import java.util.List;
import java.util.Set;
import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GroupSave;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemSave;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.membership.MembershipType;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.privsutil.PrivilegeGrouperUtil;
import edu.internet2.middleware.groupergrouperClient.utiljdbc.GrouperUtilGcDbAccess;
import edu.internet2.middleware.subject.Subject;
//public class Test36revokePrivs {
//
// public static void main(String[] args) {
GrouperSession grouperSession = GrouperSession.startRootSession();
String subjectId = "test.subject.0";
String subjectSourceId = "jdbc";
Subject subject = SubjectFinder.findByIdAndSource(subjectId, subjectSourceId, true);
Group group1 = new GroupSave().assignName("test:test1").assignCreateParentStemsIfNotExist(true).save();
Group group2 = new GroupSave().assignName("test:test2").assignCreateParentStemsIfNotExist(true).save();
group1.delete();
group2.delete();
group1 = new GroupSave().assignName("test:test1").assignCreateParentStemsIfNotExist(true).save();
group2 = new GroupSave().assignName("test:test2").assignCreateParentStemsIfNotExist(true).save();
group1.grantPriv(subject, AccessPrivilege.READ, false);
group1.grantPriv(subject, AccessPrivilege.UPDATE, false);
group2.grantPriv(subject, AccessPrivilege.ADMIN, false);
group2.addMember(subject);
group1.addMember(subject);
group2.grantPriv(group1.toSubject(), AccessPrivilege.READ, false);
Stem stem1 = new StemSave().assignName("test1").assignCreateParentStemsIfNotExist(true).save();
stem1.grantPriv(subject, NamingPrivilege.CREATE, false);
stem1.grantPriv(subject, NamingPrivilege.STEM_ATTR_READ, false);
Stem stem2 = new StemSave().assignName("test2").assignCreateParentStemsIfNotExist(true).save();
stem2.grantPriv(subject, NamingPrivilege.STEM_ADMIN, false);
List<String>
Set<Object[]> membershipsOwnersMembers groupNames = new MembershipFinderGcDbAccess().addSubject(subject).assignFieldType(FieldType.ACCESS).
assignMembershipType(sql("select gg.name from grouper_groups gg where exists (" +
" select 1 from grouper_memberships gmem, grouper_fields gf, grouper_members gm " +
" where gmem.field_id = gf.id and gf.type in ('naming', 'access', 'attributeDef') " +
" and gmem.member_id = gm.id and gm.subject_id = gg.id and gm.subject_source = 'g:gsa') " +
" and exists (select 1 from grouper_memberships gmem, grouper_fields gf, grouper_members gm " +
" where gmem.field_id = gf.id and gf.name = 'members' " +
" and gm.subject_id = ? " +
" and gmem.member_id = gm.id and gm.subject_source = '" + subjectSourceId + "')").addBindVar(subjectId).selectList(String.class);
for (String groupName : GrouperUtil.nonNull(groupNames)) {
Group group = GroupFinder.findByName(groupName, true);
group.deleteMember(subject, false);
System.out.println("Deleted membership from group: " + group.getName() + ", since group has privilege on another object");
}
Set<Object[]> membershipsOwnersMembers = new MembershipFinder().addSubject(subject).assignFieldType(FieldType.ACCESS).
assignMembershipType(MembershipType.IMMEDIATE).findMembershipResult().getMembershipsOwnersMembers();
for (Object[] membershipOwnerMember : GrouperUtil.nonNull(membershipsOwnersMembers)) {
Membership membership = (Membership)membershipOwnerMember[0];
Group group = (Group)membershipOwnerMember[1];
Member member = (Member)membershipOwnerMember[2];
group.revokePriv(member.getSubject(), AccessPrivilege.listToPriv(membership.getField().getName() ));
System.out.println("Deleted priv from group: " + group.getName() + ": " + membership.getField().getName());
}
membershipsOwnersMembers = new MembershipFinder().addSubject(subject).assignFieldType(FieldType.NAMING).
assignMembershipType(MembershipType.IMMEDIATE).findMembershipResult().getMembershipsOwnersMembers();
for (Object[] membershipOwnerMember : GrouperUtil.nonNull(membershipsOwnersMembers)) {
Membership membership = (Membership)membershipOwnerMember[0];
Stem stem = (Stem)membershipOwnerMember[1];
Member member = (Member)membershipOwnerMember[2];
stem.revokePriv(member.getSubject(), NamingPrivilege.listToPriv(membership.getField().getName() ));
System.out.println("Deleted priv from folder: " + stem.getName() + ": " + membership.getField().getName());
}
//
// }
//}
//Deleted membership from group: test:test1, since group has privilege on another object
//Deleted priv from group: test:test1: readers
//Deleted priv from group: test:test1: updaters
//Deleted priv from group: test:test2: admins
//Deleted priv from folder: testtest2: stemAttrReadersstemAdmins
//Deleted priv from folder: testtest1: creators
//Deleted priv from folder: test:test2test1: stemAdmins stemAttrReaders
|