Versions Compared

Old Version 10

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version 11

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Include Page
spaceKeyGrouper
pageTitleNavigation

Grouper rules

If an entity is no longer a member of the employee group, remove them from the group for application X

Java example

Code Block
    AttributeAssign attributeAssign = ruleGroup
      .getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

    AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate();

    attributeValueDelegate.assignValue(
        RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleActAsSubjectIdName(), actAs.getId());

    //note "mustBeInGroup" is the group (e.g. employees)
    attributeValueDelegate.assignValue(
        RuleUtils.ruleCheckOwnerIdName(), mustBeInGroup.getId());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleCheckTypeName(),
        RuleCheckType.membershipRemove.name());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleIfConditionEnumName(),
        RuleIfConditionEnum.thisGroupHasImmediateEnabledMembership.name());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleThenEnumName(),
        RuleThenEnum.removeMemberFromOwnerGroup.name());

    //should be valid
    String isValidString = attributeValueDelegate.retrieveValueString(
        RuleUtils.ruleValidName());

    if (!StringUtils.equals("T", isValidString)) {
      throw new RuntimeException(isValidString);
    }

GSH shorthand method

Code Block
 RuleApi.groupIntersection(subjectActAs, ruleGroup, mustBeInGroup)

GSH test case

Code Block
gsh 0% grouperSession = GrouperSession.startRootSession();
edu.internet2.middleware.grouper.GrouperSession: d711e17ed44842a68b885bca5f294ab3,'GrouperSystem','application'
gsh 1% groupA = new GroupSave(grouperSession).assignName("stem:a").assignCreateParentStemsIfNotExist(true).save();
group: name='stem:a' displayName='stem:a' uuid='4bc47ab6a6704132a73a31d34b83164b'
gsh 2% groupB = new GroupSave(grouperSession).assignName("stem:b").assignCreateParentStemsIfNotExist(true).save();
group: name='stem:b' displayName='stem:b' uuid='22c410c494934a3baff8555940853ad1'
gsh 3% subjectActAs = SubjectFinder.findByIdAndSource("GrouperSystem", "g:isa", true);
subject: id='GrouperSystem' type='application' source='g:isa' name='GrouperSysAdmin'
gsh 4% RuleApi.groupIntersection(subjectActAs, groupA, groupB);
gsh 5% addMember("stem:a", "test.subject.0");
true
gsh 6% addMember("stem:b", "test.subject.0");
true
gsh 7% delMember("stem:b", "test.subject.0");
true
gsh 8% hasMember("stem:a", "test.subject.0");
false
gsh 9%

GSH daemon test case

Run the above test case, then continue below:

Code Block
gsh 9% addMember("stem:a", "test.subject.0");
true
gsh 10% status = GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
gsh 11% hasMember("stem:a", "test.subject.0");
false

Real world example

There is an includes list for IT staff at Penn.  But anyone in that list must be an active employee or health system employee.

Code Block
gsh 0% grouperSession = GrouperSession.startRootSession();
edu.internet2.middleware.grouper.GrouperSession: 6d8c3f9ea4c64e569e8d1bb292e989d1,'GrouperSystem','application'
gsh 1% itStaff_includes = GroupFinder.findByName(grouperSession, "penn:community:employee:itStaff_includes");
group: name='penn:community:employee:itStaff_includes' displayName='penn:community:employee:itStaff_includes' uuid='59cd11b40d49446099e0409f755d9679' 
gsh 2% employeeIncludingUphs = GroupFinder.findByName(grouperSession, "penn:community:employeeIncludingUphs");
group: name='penn:community:employeeIncludingUphs' displayName='penn:community:employeeIncludingUphs' uuid='b0758e19dcd4431798cd5bfcfeb6ea66' 
gsh 3% subjectActAs = SubjectFinder.findByIdAndSource("GrouperSystem", "g:isa", true);
subject: id='GrouperSystem' type='application' source='g:isa' name='GrouperSysAdmin' 
gsh 4% RuleApi.groupIntersection(subjectActAs, itStaff_includes, employeeIncludingUphs);
edu.internet2.middleware.grouper.attr.assign.AttributeAssign: AttributeAssign[id=b3849718eab34496a162165f29ba6b92,action=assign,attributeDefName=penn:etc:attribute:rules:rule,
  group=Group[name=penn:community:employee:itStaff_includes,uuid=59cd11b40d49446099e0409f755d9679]]