gsh 0% grouperSession = GrouperSession.startRootSession();
edu.internet2.middleware.grouper.GrouperSession: 755a39e6672d4f60bfca6cc5ed065b5d,'GrouperSystem','application'
//permission definition
gsh 1% permissionDef = new AttributeDefSave(grouperSession).assignName("stem:permissionDef").assignCreateParentStemsIfNotExist(true).assignAttributeDefType(AttributeDefType.perm).save();
edu.internet2.middleware.grouper.attr.AttributeDef: AttributeDef[name=stem:permissionDef,uuid=a1522fe8665443538a4f7a7529c5996d]
gsh 2% permissionDef.setAssignToEffMembership(true);
gsh 3% permissionDef.setAssignToGroup(true);
gsh 4% permissionDef.store();
//run daemon once
gsh 6% RuleApi.emailOnFlattenedPermissionDisabledDate(SubjectFinder.findRootSubject(), permissionDef, 6, 8, "a@b.c, ${safeSubject.emailAddress}", "You will have this permission unassigned: ${attributeDefNameDisplayExtension} in role ${roleDisplayExtension}, removed on ${ruleElUtils.formatDate(permissionDisabledTimestamp, 'yyyy/MM/dd')}", "Hello ${safeSubject.name},\n\nJust letting you know you will have this permission removed ${attributeDefNameDisplayExtension} in role ${roleDisplayExtension}, removed on ${ruleElUtils.formatDate(permissionDisabledTimestamp, 'yyyy/MM/dd')} in the central Groups / Permissions management system. Please do not respond to this email.\n\nRegards.");
edu.internet2.middleware.grouper.attr.assign.AttributeAssign: AttributeAssign[id=01e759e67c424ded95665ddf0ee0f6b6,action=assign,attributeDefName=etc:attribute:rules:rule,
attributeDef=AttributeDef[name=stem:permissionDef,uuid=a1522fe8665443538a4f7a7529c5996d]]
//hasnt fired yet
gsh 7% GrouperEmail.testingEmailCount
java.lang.Long: 0
//two roles
gsh 8% payrollUser = new GroupSave(grouperSession).assignName("apps:payroll:roles:payrollUser").assignTypeOfGroup(TypeOfGroup.role).assignCreateParentStemsIfNotExist(true).save();
group: name='apps:payroll:roles:payrollUser' displayName='apps:payroll:roles:payrollUser' uuid='bd2872af67bc42b3ada16566985854c4'
gsh 9% payrollGuest = new GroupSave(grouperSession).assignName("apps:payroll:roles:payrollGuest").assignTypeOfGroup(TypeOfGroup.role).assignCreateParentStemsIfNotExist(true).save();
group: name='apps:payroll:roles:payrollGuest' displayName='apps:payroll:roles:payrollGuest' uuid='104bc36f602f4dce868eba7196fee11b'
//three users
gsh 10% subject0 = SubjectFinder.findByIdAndSource("test.subject.0", "jdbc", true);
subject: id='test.subject.0' type='person' source='jdbc' name='my name is test.subject.0'
gsh 11% subject1 = SubjectFinder.findByIdAndSource("test.subject.1", "jdbc", true);
subject: id='test.subject.1' type='person' source='jdbc' name='my name is test.subject.1'
gsh 12% subject2 = SubjectFinder.findByIdAndSource("test.subject.2", "jdbc", true);
subject: id='test.subject.2' type='person' source='jdbc' name='my name is test.subject.2'
//payroll user has the permission
gsh 13% payrollUser.addMember(subject1, false);
true
//payroll guest requires user to have permission explicitly assigned
gsh 14% payrollGuest.addMember(subject0, false);
true
gsh 15% payrollGuest.addMember(subject2, false);
true
//permission resource
gsh 16% canLogin = new AttributeDefNameSave(grouperSession, permissionDef).assignName("apps:payroll:permissions:canLogin").assignCreateParentStemsIfNotExist(true).save();
edu.internet2.middleware.grouper.attr.AttributeDefName: AttributeDefName[name=apps:payroll:permissions:canLogin,uuid=943475dbdcac45efa2335c6a8c399971]
//assign resource to the user role
gsh 17% payrollUser.getPermissionRoleDelegate().assignRolePermission(canLogin);
edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult: edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult@15e601
//assign subject2 directly to permission
gsh 18% payrollGuest.getPermissionRoleDelegate().assignSubjectRolePermission(canLogin, subject2);
edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult: edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult@1a70476
//assign subject0 to permission, but keep assignment to be able to put disabled date on it
gsh 19% attributeAssign = payrollGuest.getPermissionRoleDelegate().assignSubjectRolePermission(canLogin, subject0).getAttributeAssign();
edu.internet2.middleware.grouper.attr.assign.AttributeAssign: AttributeAssign[id=12c472cea0ce471bba0d05acb3ab167a,action=assign,attributeDefName=apps:payroll:permissions:canLogin,
group=Group[name=apps:payroll:roles:payrollGuest,uuid=104bc36f602f4dce868eba7196fee11b],
subjectId='test.subject.0'/'person'/'jdbc']
//run daemon, still shouldnt find it.
gsh 20% GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
gsh 21% GrouperEmail.testingEmailCount
java.lang.Long: 0
//set disabled time of permission to be 7 days in the future
gsh 23% attributeAssign.setDisabledTime(new java.sql.Timestamp(System.currentTimeMillis() + (7 * 24 * 60 * 60 * 1000)));
gsh 24% attributeAssign.saveOrUpdate();
//find that record and send an email
gsh 25% GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
gsh 26% GrouperEmail.testingEmailCount
java.lang.Long: 1
//set 5 days in advance, and it is not between 6 and 8, so it wont find it
gsh 27% attributeAssign.setDisabledTime(new java.sql.Timestamp(System.currentTimeMillis() + (5 * 24 * 60 * 60 * 1000)));
gsh 28% attributeAssign.saveOrUpdate();
gsh 29% GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
// still one email sent
gsh 30% GrouperEmail.testingEmailCount
java.lang.Long: 1
//set it 9 days in advance
gsh 31% attributeAssign.setDisabledTime(new java.sql.Timestamp(System.currentTimeMillis() + (9 * 24 * 60 * 60 * 1000)));
gsh 32% attributeAssign.saveOrUpdate();
gsh 33% GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
//out of bounds
gsh 34% GrouperEmail.testingEmailCount
java.lang.Long: 1
gsh 35% attributeAssign.setDisabledTime(new java.sql.Timestamp(System.currentTimeMillis() + (7 * 24 * 60 * 60 * 1000)));
gsh 36% attributeAssign.saveOrUpdate();
//run the daemon and find another record
gsh 37% GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
gsh 38% GrouperEmail.testingEmailCount
java.lang.Long: 2
//add another path without a disabled date, and it should not find it this time
gsh 39% payrollUser.addMember(subject0, false);
true
gsh 40% GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
//same number, no new emails
gsh 41% GrouperEmail.testingEmailCount
java.lang.Long: 2
gsh 42%
|