Package org.kuali.rice.kim.api.role

Interface RoleService

public interface RoleService
This service provides operations for querying role and role qualification data.

A role is where permissions and responsibilities are granted. Roles have a membership consisting of principals, groups or even other roles. By being assigned as members of a role, the associated principals will be granted all permissions and responsibilities that have been granted to the role.

Each membership assignment on the role can have a qualification which defines extra information about that particular member of the role. For example, one may have the role of "Dean" but that can be further qualified by the school they are the dean of, such as "Dean of Computer Science". Authorization checks that are then done in the permission service can pass qualifiers as part of the operation if they want to restrict the subset of the role against which the check is made.

Author:
Kuali Rice Team (rice.collab@kuali.org)

  • Method Details

    • createRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) Role createRole(Role role) throws RiceIllegalArgumentException, RiceIllegalStateException
      This will create a Role exactly like the role passed in.
      Parameters:
      role - the role to create
      Returns:
      the newly created object. will never be null.
      Throws:
      RiceIllegalArgumentException - if the role passed in is null
      RiceIllegalStateException - if the role is already existing in the system

    • updateRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) Role updateRole(Role role) throws RiceIllegalArgumentException, RiceIllegalStateException
      This will update a Role.
      Parameters:
      role - the role to update
      Throws:
      RiceIllegalArgumentException - if the role is null
      RiceIllegalStateException - if the role does not exist in the system

    • getRole

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'id=\' + #p0") Role getRole(String id) throws RiceIllegalArgumentException
      Get the KIM Role object with the given ID.
      Parameters:
      id - the id of the role.
      Returns:
      the role with the given id or null if role doesn't exist.
      Throws:
      RiceIllegalArgumentException - if roleId is null or Blank

    • getRoles

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'ids=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p0)") List<Role> getRoles(List<String> ids) throws RiceIllegalArgumentException
      Get the KIM Role objects for the role IDs in the given List.
      Parameters:
      ids - the ids of the roles.
      Returns:
      a list of roles with the given ids or null if no roles are found.
      Throws:
      RiceIllegalArgumentException - if ids is null or Blank

    • getRoleByNamespaceCodeAndName

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'namespaceCode=\' + #p0 + \'|\' + \'name=\' + #p1") Role getRoleByNamespaceCodeAndName(String namespaceCode, String name) throws RiceIllegalArgumentException
      Get the KIM Role object with the unique combination of namespace, component, and role name.
      Parameters:
      namespaceCode - the namespace code of the role.
      name - the name of the role.
      Returns:
      a role with the given namespace code and name or null if role does not exist.
      Throws:
      RiceIllegalArgumentException - if namespaceCode or name is null or blank.

    • getRoleIdByNamespaceCodeAndName

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'{getRoleIdByNamespaceCodeAndName}\' + \'namespaceCode=\' + #p0 + \'|\' + \'name=\' + #p1") String getRoleIdByNamespaceCodeAndName(String namespaceCode, String name) throws RiceIllegalArgumentException
      Return the Role ID for the given unique combination of namespace, component and role name.
      Parameters:
      namespaceCode - the namespace code of the role.
      name - the name of the role.
      Returns:
      a role id for a role with the given namespace code and name or null if role does not exist.
      Throws:
      RiceIllegalArgumentException - if namespaceCode or name is null or blank.

    • isRoleActive

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'{isRoleActive}\' + \'id=\' + #p0") boolean isRoleActive(String id) throws RiceIllegalArgumentException
      Checks whether the role with the given role ID is active.
      Parameters:
      id - the unique id of a role.
      Returns:
      true if the role with the given id is active.
      Throws:
      RiceIllegalArgumentException - if id is null or blank.

    • getRoleQualifersForPrincipalByRoleIds

      List<Map<String,String>> getRoleQualifersForPrincipalByRoleIds(String principalId, List<String> roleIds, Map<String,String> qualification) throws RiceIllegalArgumentException
      Returns a list of role qualifiers that the given principal has without taking into consideration that the principal may be a member via an assigned group or role. Use in situations where you are only interested in the qualifiers that are directly assigned to the principal.
      Parameters:
      principalId - the principalId to
      roleIds - the namespace code of the role.
      qualification - the qualifications for the roleIds.
      Returns:
      a map of role qualifiers for the given principalId, roleIds and qualifications or an empty map if none found.
      Throws:
      RiceIllegalArgumentException - if principalId is null or blank or roleIds is null.

    • getRoleQualifersForPrincipalByNamespaceAndRolename

      List<Map<String,String>> getRoleQualifersForPrincipalByNamespaceAndRolename(String principalId, String namespaceCode, String roleName, Map<String,String> qualification) throws RiceIllegalArgumentException
      Returns a list of role qualifiers that the given principal has without taking into consideration that the principal may be a member via an assigned group or role. Use in situations where you are only interested in the qualifiers that are directly assigned to the principal.
      Parameters:
      principalId - the principalId to
      namespaceCode - the namespace code of the role.
      roleName - the name of the role.
      qualification - the qualifications for the roleIds.
      Returns:
      a map of role qualifiers for the given parameters or an empty map if none found.
      Throws:
      RiceIllegalArgumentException - if principalId, namespaceCode, or roleName is null or blank.

    • getNestedRoleQualifersForPrincipalByNamespaceAndRolename

      List<Map<String,String>> getNestedRoleQualifersForPrincipalByNamespaceAndRolename(String principalId, String namespaceCode, String roleName, Map<String,String> qualification) throws RiceIllegalArgumentException
      Returns a list of role qualifiers that the given principal. If the principal's membership is via a group or role, that group or role's qualifier on the given role is returned.
      Parameters:
      principalId - the principalId to
      namespaceCode - the namespace code of the role.
      roleName - the name of the role.
      qualification - the qualifications for the roleIds.
      Returns:
      a map of nested role qualifiers for the given parameters or an empty map if none found.
      Throws:
      RiceIllegalArgumentException - if principalId, namespaceCode, or roleName is null or blank.

    • getNestedRoleQualifiersForPrincipalByRoleIds

      List<Map<String,String>> getNestedRoleQualifiersForPrincipalByRoleIds(String principalId, List<String> roleIds, Map<String,String> qualification) throws RiceIllegalArgumentException
      Returns a list of role qualifiers that the given principal. If the principal's membership is via a group or role, that group or role's qualifier on the given role is returned.
      Parameters:
      principalId - the principalId to
      roleIds - the namespace code of the role.
      qualification - the qualifications for the roleIds.
      Returns:
      a map of role qualifiers for the given roleIds and qualifications or an empty map if none found.
      Throws:
      RiceIllegalArgumentException - if principalId, namespaceCode, or roleName is null or blank.

    • getRoleMembers

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleMemberType", key="\'roleIds=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p0) + \'|\' + \'qualification=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).mapKey(#p1)", condition="!T(org.kuali.rice.kim.api.cache.KimCacheUtils).isDynamicRoleMembership(#p0)") List<RoleMembership> getRoleMembers(List<String> roleIds, Map<String,String> qualification) throws RiceIllegalArgumentException
      Get all the role members (groups and principals) associated with the given list of roles where their role membership/assignment matches the given qualification. The list of RoleMemberships returned will only contain group and principal members. Any nested role members will be resolved and flattened into the principals and groups that are members of that nested role (assuming qualifications match). The return object will have each membership relationship along with the delegations
      Parameters:
      roleIds - a list of role Ids.
      qualification - the qualifications for the roleIds.
      Returns:
      a list of role members for the given roleIds and qualifications or an empty list if none found.
      Throws:
      RiceIllegalArgumentException - if roleIds is null.

    • getRoleMemberPrincipalIds

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleMemberType", key="\'namespaceCode=\' + #p0 + \'|\' + \'roleName=\' + #p1 + \'|\' + \'qualification=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).mapKey(#p2)", condition="!T(org.kuali.rice.kim.api.cache.KimCacheUtils).isDynamicMembshipRoleByNamespaceAndName(#p0, #p1)") Collection<String> getRoleMemberPrincipalIds(String namespaceCode, String roleName, Map<String,String> qualification) throws RiceIllegalArgumentException
      This method gets all the members, then traverses down into members of type role and group to obtain the nested principal ids
      Parameters:
      namespaceCode - the namespace code of the role.
      roleName - the name of the role
      qualification - the qualifications for the roleIds.
      Returns:
      a list of role member principalIds for the given roleIds and qualifications, or an empty list if none found.
      Throws:
      RiceIllegalArgumentException - if namespaceCode, or roleName is null or blank.

    • principalHasRole

      boolean principalHasRole(String principalId, List<String> roleIds, Map<String,String> qualification) throws RiceIllegalArgumentException
      Returns whether the given principal has any of the passed role IDs with the given qualification.
      Parameters:
      principalId - the principal Id to check.
      roleIds - the list of role ids.
      qualification - the qualifications for the roleIds.
      Returns:
      true if the principal is assigned the one of the given roleIds with the passed in qualifications.
      Throws:
      RiceIllegalArgumentException - if roleIds is null or principalId is null or blank.

    • principalHasRole

      boolean principalHasRole(String principalId, List<String> roleIds, Map<String,String> qualification, boolean checkDelegations) throws RiceIllegalArgumentException
      Returns whether the given principal has any of the passed role IDs with the given qualification.
      Parameters:
      principalId - the principal Id to check.
      roleIds - the list of role ids.
      qualification - the qualifications for the roleIds.
      checkDelegations - whether delegations should be checked or not
      Returns:
      true if the principal is assigned the one of the given roleIds with the passed in qualifications.
      Throws:
      RiceIllegalArgumentException - if roleIds is null or principalId is null or blank.
      Since:
      2.1.1

    • getPrincipalIdSubListWithRole

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleMemberType", key="\'getPrincipalIdSubListWithRole\' + \'principalIds=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p0) + \'|\' + \'roleNamespaceCode=\' + #p1 + \'|\' + \'roleName=\' + #p2 + \'|\' + \'qualification=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).mapKey(#p3)", condition="!T(org.kuali.rice.kim.api.cache.KimCacheUtils).isDynamicMembshipRoleByNamespaceAndName(#p1, #p2)") List<String> getPrincipalIdSubListWithRole(List<String> principalIds, String roleNamespaceCode, String roleName, Map<String,String> qualification) throws RiceIllegalArgumentException
      Returns the subset of the given principal ID list which has the given role and qualification. This is designed to be used by lookups of people by their roles.
      Parameters:
      principalIds - the principal Ids to check.
      roleNamespaceCode - the namespaceCode of the role.
      roleName - the name of the role.
      qualification - the qualifications for the roleIds.
      Returns:
      list of principalIds that is the subset of list passed in with the given role and qualifications or an empty list.
      Throws:
      RiceIllegalArgumentException - if principalIds is null or the roleNamespaceCode or roleName is null or blank.

    • findRoles

      RoleQueryResults findRoles(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException
      This method gets search results for role lookup
      Parameters:
      queryByCriteria - the qualifications for the roleIds.
      Returns:
      query results. will never return null.
      Throws:
      RiceIllegalArgumentException - if queryByCriteria is null.

    • getFirstLevelRoleMembers

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleMembershipType", key="\'roleIds=\' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p0)") List<RoleMembership> getFirstLevelRoleMembers(List<String> roleIds) throws RiceIllegalArgumentException
      Gets all direct members of the roles that have ids within the given list of role ids. This method does not recurse into any nested roles.

      The resulting List of role membership will contain membership for all the roles with the specified ids. The list is not guaranteed to be in any particular order and may have membership info for the different roles interleaved with each other.

      Parameters:
      roleIds - a list of role Ids.
      Returns:
      list of RoleMembership that contains membership for the specified roleIds or empty list if none found.
      Throws:
      RiceIllegalArgumentException - if roleIds is null.

    • findRoleMemberships

      RoleMembershipQueryResults findRoleMemberships(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException
      Gets role member information based on the given search criteria.
      Parameters:
      queryByCriteria - the qualifications for the roleIds.
      Returns:
      query results. will never return null.
      Throws:
      RiceIllegalArgumentException - if queryByCriteria is null.

    • getMemberParentRoleIds

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleMembershipType", key="\'memberType=\' + #p0 + \'|\' + \'memberId=\' + #p1") List<String> getMemberParentRoleIds(String memberType, String memberId) throws RiceIllegalArgumentException
      Gets a list of Roles that the given member belongs to.
      Parameters:
      memberType - the role member type.
      memberId - the role member id (principalId, roleId, groupId).
      Returns:
      list of RoleMembership that contains membership for the specified roleIds or an empty list if none found.
      Throws:
      RiceIllegalArgumentException - if memberType or memberId is null or blank.

    • findRoleMembers

      RoleMemberQueryResults findRoleMembers(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException
      Gets role members based on the given search criteria.
      Parameters:
      queryByCriteria - the qualifications for the roleIds.
      Returns:
      query results. will never return null.
      Throws:
      RiceIllegalArgumentException - if queryByCriteria is null.

    • getRoleTypeRoleMemberIds

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleMemberType", key="\'{getRoleTypeRoleMemberIds}\' + \'roleId=\' + #p0") Set<String> getRoleTypeRoleMemberIds(String roleId) throws RiceIllegalArgumentException
      Gets a list of Roles Ids that are a member of the given roleId, including nested membership.
      Parameters:
      roleId - the role id.
      Returns:
      list of RoleIds that are members of the given role or and empty list if none found.
      Throws:
      RiceIllegalArgumentException - if roleId is null or blank.

    • findDelegateMembers

      DelegateMemberQueryResults findDelegateMembers(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException
      Gets role members based on the given search criteria.
      Parameters:
      queryByCriteria - the qualifications for the roleIds.
      Returns:
      query results. will never return null.
      Throws:
      RiceIllegalArgumentException - if queryByCriteria is null.

    • getDelegationMembersByDelegationId

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/DelegateMemberType", key="\'delegateId=\' + #p0") List<DelegateMember> getDelegationMembersByDelegationId(String delegateId) throws RiceIllegalArgumentException
      Gets the delegate members for the given delegation.
      Parameters:
      delegateId - the delegate id.
      Returns:
      list of delegate members that are members of the given delegation or an empty list if none found.
      Throws:
      RiceIllegalArgumentException - if delegationId is null or blank.

    • getDelegationMemberByDelegationAndMemberId

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/DelegateMemberType", key="\'delegationId=\' + #p0 + \'|\' + \'memberId=\' + #p1") DelegateMember getDelegationMemberByDelegationAndMemberId(String delegationId, String memberId) throws RiceIllegalArgumentException
      Gets the delegate member for the given delegationId and memberId.
      Parameters:
      delegationId - the delegate id.
      memberId - the member id matching the DelegateMember
      Returns:
      the delegate member with the given parameters or null if not found.
      Throws:
      RiceIllegalArgumentException - if delegationId or memberId is null or blank.

    • getDelegationMemberById

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/DelegateMemberType", key="\'id=\' + #p0") DelegateMember getDelegationMemberById(String id) throws RiceIllegalArgumentException
      Gets the delegate member with the given delegation member id.
      Parameters:
      id - the member id matching the DelegateMember
      Returns:
      the delegate member with the given parameters or null if not found.
      Throws:
      RiceIllegalArgumentException - if delegationId or memberId is null or blank.

    • getRoleResponsibilities

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleResponsibilityType", key="\'roleId=\' + #p0") List<RoleResponsibility> getRoleResponsibilities(String roleId) throws RiceIllegalArgumentException
      Gets a list of role reponsibilities for the given role id.
      Parameters:
      roleId - the role Id.
      Returns:
      a list of RoleResponsibilities for the given role Id, or an empty list if none found.
      Throws:
      RiceIllegalArgumentException - if roleId is null or blank.

    • getRoleMemberResponsibilityActions

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleResponsibilityType", key="\'roleMemberId=\' + #p0") List<RoleResponsibilityAction> getRoleMemberResponsibilityActions(String roleMemberId) throws RiceIllegalArgumentException
      Gets a list of RoleResponsibilityActions for the given role member id.
      Parameters:
      roleMemberId - the role member Id.
      Returns:
      a list of RoleResponsibilityActions for the given role member Id, or an empty list if none found.
      Throws:
      RiceIllegalArgumentException - if roleMemberId is null or blank.

    • getDelegateTypeByRoleIdAndDelegateTypeCode

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/DelegateTypeType", key="\'roleId=\' + #p0 + \'|\' + \'delegateType=\' + #p1") DelegateType getDelegateTypeByRoleIdAndDelegateTypeCode(String roleId, DelegationType delegateType) throws RiceIllegalArgumentException
      Gets a DelegateType for the given role id and delegation type.
      Parameters:
      roleId - the role Id.
      delegateType - type of delegation
      Returns:
      the DelegateType for the given role Id and delegationType, or null if none found.
      Throws:
      RiceIllegalArgumentException - if roleId or delegationType is null or blank.

    • getDelegateTypeByDelegationId

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/DelegateTypeType", key="\'delegationId=\' + #p0") DelegateType getDelegateTypeByDelegationId(String delegationId) throws RiceIllegalArgumentException
      Gets a DelegateType for the given delegation id.
      Parameters:
      delegationId - the id of delegation
      Returns:
      the DelegateType for the given delegation Id, or null if none found.
      Throws:
      RiceIllegalArgumentException - if delegationId is null or blank.

    • assignPrincipalToRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleMember assignPrincipalToRole(String principalId, String namespaceCode, String roleName, Map<String,String> qualifications) throws RiceIllegalArgumentException
      Assigns the principal with the given id to the role with the specified namespace code and name with the supplied set of qualifications.
      Parameters:
      principalId - the principalId
      namespaceCode - the namespaceCode of the Role
      roleName - the name of the role
      qualifications - the qualifications for the principalId to be assigned to the role
      Returns:
      newly created/assigned RoleMember.
      Throws:
      RiceIllegalArgumentException - if princialId, namespaceCode or roleName is null or blank.

    • assignGroupToRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleMember assignGroupToRole(String groupId, String namespaceCode, String roleName, Map<String,String> qualifications) throws RiceIllegalArgumentException
      Assigns the group with the given id to the role with the specified namespace code and name with the supplied set of qualifications.
      Parameters:
      groupId - the groupId
      namespaceCode - the namespaceCode of the Role
      roleName - the name of the role
      qualifications - the qualifications for the principalId to be assigned to the role
      Returns:
      newly created/assigned RoleMember.
      Throws:
      RiceIllegalArgumentException - if groupId, namespaceCode or roleName is null or blank.

    • assignRoleToRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleMember assignRoleToRole(String roleId, String namespaceCode, String roleName, Map<String,String> qualifications) throws RiceIllegalArgumentException
      Assigns the role with the given id to the role with the specified namespace code and name with the supplied set of qualifications.
      Parameters:
      roleId - the roleId
      namespaceCode - the namespaceCode of the Role
      roleName - the name of the role
      qualifications - the qualifications for the principalId to be assigned to the role
      Returns:
      newly created/assigned RoleMember.
      Throws:
      RiceIllegalArgumentException - if princiapId, namespaceCode or roleName is null or blank.

    • createRoleMember

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleMember createRoleMember(RoleMember roleMember) throws RiceIllegalArgumentException, RiceIllegalStateException
      Creates a new RoleMember. Needs to be passed a valid RoleMember object that does not currently exist.
      Parameters:
      roleMember - the new RoleMember to save.
      Returns:
      RoleMember as created.
      Throws:
      RiceIllegalArgumentException - if roleMember is null.
      RiceIllegalStateException - if roleMember already exists.

    • updateRoleMember

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleMember updateRoleMember(RoleMember roleMember) throws RiceIllegalArgumentException, RiceIllegalStateException
      Updates the given roleMember to the values in the passed in roleMember
      Parameters:
      roleMember - the new RoleMember to save.
      Returns:
      RoleMember as updated.
      Throws:
      RiceIllegalArgumentException - if roleMember is null.
      RiceIllegalStateException - if roleMember does not yet exist.

    • updateDelegateMember

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) DelegateMember updateDelegateMember(DelegateMember delegateMember) throws RiceIllegalArgumentException, RiceIllegalStateException
      Updates the given delegateMember to the values in the passed in delegateMember
      Parameters:
      delegateMember - the new DelegateMember to save.
      Returns:
      DelegateMember as updated.
      Throws:
      RiceIllegalArgumentException - if delegateMember is null.
      RiceIllegalStateException - if delegateMember does not yet exist.

    • createDelegateMember

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) DelegateMember createDelegateMember(DelegateMember delegateMember) throws RiceIllegalArgumentException, RiceIllegalStateException
      Creates a new DelegateMember. Needs to be passed a valid DelegateMember object that does not currently exist.
      Parameters:
      delegateMember - the new DelegateMember to save.
      Returns:
      DelegateMember as created.
      Throws:
      RiceIllegalArgumentException - if delegateMember is null.
      RiceIllegalStateException - if delegateMember already exists.

    • removeDelegateMembers

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void removeDelegateMembers(List<DelegateMember> delegateMembers) throws RiceIllegalArgumentException, RiceIllegalStateException
      Removes existing DelegateMembers. Needs to be passed DelegateMember objects.
      Parameters:
      DelegateMembers - to remove.
      Throws:
      RiceIllegalArgumentException - if delegateMember is null.
      RiceIllegalStateException

    • createRoleResponsibilityAction

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleResponsibilityAction createRoleResponsibilityAction(RoleResponsibilityAction roleResponsibilityAction) throws RiceIllegalArgumentException
      Creates a new RoleResponsibilityAction. Needs to be passed a valid RoleResponsibilityAction object that does not currently exist.
      Parameters:
      roleResponsibilityAction - the new RoleResponsibilityAction to save.
      Returns:
      RoleResponsibilityAction as created.
      Throws:
      RiceIllegalArgumentException - if roleResponsibilityAction is null.
      RiceIllegalStateException - if roleResponsibilityAction already exists.

    • updateRoleResponsibilityAction

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) RoleResponsibilityAction updateRoleResponsibilityAction(RoleResponsibilityAction roleResponsibilityAction) throws RiceIllegalArgumentException
      Updates the given RoleResponsibilityAction to the values in the passed in roleResponsibilityAction
      Parameters:
      roleResponsibilityAction - the new RoleResponsibilityAction to save.
      Returns:
      RoleResponsibilityAction as updated.
      Throws:
      RiceIllegalArgumentException - if roleResponsibilityAction is null.
      RiceIllegalStateException - if roleResponsibilityAction does not exist.
      Since:
      2.1.2

    • deleteRoleResponsibilityAction

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void deleteRoleResponsibilityAction(String roleResponsibilityActionId) throws RiceIllegalArgumentException
      Deletes the given RoleResponsibilityAction
      Parameters:
      roleResponsibilityActionId - id of the RoleResponsibilityAction to delete.
      Throws:
      RiceIllegalArgumentException - if roleResponsibilityActionId is null.
      RiceIllegalStateException - if roleResponsibilityAction does not exist.
      Since:
      2.1.2

    • createDelegateType

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) DelegateType createDelegateType(DelegateType delegateType) throws RiceIllegalArgumentException, RiceIllegalStateException
      Creates a new DelegateType. Needs to be passed a valid DelegateType object that does not currently exist.
      Parameters:
      delegateType - the new DelegateType to save.
      Returns:
      DelegateType as created.
      Throws:
      RiceIllegalArgumentException - if delegateType is null.
      RiceIllegalStateException - if delegateType already exists.

    • updateDelegateType

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) DelegateType updateDelegateType(DelegateType delegateType) throws RiceIllegalArgumentException, RiceIllegalStateException
      Updates the given DelegateType to the values in the passed in delegateType
      Parameters:
      delegateType - the new DelegateType to save.
      Returns:
      DelegateType as updated.
      Throws:
      RiceIllegalArgumentException - if delegateType is null.
      RiceIllegalStateException - if delegateType does not yet exist.

    • removePrincipalFromRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void removePrincipalFromRole(String principalId, String namespaceCode, String roleName, Map<String,String> qualifications) throws RiceIllegalArgumentException
      Remove the principal with the given id and qualifications from the role with the specified namespace code and role name.
      Parameters:
      principalId - the principalId
      namespaceCode - the namespaceCode of the Role
      roleName - the name of the role
      qualifications - the qualifications for the principalId to be assigned to the role
      Throws:
      RiceIllegalArgumentException - if principalId, namespaceCode or roleName is null or blank.

    • removeGroupFromRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void removeGroupFromRole(String groupId, String namespaceCode, String roleName, Map<String,String> qualifications) throws RiceIllegalArgumentException
      Remove the group with the given id and qualifications from the role with the specified namespace code and role name.
      Parameters:
      groupId - the groupId
      namespaceCode - the namespaceCode of the Role
      roleName - the name of the role
      qualifications - the qualifications for the principalId to be assigned to the role
      Throws:
      RiceIllegalArgumentException - if groupId, namespaceCode or roleName is null or blank.

    • removeRoleFromRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void removeRoleFromRole(String roleId, String namespaceCode, String roleName, Map<String,String> qualifications) throws RiceIllegalArgumentException
      Remove the group with the given id and qualifications from the role with the specified namespace code and role name.
      Parameters:
      roleId - the roleId
      namespaceCode - the namespaceCode of the Role
      roleName - the name of the role
      qualifications - the qualifications for the principalId to be assigned to the role
      Throws:
      RiceIllegalArgumentException - if roleId, namespaceCode or roleName is null or blank.

    • assignPermissionToRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void assignPermissionToRole(String permissionId, String roleId) throws RiceIllegalArgumentException
      Assigns the given permission to the given role
      Parameters:
      permissionId - the permissionId
      roleId - the roleId
      Throws:
      RiceIllegalArgumentException - if permissionId or roleId is null or blank.

    • revokePermissionFromRole

      @CacheEvict(value={"http://rice.kuali.org/kim/v2_0/RoleType","http://rice.kuali.org/kim/v2_0/PermissionType","http://rice.kuali.org/kim/v2_0/ResponsibilityType","http://rice.kuali.org/kim/v2_0/RoleMembershipType","http://rice.kuali.org/kim/v2_0/RoleMemberType","http://rice.kuali.org/kim/v2_0/DelegateMemberType","http://rice.kuali.org/kim/v2_0/RoleResponsibilityType","http://rice.kuali.org/kim/v2_0/DelegateTypeType"}, allEntries=true) void revokePermissionFromRole(String permissionId, String roleId) throws RiceIllegalArgumentException
      Removes the given permission to the given role
      Parameters:
      permissionId - the permissionId
      roleId - the roleId
      Throws:
      RiceIllegalArgumentException - if permissionId or roleId is null or blank.

    • isDerivedRole

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'{isDerivedRole}\' + \'roleId=\' + #p0") boolean isDerivedRole(String roleId) throws RiceIllegalArgumentException
      Determines if a role with a provided id is a derived role
      Parameters:
      roleId - the roleId
      Returns:
      true if role is a derived role
      Throws:
      RiceIllegalArgumentException - if roleId is null or blank.
      Since:
      2.1.1

    • isDynamicRoleMembership

      @Cacheable(value="http://rice.kuali.org/kim/v2_0/RoleType", key="\'{isDynamicRoleMembership}\' + \'roleId=\' + #p0") boolean isDynamicRoleMembership(String roleId) throws RiceIllegalArgumentException
      Determines if a role with a provided id is a uses dynamic role memberships
      Parameters:
      roleId - the roleId
      Returns:
      true if role uses dynamic memberships
      Throws:
      RiceIllegalArgumentException - if roleId is null or blank.
      Since:
      2.1.1

    • notifyOnMemberRemoval

      void notifyOnMemberRemoval(RoleMember member)