- Under "more actions" button on groups and folders, have an "Attestation" option above "View audit log"
- Users who have Wheel, Admin or Read/Update should see that option
- This will go to a page for attestation for that group (looks like "copy" screen with breadcrumbs, name, then the attestation screen part)
- If there is no attestation for that object or parent folders, display "No attestation configured"
- To see if there is attestation, check the object for an attribute, if not there, check parent folder, if not there, parent folder, etc. First attribute assignment wins
Use this method to check if has attestation (it implements that algorithm)
groupOrFolder.getAttributeDelegate().hasAttributeOrAncestorHasAttribute()
- If there is no attestation for that object, but there is inherited attestation, display which (closest) parent folder has the attestation and describe it
- If there is attestation on that object, describe it, allow Admins of the group (or wheel members) ability to edit the attestation
- For Group, for Wheel, Admins, or Read/Update, if there is attestation (direct or inherited), have a button that says "Members of this group have been reviewed"
- If there is no direct attestation, for Wheel, and admins, have button "Configure attestation for this group" (or folder)
- Attributes on folders, groups: (two attributeDefs) (note, autocreate these attributeDefs and attributeNames on startup)
- attestation (main flag, other attributes assigned to this assignment, no value, single assign)
- attestationSendEmail (String, true | false) default to true if not set
- attestationEmailAddresses (String) comma separated email addresses to send reminders to. If not set, then get email addresses from list of Admins and Read/Update users. Note, we need a param (in the source) of which subject attribute is the email attribute. If none sent, log error, need either emails here or emails from admins
- attestationDaysUntilRecertify (String) integer number of days until need to recertify from last certification. Can have a default in grouper.properties if not set. (180?)
- attestationLastEmailedDate (String) yyyy/mm/dd date that this was last emailed so multiple emails dont go out on same day
- attestationDaysBeforeToRemind (String) Integer number of days before attestation to start sending emails about it.
- attestationStemScope (String) one|sub (for folders only, scope one level or all levels). Default to all levels.
- attestationDateCertified (String) yyyy/mm/dd is the last date certified for this group. (only for groups, not stems)
- attestation (main flag, other attributes assigned to this assignment, no value, single assign)
- Edits to the screen should generate attestation specific audits
- Daemon should run daily (via cron) and look for groups which have not been attested. Should group by email address. Send each user who get an email their own email with a list of groups and linked to be attested. Remind the user about clicking the button saying it is certified.
- Future scope
- If attestation is not done in a certain amount of time, disable the memberships or group somehow
- Have screen that shows all attestation assignments in the registry (which folders and groups have the attestation flag)
- Have screen that shows all groups that need to be attested with their status. If there are too many groups, then have a search for them, or maybe select parent folder?
- Be able to filter this by groups that are overdue for certification
Overview
Content Tools