You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

If a student is no longer a member of the course X group, then end date the permissions in the course wiki group with end date in one week, or end date assignments to roles which have those permissions

Java example

    //add a rule on stem:permission saying if you are out of stem:employee,
    //then put disabled date on assignments to permission, or from roles which have the permission
    AttributeAssign attributeAssign = permissionToAssignRule
      .getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

    AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate();
    attributeValueDelegate.assignValue(
        RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleCheckOwnerIdName(), mustBeInGroup.getId());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipRemove.name());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisPermissionDefHasNoEndDateAssignment.name());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleThenEnumName(), RuleThenEnum.assignDisabledDaysToOwnerPermissionDefAssignments.name());
    attributeValueDelegate.assignValue(
        RuleUtils.ruleThenEnumArg0Name(), "7");

    //should be valid
    String isValidString = attributeValueDelegate.retrieveValueString(
        RuleUtils.ruleValidName());

    if (!StringUtils.equals("T", isValidString)) {
      throw new RuntimeException(isValidString);
    }

GSH shorthand method

 RuleApi.permissionGroupIntersection(SubjectFinder.findRootSubject(), permissionDef, groupEmployee, 7);

GSH test case

gsh 0% grouperSession = GrouperSession.startRootSession();
edu.internet2.middleware.grouper.GrouperSession: 1e2e6443d9d34012b66f8d970ec16a1b,'GrouperSystem','application'

//permissions definition
gsh 1% permissionDef = new AttributeDefSave(grouperSession).assignName("stem:permissionDef").assignCreateParentStemsIfNotExist(true).assignAttributeDefType(AttributeDefType.perm).save();
edu.internet2.middleware.grouper.attr.AttributeDef: AttributeDef[name=stem:permissionDef,uuid=65b85a8e4bf74780bec99c04e508853e]
gsh 2% permissionDef.setAssignToEffMembership(true);
gsh 3% permissionDef.setAssignToGroup(true);
gsh 4% permissionDef.store();

//employee group which users must be in
gsh 5% groupEmployee = new GroupSave(grouperSession).assignName("stem:employee").assignCreateParentStemsIfNotExist(true).save();
group: name='stem:employee' displayName='stem:employee' uuid='61581214aef04fd589a5a24338067021'

//roles for permissions
gsh 6% payrollUser = new GroupSave(grouperSession).assignName("apps:payroll:roles:payrollUser").assignTypeOfGroup(TypeOfGroup.role).assignCreateParentStemsIfNotExist(true).save();
group: name='apps:payroll:roles:payrollUser' displayName='apps:payroll:roles:payrollUser' uuid='fc738d64b8eb46a1ab78d2e03961129b'
gsh 7% payrollGuest = new GroupSave(grouperSession).assignName("apps:payroll:roles:payrollGuest").assignTypeOfGroup(TypeOfGroup.role).assignCreateParentStemsIfNotExist(true).save();
group: name='apps:payroll:roles:payrollGuest' displayName='apps:payroll:roles:payrollGuest' uuid='ac4b956bd8b04e12ac8cc661e104493c'

gsh 8% subject0 = SubjectFinder.findByIdAndSource("test.subject.0", "jdbc", true);
subject: id='test.subject.0' type='person' source='jdbc' name='my name is test.subject.0'
gsh 9% subject1 = SubjectFinder.findByIdAndSource("test.subject.1", "jdbc", true);
subject: id='test.subject.1' type='person' source='jdbc' name='my name is test.subject.1'
gsh 10% subject2 = SubjectFinder.findByIdAndSource("test.subject.2", "jdbc", true);
subject: id='test.subject.2' type='person' source='jdbc' name='my name is test.subject.2'

gsh 11% payrollUser.addMember(subject0, false);
true
gsh 12% payrollGuest.addMember(subject1, false);
true

//permission resource
gsh 13% canLogin = new AttributeDefNameSave(grouperSession, permissionDef).assignName("apps:payroll:permissions:canLogin").assignCreateParentStemsIfNotExist(true).save();
edu.internet2.middleware.grouper.attr.AttributeDefName: AttributeDefName[name=apps:payroll:permissions:canLogin,uuid=f9a2001a66c3427287ae2846cd606dd0]

//assign the permission to a role
gsh 14% payrollUser.getPermissionRoleDelegate().assignRolePermission(canLogin);
edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult: edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult@f8f104

//assign the permission directly to a user in a different role
gsh 15% payrollGuest.getPermissionRoleDelegate().assignSubjectRolePermission(canLogin, subject1);
edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult: edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult@1c624e2

gsh 16% member0 = MemberFinder.findBySubject(grouperSession, subject0, false);
member: id='test.subject.0' type='person' source='jdbc' uuid='c24d4c437d0e439397a66659ee36e548'
gsh 17% member1 = MemberFinder.findBySubject(grouperSession, subject1, false);
member: id='test.subject.1' type='person' source='jdbc' uuid='df1329086d6a4ae9aea3d6c9777c68d5'

//permission that user0 hsa
gsh 18% permissions = GrouperDAOFactory.getFactory().getPermissionEntry().findByMemberId(member0.getUuid());
edu.internet2.middleware.grouper.permissions.PermissionEntry: PermissionEntry[roleName=apps:payroll:roles:payrollUser,attributeDefNameName=apps:payroll:permissions:canLogin,action=assign,sourceId=jdbc,subjectId=test.subject.0,imm_mem=true,imm_perm=true,mem_depth=0,role_depth=0,action_depth=0,attrDef_depth=0,perm_type=role]
gsh 19% permissions.size()
1
gsh 20% permissions.iterator().next().getAttributeDefNameName()
apps:payroll:permissions:canLogin

//permission that user1 has
gsh 21% permissions = GrouperDAOFactory.getFactory().getPermissionEntry().findByMemberId(member1.getUuid());
edu.internet2.middleware.grouper.permissions.PermissionEntry: PermissionEntry[roleName=apps:payroll:roles:payrollGuest,attributeDefNameName=apps:payroll:permissions:canLogin,action=assign,sourceId=jdbc,subjectId=test.subject.1,imm_mem=true,imm_perm=true,mem_depth=0,role_depth=-1,action_depth=0,attrDef_depth=0,perm_type=role_subject]
gsh 22% permissions.size()
1
gsh 23% permissions.iterator().next().getAttributeDefNameName()
apps:payroll:permissions:canLogin

//assign the rule
gsh 24% RuleApi.permissionGroupIntersection(SubjectFinder.findRootSubject(), permissionDef, groupEmployee, 7);

//add users to employee role
gsh 25% groupEmployee.addMember(subject0);
gsh 26% groupEmployee.addMember(subject1);

//subject2 has no permissions, so this is a no-op
gsh 27% groupEmployee.addMember(subject2);
gsh 28% groupEmployee.deleteMember(subject2);

//this should set some delete dates
gsh 29% groupEmployee.deleteMember(subject0);
gsh 30%  membership = ((Group)payrollUser).getImmediateMembership(Group.getDefaultList(), member0, true, true);
edu.internet2.middleware.grouper.Membership: Membership[createTime=1283882925393,creatorUuid=b0ad34466f1f401ba33c49cba4197cdb,depth=0,listName=members,listType=list,memberUuid=c24d4c437d0e439397a66659ee36e548,groupId=fc738d64b8eb46a1ab78d2e03961129b,type=immediate,uuid=40a51c707a4048f48fca32bd9d0f52c7:9a7d5f4525fe4bbab7bd89d96abd91f9]
gsh 31% membership.getDisabledTime()
java.sql.Timestamp: 2010-09-14 14:10:55.171
gsh 35% new java.sql.Timestamp(System.currentTimeMillis());
java.sql.Timestamp: 2010-09-07 14:11:53.141

gsh 36% permissions = GrouperDAOFactory.getFactory().getPermissionEntry().findByMemberId(member0.getUuid());
edu.internet2.middleware.grouper.permissions.PermissionEntry: PermissionEntry[roleName=apps:payroll:roles:payrollUser,attributeDefNameName=apps:payroll:permissions:canLogin,action=assign,sourceId=jdbc,subjectId=test.subject.0,imm_mem=true,imm_perm=true,mem_depth=0,role_depth=0,action_depth=0,attrDef_depth=0,perm_type=role]
gsh 37% permissions.size()
1
gsh 38% permissions.iterator().next().getAttributeDefNameName()
apps:payroll:permissions:canLogin
gsh 39% GrouperDAOFactory.getFactory().getPermissionEntry().findByMemberId(member1.getUuid()).size()
1

//delete subject1 from employee group
gsh 40% groupEmployee.deleteMember(subject1);

//this causes the delete date to be applied to the permission assignment to that user, not to the role assignment
gsh 41% payrollGuest.hasMember(subject1)
true
gsh 42% membership = ((Group)payrollGuest).getImmediateMembership(Group.getDefaultList(), member1, true, true);
edu.internet2.middleware.grouper.Membership: Membership[createTime=1283882930256,creatorUuid=b0ad34466f1f401ba33c49cba4197cdb,depth=0,listName=members,listType=list,memberUuid=df1329086d6a4ae9aea3d6c9777c68d5,groupId=ac4b956bd8b04e12ac8cc661e104493c,type=immediate,uuid=8f27f66ad3884c9a89f686a096a43342:3660b4d6c0894c938d24bc7ba2f9d5a7]
gsh 44% membership.getDisabledTime() == null
true
gsh 45% permissions = GrouperDAOFactory.getFactory().getPermissionEntry().findByMemberId(member1.getUuid());
edu.internet2.middleware.grouper.permissions.PermissionEntry: PermissionEntry[roleName=apps:payroll:roles:payrollGuest,attributeDefNameName=apps:payroll:permissions:canLogin,action=assign,sourceId=jdbc,subjectId=test.subject.1,imm_mem=true,imm_perm=true,mem_depth=0,role_depth=-1,action_depth=0,attrDef_depth=0,perm_type=role_subject]
gsh 46% permissions.size()
1
gsh 47% permissions.iterator().next().getAttributeDefNameName()
apps:payroll:permissions:canLogin
gsh 48% permissions.iterator().next().getDisabledTime()
java.sql.Timestamp: 2010-09-14 14:12:45.946

sdf

  • No labels