RuleApi

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.rules
Class RuleApi

java.lang.Object
  edu.internet2.middleware.grouper.rules.RuleApi

public class RuleApi
extends java.lang.Object
extends java.lang.Object

helper methods to assign rules to objects without having to deal with attributes note, you can use this from gsh too

Author:: mchyzer

Constructor Summary
`RuleApi()`

Method Summary
`static AttributeAssign`	`emailOnFlattenedDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject, Group ruleGroup, java.lang.Integer daysInFutureDisabledDateMin, java.lang.Integer daysInFutureDisabledDateMax, java.lang.String emailToValue, java.lang.String emailSubjectValue, java.lang.String emailBodyValue)` send emails via daemon on impending disabled memberships
`static AttributeAssign`	`emailOnFlattenedMembershipAdd(edu.internet2.middleware.subject.Subject actAsSubject, Group ruleGroup, java.lang.String emailToValue, java.lang.String emailSubjectValue, java.lang.String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedMembershipAddFromStem(edu.internet2.middleware.subject.Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, java.lang.String emailToValue, java.lang.String emailSubjectValue, java.lang.String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedMembershipRemove(edu.internet2.middleware.subject.Subject actAsSubject, Group ruleGroup, java.lang.String emailToValue, java.lang.String emailSubjectValue, java.lang.String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedMembershipRemoveFromStem(edu.internet2.middleware.subject.Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, java.lang.String emailToValue, java.lang.String emailSubjectValue, java.lang.String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedPermissionDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject, AttributeDef permissionDef, java.lang.Integer daysInFutureDisabledDateMin, java.lang.Integer daysInFutureDisabledDateMax, java.lang.String emailToValue, java.lang.String emailSubjectValue, java.lang.String emailBodyValue)`
`static AttributeAssign`	`groupIntersection(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Group mustBeInGroup)` put a rule on the rule group which says that if the user is not in the mustBeInGroup, then remove from ruleGroup
`static AttributeAssign`	`groupIntersection(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Group mustBeInGroup, int daysInFutureForDisabledDate)` put a rule on the rule group which says that if the user is not in the mustBeInGroup, then add an end date to the membership in the rule group X days in the future
`static AttributeAssign`	`groupIntersectionWithFolder(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Stem folder, Stem.Scope stemScope)` if a member is removed from a folder, and has no more memberships in any group in the folder, then remove from the group
`static AttributeAssign`	`inheritAttributeDefPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, java.util.Set<Privilege> privileges)` make sure stem privileges are inherited in a attributeDef
`static AttributeAssign`	`inheritFolderPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, java.util.Set<Privilege> privileges)` make sure stem privileges are inherited in a stem
`static AttributeAssign`	`inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, java.util.Set<Privilege> privileges)` make sure group privileges are inherited in a stem
`static AttributeAssign`	`inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, java.util.Set<Privilege> privileges, java.lang.String sqlLikeString)` make sure group privileges are inherited in a stem
`static AttributeAssign`	`permissionFolderIntersection(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionToAssignRule, Stem mustBeInGroupInFolder, Stem.Scope stemScope)`
`static AttributeAssign`	`permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup)` put a rule on an attribute def so that if a user comes out of a group, the user will be removed from a role which has permissions or removed assignments directly to the user
`static AttributeAssign`	`permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup, int daysInFutureToDisable)` put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from a role which has permissions or removed assignments directly to the user
`static AttributeAssign`	`reassignAttributeDefPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Stem.Scope stemScope)` normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
`static AttributeAssign`	`reassignGroupPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Stem.Scope stemScope)` normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
`static AttributeAssign`	`reassignStemPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Stem.Scope stemScope)` normalize privileges if the user who creates a stem is in a group which has create privileges on the stem
`static java.lang.String`	`rulesToString()`
`static java.lang.String`	`rulesToString(AttributeAssignable attributeAssignable)`
`static int`	`runRulesForOwner(AttributeAssignable attributeAssignable)` run rules for an attribute assignable
`static AttributeAssign`	`vetoMembershipIfNotInGroup(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Group mustBeInGroup, java.lang.String vetoKey, java.lang.String vetoMessage)`
`static AttributeAssign`	`vetoMembershipIfNotInGroupInFolder(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Stem mustBeInGroupInFolder, Stem.Scope stemScope, java.lang.String vetoKey, java.lang.String vetoMessage)`
`static AttributeAssign`	`vetoPermissionIfNotInGroup(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionDef, Group mustBeInGroup, java.lang.String vetoKey, java.lang.String vetoMessage)` veto a direct permission assignment if not in group
`static AttributeAssign`	`vetoSubjectAssignInFolderIfNotInGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Group mustBeInGroup, boolean allowAll, java.lang.String sourceId, Stem.Scope stemScope, java.lang.String vetoKey, java.lang.String vetoMessage)` add a rule on a stem saying that all subject use in the folder must be in a certain group.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

RuleApi

public RuleApi()

Method Detail

reassignGroupPrivilegesIfFromGroup

public static AttributeAssign reassignGroupPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                 Stem ruleStem,
                                                                 Stem.Scope stemScope)

normalize privileges if the user who creates a group is in a group which has create privilegs on the stem

Parameters:: actAs -; ruleStem -; stemScope -
Returns:: the attribute assignment

reassignAttributeDefPrivilegesIfFromGroup

public static AttributeAssign reassignAttributeDefPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                        Stem ruleStem,
                                                                        Stem.Scope stemScope)

normalize privileges if the user who creates a group is in a group which has create privilegs on the stem

Parameters:: actAs -; ruleStem -; stemScope -
Returns:: the attribute assignment

vetoMembershipIfNotInGroupInFolder

public static AttributeAssign vetoMembershipIfNotInGroupInFolder(edu.internet2.middleware.subject.Subject actAs,
                                                                 Group ruleGroup,
                                                                 Stem mustBeInGroupInFolder,
                                                                 Stem.Scope stemScope,
                                                                 java.lang.String vetoKey,
                                                                 java.lang.String vetoMessage)

Parameters:: actAs -; ruleGroup -; mustBeInGroupInFolder -; stemScope -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

vetoSubjectAssignInFolderIfNotInGroup

public static AttributeAssign vetoSubjectAssignInFolderIfNotInGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                    Stem ruleStem,
                                                                    Group mustBeInGroup,
                                                                    boolean allowAll,
                                                                    java.lang.String sourceId,
                                                                    Stem.Scope stemScope,
                                                                    java.lang.String vetoKey,
                                                                    java.lang.String vetoMessage)

add a rule on a stem saying that all subject use in the folder must be in a certain group. note, the first rule found will be used

Parameters:: actAs -; ruleStem -; mustBeInGroup - if blank and not allowAll, then restrict all; allowAll - if mustBeIn is blank and allowAll, then allow all (to override a restriction in ancestor folders); sourceId - optional (recommended), to constraint this to subjects from certain sources; stemScope -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

vetoMembershipIfNotInGroup

public static AttributeAssign vetoMembershipIfNotInGroup(edu.internet2.middleware.subject.Subject actAs,
                                                         Group ruleGroup,
                                                         Group mustBeInGroup,
                                                         java.lang.String vetoKey,
                                                         java.lang.String vetoMessage)

Parameters:: actAs -; ruleGroup -; mustBeInGroup -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

inheritAttributeDefPrivileges

public static AttributeAssign inheritAttributeDefPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                            Stem stem,
                                                            Stem.Scope stemScope,
                                                            edu.internet2.middleware.subject.Subject subjectToAssign,
                                                            java.util.Set<Privilege> privileges)

make sure stem privileges are inherited in a attributeDef

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritFolderPrivileges

public static AttributeAssign inheritFolderPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                      Stem stem,
                                                      Stem.Scope stemScope,
                                                      edu.internet2.middleware.subject.Subject subjectToAssign,
                                                      java.util.Set<Privilege> privileges)

make sure stem privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritGroupPrivileges

public static AttributeAssign inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                     Stem stem,
                                                     Stem.Scope stemScope,
                                                     edu.internet2.middleware.subject.Subject subjectToAssign,
                                                     java.util.Set<Privilege> privileges)

make sure group privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritGroupPrivileges

public static AttributeAssign inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                     Stem stem,
                                                     Stem.Scope stemScope,
                                                     edu.internet2.middleware.subject.Subject subjectToAssign,
                                                     java.util.Set<Privilege> privileges,
                                                     java.lang.String sqlLikeString)

make sure group privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string; sqlLikeString -
Returns:: the assignment in case there are edits

groupIntersectionWithFolder

public static AttributeAssign groupIntersectionWithFolder(edu.internet2.middleware.subject.Subject actAs,
                                                          Group ruleGroup,
                                                          Stem folder,
                                                          Stem.Scope stemScope)

if a member is removed from a folder, and has no more memberships in any group in the folder, then remove from the group

Parameters:: actAs -; ruleGroup -; folder -; stemScope -
Returns:: the assignment in case there are edits

groupIntersection

public static AttributeAssign groupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                Group ruleGroup,
                                                Group mustBeInGroup)

put a rule on the rule group which says that if the user is not in the mustBeInGroup, then remove from ruleGroup

Parameters:: actAs -; ruleGroup -; mustBeInGroup -
Returns:: the assignment in case there are edits

groupIntersection

public static AttributeAssign groupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                Group ruleGroup,
                                                Group mustBeInGroup,
                                                int daysInFutureForDisabledDate)

put a rule on the rule group which says that if the user is not in the mustBeInGroup, then add an end date to the membership in the rule group X days in the future

Parameters:: actAs -; ruleGroup -; mustBeInGroup -; daysInFutureForDisabledDate -
Returns:: the assignment in case there are edits

rulesToString

public static java.lang.String rulesToString()

Returns:: the string

rulesToString

public static java.lang.String rulesToString(AttributeAssignable attributeAssignable)

Parameters:: attributeAssignable -
Returns:: the string

runRulesForOwner

public static int runRulesForOwner(AttributeAssignable attributeAssignable)

run rules for an attribute assignable

Parameters:: attributeAssignable -
Returns:: the number of rules ran (note, if not valid or not daemonable then dont run, then that doesnt count)

permissionGroupIntersection

public static AttributeAssign permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                          AttributeDef permissionToAssignRule,
                                                          Group mustBeInGroup,
                                                          int daysInFutureToDisable)

put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from a role which has permissions or removed assignments directly to the user

Parameters:: actAs -; permissionToAssignRule -; mustBeInGroup -; daysInFutureToDisable -
Returns:: the assignment in case there are edits

permissionGroupIntersection

public static AttributeAssign permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                          AttributeDef permissionToAssignRule,
                                                          Group mustBeInGroup)

put a rule on an attribute def so that if a user comes out of a group, the user will be removed from a role which has permissions or removed assignments directly to the user

Parameters:: actAs -; permissionToAssignRule -; mustBeInGroup -
Returns:: the assignment in case there are edits

permissionFolderIntersection

public static AttributeAssign permissionFolderIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                           AttributeDef permissionToAssignRule,
                                                           Stem mustBeInGroupInFolder,
                                                           Stem.Scope stemScope)

Parameters:: actAs -; permissionToAssignRule -; mustBeInGroupInFolder -; stemScope -
Returns:: the assignment in case there are edits

vetoPermissionIfNotInGroup

public static AttributeAssign vetoPermissionIfNotInGroup(edu.internet2.middleware.subject.Subject actAs,
                                                         AttributeDef permissionDef,
                                                         Group mustBeInGroup,
                                                         java.lang.String vetoKey,
                                                         java.lang.String vetoMessage)

veto a direct permission assignment if not in group

Parameters:: actAs -; permissionDef -; mustBeInGroup -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

emailOnFlattenedMembershipRemove

public static AttributeAssign emailOnFlattenedMembershipRemove(edu.internet2.middleware.subject.Subject actAsSubject,
                                                               Group ruleGroup,
                                                               java.lang.String emailToValue,
                                                               java.lang.String emailSubjectValue,
                                                               java.lang.String emailBodyValue)

Parameters:: ruleGroup -; actAsSubject -; emailToValue - e.g. "a@b.c, ${safeSubject.emailAddress}"; emailSubjectValue - e.g. "You will be removed from group: ${groupDisplayExtension}"; emailBodyValue - e.g. "template: testEmailGroupBodyFlattenedRemove"
Returns:: the assignment in case there are edits

emailOnFlattenedMembershipAddFromStem

public static AttributeAssign emailOnFlattenedMembershipAddFromStem(edu.internet2.middleware.subject.Subject actAsSubject,
                                                                    Stem ruleStem,
                                                                    Stem.Scope stemScope,
                                                                    java.lang.String emailToValue,
                                                                    java.lang.String emailSubjectValue,
                                                                    java.lang.String emailBodyValue)

Parameters:: actAsSubject -; ruleStem -; stemScope -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: the assignment in case there are edits

emailOnFlattenedMembershipRemoveFromStem

public static AttributeAssign emailOnFlattenedMembershipRemoveFromStem(edu.internet2.middleware.subject.Subject actAsSubject,
                                                                       Stem ruleStem,
                                                                       Stem.Scope stemScope,
                                                                       java.lang.String emailToValue,
                                                                       java.lang.String emailSubjectValue,
                                                                       java.lang.String emailBodyValue)

Parameters:: actAsSubject -; ruleStem -; stemScope -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: the assignment to tweak it

emailOnFlattenedMembershipAdd

public static AttributeAssign emailOnFlattenedMembershipAdd(edu.internet2.middleware.subject.Subject actAsSubject,
                                                            Group ruleGroup,
                                                            java.lang.String emailToValue,
                                                            java.lang.String emailSubjectValue,
                                                            java.lang.String emailBodyValue)

Parameters:: ruleGroup -; actAsSubject -; emailToValue - e.g. "a@b.c, ${safeSubject.emailAddress}"; emailSubjectValue - e.g. "You were added to group: ${groupDisplayExtension}"; emailBodyValue - e.g. "template: testEmailGroupBodyFlattenedAdd"
Returns:: the assignment to tweak it

emailOnFlattenedDisabledDate

public static AttributeAssign emailOnFlattenedDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject,
                                                           Group ruleGroup,
                                                           java.lang.Integer daysInFutureDisabledDateMin,
                                                           java.lang.Integer daysInFutureDisabledDateMax,
                                                           java.lang.String emailToValue,
                                                           java.lang.String emailSubjectValue,
                                                           java.lang.String emailBodyValue)

send emails via daemon on impending disabled memberships

Parameters:: actAsSubject -; ruleGroup -; daysInFutureDisabledDateMin -; daysInFutureDisabledDateMax -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: the attribute assign for customizing

emailOnFlattenedPermissionDisabledDate

public static AttributeAssign emailOnFlattenedPermissionDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject,
                                                                     AttributeDef permissionDef,
                                                                     java.lang.Integer daysInFutureDisabledDateMin,
                                                                     java.lang.Integer daysInFutureDisabledDateMax,
                                                                     java.lang.String emailToValue,
                                                                     java.lang.String emailSubjectValue,
                                                                     java.lang.String emailBodyValue)

Parameters:: actAsSubject -; permissionDef -; daysInFutureDisabledDateMin -; daysInFutureDisabledDateMax -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: attribute assign for customizing

reassignStemPrivilegesIfFromGroup

public static AttributeAssign reassignStemPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                Stem ruleStem,
                                                                Stem.Scope stemScope)

normalize privileges if the user who creates a stem is in a group which has create privileges on the stem

Parameters:: actAs -; ruleStem -; stemScope -
Returns:: the attribute assignment

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.rules Class RuleApi

RuleApi

reassignGroupPrivilegesIfFromGroup

reassignAttributeDefPrivilegesIfFromGroup

vetoMembershipIfNotInGroupInFolder

vetoSubjectAssignInFolderIfNotInGroup

vetoMembershipIfNotInGroup

inheritAttributeDefPrivileges

inheritFolderPrivileges

inheritGroupPrivileges

inheritGroupPrivileges

groupIntersectionWithFolder

groupIntersection

groupIntersection

rulesToString

rulesToString

runRulesForOwner

permissionGroupIntersection

permissionGroupIntersection

permissionFolderIntersection

vetoPermissionIfNotInGroup

emailOnFlattenedMembershipRemove

emailOnFlattenedMembershipAddFromStem

emailOnFlattenedMembershipRemoveFromStem

emailOnFlattenedMembershipAdd

emailOnFlattenedDisabledDate

emailOnFlattenedPermissionDisabledDate

reassignStemPrivilegesIfFromGroup

edu.internet2.middleware.grouper.rules
Class RuleApi