank.permissionName
- the permission name. cannot be null or blank.qualification
- the qualifications to test against.
RiceIllegalArgumentException
- if the principalId, namespaceCode, permissionName is null or blankboolean hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails) throws RiceIllegalArgumentException
principalId
- the principal id to check. cannot be null or blank.namespaceCode
- the namespace code. cannot be null or blank.permissionTemplateName
- the permission name. cannot be null or blank.permissionDetails
- the permission details
RiceIllegalArgumentException
- if the principalId, namespaceCode, permissionName is null or blankboolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails, Map<String,String> qualification) throws RiceIllegalArgumentException
hasPermission(String, String, String)
.
Each role assigned to the principal is checked for qualifications. If a qualifier
exists on the principal's membership in that role, that is checked first through
the role's type service. Once it is determined that the principal has the role
in the given context (qualification), the permissions are examined.
Each permission is checked against the permissionDetails. The PermissionTypeService
is called for each permission with the given permissionName to see if the
permissionDetails matches its details.
principalId
- the principal id to check. cannot be null or blank.namespaceCode
- the namespace code. cannot be null or blank.permissionTemplateName
- the permission name. cannot be null or blank.permissionDetails
- the permission detailsqualification
- the permission qualifications
RiceIllegalArgumentException
- if the principalId, namespaceCode, permissionName is null or blankList<Assignee> getPermissionAssignees(String namespaceCode, String permissionName, Map<String,String> qualification) throws RiceIllegalArgumentException
namespaceCode
- the namespace code. cannot be null or blank.permissionName
- the permission name. cannot be null or blank.qualification
- the permission qualifications
RiceIllegalArgumentException
- if the principalId, namespaceCode, permissionName is null or blankList<Assignee> getPermissionAssigneesByTemplate(String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails, Map<String,String> qualification) throws RiceIllegalArgumentException
namespaceCode
- the namespace code. cannot be null or blank.permissionTemplateName
- the permission name. cannot be null or blank.permissionDetails
- the permission details.qualification
- the permission qualifications
RiceIllegalArgumentException
- if the principalId, namespaceCode, permissionName is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/PermissionType", key="\'{isPermissionDefined}\' + \'namespaceCode=\' + #p0 + \'|\' + \'permissionName=\' + #p1") boolean isPermissionDefined(String namespaceCode, String permissionName) throws RiceIllegalArgumentException
namespaceCode
- the namespace code. cannot be null or blank.permissionName
- the permission name. cannot be null or blank.
RiceIllegalArgumentException
- if the namespaceCode or permissionName is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/PermissionType", key="\'{isPermissionDefinedByTemplate}\' + \'namespaceCode=\' + #p0 + \'|\' + \'permissionTemplateName=\' + #p1 + \'|\' + \'permissionDetails=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).mapKey(#p2)") boolean isPermissionDefinedByTemplate(String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails) throws RiceIllegalArgumentException
namespaceCode
- the namespace code. cannot be null or blank.permissionTemplateName
- the permission name. cannot be null or blank.permissionDetails
- the permission template details
RiceIllegalArgumentException
- if the namespaceCode or permissionName is null or blankList<Permission> getAuthorizedPermissions(String principalId, String namespaceCode, String permissionName, Map<String,String> qualification) throws RiceIllegalArgumentException
principalId
- the principal Id. cannot be null or blank.namespaceCode
- the namespace code. cannot be null or blank.permissionName
- the permission name. cannot be null or blank.qualification
- the permission qualifications
RiceIllegalArgumentException
- if the principalId, namespaceCode or permissionName is null or blankList<Permission> getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails, Map<String,String> qualification) throws RiceIllegalArgumentException
principalId
- the principal Id. cannot be null or blank.namespaceCode
- the namespace code. cannot be null or blank.permissionTemplateName
- the permission name. cannot be null or blank.permissionDetails
- the permission template details.qualification
- the permission qualifications
RiceIllegalArgumentException
- if the principalId, namespaceCode or permissionTemplateName is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/PermissionType", key="\'id=\' + #p0") Permission getPermission(String id)
Permission
from an id.
This method will return null if the permission does not exist.
id
- the unique id to retrieve the permission by. cannot be null or blank.
Permission
or null
RiceIllegalArgumentException
- if the id is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/PermissionType", key="\'namespaceCode=\' + #p0 + \'|\' + \'name=\' + #p1") Permission findPermByNamespaceCodeAndName(String namespaceCode, String name) throws RiceIllegalArgumentException
Permission
with the unique combination of namespace and name.
This method will return null if the permission does not exist.
namespaceCode
- namespace code for permission. cannot be null or blank.name
- name of permission. cannot be null or blank.
Permission
or null
RiceIllegalArgumentException
- if the namespaceCode or name is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/PermissionType", key="\'namespaceCode=\' + #p1 + \'|\' + \'templateName=\' + #p2") List<Permission> findPermissionsByTemplate(String namespaceCode, String templateName) throws RiceIllegalArgumentException
namespaceCode
- namespace code for permission. cannot be null or blank.templateName
- name of permission template. cannot be null or blank.
Permission
or null
RiceIllegalArgumentException
- if the namespaceCode or name is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/TemplateType{Permission}", key="\'id=\' + #p0") Template getPermissionTemplate(String id) throws RiceIllegalArgumentException
Template
from an id.
This method will return null if the template does not exist.
id
- the unique id to retrieve the template by. cannot be null or blank.
Template
or null
RiceIllegalArgumentException
- if the id is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/TemplateType{Permission}", key="\'namespaceCode=\' + #p0 + \'|\' + \'name=\' + #p1") Template findPermTemplateByNamespaceCodeAndName(String namespaceCode, String name) throws RiceIllegalArgumentException
Template
for namespaceCode and name.
namespaceCode
- the namespace code. cannot be null or blank.name
- the template name. cannot be null or blank.
Template
or null
RiceIllegalArgumentException
- if the id or namespaceCode is null or blank@Cacheable(value="http://rice.kuali.org/kim/v2_0/TemplateType{Permission}", key="\'all\'") List<Template> getAllTemplates()
Template
for namespaceCode and name.
Template
or an empty list if none found@Cacheable(value="http://rice.kuali.org/kim/v2_0/PermissionType", key="\'{RoleIds}namespaceCode=\' + #p0 + \'|\' + \'name=\' + #p1") List<String> getRoleIdsForPermission(String namespaceCode, String permissionName) throws RiceIllegalArgumentException
namespaceCode
- the permission namespace code. cannot be null or blank.permissionName
- the permission name. cannot be null or blank.
RiceIllegalArgumentException
- if the namespaceCode or permissionName is null or blankPermissionQueryResults findPermissions(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException
queryByCriteria
- the criteria. Cannot be null.
RiceIllegalArgumentException
- if the queryByCriteria is nullTemplateQueryResults findPermissionTemplates(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException
queryByCriteria
- the criteria. Cannot be null.
RiceIllegalArgumentException
- if the queryByCriteria is null
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |