...
| Code Block |
|---|
//act as GrouperSystem
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
//fire the rule when a membership is added to group A
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleCheckOwnerNameName(), "stem:a");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleCheckTypeName(),
RuleCheckType.membershipAdd.name());
//continue with the rule if the member is not a member of B
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleIfConditionEnumName(),
RuleIfConditionEnum.groupHasNoImmediateEnabledMembership.name());
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleIfOwnerNameName(),
"stem:b");
//if we get this far, veto the action with a descriptive reason
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleThenElName(),
"${ruleUtils.veto('rule.entity.must.be.a.member.of.stem.b', 'Entity cannot be a member of stem:a if not a member of stem:b')}");
|
Daemon
There is a daemon which runs on the loader which validates the rules and marks invalid ones as invalid. Those need manual fixes to get them valid again (due to actas permissions). You can configure the quartz cron in the grouper-loader.properties:
| Code Block |
|---|
###################################
## Rules config
###################################
# when the rules validations and daemons run. Leave blank to not run
rules.quartz.cron = 0 0 7 * * ?
|
Custom EL classes
You can configure custom EL classes to help with logic you need if not in the Grouper API. Here is an example:
...