org.kuali.rice.kim.impl.permission

Class PermissionServiceImpl

java.lang.Object

org.kuali.rice.kim.impl.permission.PermissionServiceImpl

All Implemented Interfaces:

PermissionService

public class PermissionServiceImpl
extends Object
implements PermissionService

Field Summary

Fields

Modifier and Type	Field and Description
protected org.springframework.cache.CacheManager	cacheManager
protected DataObjectService	dataObjectService
protected PermissionTypeService	defaultPermissionTypeService
protected KimTypeInfoService	kimTypeInfoService
protected RoleService	roleService

Constructor Summary

Constructors

Constructor and Description
PermissionServiceImpl()

Method Summary

Methods

Modifier and Type	Method and Description
Permission	createPermission(Permission permission) This will create a Permission exactly like the permission passed in.
Permission	findPermByNamespaceCodeAndName(String namespaceCode, String permissionName) Gets a Permission with the unique combination of namespace and name.
PermissionQueryResults	findPermissions(QueryByCriteria queryByCriteria) This method find Permissions based on a query criteria.
List<Permission>	findPermissionsByTemplate(String namespaceCode, String permissionTemplateName) Return the permissions for the given unique combination of namespace, component and permission template name.
TemplateQueryResults	findPermissionTemplates(QueryByCriteria queryByCriteria) This method find Permission Templates based on a query criteria.
Template	findPermTemplateByNamespaceCodeAndName(String namespaceCode, String permissionTemplateName) Finds a Template for namespaceCode and name.
List<Template>	getAllTemplates() Finds a Template for namespaceCode and name.
List<Permission>	getAuthorizedPermissions(String principalId, String namespaceCode, String permissionName, Map<String,String> qualification) Returns permissions (with their details) that are granted to the principal given the passed qualification.
List<Permission>	getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails, Map<String,String> qualification) Returns permissions (with their details) that are granted to the principal given the passed qualification.
protected List<Permission>	getMatchingPermissions(List<Permission> permissions, Map<String,String> permissionDetails) Compare each of the passed in permissions with the given permissionDetails.
Permission	getPermission(String permissionId) Gets a Permission from an id.
List<Assignee>	getPermissionAssignees(String namespaceCode, String permissionName, Map<String,String> qualification) Get the list of principals/groups who have a given permission.
List<Assignee>	getPermissionAssigneesByTemplate(String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails, Map<String,String> qualification) Get the list of principals/groups who have a given permission that match the given permission template and permission details.
protected PermissionBo	getPermissionBoByName(String namespaceCode, String permissionName)
protected PermissionBo	getPermissionImpl(String permissionId)
protected List<Permission>	getPermissionsByName(String namespaceCode, String permissionName)
protected List<Permission>	getPermissionsByTemplateName(String namespaceCode, String permissionTemplateName)
protected List<Permission>	getPermissionsForUser(String principalId, List<Permission> permissions, Map<String,String> qualification) Checks the list of permissions against the principal's roles and returns a subset of the list which match.
Template	getPermissionTemplate(String permissionTemplateId) Gets a Template from an id.
protected PermissionTypeService	getPermissionTypeService(Template permissionTemplate)
protected Map<String,PermissionTypeService>	getPermissionTypeServicesByTemplateId(Collection<Permission> permissions)
List<String>	getRoleIdsForPermission(String namespaceCode, String permissionName) Get the role IDs for the given permission.
protected List<String>	getRoleIdsForPermissionTemplate(String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails)
protected Map<String,List<Permission>>	groupPermissionsByTemplate(Collection<Permission> permissions)
boolean	hasPermission(String principalId, String namespaceCode, String permissionName) Checks in a given principal id has a permission using the passed in permission information.
boolean	hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails) Checks whether the principal has been granted a permission matching the given details without taking role qualifiers into account.
boolean	isAuthorized(String principalId, String namespaceCode, String permissionName, Map<String,String> qualification) Checks whether the given qualified permission is granted to the principal given the passed roleQualification.
boolean	isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails, Map<String,String> qualification) Checks whether the given qualified permission is granted to the principal given the passed roleQualification.
boolean	isPermissionDefined(String namespaceCode, String permissionName) Returns true if the given permission is defined on any Roles.
boolean	isPermissionDefinedByTemplate(String namespaceCode, String permissionTemplateName, Map<String,String> permissionDetails) Returns true if the given permission template is defined on any Roles.
protected void	logAuthorizationCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String,String> qualification)
protected void	logAuthorizationCheckByTemplate(String checkType, String principalId, String namespaceCode, String permissionName, Map<String,String> permissionDetails, Map<String,String> qualification)
void	setCacheManager(org.springframework.cache.CacheManager cacheManager) Sets the cache manager which this service implementation can for internal caching.
void	setDataObjectService(DataObjectService dataObjectService) Sets the dataObjectService attribute value.
void	setDefaultPermissionTypeService(PermissionTypeService defaultPermissionTypeService) Sets the defaultPermissionTypeService attribute value.
void	setKimTypeInfoService(KimTypeInfoService kimTypeInfoService) Sets the kimTypeInfoService attribute value.
void	setRoleService(RoleService roleService) Sets the roleService attribute value.
Permission	updatePermission(Permission permission) This will update a Permission.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

roleService

protected RoleService roleService

defaultPermissionTypeService

protected PermissionTypeService defaultPermissionTypeService

kimTypeInfoService

protected KimTypeInfoService kimTypeInfoService

dataObjectService

protected DataObjectService dataObjectService

cacheManager

protected org.springframework.cache.CacheManager cacheManager

Constructor Detail

PermissionServiceImpl

public PermissionServiceImpl()

Method Detail

getPermissionTypeService

protected PermissionTypeService getPermissionTypeService(Template permissionTemplate)

hasPermission

public boolean hasPermission(String principalId,
                    String namespaceCode,
                    String permissionName)
                      throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Checks in a given principal id has a permission using the passed in permission information. This method should not be used for true authorization checks since a principal may only have this permission within a given context. It could be used to identify that the user would have some permissions within a certain area. Later checks would identify exactly what permissions were granted. It can also be used when the client application KNOWS that this is a role which is never qualified.

Specified by:

hasPermission in interface PermissionService

Parameters:

principalId - the principal id to check. cannot be null or blank.

namespaceCode - the namespace code. cannot be null or blank.

permissionName - the permission name. cannot be null or blank.

Returns:

true is principal has permission

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode, permissionName is null or blank

isAuthorized

public boolean isAuthorized(String principalId,
                   String namespaceCode,
                   String permissionName,
                   Map<String,String> qualification)
                     throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Checks whether the given qualified permission is granted to the principal given the passed roleQualification. If no roleQualification is passed (null or empty) then this method behaves the same as PermissionService.hasPermission(String, String, String). Each role assigned to the principal is checked for qualifications. If a qualifier exists on the principal's membership in that role, that is checked first through the role's type service. Once it is determined that the principal has the role in the given context (qualification), the permissions are examined.

Specified by:

isAuthorized in interface PermissionService

Parameters:

principalId - the principal id to check. cannot be null or blank.

namespaceCode - the namespace code. cannot be null or blank.

permissionName - the permission name. cannot be null or blank.

qualification - the qualifications to test against.

Returns:

true is principal has permission

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode, permissionName is null or blank

hasPermissionByTemplate

public boolean hasPermissionByTemplate(String principalId,
                              String namespaceCode,
                              String permissionTemplateName,
                              Map<String,String> permissionDetails)
                                throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Checks whether the principal has been granted a permission matching the given details without taking role qualifiers into account. This method should not be used for true authorization checks since a principal may only have this permission within a given context. It could be used to identify that the user would have some permissions within a certain area. Later checks would identify exactly what permissions were granted. It can also be used when the client application KNOWS that this is a role which is never qualified.

Specified by:

hasPermissionByTemplate in interface PermissionService

Parameters:

principalId - the principal id to check. cannot be null or blank.

namespaceCode - the namespace code. cannot be null or blank.

permissionTemplateName - the permission name. cannot be null or blank.

permissionDetails - the permission details

Returns:

true is principal has permission

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode, permissionName is null or blank

isAuthorizedByTemplate

public boolean isAuthorizedByTemplate(String principalId,
                             String namespaceCode,
                             String permissionTemplateName,
                             Map<String,String> permissionDetails,
                             Map<String,String> qualification)
                               throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Checks whether the given qualified permission is granted to the principal given the passed roleQualification. If no roleQualification is passed (null or empty) then this method behaves the same as PermissionService.hasPermission(String, String, String). Each role assigned to the principal is checked for qualifications. If a qualifier exists on the principal's membership in that role, that is checked first through the role's type service. Once it is determined that the principal has the role in the given context (qualification), the permissions are examined. Each permission is checked against the permissionDetails. The PermissionTypeService is called for each permission with the given permissionName to see if the permissionDetails matches its details.

Specified by:

isAuthorizedByTemplate in interface PermissionService

Parameters:

principalId - the principal id to check. cannot be null or blank.

namespaceCode - the namespace code. cannot be null or blank.

permissionTemplateName - the permission name. cannot be null or blank.

permissionDetails - the permission details

qualification - the permission qualifications

Returns:

true is principal has permission

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode, permissionName is null or blank

getAuthorizedPermissions

public List<Permission> getAuthorizedPermissions(String principalId,
                                        String namespaceCode,
                                        String permissionName,
                                        Map<String,String> qualification)
                                          throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Returns permissions (with their details) that are granted to the principal given the passed qualification. If no qualification is passed (null or empty) then this method does not check any qualifications on the roles. After the permissions are determined, the roles that hold those permissions are determined. Each role that matches between the principal and the permission objects is checked for qualifications. If a qualifier exists on the principal's membership in that role, that is checked through the role's type service.

Specified by:

getAuthorizedPermissions in interface PermissionService

Parameters:

principalId - the principal Id. cannot be null or blank.

namespaceCode - the namespace code. cannot be null or blank.

permissionName - the permission name. cannot be null or blank.

qualification - the permission qualifications

Returns:

list of permissions that are authorized with the given parameters

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode or permissionName is null or blank

getAuthorizedPermissionsByTemplate

public List<Permission> getAuthorizedPermissionsByTemplate(String principalId,
                                                  String namespaceCode,
                                                  String permissionTemplateName,
                                                  Map<String,String> permissionDetails,
                                                  Map<String,String> qualification)
                                                    throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Returns permissions (with their details) that are granted to the principal given the passed qualification. If no qualification is passed (null or empty) then this method does not check any qualifications on the roles. All permissions with the given name are checked against the permissionDetails. The PermissionTypeService is called for each permission to see if the permissionDetails matches its details. An asterisk (*) as a value in any permissionDetails key-value pair will match any value. This forms a way to provide a wildcard to obtain multiple permissions in one call. After the permissions are determined, the roles that hold those permissions are determined. Each role that matches between the principal and the permission objects is checked for qualifications. If a qualifier exists on the principal's membership in that role, that is checked through the role's type service.

Specified by:

getAuthorizedPermissionsByTemplate in interface PermissionService

Parameters:

principalId - the principal Id. cannot be null or blank.

namespaceCode - the namespace code. cannot be null or blank.

permissionTemplateName - the permission name. cannot be null or blank.

permissionDetails - the permission template details.

qualification - the permission qualifications

Returns:

list of permissions that are authorized with the given parameters

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode or permissionTemplateName is null or blank

getPermissionsForUser

protected List<Permission> getPermissionsForUser(String principalId,
                                     List<Permission> permissions,
                                     Map<String,String> qualification)

Checks the list of permissions against the principal's roles and returns a subset of the list which match.

getPermissionTypeServicesByTemplateId

protected Map<String,PermissionTypeService> getPermissionTypeServicesByTemplateId(Collection<Permission> permissions)

groupPermissionsByTemplate

protected Map<String,List<Permission>> groupPermissionsByTemplate(Collection<Permission> permissions)

getMatchingPermissions

protected List<Permission> getMatchingPermissions(List<Permission> permissions,
                                      Map<String,String> permissionDetails)

Compare each of the passed in permissions with the given permissionDetails. Those that match are added to the result list.

getPermissionAssignees

public List<Assignee> getPermissionAssignees(String namespaceCode,
                                    String permissionName,
                                    Map<String,String> qualification)
                                      throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Get the list of principals/groups who have a given permission. This also returns delegates for the given principals/groups who also have this permission given the context in the qualification parameter. Each role assigned to the principal is checked for qualifications. If a qualifier exists on the principal's membership in that role, that is checked first through the role's type service. Once it is determined that the principal has the role in the given context (qualification), the permissions are examined.

Specified by:

getPermissionAssignees in interface PermissionService

Parameters:

namespaceCode - the namespace code. cannot be null or blank.

permissionName - the permission name. cannot be null or blank.

qualification - the permission qualifications

Returns:

list of assignees that have been assigned the permissions

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode, permissionName is null or blank

getPermissionAssigneesByTemplate

public List<Assignee> getPermissionAssigneesByTemplate(String namespaceCode,
                                              String permissionTemplateName,
                                              Map<String,String> permissionDetails,
                                              Map<String,String> qualification)
                                                throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Get the list of principals/groups who have a given permission that match the given permission template and permission details. This also returns delegates for the given principals/groups who also have this permission given the context in the qualification parameter. Each role assigned to the principal is checked for qualifications. If a qualifier exists on the principal's membership in that role, that is checked first through the role's type service. Once it is determined that the principal has the role in the given context (qualification), the permissions are examined.

Specified by:

getPermissionAssigneesByTemplate in interface PermissionService

Parameters:

namespaceCode - the namespace code. cannot be null or blank.

permissionTemplateName - the permission name. cannot be null or blank.

permissionDetails - the permission details.

qualification - the permission qualifications

Returns:

list of assignees that have been assigned the permissions by template

Throws:

RiceIllegalArgumentException - if the principalId, namespaceCode, permissionName is null or blank

isPermissionDefined

public boolean isPermissionDefined(String namespaceCode,
                          String permissionName)
                            throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Returns true if the given permission is defined on any Roles.

Specified by:

isPermissionDefined in interface PermissionService

Parameters:

namespaceCode - the namespace code. cannot be null or blank.

permissionName - the permission name. cannot be null or blank.

Returns:

true if given permission is defined on any Roles

Throws:

RiceIllegalArgumentException - if the namespaceCode or permissionName is null or blank

isPermissionDefinedByTemplate

public boolean isPermissionDefinedByTemplate(String namespaceCode,
                                    String permissionTemplateName,
                                    Map<String,String> permissionDetails)
                                      throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Returns true if the given permission template is defined on any Roles.

Specified by:

isPermissionDefinedByTemplate in interface PermissionService

Parameters:

namespaceCode - the namespace code. cannot be null or blank.

permissionTemplateName - the permission name. cannot be null or blank.

permissionDetails - the permission template details

Returns:

true if given permission template is defined on any Roles

Throws:

RiceIllegalArgumentException - if the namespaceCode or permissionName is null or blank

getRoleIdsForPermission

public List<String> getRoleIdsForPermission(String namespaceCode,
                                   String permissionName)
                                     throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Get the role IDs for the given permission.

Specified by:

getRoleIdsForPermission in interface PermissionService

Parameters:

namespaceCode - the permission namespace code. cannot be null or blank.

permissionName - the permission name. cannot be null or blank.

Returns:

a list of role Ids, or an empty list if none found

Throws:

RiceIllegalArgumentException - if the namespaceCode or permissionName is null or blank

getRoleIdsForPermissionTemplate

protected List<String> getRoleIdsForPermissionTemplate(String namespaceCode,
                                           String permissionTemplateName,
                                           Map<String,String> permissionDetails)

getPermission

public Permission getPermission(String permissionId)
                         throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Gets a Permission from an id.

This method will return null if the permission does not exist.

Specified by:

getPermission in interface PermissionService

Parameters:

permissionId - the unique id to retrieve the permission by. cannot be null or blank.

Returns:

a Permission or null

Throws:

RiceIllegalArgumentException - if the id is null or blank

findPermissionsByTemplate

public List<Permission> findPermissionsByTemplate(String namespaceCode,
                                         String permissionTemplateName)
                                           throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Return the permissions for the given unique combination of namespace, component and permission template name.

Specified by:

findPermissionsByTemplate in interface PermissionService

Parameters:

namespaceCode - namespace code for permission. cannot be null or blank.

permissionTemplateName - name of permission template. cannot be null or blank.

Returns:

a list of Permission or null

Throws:

RiceIllegalArgumentException - if the namespaceCode or name is null or blank

getPermissionImpl

protected PermissionBo getPermissionImpl(String permissionId)
                                  throws RiceIllegalArgumentException

Throws:

RiceIllegalArgumentException

getPermissionsByTemplateName

protected List<Permission> getPermissionsByTemplateName(String namespaceCode,
                                            String permissionTemplateName)

getPermissionsByName

protected List<Permission> getPermissionsByName(String namespaceCode,
                                    String permissionName)

getPermissionTemplate

public Template getPermissionTemplate(String permissionTemplateId)
                               throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Gets a Template from an id.

This method will return null if the template does not exist.

Specified by:

getPermissionTemplate in interface PermissionService

Parameters:

permissionTemplateId - the unique id to retrieve the template by. cannot be null or blank.

Returns:

a Template or null

Throws:

RiceIllegalArgumentException - if the id is null or blank

findPermTemplateByNamespaceCodeAndName

public Template findPermTemplateByNamespaceCodeAndName(String namespaceCode,
                                              String permissionTemplateName)
                                                throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Finds a Template for namespaceCode and name.

Specified by:

findPermTemplateByNamespaceCodeAndName in interface PermissionService

Parameters:

namespaceCode - the namespace code. cannot be null or blank.

permissionTemplateName - the template name. cannot be null or blank.

Returns:

a Template or null

Throws:

RiceIllegalArgumentException - if the id or namespaceCode is null or blank

getAllTemplates

public List<Template> getAllTemplates()

Description copied from interface: PermissionService

Finds a Template for namespaceCode and name.

Specified by:

getAllTemplates in interface PermissionService

Returns:

a list of Template or an empty list if none found

createPermission

public Permission createPermission(Permission permission)
                            throws RiceIllegalArgumentException,
                                   RiceIllegalStateException

Description copied from interface: PermissionService

This will create a Permission exactly like the permission passed in.

Specified by:

createPermission in interface PermissionService

Parameters:

permission - the permission to create

Returns:

the newly created object. will never be null.

Throws:

RiceIllegalArgumentException - if the permission is null

RiceIllegalStateException - if the permission is already existing in the system

updatePermission

public Permission updatePermission(Permission permission)
                            throws RiceIllegalArgumentException,
                                   RiceIllegalStateException

Description copied from interface: PermissionService

This will update a Permission.

Specified by:

updatePermission in interface PermissionService

Parameters:

permission - the permission to update

Returns:

the updated object. will never be null

Throws:

RiceIllegalArgumentException - if the permission is null

RiceIllegalStateException - if the permission does not exist in the system

findPermByNamespaceCodeAndName

public Permission findPermByNamespaceCodeAndName(String namespaceCode,
                                        String permissionName)
                                          throws RiceIllegalArgumentException

Description copied from interface: PermissionService

Gets a Permission with the unique combination of namespace and name.

This method will return null if the permission does not exist.

Specified by:

findPermByNamespaceCodeAndName in interface PermissionService

Parameters:

namespaceCode - namespace code for permission. cannot be null or blank.

permissionName - name of permission. cannot be null or blank.

Returns:

a Permission or null

Throws:

RiceIllegalArgumentException - if the namespaceCode or name is null or blank

getPermissionBoByName

protected PermissionBo getPermissionBoByName(String namespaceCode,
                                 String permissionName)

findPermissions

public PermissionQueryResults findPermissions(QueryByCriteria queryByCriteria)
                                       throws RiceIllegalArgumentException

Description copied from interface: PermissionService

This method find Permissions based on a query criteria. The criteria cannot be null.

Specified by:

findPermissions in interface PermissionService

Parameters:

queryByCriteria - the criteria. Cannot be null.

Returns:

query results. will never return null.

Throws:

RiceIllegalArgumentException - if the queryByCriteria is null

findPermissionTemplates

public TemplateQueryResults findPermissionTemplates(QueryByCriteria queryByCriteria)
                                             throws RiceIllegalArgumentException

Description copied from interface: PermissionService

This method find Permission Templates based on a query criteria. The criteria cannot be null.

Specified by:

findPermissionTemplates in interface PermissionService

Parameters:

queryByCriteria - the criteria. Cannot be null.

Returns:

query results. will never return null.

Throws:

RiceIllegalArgumentException - if the queryByCriteria is null

setKimTypeInfoService

public void setKimTypeInfoService(KimTypeInfoService kimTypeInfoService)

Sets the kimTypeInfoService attribute value.

Parameters:

kimTypeInfoService - The kimTypeInfoService to set.

setDefaultPermissionTypeService

public void setDefaultPermissionTypeService(PermissionTypeService defaultPermissionTypeService)

Sets the defaultPermissionTypeService attribute value.

Parameters:

defaultPermissionTypeService - The defaultPermissionTypeService to set.

setRoleService

public void setRoleService(RoleService roleService)

Sets the roleService attribute value.

Parameters:

roleService - The roleService to set.

setDataObjectService

public void setDataObjectService(DataObjectService dataObjectService)

Sets the dataObjectService attribute value.

Parameters:

dataObjectService - The dataObjectService to set.

setCacheManager

public void setCacheManager(org.springframework.cache.CacheManager cacheManager)

Sets the cache manager which this service implementation can for internal caching. Calling this setter is optional, though the value passed to it must not be null.

Parameters:

cacheManager - the cache manager to use for internal caching, must not be null

Throws:

IllegalArgumentException - if a null cache manager is passed

logAuthorizationCheck

protected void logAuthorizationCheck(String checkType,
                         String principalId,
                         String namespaceCode,
                         String permissionName,
                         Map<String,String> qualification)

logAuthorizationCheckByTemplate

protected void logAuthorizationCheckByTemplate(String checkType,
                                   String principalId,
                                   String namespaceCode,
                                   String permissionName,
                                   Map<String,String> permissionDetails,
                                   Map<String,String> qualification)