...
| Code Block |
|---|
# Rules users who are in the following group can use the actAs field to act as someone else # You can put multiple groups separated by commas. e.g. a:b:c, e:f:g # You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in # separated by 4 colons # e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w # then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone # if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w. If multiple rules, then # if one passes, then it is a success, if they all fail, then fail. rules.act.as.group = etc:rulesActAsGroup |
Validation
There are certain validation constraints to make a rule valid. i.e. you need some check, you need some then, you need an act as subject, etc. So each time you change a rule attribute value, all the attributes are validated, and the attribute "ruleValid" is managed by that hook. If the rule attributes are not valid, you will get a ruleValid value of something like: "INVALID: Rule check type required", if they are valid, then the value will be "T". Only rules with a value of T will be processed. The attribute stores this state so the rules dont have to be validated each time they are read from the DB, and so the user can get some feedback.
TODO: a daemon should validate rules daily, and ones which arent valid should be logged (notified)
TODO: when processing all rules, filter out ones which arent valid
sdf