Page History

...
Code Block
v2.5.29+ new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername("username").assignPassword("password").save();
Remove all group / folder privs for a user. Remove user from groups which have a privilege on another object

Code Block
import java.util.List;
import java.util.Set;

import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GroupSave;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemSave;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.membership.MembershipType;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.privsutil.PrivilegeGrouperUtil;
import edu.internet2.middleware.groupergrouperClient.utiljdbc.GrouperUtilGcDbAccess;
import edu.internet2.middleware.subject.Subject;

//public class Test36revokePrivs {
//  
//  public static void main(String[] args) {

    GrouperSession grouperSession = GrouperSession.startRootSession();
    
    String subjectId = "test.subject.0";
    String subjectSourceId = "jdbc";
    
    Subject subject = SubjectFinder.findByIdAndSource(subjectId, subjectSourceId, true);
    
    Group group1 = new GroupSave().assignName("test:test1").assignCreateParentStemsIfNotExist(true).save();
    Group group2 = new GroupSave().assignName("test:test2").assignCreateParentStemsIfNotExist(true).save();        
    
    group1.delete();
    group2.delete();
    
    group1 = new GroupSave().assignName("test:test1").assignCreateParentStemsIfNotExist(true).save();
    group2 = new GroupSave().assignName("test:test2").assignCreateParentStemsIfNotExist(true).save(); 
    
    group1.grantPriv(subject, AccessPrivilege.READ, false);
    group1.grantPriv(subject, AccessPrivilege.UPDATE, false);
    group2.grantPriv(subject, AccessPrivilege.ADMIN, false);

    group2.addMember(subject);
    group1.addMember(subject);
    group2.grantPriv(group1.toSubject(), AccessPrivilege.READ, false);
    
    Stem stem1 = new StemSave().assignName("test1").assignCreateParentStemsIfNotExist(true).save();
    stem1.grantPriv(subject, NamingPrivilege.CREATE, false);
    stem1.grantPriv(subject, NamingPrivilege.STEM_ATTR_READ, false);
    Stem stem2 = new StemSave().assignName("test2").assignCreateParentStemsIfNotExist(true).save();        
    stem2.grantPriv(subject, NamingPrivilege.STEM_ADMIN, false);

    List<String>  
    Set<Object[]> membershipsOwnersMembers groupNames = new MembershipFinderGcDbAccess().addSubject(subject).assignFieldType(FieldType.ACCESS).
      assignMembershipType(sql("select gg.name from grouper_groups gg where exists (" +
      " select 1 from grouper_memberships gmem, grouper_fields gf, grouper_members gm " + 
      " where gmem.field_id = gf.id and gf.type in ('naming', 'access', 'attributeDef') " +
      " and gmem.member_id = gm.id and gm.subject_id = gg.id and gm.subject_source = 'g:gsa') " +
      " and exists (select 1 from grouper_memberships gmem, grouper_fields gf, grouper_members gm " + 
      " where gmem.field_id = gf.id and gf.name = 'members' " +
      " and gm.subject_id = ? " +
      " and gmem.member_id = gm.id and gm.subject_source = '" + subjectSourceId + "')").addBindVar(subjectId).selectList(String.class);   

    for (String groupName : GrouperUtil.nonNull(groupNames)) {
      Group group = GroupFinder.findByName(groupName, true);
      group.deleteMember(subject, false);
      System.out.println("Deleted membership from group: " + group.getName() + ", since group has privilege on another object");
    }
      
    Set<Object[]> membershipsOwnersMembers = new MembershipFinder().addSubject(subject).assignFieldType(FieldType.ACCESS).
      assignMembershipType(MembershipType.IMMEDIATE).findMembershipResult().getMembershipsOwnersMembers();
    
    for (Object[] membershipOwnerMember : GrouperUtil.nonNull(membershipsOwnersMembers)) {
      Membership membership = (Membership)membershipOwnerMember[0];
      Group group = (Group)membershipOwnerMember[1];
      Member member = (Member)membershipOwnerMember[2];
      group.revokePriv(member.getSubject(), AccessPrivilege.listToPriv(membership.getField().getName() ));
      System.out.println("Deleted priv from group: " + group.getName() + ": " + membership.getField().getName());
    }
    
    membershipsOwnersMembers = new MembershipFinder().addSubject(subject).assignFieldType(FieldType.NAMING).
        assignMembershipType(MembershipType.IMMEDIATE).findMembershipResult().getMembershipsOwnersMembers();
      
    for (Object[] membershipOwnerMember : GrouperUtil.nonNull(membershipsOwnersMembers)) {
      Membership membership = (Membership)membershipOwnerMember[0];
      Stem stem = (Stem)membershipOwnerMember[1];
      Member member = (Member)membershipOwnerMember[2];
      stem.revokePriv(member.getSubject(), NamingPrivilege.listToPriv(membership.getField().getName() ));
      System.out.println("Deleted priv from folder: " + stem.getName() + ": " + membership.getField().getName());
    }
//
//  }
//}
//Deleted membership from group: test:test1, since group has privilege on another object
//Deleted priv from group: test:test1: readers
//Deleted priv from group: test:test1: updaters
//Deleted priv from group: test:test2: admins
//Deleted priv from folder: testtest2: stemAttrReadersstemAdmins
//Deleted priv from folder: testtest1: creators
//Deleted priv from folder: test:test2test1: stemAdmins stemAttrReaders
Page tree

Versions Compared

Old Version 148

New Version 149

Key

Remove all group / folder privs for a user. Remove user from groups which have a privilege on another object
