Package org.kuali.rice.kim.impl.jaxb

Class RoleDataXmlDTO

  • All Implemented Interfaces:
    Serializable
    public class RoleDataXmlDTO
extends Object
implements Serializable
    This class represents a <roleData> element.

    The expected XML structure is as follows:

    <roleData>
      <roles>
        <role>
          <roleName namespaceCode=""></roleName>
          <kimTypeName namespaceCode=""></kimTypeName>
          <description></description>
          <active></active>
          <roleMembers>
            <roleMember>
              <principalId></principalId>
              <principalName></principalName>
              <groupId></groupId>
              <groupName namespaceCode=""></groupName>
              <roleIdAsMember></roleIdAsMember>
              <roleNameAsMember namespaceCode=""></roleNameAsMember>
              <activeFromDate></activeFromDate>
              <activeToDate></activeToDate>
              <qualifications>
                <qualification key=""></qualification>
              </qualifications>
            </roleMember>
          </roleMembers>
          <rolePermissions>
            <rolePermission>
              <permissionId></permissionId>
              <permissionName namespaceCode=""></permissionName>
            </rolePermission>
          </rolePermissions>
        </role>
      </roles>
      <roleMembers>
        <roleMember>
          <roleId></roleId>
          <roleName namespaceCode=""></roleName>
          <principalId></principalId>
          <principalName></principalName>
          <groupId></groupId>
          <groupName namespaceCode=""></groupName>
          <roleIdAsMember></roleIdAsMember>
          <roleNameAsMember namespaceCode=""></roleNameAsMember>
          <activeFromDate></activeFromDate>
          <activeToDate></activeToDate>
          <qualifications>
            <qualification key=""></qualification>
          </qualifications>
        </roleMember>
      </roleMembers>
      <rolePermissions>
        <rolePermission>
          <roleId></roleId>
          <roleName namespaceCode=""></roleName>
          <permissionId></permissionId>
          <permissionName namespaceCode=""></permissionName>
        </rolePermission>
      </rolePermissions>
    </roleData>

    Note the following:

    • The <roles> element is optional, and can contain zero or more <role> elements.
    • The <roleName> element on the <role> element and its "namespaceCode" attribute are required, and must be non-blank. The namespace code must map to a valid namespace. If the name and namespace combo matches an existing role, then the role in the XML will overwrite the existing role.
    • The <kimTypeName> and its "namespaceCode" attribute are both required, and the name and namespace combo must match an existing KIM type.
    • The <description> element is required, and must be non-blank.
    • The <active> element is optional, and will be set to true if not specified.
    • Both <roleMembers> elements are optional, and can contain zero or more <roleMember> elements. If the <roleMembers> element within the <role> element is specified, then any role members that are not within that element will be removed from the role if the XML is overwriting an existing one. (The <roleMembers> element outside of the <role> element can still add or re-add members that are not located within the other <roleMembers> element.)
    • For both <roleMember> elements:
      • Exactly one of these sets of member identification must be specified:
        1. A <principalId> and/or <principalName> element, where the former must contain a valid principal ID and the latter must contain a valid principal name.
        2. A <groupId> and/or <groupName> element, where the former must contain a valid group ID and the latter must contain a valid group name and namespace.
        3. A <roleIdAsMember> and/or <roleNameAsMember> element, where the former must contain a valid role ID and the latter must contain a valid role name and namespace.
      • The <activeFromDate> element is optional, and its content must be a date String that can be parsed by the DateTimeService.
      • The <activeToDate> element is optional, and its content must be a date String that can be parsed by the DateTimeService.
      • The <qualifications> element is optional, and can contain zero or more <qualification> elements.
      • The <qualification> element's "key" attribute is required, and must be non-blank. Duplicate keys within a <qualifications> element are not permitted.
    • For both <rolePermission> elements:
      • A <permissionId> and/or <permissionName> element must be specified, where the former must contain a valid permission ID and the latter must contain a valid permission name and namespace.
    • For the <roleMember> and <rolePermission> elements not inside a <role> element:
      • A <roleId> and/or <roleName> element must be specified, where the former must contain a valid role ID and the latter must contain a valid role name and namespace.
    • The ingestion process is currently order-dependent, which should be kept in mind when adding roles as members of another role or assigning permissions to roles. (The permission XML always gets ingested prior to the role XML.)
    • The assignments of permissions to roles can only be added, not removed or deactivated. (TODO: Improve the role/permission-updating API to allow for updates and removals.)
    • The same roles, role members, and role permissions can be ingested within the same file, where subsequent ones will overwrite previous ones. (TODO: Is this acceptable?)
    • The IDs of principals, groups, roles, and permissions are not included when exporting the XML.
    • Delegations and responsibility actions are currently not supported by the ingestion process.
    TODO: Verify that the above behavior is correct.
    Author:
    Kuali Rice Team (rice.collab@kuali.org)
    See Also:
    Serialized Form