...
If an entity is no longer a member of the employee group, remove them from the role for application X which has certain permissions assigned; also unassign any direct permissions to the user.
Assign this to the permission definition of the permission to be removed.
Java example
| Code Block |
|---|
//add a rule on stem:permission saying if you are out of stem:employee,
//then remove assignments to permission, or from roles which have the permission
AttributeAssign attributeAssign = permissionToAssignRule
.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate();
attributeValueDelegate.assignValue(
RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
attributeValueDelegate.assignValue(
RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
attributeValueDelegate.assignValue(
RuleUtils.ruleCheckOwnerIdName(), mustBeInGroup.getId());
attributeValueDelegate.assignValue(
RuleUtils.ruleCheckTypeName(),
RuleCheckType.membershipRemove.name());
attributeValueDelegate.assignValue(
RuleUtils.ruleIfConditionEnumName(),
RuleIfConditionEnum.thisPermissionDefHasAssignment.name());
attributeValueDelegate.assignValue(
RuleUtils.ruleThenEnumName(),
RuleThenEnum.removeMemberFromOwnerPermissionDefAssignments.name());
//should be valid
String isValidString = attributeValueDelegate.retrieveValueString(
RuleUtils.ruleValidName());
if (!StringUtils.equals("T", isValidString)) {
throw new RuntimeException(isValidString);
}
|
...