View Javadoc

1   /*
2    * Copyright 2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may	obtain a copy of the License at
7    *
8    * 	http://www.osedu.org/licenses/ECL-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.student.kim.permission.mock;
17  
18  import java.util.*;
19  import javax.jws.WebParam;
20  
21  import org.joda.time.DateTime;
22  import org.kuali.rice.core.api.criteria.QueryByCriteria;
23  import org.kuali.rice.core.api.delegation.DelegationType;
24  import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
25  import org.kuali.rice.core.api.exception.RiceIllegalStateException;
26  import org.kuali.rice.kim.api.KimConstants;
27  import org.kuali.rice.kim.api.common.delegate.DelegateMember;
28  import org.kuali.rice.kim.api.common.delegate.DelegateType;
29  
30  import org.kuali.rice.kim.api.group.GroupService;
31  import org.kuali.rice.kim.api.role.*;
32  import org.kuali.rice.core.api.membership.MemberType;
33  import org.kuali.rice.kim.api.common.assignee.Assignee;
34  import org.kuali.student.common.mock.MockService;
35  
36  import org.kuali.rice.kim.api.common.template.Template;
37  import org.kuali.rice.kim.api.common.template.TemplateQueryResults;
38  import org.kuali.rice.kim.api.group.Group;
39  import org.kuali.rice.kim.api.permission.Permission;
40  import org.kuali.rice.kim.api.permission.PermissionQueryResults;
41  import org.kuali.rice.kim.api.permission.PermissionService;
42  import org.kuali.rice.kim.framework.permission.PermissionTypeService;
43  import org.kuali.rice.krad.kim.ViewPermissionTypeServiceImpl;
44  import org.kuali.student.common.util.UUIDHelper;
45  
46  /**
47   * @author nwright
48   */
49  // Note: had to combine Role and Permission services because RICE put the role/permission 
50  // assignment methods on the Role Service but the Getter methods on the Permission service!
51  // so no one service has jurisdiction over the mapping.
52  public class RoleAndPermissionServiceMockImpl implements RoleService, PermissionService, MockService {
53  
54      private Map<String, Role> roleMap = new HashMap<String, Role>();
55      private Map<String, RoleMembership> roleMembershipMap = new HashMap<String, RoleMembership>();
56      private Map<String, Set<String>> rolePermissionMap = new HashMap<String, Set<String>>();
57      private Map<String, Set<String>> permissionRoleMap = new HashMap<String, Set<String>>();
58      private Map<String, Template> templateMap = new HashMap<String, Template>();
59      private Map<String, Permission> permissionMap = new HashMap<String, Permission>();
60      private GroupService groupService;
61  
62      public RoleAndPermissionServiceMockImpl() {
63      }
64  
65      @Override
66      public void clear() {
67          this.roleMap.clear();
68          this.roleMembershipMap.clear();
69          this.rolePermissionMap.clear();
70          this.permissionRoleMap.clear();
71          this.permissionMap.clear();
72          this.templateMap.clear();
73      }
74  
75      public GroupService getGroupService() {
76          return groupService;
77      }
78  
79      public void setGroupService(GroupService groupService) {
80          this.groupService = groupService;
81      }
82  
83      @Override
84      public Role getRole(String id)
85              throws RiceIllegalArgumentException {
86          if (!this.roleMap.containsKey(id)) {
87              throw new RiceIllegalArgumentException(id);
88          }
89          return this.roleMap.get(id);
90      }
91  
92      @Override
93      public List<Role> getRoles(List<String> roleIds) {
94          List<Role> list = new ArrayList<Role>();
95          for (String roleId : roleIds) {
96              list.add(this.getRole(roleId));
97          }
98          return list;
99      }
100 
101     @Override
102     public Role getRoleByNamespaceCodeAndName(String namespaceCode, String roleName) {
103         for (Role role : this.roleMap.values()) {
104             if (namespaceCode.equals(role.getNamespaceCode())) {
105                 if (roleName.equals(role.getName())) {
106                     return role;
107                 }
108             }
109         }
110         return null;
111     }
112 
113     @Override
114     public String getRoleIdByNamespaceCodeAndName(String namespaceCode, String roleName) {
115         for (Role role : this.roleMap.values()) {
116             if (namespaceCode.equals(role.getNamespaceCode())) {
117                 if (roleName.equals(role.getName())) {
118                     return role.getId();
119                 }
120             }
121         }
122         return null;
123     }
124 
125     @Override
126     public boolean isRoleActive(String roleId)
127             throws RiceIllegalArgumentException {
128         Role role = this.getRole(roleId);
129         if (role == null) {
130             throw new RiceIllegalArgumentException(roleId);
131         }
132         return role.isActive();
133     }
134 
135     @Override
136     public List<RoleMembership> getRoleMembers(List<String> roleIds, Map<String, String> qualification) {
137         List<RoleMembership> list = new ArrayList<RoleMembership>();
138         for (RoleMembership info : this.roleMembershipMap.values()) {
139             if (roleIds.contains(info.getRoleId())) {
140                 if (calcIfQualifiersMatch(info.getQualifier(), qualification)) {
141                     list.add(info);
142                 }
143             }
144         }
145         return list;
146     }
147 
148     @Override
149     public Collection<String> getRoleMemberPrincipalIds(String namespaceCode, String roleName, Map<String, String> qualification)
150             throws RiceIllegalArgumentException {
151         Role roleInfo = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
152         if (roleInfo == null) {
153             throw new RiceIllegalArgumentException("role name not found");
154         }
155         return this.calcAllMatchingRoleMemberPrincipalIds(roleName, qualification);
156     }
157 
158     @Override
159     public boolean principalHasRole(String principalId, List<String> roleIds, Map<String, String> qualification) {
160         for (String roleId : roleIds) {
161             if (this.calcIfPrincipalHasRoleAndMatchesQualifiers(principalId, roleId, qualification)) {
162                 return true;
163             }
164         }
165         return false;
166     }
167 
168     @Override
169     public boolean principalHasRole(String principalId, List<String> roleIds, Map<String, String> qualification, boolean checkDelegations)
170             throws RiceIllegalArgumentException {
171         if (checkDelegations) {
172             throw new RiceIllegalArgumentException("Delegations not supported Yet");
173         }
174         return this.principalHasRole(principalId, roleIds, qualification);
175     }
176 
177     @Override
178     public List<String> getPrincipalIdSubListWithRole(List<String> principalIds,
179             String roleNamespaceCode, String roleName, Map<String, String> qualification) {
180         List<String> subList = new ArrayList<String>();
181         Role role = getRoleByNamespaceCodeAndName(roleNamespaceCode, roleName);
182         for (String principalId : principalIds) {
183             if (calcIfPrincipalHasRoleAndMatchesQualifiers(principalId, role.getId(), qualification)) {
184                 subList.add(principalId);
185             }
186         }
187         return subList;
188     }
189 
190     @Override
191     public RoleQueryResults findRoles(QueryByCriteria queryByCriteria)
192             throws RiceIllegalArgumentException {
193         throw new RiceIllegalArgumentException("Finds by query is not supported Yet");
194     }
195 
196     @Override
197     public List<RoleMembership> getFirstLevelRoleMembers(List<String> roleIds) {
198         List<RoleMembership> list = new ArrayList<RoleMembership>();
199         for (RoleMembership rm : this.roleMembershipMap.values()) {
200             if (roleIds.contains(rm.getRoleId())) {
201                 list.add(rm);
202             }
203         }
204         return list;
205     }
206 
207     @Override
208     public RoleMemberQueryResults findRoleMembers(QueryByCriteria queryByCriteria) {
209         throw new RiceIllegalArgumentException("find by query by criteria not supported yet.");
210     }
211 
212     @Override
213     public Set<String> getRoleTypeRoleMemberIds(String roleId)
214             throws RiceIllegalArgumentException {
215         throw new RiceIllegalArgumentException("Roles containing roles are not supported Yet");
216     }
217 
218     @Override
219     public List<String> getMemberParentRoleIds(String memberType, String memberId) {
220         List<String> list = new ArrayList<String>();
221         for (RoleMembership rm : this.roleMembershipMap.values()) {
222             if (memberType.equals(rm.getType().getCode())) {
223                 if (memberId.equals(rm.getMemberId())) {
224                     list.add(rm.getRoleId());
225                 }
226             }
227         }
228         return list;
229     }
230 
231     @Override
232     public RoleMembershipQueryResults findRoleMemberships(QueryByCriteria queryByCriteria) {
233         throw new RiceIllegalArgumentException("Finding by criteria is not supported yet.");
234     }
235 
236     @Override
237     public DelegateMemberQueryResults findDelegateMembers(QueryByCriteria queryByCriteria) {
238         throw new RiceIllegalArgumentException("Finding by criteria is not supported yet.");
239     }
240 
241     @Override
242     public List<DelegateMember> getDelegationMembersByDelegationId(String delegationId) {
243         throw new RiceIllegalArgumentException("Delgation is not supported Yet");
244     }
245 
246     @Override
247     public DelegateMember getDelegationMemberByDelegationAndMemberId(String delegationId, String memberId) {
248         throw new RiceIllegalArgumentException("Delgation is not supported Yet");
249     }
250 
251     @Override
252     public DelegateMember getDelegationMemberById(String delegationMemberId) {
253         throw new RiceIllegalArgumentException("Delgation is not supported Yet");
254     }
255 
256     @Override
257     public List<RoleResponsibility> getRoleResponsibilities(String roleId) {
258         throw new RiceIllegalArgumentException("Responsibilities are not supported Yet");
259     }
260 
261     @Override
262     public List<RoleResponsibilityAction> getRoleMemberResponsibilityActions(String roleMemberId) {
263         throw new RiceIllegalArgumentException("Responsibilities are not supported Yet");
264     }
265 
266     @Override
267     public void deleteRoleResponsibilityAction(String roleResponsibilityActionId) throws RiceIllegalArgumentException {
268         throw new UnsupportedOperationException("Responsibilities not supported yet.");
269     }
270 
271     @Override
272     public RoleResponsibilityAction updateRoleResponsibilityAction(RoleResponsibilityAction roleResponsibilityAction)
273             throws RiceIllegalArgumentException {
274         throw new UnsupportedOperationException("Responsibilities not supported yet.");
275     }
276 
277     @Override
278     public DelegateType getDelegateTypeByRoleIdAndDelegateTypeCode(String roleId,
279             DelegationType delegateType) throws RiceIllegalArgumentException {
280         throw new RiceIllegalArgumentException("Delgation is not supported Yet");
281     }
282 
283     @Override
284     public DelegateType getDelegateTypeByDelegationId(String delegationId) throws RiceIllegalArgumentException {
285         throw new RiceIllegalArgumentException("Delgation is not supported Yet");
286     }
287 
288     @Override
289     public DelegateType updateDelegateType(DelegateType delegateType) throws RiceIllegalArgumentException, RiceIllegalStateException {
290         throw new RiceIllegalArgumentException("Delgation is not supported Yet");
291     }
292 
293     @Override
294     public RoleMember assignGroupToRole(String groupId, String namespaceCode,
295             String roleName, Map<String, String> qualifications)
296             throws RiceIllegalArgumentException {
297         Role role = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
298         if (role == null) {
299             throw new RiceIllegalArgumentException(namespaceCode + "." + roleName);
300         }
301         RoleMembership existing = calcExistingRoleMembership(role.getId(),
302                 KimConstants.KimGroupMemberTypes.GROUP_MEMBER_TYPE.getCode(),
303                 groupId);
304         // if does not exist create
305         if (null != existing) {
306             throw new RiceIllegalArgumentException("Already exists: " + existing.getId());
307         }
308         String roleId = role.getId();
309         String id = UUIDHelper.genStringUUID();
310         String memberId = groupId;
311         MemberType memberType = KimConstants.KimGroupMemberTypes.GROUP_MEMBER_TYPE;
312         RoleMembership.Builder bldr = RoleMembership.Builder.create(roleId,
313                 id,
314                 memberId,
315                 memberType,
316                 qualifications);
317         RoleMembership rm = bldr.build();
318         this.roleMembershipMap.put(rm.getId(), rm);
319         return calcMembership2RoleMember(rm);
320     }
321 
322     @Override
323     public RoleMember assignPrincipalToRole(String principalId, String namespaceCode,
324             String roleName, Map<String, String> qualifications)
325             throws RiceIllegalArgumentException {
326         Role role = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
327         if (role == null) {
328             throw new RiceIllegalArgumentException(namespaceCode + "." + roleName);
329         }
330         RoleMembership existing = calcExistingRoleMembership(role.getId(),
331                 KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.getCode(),
332                 principalId);
333         // if it exists update qualifications
334         if (null != existing) {
335             // else copy and update qualifications
336             RoleMembership.Builder bldr = RoleMembership.Builder.create(existing);
337             bldr.setQualifier(qualifications);
338             RoleMembership rm = bldr.build();
339             this.roleMembershipMap.put(rm.getId(), rm);
340             return calcMembership2RoleMember(rm);
341         }
342         // if does not exist create
343         RoleMembership.Builder bldr = RoleMembership.Builder.create(role.getId(),
344                 UUIDHelper.genStringUUID(),
345                 principalId,
346                 KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE,
347                 qualifications);
348         RoleMembership rm = bldr.build();
349         this.roleMembershipMap.put(rm.getId(), rm);
350         return calcMembership2RoleMember(rm);
351     }
352 
353     private RoleMembership calcExistingRoleMembership(String roleId, String type, String memberId) {
354         for (RoleMembership rm : roleMembershipMap.values()) {
355             if (rm.getRoleId().equals(roleId)) {
356                 if (rm.getType().equals(type)) {
357                     if (rm.getMemberId().equals(memberId)) {
358                         return rm;
359                     }
360                 }
361             }
362         }
363         return null;
364     }
365 
366     @Override
367     public RoleMember assignRoleToRole(String roleId, String namespaceCode,
368             String roleName, Map<String, String> qualifications)
369             throws RiceIllegalArgumentException {
370         throw new RiceIllegalArgumentException("Roles of roles are not supported yet.");
371     }
372 
373     @Override
374     public void removeGroupFromRole(String groupId, String namespaceCode,
375             String roleName, Map<String, String> qualifications)
376             throws RiceIllegalArgumentException {
377         Role role = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
378         if (role == null) {
379             throw new RiceIllegalArgumentException(namespaceCode + "." + roleName);
380         }
381         Group group = this.groupService.getGroup(groupId);
382         if (group == null) {
383             throw new RiceIllegalArgumentException(groupId);
384         }
385         RoleMembership existing = calcExistingRoleMembership(role.getId(),
386                 KimConstants.KimGroupMemberTypes.GROUP_MEMBER_TYPE.getCode(),
387                 groupId);
388         if (existing == null) {
389             throw new RiceIllegalArgumentException("Does not exist");
390         }
391         this.roleMembershipMap.remove(existing.getId());
392     }
393 
394     @Override
395     public void removePrincipalFromRole(String principalId, String namespaceCode,
396             String roleName,
397             Map<String, String> qualifications) throws RiceIllegalArgumentException {
398         Role role = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
399         if (role == null) {
400             throw new RiceIllegalArgumentException(namespaceCode + "." + roleName);
401         }
402         RoleMembership existing = calcExistingRoleMembership(role.getId(),
403                 KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.getCode(),
404                 principalId);
405         if (existing == null) {
406             throw new RiceIllegalArgumentException("Does not exist");
407         }
408         this.roleMembershipMap.remove(existing.getId());
409     }
410 
411     @Override
412     public void removeRoleFromRole(String roleId, String namespaceCode,
413             String roleName, Map<String, String> qualifications)
414             throws RiceIllegalArgumentException {
415         throw new RiceIllegalArgumentException("Roles of roles not supported yet.");
416     }
417 
418     @Override
419     public RoleResponsibilityAction createRoleResponsibilityAction(RoleResponsibilityAction roleResponsibilityAction)
420             throws RiceIllegalArgumentException {
421         throw new RiceIllegalArgumentException("Responsibilities not supported yet.");
422     }
423 
424     @Override
425     public RoleMember createRoleMember(RoleMember roleMember) throws RiceIllegalArgumentException, RiceIllegalStateException {
426         RoleMembership existing = calcExistingRoleMembership(roleMember.getRoleId(),
427                 roleMember.getType().getCode(),
428                 roleMember.getMemberId());
429         if (existing == null) {
430             throw new RiceIllegalArgumentException("Does not exist");
431         }
432         RoleMembership rm = this.calcRoleMember2RoleMembership(roleMember);
433         this.roleMembershipMap.put(rm.getId(), rm);
434         return calcMembership2RoleMember(rm);
435     }
436 
437     @Override
438     public RoleMember updateRoleMember(RoleMember roleMember) throws RiceIllegalArgumentException, RiceIllegalStateException {
439         RoleMembership existing = this.roleMembershipMap.get(roleMember.getId());
440         if (existing == null) {
441             throw new RiceIllegalArgumentException(roleMember.getId());
442         }
443         RoleMembership rm = this.calcRoleMember2RoleMembership(roleMember);
444         this.roleMembershipMap.put(rm.getId(), rm);
445         return calcMembership2RoleMember(rm);
446     }
447 
448     @Override
449     public DelegateMember updateDelegateMember(DelegateMember delegateMember)
450             throws RiceIllegalArgumentException, RiceIllegalStateException {
451         throw new RiceIllegalArgumentException("Delegation not supported yet.");
452     }
453 
454     @Override
455     public DelegateMember createDelegateMember(DelegateMember delegateMember)
456             throws RiceIllegalArgumentException, RiceIllegalStateException {
457         throw new RiceIllegalArgumentException("Delegation not supported yet.");
458     }
459 
460     @Override
461     public void removeDelegateMembers(List<DelegateMember> delegateMembers)
462             throws RiceIllegalArgumentException, RiceIllegalStateException {
463         throw new RiceIllegalArgumentException("Delegation not supported yet.");
464     }
465 
466     @Override
467     public Role createRole(Role role) throws RiceIllegalArgumentException, RiceIllegalStateException {
468         // CREATE
469         Role orig = this.getRoleByNamespaceCodeAndName(role.getNamespaceCode(), role.getName());
470         if (orig != null) {
471             throw new RiceIllegalArgumentException(role.getNamespaceCode() + "." + role.getName() + " already exists");
472         }
473         Role.Builder bldr = Role.Builder.create(role);
474         if (bldr.getId() == null) {
475             bldr.setId(UUIDHelper.genStringUUID());
476         }
477         bldr.setVersionNumber(1L);
478         role = bldr.build();
479         roleMap.put(role.getId(), role);
480         return role;
481     }
482 
483     @Override
484     public Role updateRole(Role role) throws RiceIllegalArgumentException, RiceIllegalStateException {// UPDATE
485         Role.Builder bldr = Role.Builder.create(role);
486         Role old = this.getRole(role.getId());
487         if (!old.getVersionNumber().equals(bldr.getVersionNumber())) {
488             throw new RiceIllegalStateException("" + old.getVersionNumber());
489         }
490         bldr.setVersionNumber(bldr.getVersionNumber() + 1);
491         role = bldr.build();
492         roleMap.put(role.getId(), role);
493         return role;
494     }
495 
496     @Override
497     public List<Map<String, String>> getNestedRoleQualifiersForPrincipalByRoleIds(
498             String principalId, List<String> roleIds, Map<String, String> qualification)
499             throws RiceIllegalArgumentException {
500         List<Map<String, String>> list = new ArrayList<Map<String, String>>();
501         for (RoleMembership rm : this.roleMembershipMap.values()) {
502             if (roleIds.contains(rm.getRoleId())) {
503                 Role role = this.getRole(rm.getRoleId());
504                 if (rm.getType().equals(KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE)) {
505                     if (rm.getMemberId().equals(principalId)) {
506                         if (this.calcIfQualifiersMatch(rm.getQualifier(), qualification)) {
507                             list.add(rm.getQualifier());
508                         }
509                     }
510                 } else if (rm.getType().equals(KimConstants.KimGroupMemberTypes.GROUP_MEMBER_TYPE)) {
511                     if (groupService.isMemberOfGroup(principalId, rm.getMemberId())) {
512                         if (this.calcIfQualifiersMatch(rm.getQualifier(), qualification)) {
513                             list.add(rm.getQualifier());
514                         }
515                     }
516                 }
517             }
518         }
519         return list;
520     }
521 
522     @Override
523     public List<Map<String, String>> getRoleQualifersForPrincipalByNamespaceAndRolename(
524             String principalId, String namespaceCode, String roleName, Map<String, String> qualification)
525             throws RiceIllegalArgumentException {
526         Role role = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
527         return this.getRoleQualifersForPrincipalByRoleIds(principalId, Arrays.asList(role.getId()), qualification);
528     }
529 
530     @Override
531     public List<Map<String, String>> getRoleQualifersForPrincipalByRoleIds(String principalId,
532             List<String> roleIds, Map<String, String> qualification) throws RiceIllegalArgumentException {
533         List<Map<String, String>> list = new ArrayList<Map<String, String>>();
534         for (RoleMembership rm : this.roleMembershipMap.values()) {
535             if (roleIds.contains(rm.getRoleId())) {
536                 Role role = this.getRole(rm.getRoleId());
537                 if (rm.getType().equals(KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE)) {
538                     if (rm.getMemberId().equals(principalId)) {
539                         if (this.calcIfQualifiersMatch(rm.getQualifier(), qualification)) {
540                             list.add(rm.getQualifier());
541                         }
542                     }
543                 }
544             }
545         }
546         return list;
547     }
548 
549     @Override
550     public List<Map<String, String>> getNestedRoleQualifersForPrincipalByNamespaceAndRolename(
551             String principalId, String namespaceCode,
552             String roleName, Map<String, String> qualification)
553             throws RiceIllegalArgumentException {
554         Role role = this.getRoleByNamespaceCodeAndName(namespaceCode, roleName);
555         return this.getNestedRoleQualifiersForPrincipalByRoleIds(principalId, Arrays.asList(role.getId()), qualification);
556     }
557 
558     @Override
559     public DelegateType createDelegateType(DelegateType delegateType) throws RiceIllegalArgumentException, RiceIllegalStateException {
560         throw new RiceIllegalArgumentException("Delegation not supported yet.");
561     }
562 
563     @Override
564     public void assignPermissionToRole(String permissionId, String roleId)
565             throws RiceIllegalArgumentException {
566         Role role = this.getRole(roleId);
567         if (role == null) {
568             throw new RiceIllegalArgumentException(roleId);
569         }
570         Permission permission = this.getPermission(permissionId);
571         if (permission == null) {
572             throw new RiceIllegalArgumentException(permissionId);
573         }
574         Set<String> rpSet = this.rolePermissionMap.get(roleId);
575         if (rpSet == null) {
576             rpSet = new LinkedHashSet<String>();
577             this.rolePermissionMap.put(roleId, rpSet);
578         }
579         rpSet.add(permissionId);
580         Set<String> prSet = this.permissionRoleMap.get(permissionId);
581         if (prSet == null) {
582             prSet = new LinkedHashSet<String>();
583             this.permissionRoleMap.put(permissionId, prSet);
584         }
585         prSet.add(roleId);
586     }
587 
588     @Override
589     public void revokePermissionFromRole(String permissionId, String roleId) throws RiceIllegalArgumentException {
590         Role role = this.getRole(roleId);
591         if (role == null) {
592             throw new RiceIllegalArgumentException(roleId);
593         }
594         Permission permission = this.getPermission(roleId);
595         if (permission == null) {
596             throw new RiceIllegalArgumentException(permissionId);
597         }
598         Set<String> rpSet = this.rolePermissionMap.get(roleId);
599         if (rpSet == null) {
600             throw new RiceIllegalArgumentException(roleId);
601         }
602         if (!rpSet.remove(permissionId)) {
603             throw new RiceIllegalArgumentException(permissionId);
604         }
605         Set<String> prSet = this.permissionRoleMap.get(permissionId);
606         if (prSet == null) {
607             throw new RiceIllegalArgumentException(permissionId);
608         }
609         if (!prSet.remove(roleId)) {
610             throw new RiceIllegalArgumentException(roleId);
611         }
612     }
613 
614     @Override
615     public boolean isDerivedRole(String roleId) throws RiceIllegalArgumentException {
616         // TODO: support derived roles
617         return false;
618     }
619 
620     @Override
621     public boolean isDynamicRoleMembership(String roleId) throws RiceIllegalArgumentException {
622         // TODO: figure out what dynamic means does it mean via membership via group membership?
623         return false;
624     }
625 
626     ////
627     //// permission service methods
628     //// 
629     @Override
630     public List<Template> getAllTemplates() {
631         return new ArrayList<Template>(this.templateMap.values());
632     }
633 
634     @Override
635     public List<Permission> getAuthorizedPermissions(String principalId,
636             String namespaceCode,
637             String permissionName,
638             Map<String, String> qualification) {
639         throw new RiceIllegalArgumentException("not implemented do not understand it");
640     }
641 
642     @Override
643     public List<Permission> getAuthorizedPermissionsByTemplate(String principalId,
644             String namespaceCode,
645             String permissionTemplateName,
646             Map<String, String> permissionDetails,
647             Map<String, String> qualification) {
648         Template template = this.findPermTemplateByNamespaceCodeAndName(namespaceCode, permissionTemplateName);
649         if (template == null) {
650             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionTemplateName);
651         }
652         List<Permission> list = new ArrayList<Permission>();
653         for (Permission permission : this.permissionMap.values()) {
654             if (permission.getTemplate() != null) {
655                 if (template.getId().equals(permission.getTemplate().getId())) {
656                     list.add(permission);
657                 }
658             }
659         }
660         if (template.getKimTypeId().equals(KimPermissionConstants.KRAD_VIEW_KIM_TYPE_ID)) {
661             PermissionTypeService pts = new ViewPermissionTypeServiceImpl();
662             list = pts.getMatchingPermissions(permissionDetails, list);
663         }
664         List<Permission> list2 = new ArrayList<Permission>();
665         for (Permission permission : list) {
666             if (this.isAuthorized(principalId, permission.getNamespaceCode(), permission.getName(), qualification)) {
667                 list.add(permission);
668             }
669         }
670         return list2;
671     }
672 
673     @Override
674     public Permission getPermission(String permissionId) {
675         return this.permissionMap.get(permissionId);
676     }
677 
678     @Override
679     public List<Assignee> getPermissionAssignees(String namespaceCode,
680             String permissionName,
681             Map<String, String> qualification) {
682         List<Assignee> list = new ArrayList<Assignee>();
683         for (Permission permission : this.permissionMap.values()) {
684             if (namespaceCode.equals(permission.getNamespaceCode())) {
685                 if (permissionName.equals(permission.getName())) {
686                     if (calcIfQualifiersMatch(permission.getAttributes(), qualification)) {
687                         list.addAll(calcPermissionAssignees(permission, qualification));
688                     }
689                 }
690             }
691         }
692         return list;
693     }
694 
695     @Override
696     public List<Assignee> getPermissionAssigneesByTemplate(String namespaceCode,
697             String permissionTemplateName,
698             Map<String, String> permissionDetails,
699             Map<String, String> qualification) {
700         Template template = this.findPermTemplateByNamespaceCodeAndName(namespaceCode, permissionTemplateName);
701         if (template == null) {
702             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionTemplateName);
703         }
704         List<Assignee> list = new ArrayList<Assignee>();
705         for (Permission permission : this.permissionMap.values()) {
706             if (permission.getTemplate() != null) {
707                 if (permission.getTemplate().getId().equals(template.getId())) {
708                     if (this.calcIfQualifiersMatch(permission.getAttributes(), permissionDetails)) {
709                         list.addAll(calcPermissionAssignees(permission, qualification));
710                     }
711                 }
712             }
713         }
714         return list;
715     }
716 
717     @Override
718     public Template getPermissionTemplate(String permissionTemplateId) {
719         return this.templateMap.get(permissionTemplateId);
720     }
721 
722     @Override
723     public Template findPermTemplateByNamespaceCodeAndName(String namespaceCode,
724             String permissionTemplateName) {
725         for (Template template : this.templateMap.values()) {
726             if (template.getNamespaceCode().equals(namespaceCode)) {
727                 if (template.getName().equals(permissionTemplateName)) {
728                     return template;
729                 }
730             }
731         }
732         return null;
733     }
734 
735     @Override
736     public Permission findPermByNamespaceCodeAndName(String namespaceCode, String permissionName) {
737         List<Permission> list = new ArrayList<Permission>();
738         for (Permission permission : this.permissionMap.values()) {
739             if (namespaceCode.equals(permission.getNamespaceCode())) {
740                 if (permissionName.equals(permission.getName())) {
741                     return permission;
742                 }
743             }
744         }
745         return null;
746     }
747 
748     /*
749     
750      // TODO Larry Symms wanted to take a look at this
751      @Override
752      public Permission getPermissionsByNameIncludingInactive(String namespaceCode, String permissionName) {
753      List<Permission> list = new ArrayList<Permission>();
754      for (Permission permission : this.permissionCache.values()) {
755      if (namespaceCode.equals(permission.getNamespaceCode())) {
756      if (permissionName.equals(permission.getName())) {
757      list.add(permission);
758      }
759      }
760      }
761      if (list.isEmpty()) {
762      return null;
763      }
764      return list.get(0);
765      }
766      */
767     @Override
768     public List<Permission> findPermissionsByTemplate(String namespaceCode,
769             String permissionTemplateName) {
770         List<Permission> list = new ArrayList<Permission>();
771         for (Permission permission : this.permissionMap.values()) {
772             if (permission.getTemplate() != null) {
773                 if (namespaceCode.equals(permission.getTemplate().getNamespaceCode())) {
774                     if (permissionTemplateName.equals(permission.getTemplate().getName())) {
775                         list.add(permission);
776                     }
777                 }
778             }
779         }
780         return list;
781     }
782 
783     @Override
784     public List<String> getRoleIdsForPermission(String namespaceCode,
785             String permissionName)
786             throws RiceIllegalArgumentException {
787         Permission permission = this.findPermByNamespaceCodeAndName(namespaceCode, permissionName);
788         if (permission == null) {
789             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionName);
790         }
791         Set<String> roleIds = this.permissionRoleMap.get(permission.getId());
792         return new ArrayList(roleIds);
793     }
794 
795     @Override
796     public boolean hasPermission(String principalId, String namespaceCode,
797             String permissionName)
798             throws RiceIllegalArgumentException {
799         Permission permission = this.findPermByNamespaceCodeAndName(namespaceCode, permissionName);
800         if (permission == null) {
801             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionName);
802         }
803         Set<String> roleIds = this.permissionRoleMap.get(permission.getId());
804         return this.principalHasRole(principalId, new ArrayList(roleIds), null);
805     }
806 
807     @Override
808     public boolean hasPermissionByTemplate(String principalId,
809             String namespaceCode,
810             String permissionTemplateName,
811             Map<String, String> permissionDetails)
812             throws RiceIllegalArgumentException {
813         Template template = this.findPermTemplateByNamespaceCodeAndName(namespaceCode, permissionTemplateName);
814         if (template == null) {
815             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionTemplateName);
816         }
817         List<Permission> permissions = this.findPermissionsByTemplate(namespaceCode, permissionTemplateName);
818         for (Permission permission : permissions) {
819             if (this.calcIfQualifiersMatch(permission.getAttributes(), permissionDetails)) {
820                 if (this.hasPermission(principalId, permission.getNamespaceCode(), permission.getName())) {
821                     return true;
822                 }
823             }
824         }
825         return false;
826     }
827 
828     @Override
829     public boolean isAuthorized(String principalId, String namespaceCode,
830             String permissionName,
831             Map<String, String> qualification) {
832         Permission permission = this.findPermByNamespaceCodeAndName(namespaceCode, permissionName);
833         if (permission == null) {
834             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionName);
835         }
836         Set<String> roleIds = this.permissionRoleMap.get(permission.getId());
837         return this.principalHasRole(principalId, new ArrayList(roleIds), qualification);
838     }
839 
840     @Override
841     public boolean isAuthorizedByTemplate(String principalId,
842             String namespaceCode,
843             String permissionTemplateName,
844             Map<String, String> permissionDetails,
845             Map<String, String> qualification) {
846         Template template = this.findPermTemplateByNamespaceCodeAndName(namespaceCode, permissionTemplateName);
847         if (template == null) {
848             throw new RiceIllegalArgumentException(namespaceCode + "." + permissionTemplateName);
849         }
850         List<Permission> permissions = this.findPermissionsByTemplate(namespaceCode, permissionTemplateName);
851         for (Permission permission : permissions) {
852             if (this.calcIfQualifiersMatch(permission.getAttributes(), permissionDetails)) {
853                 Set<String> roleIds = this.permissionRoleMap.get(permission.getId());
854                 if (roleIds != null) {
855                     return this.principalHasRole(principalId, new ArrayList(roleIds), qualification);
856                 }
857             }
858         }
859         return false;
860     }
861 
862     @Override
863     public boolean isPermissionDefined(String namespaceCode, String permissionName) {
864         for (Permission permission : this.permissionMap.values()) {
865             if (namespaceCode.equals(permission.getNamespaceCode())) {
866                 if (permissionName.equals(permission.getName())) {
867                     return true;
868                 }
869             }
870         }
871         return false;
872     }
873 
874     @Override
875     public boolean isPermissionDefinedByTemplate(String namespaceCode,
876             String permissionTemplateName,
877             Map<String, String> permissionDetails) {
878         for (Permission permission : this.permissionMap.values()) {
879             if (permission.getTemplate() != null) {
880                 if (namespaceCode.equals(permission.getTemplate().getNamespaceCode())) {
881                     if (permissionTemplateName.equals(permission.getTemplate().getName())) {
882                         if (calcIfQualifiersMatch(permission.getAttributes(), permissionDetails)) {
883                             return true;
884                         }
885                     }
886                 }
887             }
888         }
889         return false;
890     }
891 
892     @Override
893     public PermissionQueryResults findPermissions(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException {
894         throw new UnsupportedOperationException("Find by criteria not supported yet.");
895     }
896 
897     @Override
898     public Permission createPermission(Permission permission) throws RiceIllegalArgumentException, RiceIllegalStateException {// CREATE
899         Permission orig = this.findPermByNamespaceCodeAndName(permission.getNamespaceCode(), permission.getName());
900         if (orig != null) {
901             throw new RiceIllegalArgumentException(permission.getNamespaceCode() + "." + permission.getName());
902         }
903         Permission.Builder copy = Permission.Builder.create(permission);
904         if (copy.getId() == null) {
905             copy.setId(UUIDHelper.genStringUUID());
906         }
907         permission = copy.build();
908         permissionMap.put(permission.getId(), permission);
909         return permission;
910     }
911 
912     @Override
913     public Permission updatePermission(Permission permission) throws RiceIllegalArgumentException, RiceIllegalStateException {
914         // UPDATE
915         Permission.Builder copy = Permission.Builder.create(permission);
916         Permission old = this.getPermission(permission.getId());
917         if (!old.getVersionNumber().equals(copy.getVersionNumber())) {
918             throw new RiceIllegalStateException("" + old.getVersionNumber());
919         }
920         copy.setVersionNumber(copy.getVersionNumber() + 1);
921         permission = copy.build();
922         this.permissionMap.put(permission.getId(), permission);
923         return permission;
924     }
925 
926     @Override
927     public TemplateQueryResults findPermissionTemplates(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException {
928         throw new UnsupportedOperationException("Find by criteria not supported yet.");
929     }
930 
931     ////
932     //// private methods
933     ////
934     private RoleMember calcMembership2RoleMember(RoleMembership rm) {
935         String roleId = rm.getRoleId();
936         String id = rm.getId();
937         String memberId = rm.getMemberId();
938         MemberType memberType = rm.getType();
939         DateTime activeFromDate = null;
940         DateTime activeToDate = null;
941         Map<String, String> attributes = rm.getQualifier();
942         String memberName = null;
943         String memberNamespaceCode = null;
944         RoleMember.Builder bldr = RoleMember.Builder.create(roleId,
945                 id,
946                 memberId,
947                 memberType,
948                 activeFromDate,
949                 activeToDate,
950                 attributes,
951                 memberName,
952                 memberNamespaceCode);
953         return bldr.build();
954     }
955 
956     private RoleMembership calcRoleMember2RoleMembership(RoleMember rm) {
957         String roleId = rm.getRoleId();
958         String id = rm.getId();
959         if (id == null) {
960             id = UUIDHelper.genStringUUID();
961         }
962         String principalId = rm.getMemberId();
963         MemberType memberType = rm.getType();
964         Map<String, String> qualifications = rm.getAttributes();
965         RoleMembership.Builder bldr = RoleMembership.Builder.create(roleId,
966                 id,
967                 principalId,
968                 memberType,
969                 qualifications);
970         return bldr.build();
971     }
972 
973     private boolean calcIfPrincipalHasRoleAndMatchesQualifiers(String principalId, String roleId, Map<String, String> qualification) {
974         return this.calcAllMatchingRoleMemberPrincipalIds(roleId, qualification).contains(principalId);
975     }
976 
977     private Set<String> calcAllMatchingRoleMemberPrincipalIds(String roleId, Map<String, String> qualification) {
978         Set<String> principals = new LinkedHashSet<String>();
979         for (RoleMembership roleMember : this.roleMembershipMap.values()) {
980             if (roleId.equals(roleMember.getRoleId())) {
981                 if (calcIfQualifiersMatch(roleMember.getQualifier(), qualification)) {
982                     if (roleMember.getType().equals(KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE)) {
983                         principals.add(roleMember.getMemberId());
984                     } else if (roleMember.getType().equals(KimConstants.KimGroupMemberTypes.GROUP_MEMBER_TYPE)) {
985                         principals.addAll(groupService.getMemberPrincipalIds(roleMember.getMemberId()));
986                         // TODO: find out if ROLE members can still be other roles or are they being phased out?
987 //                    } else if (info.getType().equals(KimConstants.KimGroupMemberTypes.ROLE_MEMBER_TYPE)) {
988 //                        principals.addAll(this.getAllRoleMemberPrincipalIds(info.getMemberId(), qualification));
989                     }
990                 }
991             }
992         }
993         return principals;
994     }
995 
996     private boolean calcIfQualifiersMatch(Map<String, String> qual1, Map<String, String> qual2) {
997         if (qual2 == null) {
998             return true;
999         }
1000         if (qual1 == null) {
1001             return true;
1002         }
1003         if (qual2.isEmpty()) {
1004             return true;
1005         }
1006         if (qual1.isEmpty()) {
1007             return true;
1008         }
1009         // if both have the same qualifier type then those types have to match
1010         for (String key1 : qual2.keySet()) {
1011             String val1 = qual1.get(key1);
1012             if (val1 == null) {
1013                 continue;
1014             }
1015             String val2 = qual2.get(key1);
1016             if (!val1.equals(val2)) {
1017                 return false;
1018             }
1019         }
1020         return true;
1021     }
1022 
1023     private List<Assignee> calcPermissionAssignees(Permission permission, Map<String, String> queryQualifiers) {
1024         Set<String> principalIds = new LinkedHashSet<String>();
1025         List<String> roleIds = this.getRoleIdsForPermission(permission.getNamespaceCode(), permission.getName());
1026         for (String roleId : roleIds) {
1027             principalIds.addAll(this.calcAllMatchingRoleMemberPrincipalIds(roleId, queryQualifiers));
1028         }
1029         // convert them into assignee
1030         List<Assignee> list = new ArrayList<Assignee>(principalIds.size());
1031         for (String principalId : principalIds) {
1032             // TODO: deal with groups and delegates
1033             String groupId = null;
1034             List<DelegateType.Builder> delegates = new ArrayList<DelegateType.Builder>();
1035             Assignee.Builder bldr = Assignee.Builder.create(principalId, groupId, delegates);
1036             list.add(bldr.build());
1037         }
1038         return list;
1039     }
1040 
1041     /**
1042      * This should be part of the contract but it is not There is no way to
1043      * create a template via the contract.
1044      *
1045      * @param template
1046      * @return
1047      * @throws RiceIllegalArgumentException
1048      * @throws RiceIllegalStateException
1049      */
1050     public Template createTemplate(Template template) throws RiceIllegalArgumentException, RiceIllegalStateException {// CREATE
1051         Template orig = this.findPermTemplateByNamespaceCodeAndName(template.getNamespaceCode(), template.getName());
1052         if (orig != null) {
1053             throw new RiceIllegalArgumentException(template.getNamespaceCode() + "." + template.getName());
1054         }
1055         Template.Builder copy = Template.Builder.create(template);
1056         if (copy.getId() == null) {
1057             copy.setId(UUIDHelper.genStringUUID());
1058         }
1059         template = copy.build();
1060         templateMap.put(template.getId(), template);
1061         return template;
1062     }
1063 }