...
| Code Block |
|---|
//add a rule on stem:a saying if you are out of stem:b, then remove from stem:a
AttributeAssign attributeAssign = groupA
.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleCheckOwnerNameName(), "stem:b");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleCheckTypeName(),
RuleCheckType.membershipRemove.name());
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleIfConditionEnumName(),
RuleConditionEnum.thisGroupHasImmediateMember.name());
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleThenElName(),
"${ruleUtilsruleElUtils.removeMember(thisGroupId, memberId}");
|
...
| Code Block |
|---|
2010-08-21 15:24:13,032: [main] INFO RuleEngine.fireRule(248) - Rules engine processing rulesBean: group: stem:b, membership:
Membership[createTime=1282418648019,creatorUuid=8b10ad84a2ab4e4d912aeca154866bbc,depth=0,listName=members,listType=list,
memberUuid=ddbbbb1615964f109e4b5f85c05098f7,groupId=291dbf3b736e42de9985a70e2ac11177,type=immediate,
uuid=4f249fd2636247a78158fc358aa58a32:bb46e541e12049618c199e162056e715], subject: Subject id: test.subject.0, sourceId: jdbc, ,
found 1 matching rule definitions, ruleDefinition should fire: attributeAssignTypeId: 446bb6b3bbd8417b9a3e386b3bc894c1,
sourceId: g:isa, subjectId: GrouperSystem, checkOwnerName: stem:b, checkType: membershipRemove,
ifConditionEnum: thisGroupHasImmediateEnabledMembership, thenEl: ${ruleUtilsruleElUtils.removeMemberFromGroupId(ownerGroupId, memberId)}, ,
EL variables: membershipId(4f249fd2636247a78158fc358aa58a32:bb46e541e12049618c199e162056e715),groupId(291dbf3b736e42de9985a70e2ac11177),
groupName(stem:b),ruleUtilsruleElUtils,ownerGroupId(b38004ccf99d44f08f5a0971153ad6a9),subjectId(test.subject.0),memberId(ddbbbb1615964f109e4b5f85c05098f7),
checkOwnerName(stem:b),sourceId(jdbc),, elResult: true, shouldFire count: 1
|
...
| Code Block |
|---|
//act as GrouperSystem
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
//fire the rule when a membership is added to group A
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleCheckOwnerNameName(), "stem:a");
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleCheckTypeName(),
RuleCheckType.membershipAdd.name());
//continue with the rule if the member is not a member of B
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleIfConditionEnumName(),
RuleIfConditionEnum.groupHasNoImmediateEnabledMembership.name());
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleIfOwnerNameName(),
"stem:b");
//if we get this far, veto the action with a descriptive reason
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleThenElName(),
"${ruleUtilsruleElUtils.veto('rule.entity.must.be.a.member.of.stem.b', 'Entity cannot be a member of stem:a if not a member of stem:b')}");
|
...
| Code Block |
|---|
attributeAssign.getAttributeValueDelegate().assignValue(
RuleUtils.ruleIfConditionElName(),
"${ruleUtilsruleElUtils.hasMembershipByGroupId(attributeAssignType.getOwnerGroupId(), memberId, null, 'true')}");
|
...
- document examples in GSH / API / shorthand for all use cases
- add an API for easy rule assignment
- rules on notification eventsseparate ruleUtils with ruleElUtils
- test the membership update, and other unit tests
- add daemon for add groups with privs
- gsh to run daemon part so that when rule is established, the daemon part syncs everything up