Grouper Developers Forum

[Chris Hyzer <>]

Hey,

I am working on the API for simple marker (no value) attributes.

I have them working (and secure) for groups and stems.

Note, when I say secure, here is what I mean:

1. To create an attribute definition or attribute name, you need CREATE in 
the parent stem (folder)

2. Attributes have similar privileges as group: attrRead, attrView, 
attrAdmin, attrUpdate, attrOptin, attrOptout

2a. If you are GrouperSystem or a wheel member, you can do whatever you want 
security wise

3. To assign an attribute to a group, you need ADMIN on the group, and 
ATTR_UPDATE on the attribute

  - i.e. you need UPDATE on group to change the group's name

4. To read an attribute from a group, you need VIEW on the group and 
ATTR_READ on the attribute

  - i.e. you need VIEW on a group to see the group's name

5. To assign an attribute to a stem, you need CREATE on the stem, and 
ATTR_UPDATE on the attribute

6. To read an attribute from a stem, you need ATTR_READ on the attribute

7. To assign a member attribute, you need GrouperSystem or wheel group

8. To read a member attribute, you need ATTR_READ on the attribute

9. To assign to an attributeDef, you need attrAdmin on the attributeDef to 
assign to, and attrUpdate to the assigning attribute

10. To read to an attributeDef, you need attrAdmin on the attributeDef to 
assign to, and attrRead to the assigning attribute

11. To assign to a membership, you need to be able to update the membership 
and attrUpdate the assigning attribute

12. To read to a membership, you need to be able to read the membership and 
attrRead the assigning attribute

13. To assign to an attributeAssign (note, cant be an attributeAssign where 
parent is an attributeAssign), you need to be able to update or admin the 
underlying object (see rules above), and attrUpdate on the attribute

14. To read from an attributeAssign (note, cant be an attributeAssign where 
parent is an attributeAssign), you need to be able to read or admin the 
underlying object (see rules above), and attrUpdate on the attribute

Here is an example of the API in Java for stem attributes:

//Create a stem
this.stem = StemHelper.addChildStem(this.edu, "stem", "the stem");

//Create an attribute definition
this.attributeDef1 = this.top.addChildAttributeDef("test", 
AttributeDefType.attr);

//Create some names (e.g. a list of values)
this.attributeDefName1_1 = this.top.addChildAttributeDefName(attributeDef1, 
"testName1_1", "test name1_1");
this.attributeDefName1_2 = this.top.addChildAttributeDefName(attributeDef1, 
"testName1_2", "test name1_2");

//Assign an attribute to a stem
this.stem.getAttributeDelegate().assignAttribute(attributeDefName1_1);

//See if an attribute is assigned to a stem    
assertFalse(this.stem.getAttributeDelegate().hasAttribute(attributeDefName1_2));

//Get the attributes assigned to a stem (by LOV type, i.e. attribute 
definition)    
assertEquals(1, 
this.stem.getAttributeDelegate().retrieveAttributes(attributeDef1).size());

//Retrieve all attribute assignments (like memberships) from a stem, by 
attribute definition
assertEquals(1, 
this.stem.getAttributeDelegate().retrieveAssignments(attributeDef1).size());

//Retrieve all attribute assignments for a single attribute name
assertEquals(1, 
this.stem.getAttributeDelegate().retrieveAssignments(attributeDefName1_1).size());


Regards,
Chris