Child pages
  • Grouper custom template via GSH
Skip to end of metadata
Go to start of metadata

This is a concept for an upcoming v2.5 release


A grouper admin would configure this as attributes on a folder (similar to how custom UI's are configured)

General configuration

  • If this for only this folder or all subfolders too
  • Which group of people can run the template (default to grouper admin)
  • Who it runs as (default to GrouperSystem)
  • Template name

Form elements that are displayed on the screen

  • Form element type
  • Regex validation on data (to prevent injection problems)
  • Drop down options could be driven by SQL (e.g. a list of terms or a list of schools or list of affiliations)

Text on screen similar to custom UI


  • Some expression language and link that to an externalized error message

GSH script to run

  • The form element data is expression language
  • Each line of GSH could be configured or multiple lines at once

Zoom add school example

General configuration

  • Configured on the zoom app folder
  • Include subfolders
    { "paramName": "includeSubfolders", 
      "paramValue": "true"}
  • Zoom admins can run it (from app template)

    { "paramName": "groupCanRun", 
      "paramValue": "app:zoom:zoomAdmins"}
  • Run as self (who is zoom admin)

    { "paramName": "runAs", 
      "paramValue": "self"}
  • Template name

    { "paramName": "templateName", 
      "paramValue": "${textContainer.text['zoom_template_name']}"}

Form elements

  • Text box: for lower camel case school or center name, e.g. artsAndScience

    {    "formElementType": "textbox",
         "formElementName": "cu_orgName",
         "regexValidation": "[a-z][a-zA-Z0-9]{1,49}" ,
         "regexValidationMessage": "${textContainer.text['zoom_template_orgNameInvalid']}" ,
         "index": 10,     "show": "true",
         "required": true,
         "label": "${textContainer.text['zoom_template_orgName']}",
         "description": "${textContainer.text['zoom_template_orgNameDescription']}"   }
  • Checkbox for "add includes"? (if unchecked only excludes are created)
    {    "formElementType": "checkbox",
         "formElementName": "cu_addIncludes",
         "index": 20,
         "show": "true",
         "label": "${textContainer.text['zoom_template_addIncludes']}",
         "description": "${textContainer.text['zoom_template_addIncludesDescription']}"}
  • Textbox for group name in zoom
    {    "formElementType": "textbox",
         "formElementName": "cu_zoomGroupName",
         "index": 30,
         "regexValidation": "[a-zA-Z0-9_]{1,50}" ,
         "regexValidationMessage": "${textContainer.text['zoom_template_zoomGroupNameInvalid']}" ,
         "index": 30,
         "required": true,
         "show": "${cu_addIncludes}",
         "label": "${textContainer.text['zoom_template_zoomGroupName']}",
         "description": "${textContainer.text['zoom_template_zoomGroupNameDescription']}"}


{      "customUiTextType":"instructions",

zoom_template_name = Add zoom school / center
zoom_template_instructions = Add an organization to zoom.  If it is exclude only then do not select 'Add includes'.
zoom_template_orgName = School or center name
zoom_template_orgNameDescription = Enter a camel-cased school or center name, starting with lower case letter, can only contain alpha-numeric characters and must be less than 50 chars
zoom_template_orgNameInvalid = Invalid 'School or center name': must be start with lower case letter, can only contain alpha-numeric characters and must be less than 50 chars
zoom_template_addIncludes = Add 'includes'
zoom_template_addIncludesDescription = If this school or center should have a group in Zoom and in "includes" group to sponsor accounts
zoom_template_zoomGroupName = Zoom group name
zoom_template_zoomGroupNameDescription = Group name in zoom for this population.  Must be alphanumeric or underscore and less than 50 chars
zoom_template_zoomGroupNameInvalid = Invalid 'Zoom group name' must be alphanumeric or underscore and less than 50 chars

GSH script to run

GrouperSession grouperSession = GrouperSession.startRootSession();
String prefix = Character.toUpperCase("${cu_orgName}".charAt(0)) + "${cu_orgName}".substring(1,"${cu_orgName}".length());
String prefixLower = "${cu_orgName}";
Group excludeAdHocGroup = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:service:ref:excludeAdHoc:" + prefixLower + "AdhocExcludeFromZoom").save();
Group excludeLoadedGroup = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:service:ref:loadedGroupsForExclude:" + prefixLower + "ExcludeLoaded").save();
Group excludeGroup = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:service:ref:excludeFromZoom:" + prefixLower + "ExcludeFromZoom").save();
Group excludedFromZoom = GroupFinder.findByName(grouperSession, "penn:isc:ait:apps:zoom:service:ref:usersExcludedFromZoom", true);
excludedFromZoom.addMember(excludeGroup.toSubject(), false);
Group schoolLspGroup = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:security:schoolCenterAdminsAndLsps:zoom" + prefix + "Lsps").save();
Group lsps = GroupFinder.findByName(grouperSession, "penn:isc:ait:apps:zoom:security:zoomSchoolCenterLspsPreCheck", true);
lsps.addMember(schoolLspGroup.toSubject(), false);
Group schoolAdminGroup = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:security:schoolCenterAdminsAndLsps:zoom" + prefix + "Admins").save();
Group admins = GroupFinder.findByName(grouperSession, "penn:isc:ait:apps:zoom:security:zoomSchoolCenterAdminsPreCheck", true);
admins.addMember(schoolAdminGroup.toSubject(), false);
if (${cu_addIncludes}) {
  Group loadedGroup= new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:service:ref:loadedGroups:${cu_zoomGroupName}").save();
  Group overrideGroup = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:service:ref:groupsOverride:${cu_zoomGroupName}").save();
  Group groupToGoToZoom = new GroupSave(grouperSession).assignName("penn:isc:ait:apps:zoom:service:policy:groupsToGoToZoom:${cu_zoomGroupName}").save();
  Group zoomCanLogIn = GroupFinder.findByName(grouperSession, "penn:isc:ait:apps:zoom:service:policy:zoomCanLogIn", true);
  zoomCanLogIn.addMember(groupToGoToZoom.toSubject(), false);


Imagine an HTML form that has some inputs and a submit button

Maybe the next screen lets you review the script after variables are executed (note you cant edit it, but you could see it)

  • No labels