/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/
package com.liferay.portal.service.impl;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.model.ResourceConstants;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl;
import java.util.Map;
/**
* Provides the remote service for adding, granting, and revoking resource
* permissions. Its methods include permission checks.
*
* <p>
* Before attempting to read any of the documentation for this class, first read
* {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an
* explanation of scoping.
* </p>
*
* @author Brian Wing Shun Chan
*/
public class ResourcePermissionServiceImpl
extends ResourcePermissionServiceBaseImpl {
/**
* Grants the role permission at the scope to perform the action on
* resources of the type. Existing actions are retained.
*
* <p>
* This method cannot be used to grant individual scope permissions, but is
* only intended for adding permissions at the company, group, and
* group-template scopes. For example, this method could be used to grant a
* company scope permission to edit message board posts.
* </p>
*
* <p>
* If a company scope permission is granted to resources that the role
* already had group scope permissions to, the group scope permissions are
* deleted. Likewise, if a group scope permission is granted to resources
* that the role already had company scope permissions to, the company scope
* permissions are deleted. Be aware that this latter behavior can result in
* an overall reduction in permissions for the role.
* </p>
*
* <p>
* Depending on the scope, the value of <code>primKey</code> will have
* different meanings. For more information, see {@link
* com.liferay.portal.model.impl.ResourcePermissionImpl}.
* </p>
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a
* portlet ID
* @param scope the scope. This method only supports company, group, and
* group-template scope.
* @param primKey the primary key
* @param roleId the primary key of the role
* @param actionId the action ID
*/
@Override
public void addResourcePermission(
long groupId, long companyId, String name, int scope,
String primKey, long roleId, String actionId)
throws PortalException {
permissionService.checkPermission(
groupId, Role.class.getName(), roleId);
resourcePermissionLocalService.addResourcePermission(
companyId, name, scope, primKey, roleId, actionId);
}
/**
* Revokes permission at the scope from the role to perform the action on
* resources of the type. For example, this method could be used to revoke a
* group scope permission to edit blog posts.
*
* <p>
* Depending on the scope, the value of <code>primKey</code> will have
* different meanings. For more information, see {@link
* com.liferay.portal.model.impl.ResourcePermissionImpl}.
* </p>
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a
* portlet ID
* @param scope the scope
* @param primKey the primary key
* @param roleId the primary key of the role
* @param actionId the action ID
*/
@Override
public void removeResourcePermission(
long groupId, long companyId, String name, int scope,
String primKey, long roleId, String actionId)
throws PortalException {
permissionService.checkPermission(
groupId, Role.class.getName(), roleId);
resourcePermissionLocalService.removeResourcePermission(
companyId, name, scope, primKey, roleId, actionId);
}
/**
* Revokes all permissions at the scope from the role to perform the action
* on resources of the type. For example, this method could be used to
* revoke all individual scope permissions to edit blog posts from site
* members.
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a
* portlet ID
* @param scope the scope
* @param roleId the primary key of the role
* @param actionId the action ID
*/
@Override
public void removeResourcePermissions(
long groupId, long companyId, String name, int scope, long roleId,
String actionId)
throws PortalException {
permissionService.checkPermission(
groupId, Role.class.getName(), roleId);
resourcePermissionLocalService.removeResourcePermissions(
companyId, name, scope, roleId, actionId);
}
/**
* Updates the role's permissions at the scope, setting the actions that can
* be performed on resources of the type. Existing actions are replaced.
*
* <p>
* This method can be used to set permissions at any scope, but it is
* generally only used at the individual scope. For example, it could be
* used to set the guest permissions on a blog post.
* </p>
*
* <p>
* Depending on the scope, the value of <code>primKey</code> will have
* different meanings. For more information, see {@link
* com.liferay.portal.model.impl.ResourcePermissionImpl}.
* </p>
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a
* portlet ID
* @param primKey the primary key
* @param roleId the primary key of the role
* @param actionIds the action IDs of the actions
*/
@Override
public void setIndividualResourcePermissions(
long groupId, long companyId, String name, String primKey,
long roleId, String[] actionIds)
throws PortalException {
permissionService.checkPermission(groupId, name, primKey);
resourcePermissionLocalService.setResourcePermissions(
companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
roleId, actionIds);
}
/**
* Updates the role's permissions at the scope, setting the actions that can
* be performed on resources of the type. Existing actions are replaced.
*
* <p>
* This method can be used to set permissions at any scope, but it is
* generally only used at the individual scope. For example, it could be
* used to set the guest permissions on a blog post.
* </p>
*
* <p>
* Depending on the scope, the value of <code>primKey</code> will have
* different meanings. For more information, see {@link
* com.liferay.portal.model.impl.ResourcePermissionImpl}.
* </p>
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a
* portlet ID
* @param primKey the primary key
* @param roleIdsToActionIds a map of role IDs to action IDs of the actions
*/
@Override
public void setIndividualResourcePermissions(
long groupId, long companyId, String name, String primKey,
Map<Long, String[]> roleIdsToActionIds)
throws PortalException {
permissionService.checkPermission(groupId, name, primKey);
resourcePermissionLocalService.setResourcePermissions(
companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
roleIdsToActionIds);
}
}