org.sakaiproject.service.legacy.authzGroup
Interface AuthzGroupService

All Superinterfaces:
EntityProducer
All Known Implementing Classes:
BaseAuthzGroupService

public interface AuthzGroupService
extends EntityProducer

AuthzGroupService manages authorization grops.

Author:
Sakai Software Development Team

Nested Class Summary
 
Nested classes inherited from class org.sakaiproject.service.legacy.entity.EntityProducer
EntityProducer.ChangeType
 
Field Summary
static String ANON_ROLE
          Standard role name for the anon. role.
static String AUTH_ROLE
          Standard role name for the auth. role.
static String REFERENCE_ROOT
          This string starts the references to resources in this service.
static String SECURE_ADD_AUTHZ_GROUP
          Name for the event of adding an AuthzGroup.
static String SECURE_REMOVE_AUTHZ_GROUP
          Name for the event of removing an AuthzGroup.
static String SECURE_UPDATE_AUTHZ_GROUP
          Name for the event of updating an AuthzGroup.
static String SECURE_UPDATE_OWN_AUTHZ_GROUP
          Name for the event of updating ones own relationship in an AuthzGroup.
static String SERVICE_NAME
          This string can be used to find the service in the service manager.
 
Method Summary
 AuthzGroup addAuthzGroup(String id)
          Add a new AuthzGroup
 AuthzGroup addAuthzGroup(String id, AuthzGroup other, String maintainUserId)
          Add a new AuthzGroup, as a copy of another AuthzGroup (except for id), and give a user "maintain" access based on the other's definition of "maintain".
 boolean allowAdd(String id)
          Check permissions for adding an AuthzGroup.
 boolean allowJoinGroup(String id)
          Check permissions for the current user joining a group.
 boolean allowRemove(String id)
          Check permissions for removing an AuthzGroup.
 boolean allowUnjoinGroup(String id)
          Check permissions for the current user unjoining a group.
 boolean allowUpdate(String id)
          Check permissions for updating an AuthzGroup.
 String authzGroupReference(String id)
          Access the internal reference which can be used to access the AuthzGroup from within the system.
 int countAuthzGroups(String criteria)
          Count the AuthzGroups that meet specified criteria.
 Set getAllowedFunctions(String role, Collection azGroups)
          Get the set of functions that users with this role in these AuthzGroups are allowed to perform.
 AuthzGroup getAuthzGroup(String id)
          Access an AuthzGroup.
 List getAuthzGroups(String criteria, PagingPosition page)
          Access a list of AuthzGroups that meet specified criteria, naturally sorted.
 Set getAuthzGroupsIsAllowed(String userId, String function, Collection azGroups)
          Get the set of AuthzGroup ids in which this user is allowed to perform this function.
 String getUserRole(String userId, String azGroupId)
          Get the role name for this user in this AuthzGroup, if the user has membership (the membership gives the user a single role).
 Set getUsersIsAllowed(String function, Collection azGroups)
          Get the set of user ids of users who are allowed to perform the function in the named AuthzGroups.
 Map getUsersRole(Collection userIds, String azGroupId)
          Get the role name for each user in the userIds Collection in this AuthzGroup, for each of these users who have membership (membership gives the user a single role).
 boolean isAllowed(String userId, String function, Collection azGroups)
          Test if this user is allowed to perform the function in the named AuthzGroups.
 boolean isAllowed(String userId, String function, String azGroupId)
          Test if this user is allowed to perform the function in the named AuthzGroup.
 void joinGroup(String authzGroupId, String role)
          Cause the current user to join the given AuthzGroup with this role, using SECURE_UPDATE_OWN_AUTHZ_GROUP security.
 AuthzGroup newAuthzGroup(String id, AuthzGroup other, String maintainUserId)
          Create a new AuthzGroup, as a copy of another AuthzGroup (except for id), and give a user "maintain" access based on the other's definition of "maintain", but do not store - it can be saved with a save() call
 void refreshUser(String userId)
          Refresh this user's AuthzGroup external definitions.
 void removeAuthzGroup(AuthzGroup azGroup)
          Remove this AuthzGroup.
 void removeAuthzGroup(String id)
          Remove the AuthzGroup with this id, if it exists (fails quietly if not).
 void save(AuthzGroup azGroup)
          Save the changes made to the AuthzGroup.
 void unjoinGroup(String authzGroupId)
          Cause the current user to unjoin the given AuthzGroup, using SECURE_UPDATE_OWN_AUTHZ_GROUP security.
 
Methods inherited from interface org.sakaiproject.service.legacy.entity.EntityProducer
archive, getEntity, getEntityAuthzGroups, getEntityDescription, getEntityResourceProperties, getEntityUrl, getHttpAccess, getLabel, importEntities, merge, parseEntityReference, syncWithSiteChange, willArchiveMerge, willImport
 

Field Detail

SERVICE_NAME

public static final String SERVICE_NAME
This string can be used to find the service in the service manager.


REFERENCE_ROOT

public static final String REFERENCE_ROOT
This string starts the references to resources in this service.

See Also:
Constant Field Values

SECURE_ADD_AUTHZ_GROUP

public static final String SECURE_ADD_AUTHZ_GROUP
Name for the event of adding an AuthzGroup.

See Also:
Constant Field Values

SECURE_REMOVE_AUTHZ_GROUP

public static final String SECURE_REMOVE_AUTHZ_GROUP
Name for the event of removing an AuthzGroup.

See Also:
Constant Field Values

SECURE_UPDATE_AUTHZ_GROUP

public static final String SECURE_UPDATE_AUTHZ_GROUP
Name for the event of updating an AuthzGroup.

See Also:
Constant Field Values

SECURE_UPDATE_OWN_AUTHZ_GROUP

public static final String SECURE_UPDATE_OWN_AUTHZ_GROUP
Name for the event of updating ones own relationship in an AuthzGroup.

See Also:
Constant Field Values

ANON_ROLE

public static final String ANON_ROLE
Standard role name for the anon. role.

See Also:
Constant Field Values

AUTH_ROLE

public static final String AUTH_ROLE
Standard role name for the auth. role.

See Also:
Constant Field Values
Method Detail

getAuthzGroups

public List getAuthzGroups(String criteria,
                           PagingPosition page)
Access a list of AuthzGroups that meet specified criteria, naturally sorted.

Parameters:
criteria - Selection criteria: AuthzGroups returned will match this string somewhere in their id, or provider group id.
page - The PagePosition subset of items to return.
Returns:
The List (AuthzGroup) that meet specified criteria.

countAuthzGroups

public int countAuthzGroups(String criteria)
Count the AuthzGroups that meet specified criteria.

Parameters:
criteria - Selection criteria: AuthzGroups returned will match this string somewhere in their id, or provider group id.
Returns:
The count of AuthzGroups that meet specified criteria.

getAuthzGroup

public AuthzGroup getAuthzGroup(String id)
                         throws IdUnusedException
Access an AuthzGroup.

Parameters:
id - The id string.
Returns:
The AuthzGroup.
Throws:
IdUnusedException - if not found.

allowUpdate

public boolean allowUpdate(String id)
Check permissions for updating an AuthzGroup.

Parameters:
id - The id.
Returns:
true if the user is allowed to update the AuthzGroup, false if not.

save

public void save(AuthzGroup azGroup)
          throws IdUnusedException,
                 PermissionException
Save the changes made to the AuthzGroup. The AuthzGroup must already exist, and the user must have permission to update.

Parameters:
azGroup - The AuthzGroup to save.
Throws:
IdUnusedException - if the AuthzGroup id is not defined.
PermissionException - if the current user does not have permission to update the AuthzGroup.

allowAdd

public boolean allowAdd(String id)
Check permissions for adding an AuthzGroup.

Parameters:
id - The authzGroup id.
Returns:
true if the current user is allowed add the AuthzGroup, false if not.

addAuthzGroup

public AuthzGroup addAuthzGroup(String id)
                         throws IdInvalidException,
                                IdUsedException,
                                PermissionException
Add a new AuthzGroup

Parameters:
id - The AuthzGroup id.
Returns:
The new AuthzGroup.
Throws:
IdInvalidException - if the id is invalid.
IdUsedException - if the id is already used.
PermissionException - if the current user does not have permission to add the AuthzGroup.

addAuthzGroup

public AuthzGroup addAuthzGroup(String id,
                                AuthzGroup other,
                                String maintainUserId)
                         throws IdInvalidException,
                                IdUsedException,
                                PermissionException
Add a new AuthzGroup, as a copy of another AuthzGroup (except for id), and give a user "maintain" access based on the other's definition of "maintain".

Parameters:
id - The id.
other - The AuthzGroup to copy into this new AuthzGroup.
maintainUserId - Optional user id to get "maintain" access, or null if none.
Returns:
The new AuthzGroup object.
Throws:
IdInvalidException - if the id is invalid.
IdUsedException - if the id is already used.
PermissionException - if the current user does not have permission to add the AuthzGroup.

allowRemove

public boolean allowRemove(String id)
Check permissions for removing an AuthzGroup.

Parameters:
id - The AuthzGroup id.
Returns:
true if the user is allowed to remove the AuthzGroup, false if not.

removeAuthzGroup

public void removeAuthzGroup(AuthzGroup azGroup)
                      throws PermissionException
Remove this AuthzGroup.

Parameters:
azGroup - The AuthzGroup to remove.
Throws:
PermissionException - if the current user does not have permission to remove this AuthzGroup.

removeAuthzGroup

public void removeAuthzGroup(String id)
                      throws PermissionException
Remove the AuthzGroup with this id, if it exists (fails quietly if not).

Parameters:
id - The AuthzGroup id.
Throws:
PermissionException - if the current user does not have permission to remove this AthzGroup.

authzGroupReference

public String authzGroupReference(String id)
Access the internal reference which can be used to access the AuthzGroup from within the system.

Parameters:
id - The AuthzGroup id.
Returns:
The the internal reference which can be used to access the AuthzGroup from within the system.

joinGroup

public void joinGroup(String authzGroupId,
                      String role)
               throws IdUnusedException,
                      PermissionException
Cause the current user to join the given AuthzGroup with this role, using SECURE_UPDATE_OWN_AUTHZ_GROUP security.

Parameters:
authzGroupId - the id of the AuthzGroup.
role - the name of the Role.
Throws:
IdUnusedException - if the authzGroupId or role are not defined.
PermissionException - if the current user does not have permission to join this AuthzGroup.

unjoinGroup

public void unjoinGroup(String authzGroupId)
                 throws IdUnusedException,
                        PermissionException
Cause the current user to unjoin the given AuthzGroup, using SECURE_UPDATE_OWN_AUTHZ_GROUP security.

Parameters:
authzGroupId - the id of the AuthzGroup.
Throws:
IdUnusedException - if the authzGroupId or role are not defined.
PermissionException - if the current user does not have permission to unjoin this site.

allowJoinGroup

public boolean allowJoinGroup(String id)
Check permissions for the current user joining a group.

Parameters:
id - The AuthzGroup id.
Returns:
true if the user is allowed to join the group, false if not.

allowUnjoinGroup

public boolean allowUnjoinGroup(String id)
Check permissions for the current user unjoining a group.

Parameters:
id - The AuthzGroup id.
Returns:
true if the user is allowed to unjoin the group, false if not.

isAllowed

public boolean isAllowed(String userId,
                         String function,
                         String azGroupId)
Test if this user is allowed to perform the function in the named AuthzGroup.

Parameters:
userId - The user id.
function - The function to open.
azGroupId - The AuthzGroup id to consult, if it exists.
Returns:
true if this user is allowed to perform the function in the named AuthzGroup, false if not.

isAllowed

public boolean isAllowed(String userId,
                         String function,
                         Collection azGroups)
Test if this user is allowed to perform the function in the named AuthzGroups.

Parameters:
userId - The user id.
function - The function to open.
azGroups - A collection of AuthzGroup ids to consult.
Returns:
true if this user is allowed to perform the function in the named AuthzGroups, false if not.

getUsersIsAllowed

public Set getUsersIsAllowed(String function,
                             Collection azGroups)
Get the set of user ids of users who are allowed to perform the function in the named AuthzGroups.

Parameters:
function - The function to check.
azGroups - A collection of the ids of AuthzGroups to consult.
Returns:
the Set (String) of user ids of users who are allowed to perform the function in the named AuthzGroups.

getAuthzGroupsIsAllowed

public Set getAuthzGroupsIsAllowed(String userId,
                                   String function,
                                   Collection azGroups)
Get the set of AuthzGroup ids in which this user is allowed to perform this function.

Parameters:
userId - The user id.
function - The function to check.
azGroups - The Collection of AuthzGroup ids to search; if null, search them all.
Returns:
the Set (String) of AuthzGroup ids in which this user is allowed to perform this function.

getAllowedFunctions

public Set getAllowedFunctions(String role,
                               Collection azGroups)
Get the set of functions that users with this role in these AuthzGroups are allowed to perform.

Parameters:
role - The role name.
azGroups - A collection of AuthzGroup ids to consult.
Returns:
the Set (String) of functions that users with this role in these AuthzGroups are allowed to perform

getUserRole

public String getUserRole(String userId,
                          String azGroupId)
Get the role name for this user in this AuthzGroup, if the user has membership (the membership gives the user a single role).

Parameters:
userId - The user id.
azGroupId - The AuthzGroup id to consult, if it exists.
Returns:
the role name for this user in this AuthzGroup, if the user has active membership, or null if not.

getUsersRole

public Map getUsersRole(Collection userIds,
                        String azGroupId)
Get the role name for each user in the userIds Collection in this AuthzGroup, for each of these users who have membership (membership gives the user a single role).

Parameters:
userIds - The user ids as a Collection of String.
azGroupId - The AuthzGroup id to consult, if it exists.
Returns:
A Map (userId (String) -> role name (String)) of role names for each user who have active membership; if the user does not, it will not be in the Map.

refreshUser

public void refreshUser(String userId)
Refresh this user's AuthzGroup external definitions.

Parameters:
userId - The user id.

newAuthzGroup

public AuthzGroup newAuthzGroup(String id,
                                AuthzGroup other,
                                String maintainUserId)
                         throws IdUsedException
Create a new AuthzGroup, as a copy of another AuthzGroup (except for id), and give a user "maintain" access based on the other's definition of "maintain", but do not store - it can be saved with a save() call

Parameters:
id - The id.
other - The AuthzGroup to copy into this new AuthzGroup (or null if none).
maintainUserId - Optional user id to get "maintain" access, or null if none.
Returns:
The new AuthzGroup object.
Throws:
IdUsedException - if the id is already used.