1 /* 2 * The Kuali Financial System, a comprehensive financial management system for higher education. 3 * 4 * Copyright 2005-2014 The Kuali Foundation 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU Affero General Public License as 8 * published by the Free Software Foundation, either version 3 of the 9 * License, or (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU Affero General Public License for more details. 15 * 16 * You should have received a copy of the GNU Affero General Public License 17 * along with this program. If not, see <http://www.gnu.org/licenses/>. 18 */ 19 package org.kuali.rice.kim.impl.jaxb; 20 21 import java.io.Serializable; 22 23 import javax.xml.bind.annotation.XmlAccessType; 24 import javax.xml.bind.annotation.XmlAccessorType; 25 import javax.xml.bind.annotation.XmlElement; 26 import javax.xml.bind.annotation.XmlType; 27 28 /** 29 * This class represents a <roleData> element. 30 * 31 * <p>The expected XML structure is as follows: 32 * 33 * <br> 34 * <br><roleData> 35 * <br> <roles> 36 * <br> <role> 37 * <br> <roleName namespaceCode=""></roleName> 38 * <br> <kimTypeName namespaceCode=""></kimTypeName> 39 * <br> <description></description> 40 * <br> <active></active> 41 * <br> <roleMembers> 42 * <br> <roleMember> 43 * <br> <principalId></principalId> 44 * <br> <principalName></principalName> 45 * <br> <groupId></groupId> 46 * <br> <groupName namespaceCode=""></groupName> 47 * <br> <roleIdAsMember></roleIdAsMember> 48 * <br> <roleNameAsMember namespaceCode=""></roleNameAsMember> 49 * <br> <activeFromDate></activeFromDate> 50 * <br> <activeToDate></activeToDate> 51 * <br> <qualifications> 52 * <br> <qualification key=""></qualification> 53 * <br> </qualifications> 54 * <br> </roleMember> 55 * <br> </roleMembers> 56 * <br> <rolePermissions> 57 * <br> <rolePermission> 58 * <br> <permissionId></permissionId> 59 * <br> <permissionName namespaceCode=""></permissionName> 60 * <br> </rolePermission> 61 * <br> </rolePermissions> 62 * <br> </role> 63 * <br> </roles> 64 * <br> <roleMembers> 65 * <br> <roleMember> 66 * <br> <roleId></roleId> 67 * <br> <roleName namespaceCode=""></roleName> 68 * <br> <principalId></principalId> 69 * <br> <principalName></principalName> 70 * <br> <groupId></groupId> 71 * <br> <groupName namespaceCode=""></groupName> 72 * <br> <roleIdAsMember></roleIdAsMember> 73 * <br> <roleNameAsMember namespaceCode=""></roleNameAsMember> 74 * <br> <activeFromDate></activeFromDate> 75 * <br> <activeToDate></activeToDate> 76 * <br> <qualifications> 77 * <br> <qualification key=""></qualification> 78 * <br> </qualifications> 79 * <br> </roleMember> 80 * <br> </roleMembers> 81 * <br> <rolePermissions> 82 * <br> <rolePermission> 83 * <br> <roleId></roleId> 84 * <br> <roleName namespaceCode=""></roleName> 85 * <br> <permissionId></permissionId> 86 * <br> <permissionName namespaceCode=""></permissionName> 87 * <br> </rolePermission> 88 * <br> </rolePermissions> 89 * <br></roleData> 90 * 91 * <p>Note the following: 92 * <ul> 93 * <li>The <roles> element is optional, and can contain zero or more <role> elements. 94 * <li>The <roleName> element on the <role> element and its "namespaceCode" attribute 95 * are required, and must be non-blank. The namespace code must map to a valid namespace. 96 * If the name and namespace combo matches an existing role, then the role in the XML will 97 * overwrite the existing role. 98 * <li>The <kimTypeName> and its "namespaceCode" attribute are both required, and the 99 * name and namespace combo must match an existing KIM type. 100 * <li>The <description> element is required, and must be non-blank. 101 * <li>The <active> element is optional, and will be set to true if not specified. 102 * <li>Both <roleMembers> elements are optional, and can contain zero or more 103 * <roleMember> elements. If the <roleMembers> element within the <role> 104 * element is specified, then any role members that are not within that element will be removed 105 * from the role if the XML is overwriting an existing one. (The <roleMembers> element 106 * outside of the <role> element can still add or re-add members that are not located 107 * within the other <roleMembers> element.) 108 * <li>For both <roleMember> elements: 109 * <ul> 110 * <li>Exactly one of these sets of member identification must be specified: 111 * <ol> 112 * <li>A <principalId> and/or <principalName> element, where the former 113 * must contain a valid principal ID and the latter must contain a valid principal name. 114 * <li>A <groupId> and/or <groupName> element, where the former must contain 115 * a valid group ID and the latter must contain a valid group name and namespace. 116 * <li>A <roleIdAsMember> and/or <roleNameAsMember> element, where the former 117 * must contain a valid role ID and the latter must contain a valid role name and namespace. 118 * </ol> 119 * <li>The <activeFromDate> element is optional, and its content must be a date String 120 * that can be parsed by the DateTimeService. 121 * <li>The <activeToDate> element is optional, and its content must be a date String 122 * that can be parsed by the DateTimeService. 123 * <li>The <qualifications> element is optional, and can contain zero or more 124 * <qualification> elements. 125 * <li>The <qualification> element's "key" attribute is required, and must be non-blank. 126 * Duplicate keys within a <qualifications> element are not permitted. 127 * </ul> 128 * <li>For both <rolePermission> elements: 129 * <ul> 130 * <li>A <permissionId> and/or <permissionName> element must be specified, where the 131 * former must contain a valid permission ID and the latter must contain a valid permission 132 * name and namespace. 133 * </ul> 134 * <li>For the <roleMember> and <rolePermission> elements not inside a <role> element: 135 * <ul> 136 * <li>A <roleId> and/or <roleName> element must be specified, where the former must 137 * contain a valid role ID and the latter must contain a valid role name and namespace. 138 * </ul> 139 * <li>The ingestion process is currently order-dependent, which should be kept in mind when adding 140 * roles as members of another role or assigning permissions to roles. (The permission XML always 141 * gets ingested prior to the role XML.) 142 * <li>The assignments of permissions to roles can only be added, not removed or deactivated. 143 * (TODO: Improve the role/permission-updating API to allow for updates and removals.) 144 * <li>The same roles, role members, and role permissions can be ingested within the same file, 145 * where subsequent ones will overwrite previous ones. (TODO: Is this acceptable?) 146 * <li>The IDs of principals, groups, roles, and permissions are not included when exporting the XML. 147 * <li>Delegations and responsibility actions are currently not supported by the ingestion process. 148 * </ul> 149 * 150 * TODO: Verify that the above behavior is correct. 151 * 152 * @author Kuali Rice Team (rice.collab@kuali.org) 153 */ 154 @XmlAccessorType(XmlAccessType.FIELD) 155 @XmlType(name="RoleDataType", propOrder={"roles", "roleMembers", "rolePermissions"}) 156 public class RoleDataXmlDTO implements Serializable { 157 158 private static final long serialVersionUID = 1L; 159 160 @XmlElement(name="roles") 161 private RolesXmlDTO roles; 162 163 @XmlElement(name="roleMembers") 164 private RoleMembersXmlDTO.OutsideOfRole roleMembers; 165 166 @XmlElement(name="rolePermissions") 167 private RolePermissionsXmlDTO.OutsideOfRole rolePermissions; 168 169 public RoleDataXmlDTO() {} 170 171 public RoleDataXmlDTO(RolesXmlDTO roles) { 172 this.roles = roles; 173 } 174 175 /** 176 * @return the roles 177 */ 178 public RolesXmlDTO getRoles() { 179 return this.roles; 180 } 181 182 /** 183 * @param roles the roles to set 184 */ 185 public void setRoles(RolesXmlDTO roles) { 186 this.roles = roles; 187 } 188 189 /** 190 * @return the roleMembers 191 */ 192 public RoleMembersXmlDTO.OutsideOfRole getRoleMembers() { 193 return this.roleMembers; 194 } 195 196 /** 197 * @param roleMembers the roleMembers to set 198 */ 199 public void setRoleMembers(RoleMembersXmlDTO.OutsideOfRole roleMembers) { 200 this.roleMembers = roleMembers; 201 } 202 203 /** 204 * @return the rolePermissions 205 */ 206 public RolePermissionsXmlDTO.OutsideOfRole getRolePermissions() { 207 return this.rolePermissions; 208 } 209 210 /** 211 * @param rolePermissions the rolePermissions to set 212 */ 213 public void setRolePermissions(RolePermissionsXmlDTO.OutsideOfRole rolePermissions) { 214 this.rolePermissions = rolePermissions; 215 } 216 217 }