Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.rules
Class RuleApi

java.lang.Object
  extended by edu.internet2.middleware.grouper.rules.RuleApi

public class RuleApi
extends Object

helper methods to assign rules to objects without having to deal with attributes note, you can use this from gsh too

Author:
mchyzer

Constructor Summary
RuleApi()
           
 
Method Summary
static AttributeAssign emailOnFlattenedDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject, Group ruleGroup, Integer daysInFutureDisabledDateMin, Integer daysInFutureDisabledDateMax, String emailToValue, String emailSubjectValue, String emailBodyValue)
          send emails via daemon on impending disabled memberships
static AttributeAssign emailOnFlattenedMembershipAdd(edu.internet2.middleware.subject.Subject actAsSubject, Group ruleGroup, String emailToValue, String emailSubjectValue, String emailBodyValue)
           
static AttributeAssign emailOnFlattenedMembershipAddFromStem(edu.internet2.middleware.subject.Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, String emailToValue, String emailSubjectValue, String emailBodyValue)
           
static AttributeAssign emailOnFlattenedMembershipRemove(edu.internet2.middleware.subject.Subject actAsSubject, Group ruleGroup, String emailToValue, String emailSubjectValue, String emailBodyValue)
           
static AttributeAssign emailOnFlattenedMembershipRemoveFromStem(edu.internet2.middleware.subject.Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, String emailToValue, String emailSubjectValue, String emailBodyValue)
           
static AttributeAssign emailOnFlattenedPermissionDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject, AttributeDef permissionDef, Integer daysInFutureDisabledDateMin, Integer daysInFutureDisabledDateMax, String emailToValue, String emailSubjectValue, String emailBodyValue)
           
static AttributeAssign groupIntersection(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Group mustBeInGroup)
          put a rule on the rule group which says that if the user is not in the mustBeInGroup, then remove from ruleGroup
static AttributeAssign groupIntersection(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Group mustBeInGroup, int daysInFutureForDisabledDate)
          put a rule on the rule group which says that if the user is not in the mustBeInGroup, then add an end date to the membership in the rule group X days in the future
static AttributeAssign groupIntersectionWithFolder(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Stem folder, Stem.Scope stemScope)
          if a member is removed from a folder, and has no more memberships in any group in the folder, then remove from the group
static AttributeAssign inheritAttributeDefPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, Set<Privilege> privileges)
          make sure stem privileges are inherited in a attributeDef
static AttributeAssign inheritFolderPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, Set<Privilege> privileges)
          make sure stem privileges are inherited in a stem
static AttributeAssign inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, Set<Privilege> privileges)
          make sure group privileges are inherited in a stem
static AttributeAssign inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs, Stem stem, Stem.Scope stemScope, edu.internet2.middleware.subject.Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)
          make sure group privileges are inherited in a stem
static AttributeAssign permissionFolderIntersection(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionToAssignRule, Stem mustBeInGroupInFolder, Stem.Scope stemScope)
           
static AttributeAssign permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup)
          put a rule on an attribute def so that if a user comes out of a group, the user will be removed from a role which has permissions or removed assignments directly to the user
static AttributeAssign permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup, int daysInFutureToDisable)
          put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from a role which has permissions or removed assignments directly to the user
static AttributeAssign reassignAttributeDefPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Stem.Scope stemScope)
          normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
static AttributeAssign reassignGroupPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Stem.Scope stemScope)
          normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
static AttributeAssign reassignStemPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Stem.Scope stemScope)
          normalize privileges if the user who creates a stem is in a group which has create privileges on the stem
static String rulesToString()
           
static String rulesToString(AttributeAssignable attributeAssignable)
           
static int runRulesForOwner(AttributeAssignable attributeAssignable)
          run rules for an attribute assignable
static AttributeAssign vetoMembershipIfNotInGroup(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Group mustBeInGroup, String vetoKey, String vetoMessage)
           
static AttributeAssign vetoMembershipIfNotInGroupInFolder(edu.internet2.middleware.subject.Subject actAs, Group ruleGroup, Stem mustBeInGroupInFolder, Stem.Scope stemScope, String vetoKey, String vetoMessage)
           
static AttributeAssign vetoPermissionIfNotInGroup(edu.internet2.middleware.subject.Subject actAs, AttributeDef permissionDef, Group mustBeInGroup, String vetoKey, String vetoMessage)
          veto a direct permission assignment if not in group
static AttributeAssign vetoSubjectAssignInFolderIfNotInGroup(edu.internet2.middleware.subject.Subject actAs, Stem ruleStem, Group mustBeInGroup, boolean allowAll, String sourceId, Stem.Scope stemScope, String vetoKey, String vetoMessage)
          add a rule on a stem saying that all subject use in the folder must be in a certain group.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RuleApi

public RuleApi()
Method Detail

reassignGroupPrivilegesIfFromGroup

public static AttributeAssign reassignGroupPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                 Stem ruleStem,
                                                                 Stem.Scope stemScope)
normalize privileges if the user who creates a group is in a group which has create privilegs on the stem

Parameters:
actAs -
ruleStem -
stemScope -
Returns:
the attribute assignment

reassignAttributeDefPrivilegesIfFromGroup

public static AttributeAssign reassignAttributeDefPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                        Stem ruleStem,
                                                                        Stem.Scope stemScope)
normalize privileges if the user who creates a group is in a group which has create privilegs on the stem

Parameters:
actAs -
ruleStem -
stemScope -
Returns:
the attribute assignment

vetoMembershipIfNotInGroupInFolder

public static AttributeAssign vetoMembershipIfNotInGroupInFolder(edu.internet2.middleware.subject.Subject actAs,
                                                                 Group ruleGroup,
                                                                 Stem mustBeInGroupInFolder,
                                                                 Stem.Scope stemScope,
                                                                 String vetoKey,
                                                                 String vetoMessage)
Parameters:
actAs -
ruleGroup -
mustBeInGroupInFolder -
stemScope -
vetoKey -
vetoMessage -
Returns:
the assignment in case there are edits

vetoSubjectAssignInFolderIfNotInGroup

public static AttributeAssign vetoSubjectAssignInFolderIfNotInGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                    Stem ruleStem,
                                                                    Group mustBeInGroup,
                                                                    boolean allowAll,
                                                                    String sourceId,
                                                                    Stem.Scope stemScope,
                                                                    String vetoKey,
                                                                    String vetoMessage)
add a rule on a stem saying that all subject use in the folder must be in a certain group. note, the first rule found will be used

Parameters:
actAs -
ruleStem -
mustBeInGroup - if blank and not allowAll, then restrict all
allowAll - if mustBeIn is blank and allowAll, then allow all (to override a restriction in ancestor folders)
sourceId - optional (recommended), to constraint this to subjects from certain sources
stemScope -
vetoKey -
vetoMessage -
Returns:
the assignment in case there are edits

vetoMembershipIfNotInGroup

public static AttributeAssign vetoMembershipIfNotInGroup(edu.internet2.middleware.subject.Subject actAs,
                                                         Group ruleGroup,
                                                         Group mustBeInGroup,
                                                         String vetoKey,
                                                         String vetoMessage)
Parameters:
actAs -
ruleGroup -
mustBeInGroup -
vetoKey -
vetoMessage -
Returns:
the assignment in case there are edits

inheritAttributeDefPrivileges

public static AttributeAssign inheritAttributeDefPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                            Stem stem,
                                                            Stem.Scope stemScope,
                                                            edu.internet2.middleware.subject.Subject subjectToAssign,
                                                            Set<Privilege> privileges)
make sure stem privileges are inherited in a attributeDef

Parameters:
actAs -
stem -
stemScope - ONE or SUB
subjectToAssign -
privileges - can use Privilege.getInstances() to convert from string
Returns:
the assignment in case there are edits

inheritFolderPrivileges

public static AttributeAssign inheritFolderPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                      Stem stem,
                                                      Stem.Scope stemScope,
                                                      edu.internet2.middleware.subject.Subject subjectToAssign,
                                                      Set<Privilege> privileges)
make sure stem privileges are inherited in a stem

Parameters:
actAs -
stem -
stemScope - ONE or SUB
subjectToAssign -
privileges - can use Privilege.getInstances() to convert from string
Returns:
the assignment in case there are edits

inheritGroupPrivileges

public static AttributeAssign inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                     Stem stem,
                                                     Stem.Scope stemScope,
                                                     edu.internet2.middleware.subject.Subject subjectToAssign,
                                                     Set<Privilege> privileges)
make sure group privileges are inherited in a stem

Parameters:
actAs -
stem -
stemScope - ONE or SUB
subjectToAssign -
privileges - can use Privilege.getInstances() to convert from string
Returns:
the assignment in case there are edits

inheritGroupPrivileges

public static AttributeAssign inheritGroupPrivileges(edu.internet2.middleware.subject.Subject actAs,
                                                     Stem stem,
                                                     Stem.Scope stemScope,
                                                     edu.internet2.middleware.subject.Subject subjectToAssign,
                                                     Set<Privilege> privileges,
                                                     String sqlLikeString)
make sure group privileges are inherited in a stem

Parameters:
actAs -
stem -
stemScope - ONE or SUB
subjectToAssign -
privileges - can use Privilege.getInstances() to convert from string
sqlLikeString -
Returns:
the assignment in case there are edits

groupIntersectionWithFolder

public static AttributeAssign groupIntersectionWithFolder(edu.internet2.middleware.subject.Subject actAs,
                                                          Group ruleGroup,
                                                          Stem folder,
                                                          Stem.Scope stemScope)
if a member is removed from a folder, and has no more memberships in any group in the folder, then remove from the group

Parameters:
actAs -
ruleGroup -
folder -
stemScope -
Returns:
the assignment in case there are edits

groupIntersection

public static AttributeAssign groupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                Group ruleGroup,
                                                Group mustBeInGroup)
put a rule on the rule group which says that if the user is not in the mustBeInGroup, then remove from ruleGroup

Parameters:
actAs -
ruleGroup -
mustBeInGroup -
Returns:
the assignment in case there are edits

groupIntersection

public static AttributeAssign groupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                Group ruleGroup,
                                                Group mustBeInGroup,
                                                int daysInFutureForDisabledDate)
put a rule on the rule group which says that if the user is not in the mustBeInGroup, then add an end date to the membership in the rule group X days in the future

Parameters:
actAs -
ruleGroup -
mustBeInGroup -
daysInFutureForDisabledDate -
Returns:
the assignment in case there are edits

rulesToString

public static String rulesToString()
Returns:
the string

rulesToString

public static String rulesToString(AttributeAssignable attributeAssignable)
Parameters:
attributeAssignable -
Returns:
the string

runRulesForOwner

public static int runRulesForOwner(AttributeAssignable attributeAssignable)
run rules for an attribute assignable

Parameters:
attributeAssignable -
Returns:
the number of rules ran (note, if not valid or not daemonable then dont run, then that doesnt count)

permissionGroupIntersection

public static AttributeAssign permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                          AttributeDef permissionToAssignRule,
                                                          Group mustBeInGroup,
                                                          int daysInFutureToDisable)
put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from a role which has permissions or removed assignments directly to the user

Parameters:
actAs -
permissionToAssignRule -
mustBeInGroup -
daysInFutureToDisable -
Returns:
the assignment in case there are edits

permissionGroupIntersection

public static AttributeAssign permissionGroupIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                          AttributeDef permissionToAssignRule,
                                                          Group mustBeInGroup)
put a rule on an attribute def so that if a user comes out of a group, the user will be removed from a role which has permissions or removed assignments directly to the user

Parameters:
actAs -
permissionToAssignRule -
mustBeInGroup -
Returns:
the assignment in case there are edits

permissionFolderIntersection

public static AttributeAssign permissionFolderIntersection(edu.internet2.middleware.subject.Subject actAs,
                                                           AttributeDef permissionToAssignRule,
                                                           Stem mustBeInGroupInFolder,
                                                           Stem.Scope stemScope)
Parameters:
actAs -
permissionToAssignRule -
mustBeInGroupInFolder -
stemScope -
Returns:
the assignment in case there are edits

vetoPermissionIfNotInGroup

public static AttributeAssign vetoPermissionIfNotInGroup(edu.internet2.middleware.subject.Subject actAs,
                                                         AttributeDef permissionDef,
                                                         Group mustBeInGroup,
                                                         String vetoKey,
                                                         String vetoMessage)
veto a direct permission assignment if not in group

Parameters:
actAs -
permissionDef -
mustBeInGroup -
vetoKey -
vetoMessage -
Returns:
the assignment in case there are edits

emailOnFlattenedMembershipRemove

public static AttributeAssign emailOnFlattenedMembershipRemove(edu.internet2.middleware.subject.Subject actAsSubject,
                                                               Group ruleGroup,
                                                               String emailToValue,
                                                               String emailSubjectValue,
                                                               String emailBodyValue)
Parameters:
ruleGroup -
actAsSubject -
emailToValue - e.g. "a@b.c, ${safeSubject.emailAddress}"
emailSubjectValue - e.g. "You will be removed from group: ${groupDisplayExtension}"
emailBodyValue - e.g. "template: testEmailGroupBodyFlattenedRemove"
Returns:
the assignment in case there are edits

emailOnFlattenedMembershipAddFromStem

public static AttributeAssign emailOnFlattenedMembershipAddFromStem(edu.internet2.middleware.subject.Subject actAsSubject,
                                                                    Stem ruleStem,
                                                                    Stem.Scope stemScope,
                                                                    String emailToValue,
                                                                    String emailSubjectValue,
                                                                    String emailBodyValue)
Parameters:
actAsSubject -
ruleStem -
stemScope -
emailToValue -
emailSubjectValue -
emailBodyValue -
Returns:
the assignment in case there are edits

emailOnFlattenedMembershipRemoveFromStem

public static AttributeAssign emailOnFlattenedMembershipRemoveFromStem(edu.internet2.middleware.subject.Subject actAsSubject,
                                                                       Stem ruleStem,
                                                                       Stem.Scope stemScope,
                                                                       String emailToValue,
                                                                       String emailSubjectValue,
                                                                       String emailBodyValue)
Parameters:
actAsSubject -
ruleStem -
stemScope -
emailToValue -
emailSubjectValue -
emailBodyValue -
Returns:
the assignment to tweak it

emailOnFlattenedMembershipAdd

public static AttributeAssign emailOnFlattenedMembershipAdd(edu.internet2.middleware.subject.Subject actAsSubject,
                                                            Group ruleGroup,
                                                            String emailToValue,
                                                            String emailSubjectValue,
                                                            String emailBodyValue)
Parameters:
ruleGroup -
actAsSubject -
emailToValue - e.g. "a@b.c, ${safeSubject.emailAddress}"
emailSubjectValue - e.g. "You were added to group: ${groupDisplayExtension}"
emailBodyValue - e.g. "template: testEmailGroupBodyFlattenedAdd"
Returns:
the assignment to tweak it

emailOnFlattenedDisabledDate

public static AttributeAssign emailOnFlattenedDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject,
                                                           Group ruleGroup,
                                                           Integer daysInFutureDisabledDateMin,
                                                           Integer daysInFutureDisabledDateMax,
                                                           String emailToValue,
                                                           String emailSubjectValue,
                                                           String emailBodyValue)
send emails via daemon on impending disabled memberships

Parameters:
actAsSubject -
ruleGroup -
daysInFutureDisabledDateMin -
daysInFutureDisabledDateMax -
emailToValue -
emailSubjectValue -
emailBodyValue -
Returns:
the attribute assign for customizing

emailOnFlattenedPermissionDisabledDate

public static AttributeAssign emailOnFlattenedPermissionDisabledDate(edu.internet2.middleware.subject.Subject actAsSubject,
                                                                     AttributeDef permissionDef,
                                                                     Integer daysInFutureDisabledDateMin,
                                                                     Integer daysInFutureDisabledDateMax,
                                                                     String emailToValue,
                                                                     String emailSubjectValue,
                                                                     String emailBodyValue)
Parameters:
actAsSubject -
permissionDef -
daysInFutureDisabledDateMin -
daysInFutureDisabledDateMax -
emailToValue -
emailSubjectValue -
emailBodyValue -
Returns:
attribute assign for customizing

reassignStemPrivilegesIfFromGroup

public static AttributeAssign reassignStemPrivilegesIfFromGroup(edu.internet2.middleware.subject.Subject actAs,
                                                                Stem ruleStem,
                                                                Stem.Scope stemScope)
normalize privileges if the user who creates a stem is in a group which has create privileges on the stem

Parameters:
actAs -
ruleStem -
stemScope -
Returns:
the attribute assignment
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD