Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kim.api.services;
017
018import org.kuali.rice.core.api.criteria.QueryByCriteria;
019import org.kuali.rice.kim.api.common.assignee.Assignee;
020import org.kuali.rice.kim.api.group.Group;
021import org.kuali.rice.kim.api.identity.CodedAttribute;
022import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
023import org.kuali.rice.kim.api.identity.entity.Entity;
024import org.kuali.rice.kim.api.identity.entity.EntityDefault;
025import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
026import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
027import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
028import org.kuali.rice.kim.api.identity.principal.Principal;
029import org.kuali.rice.kim.api.permission.Permission;
030import org.kuali.rice.kim.api.responsibility.Responsibility;
031import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
032
033import java.util.List;
034import java.util.Map;
035
036/**
037 * This is the front end for the KIM module.  Clients of KIM should access this service from
038 * their applications.  If KIM is not running on the same machine (VM) as the application
039 * (as would be the case with a standalone Rice server), then this service should be implemented
040 * locally within the application and access the core KIM services
041 * (Authentication/Authorization/Identity/Group) via the service bus.
042 *
043 *  For efficiency, implementations of this interface should add appropriate caching of
044 *  the information retrieved from the core services for load and performance reasons.
045 *
046 *  Most of the methods on this interface are straight pass-thrus to methods on the four core services.
047 *
048 * @author Kuali Rice Team (rice.collab@kuali.org)
049 *
050 */
051public interface IdentityManagementService {
052
053        // *******************************
054        // IdentityService
055        // *******************************
056
057        Principal getPrincipal( String principalId);
058        Principal getPrincipalByPrincipalName( String principalName);
059
060        Principal getPrincipalByPrincipalNameAndPassword(
061             String principalName,
062             String password
063    );
064
065        EntityDefault getEntityDefaultInfo( String entityId);
066        EntityDefault getEntityDefaultInfoByPrincipalId( String principalId);
067        EntityDefault getEntityDefaultInfoByPrincipalName( String principalName);
068
069    EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria);
070
071        //KimEntityPrivacyPreferencesInfo getEntityPrivacyPreferences(String entityId);
072
073        Entity getEntity( String entityId);
074        Entity getEntityByPrincipalId( String principalId);
075        Entity getEntityByPrincipalName( String principalName);
076
077        EntityQueryResults findEntities(QueryByCriteria queryByCriteria);
078
079        CodedAttribute getAddressType( String code);
080        EntityAffiliationType getAffiliationType( String code);
081        CodedAttribute getCitizenshipStatus( String code);
082        CodedAttribute getEmailType( String code);
083        CodedAttribute getEmploymentStatus( String code);
084        CodedAttribute getEmploymentType( String code);
085        CodedAttribute getEntityNameType( String code);
086        CodedAttribute getEntityType( String code);
087        EntityExternalIdentifierType getExternalIdentifierType( String code);
088        CodedAttribute getPhoneType( String code);
089
090        // *******************************
091        // GroupService
092        // *******************************
093
094        Group getGroup( String groupId);
095
096    Group getGroupByName(
097             String namespaceCode,
098             String groupName
099    );
100
101    List<String> getParentGroupIds( String groupId);
102    List<String> getDirectParentGroupIds( String groupId);
103
104    
105    List<String> getGroupIdsForPrincipal( String principalId);
106
107    
108    List<String> getGroupIdsForPrincipal(
109             String principalId,
110             String namespaceCode
111    );
112
113    
114    List<? extends Group> getGroupsForPrincipal( String principalId);
115
116    
117    List<? extends Group> getGroupsForPrincipal(
118             String principalId,
119             String namespaceCode
120    );
121
122    List<String> getMemberGroupIds( String groupId);
123    List<String> getDirectMemberGroupIds( String groupId);
124
125    
126        boolean isMemberOfGroup(
127             String principalId,
128             String groupId
129    );
130
131    
132        boolean isMemberOfGroup(
133             String principalId,
134             String namespaceCode,
135             String groupName
136    );
137
138        boolean isGroupMemberOfGroup(
139             String potentialMemberGroupId,
140             String potentialParentId
141    );
142
143        List<String> getGroupMemberPrincipalIds( String groupId);
144        List<String> getDirectGroupMemberPrincipalIds( String groupId);
145
146    boolean addGroupToGroup(
147             String childId,
148             String parentId
149    );
150
151    boolean removeGroupFromGroup(
152             String childId,
153             String parentId
154    );
155
156    boolean addPrincipalToGroup(
157             String principalId,
158             String groupId
159    );
160
161    boolean removePrincipalFromGroup(
162             String principalId,
163             String groupId
164    );
165
166    Group createGroup( Group group);
167    void removeAllMembers( String groupId);
168
169    Group updateGroup(
170             String groupId,
171             Group group
172    );
173
174    // --------------------
175    // Authorization Checks
176    // --------------------
177
178    boolean hasPermission(
179             String principalId,
180             String namespaceCode,
181             String permissionName,
182              Map<String, String> permissionDetails
183    );
184
185    boolean isAuthorized(
186             String principalId,
187             String namespaceCode,
188             String permissionName,
189              Map<String, String> permissionDetails,
190              Map<String, String> qualification
191    );
192
193    boolean hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
194            Map<String, String> permissionDetails);
195
196    boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
197            Map<String, String> permissionDetails, Map<String, String> qualification);
198
199    /**
200     * Returns the matching permission objects for a principal.
201     */
202    List<Permission> getAuthorizedPermissions(
203             String principalId,
204             String namespaceCode,
205             String permissionName,
206              Map<String, String> permissionDetails,
207              Map<String, String> qualification
208    );
209
210    List<Permission> getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode,
211            String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification);
212
213    List<Assignee> getPermissionAssignees(
214             String namespaceCode,
215             String permissionName,
216              Map<String, String> permissionDetails,
217              Map<String, String> qualification
218    );
219
220    List<Assignee> getPermissionAssigneesForTemplate(String namespaceCode, String permissionTemplateName,
221            Map<String, String> permissionDetails, Map<String, String> qualification);
222
223    // ----------------------
224    // Responsibility Methods
225    // ----------------------
226
227    /**
228     * Get the responsibility object with the given ID.
229     */
230    Responsibility getResponsibility( String responsibilityId);
231
232        /**
233         * Return the responsibility object for the given unique combination of namespace,
234         * component and responsibility name.
235         */
236    Responsibility getResponsibilityByName(
237             String namespaceCode,
238             String responsibilityName
239    );
240
241    /**
242     * Check whether the principal has the given responsibility within the passed qualifier.
243     */
244    boolean hasResponsibility(
245             String principalId,
246             String namespaceCode,
247             String responsibilityName,
248              Map<String, String> qualification
249    );
250
251    /**
252     * Check whether the principal has the given responsibility within the passed qualifier.
253     */
254    boolean hasResponsibilityByTemplate(String principalId, String namespaceCode, String responsibilityTemplateName,
255            Map<String, String> qualification, Map<String, String> responsibilityDetails);
256
257    List<ResponsibilityAction> getResponsibilityActions(
258             String namespaceCode,
259             String responsibilityName,
260              Map<String, String> qualification,
261              Map<String, String> responsibilityDetails
262    );
263
264    List<ResponsibilityAction> getResponsibilityActionsByTemplate(String namespaceCode,
265            String responsibilityTemplateName, Map<String, String> qualification,
266            Map<String, String> responsibilityDetails);
267
268    /**
269     * Returns true if there are any assigned permissions with the given template.
270     */
271    boolean isPermissionDefinedForTemplate(String namespaceCode, String permissionTemplateName,
272            Map<String, String> permissionDetails);
273
274
275    // ----------------------
276    // Cache Flush Methods
277    // ----------------------
278
279    void flushAllCaches();
280    void flushEntityPrincipalCaches();
281        void flushGroupCaches();
282        void flushPermissionCaches();
283        void flushResponsibilityCaches();
284
285}