Versions Compared

Old Version 9

changes.mady.by.user Michael Hyzer

Saved on

compared with

New Version 10

changes.mady.by.user Michael Hyzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Here is an example of hiding names of students to users who arent allowed to see them :(note, you can still search by private information potentially, though you will not see the result.  If you want something more complex you might need a custom source, or only have public information in the search field)

Code Block
Code Block

package edu.internet2.middleware.grouper.subj;

import java.util.LinkedHashSet;
import java.util.Set;

import org.apache.commons.lang.StringUtils;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.membership.GroupMembershipResult;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.provider.SubjectImpl;

/**
 * filter students private information out from people who cant see them
 * @author mchyzer
 *
 */
public class SubjectCustomizerForDecoratorTestingSubjectCustomizerForDecoratorTestingHideStudentData extends SubjectCustomizerBase {

  /** student (protected data) group name */
  privatepublic static final String STUDENT_GROUP_NAME = "apps:subjectSecurity:groups:student";
  /** privileged employee group name */
  privatepublic static final String PRIVILEGED_EMPLOYEE_GROUP_NAME = "apps:subjectSecurity:groups:privilegedEmployee";

  /** source id we care about */
  private static final String SOURCE_ID = "jdbc";
  
  /**
   * @see SubjectCustomizer#filterSubjects(GrouperSession, Set, String)
   */
  @Override
  public Set<Subject> filterSubjects(GrouperSession grouperSession, Set<Subject> subjects, String findSubjectsInStemName) {
    
    //nothing to do if no results
    if (GrouperUtil.length(subjects) == 0) {
      return subjects;
    }
    
    //get results in one query
    GroupMembershipResultMembershipResult groupMembershipResult = calculateMemberships(subjects, IncludeGrouperSessionSubject.TRUE,  new MembershipFinder().assignCheckSecurity(false).addGroup(STUDENT_GROUP_NAME)
        GrouperUtil.toSet(STUDENT_GROUP_NAME,addGroup(PRIVILEGED_EMPLOYEE_GROUP_NAME).addSubjects(subjects).addSubject(grouperSession.getSubject())
        .findMembershipResult();
      
    //see if the user is privileged
    boolean grouperSessionIsPrivileged = groupMembershipResult.hasMembershiphasGroupMembership(PRIVILEGED_EMPLOYEE_GROUP_NAME, grouperSession.getSubject());
    
    //if so, we are done, they can see stuff
    if (grouperSessionIsPrivileged) {
      return subjects;
    }
    
    //loop through the subjects and see which are students, change their name and description to be their netId, with no other attributes
    Set<Subject> results = new LinkedHashSet<Subject>();
    for (Subject subject : subjects) {
      if (StringUtils.equals(SOURCE_ID, subject.getSourceId()) && groupMembershipResult.hasMembershiphasGroupMembership(STUDENT_GROUP_NAME, subject)) {
        String netIdloginid = subject.getAttributeValue("netIdloginid");
        Subject replacementSubject = new SubjectImpl(subject.getId(), netIdloginid, netIdloginid, subject.getTypeName(), subject.getSourceId());
        results.add(replacementSubject);
      } else {
        results.add(subject);
      }
    }
    return results;
  }

  
  }
}

Here is an example where subjects not in collab groups are filtered from users not in that group

...