...
Code Block |
---|
//add a rule on stem:a saying if you are out of stem:b, then remove from stem:a AttributeAssign attributeAssign = groupA .getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa"); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem"); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleCheckOwnerNameName(), "stem:b"); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipRemove.name()); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleIfConditionEnumName(), RuleConditionEnum.thisGroupHasImmediateMember.name()); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleThenElName(), "${ruleUtilsruleElUtils.removeMember(thisGroupId, memberId}"); |
...
Code Block |
---|
2010-08-21 15:24:13,032: [main] INFO RuleEngine.fireRule(248) - Rules engine processing rulesBean: group: stem:b, membership: Membership[createTime=1282418648019,creatorUuid=8b10ad84a2ab4e4d912aeca154866bbc,depth=0,listName=members,listType=list, memberUuid=ddbbbb1615964f109e4b5f85c05098f7,groupId=291dbf3b736e42de9985a70e2ac11177,type=immediate, uuid=4f249fd2636247a78158fc358aa58a32:bb46e541e12049618c199e162056e715], subject: Subject id: test.subject.0, sourceId: jdbc, , found 1 matching rule definitions, ruleDefinition should fire: attributeAssignTypeId: 446bb6b3bbd8417b9a3e386b3bc894c1, sourceId: g:isa, subjectId: GrouperSystem, checkOwnerName: stem:b, checkType: membershipRemove, ifConditionEnum: thisGroupHasImmediateEnabledMembership, thenEl: ${ruleUtilsruleElUtils.removeMemberFromGroupId(ownerGroupId, memberId)}, , EL variables: membershipId(4f249fd2636247a78158fc358aa58a32:bb46e541e12049618c199e162056e715),groupId(291dbf3b736e42de9985a70e2ac11177), groupName(stem:b),ruleUtilsruleElUtils,ownerGroupId(b38004ccf99d44f08f5a0971153ad6a9),subjectId(test.subject.0),memberId(ddbbbb1615964f109e4b5f85c05098f7), checkOwnerName(stem:b),sourceId(jdbc),, elResult: true, shouldFire count: 1 |
...
Code Block |
---|
//act as GrouperSystem attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa"); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem"); //fire the rule when a membership is added to group A attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleCheckOwnerNameName(), "stem:a"); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name()); //continue with the rule if the member is not a member of B attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.groupHasNoImmediateEnabledMembership.name()); attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleIfOwnerNameName(), "stem:b"); //if we get this far, veto the action with a descriptive reason attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleThenElName(), "${ruleUtilsruleElUtils.veto('rule.entity.must.be.a.member.of.stem.b', 'Entity cannot be a member of stem:a if not a member of stem:b')}"); |
...
Code Block |
---|
attributeAssign.getAttributeValueDelegate().assignValue( RuleUtils.ruleIfConditionElName(), "${ruleUtilsruleElUtils.hasMembershipByGroupId(attributeAssignType.getOwnerGroupId(), memberId, null, 'true')}"); |
...
- document examples in GSH / API / shorthand for all use cases
- add an API for easy rule assignment
- rules on notification eventsseparate ruleUtils with ruleElUtils
- test the membership update, and other unit tests
- add daemon for add groups with privs
- gsh to run daemon part so that when rule is established, the daemon part syncs everything up