Skip to Content.
Sympa Menu

grouper-users - [grouper-users] rule overwriting old rule?

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] rule overwriting old rule?


Chronological Thread 
  • From: Jeffrey T Eaton <>
  • To: "" <>
  • Subject: [grouper-users] rule overwriting old rule?
  • Date: Tue, 1 Apr 2014 17:47:07 +0000
  • Accept-language: en-US


I’m trying to set up a set of Grouper Rules on some groups, and am running
into a problem where when I add a new rule, it overwrites one of the old
rules.

Basically, what I have is one group, which is populated by a loader job
automatically. The group contains all subjects with a current Student
affiliation. I want to have a set of groups that reflect “current” students,
and one that has “recent” students, so that we can have certain permissions
granted to people who were recently students (so that when you lose your
affiliation, you still have access to certain resources for a period of time).

If I try to add the following series of rules, using gsh, exiting gsh
entirely after each rule, and verifying that I can see the rules in the lite
UI "View or assign attributes” screen, the first two work fine. When I add
the third rule, it overwrites the second rule. There are no other rules in
the system when I start.

Is there some limitation on having two rules, owned by the same group, but
with different actions?

We are using Grouper 2.1.4. I did a quick check of the 2.1.5 release notes,
and nothing about rules jumped out at me, but I can try to get my system
upgraded if that will help.

-jeaton

The rules:


// Rule 1: on the "current" group…
grouperSession = GrouperSession.startRootSession();
currentGroup = GroupFinder.findByName(grouperSession,
"Apps:Provisioning:auto:Active-Students-Current");
AttributeAssign attributeAssignCurrent =
currentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
"g:isa");
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
"GrouperSystem");

// Rule 1: Fires when a member is added to the corresponding loader-managed
group
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
"Apps:Provisioning:auto:Active-Students");
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());

// Rule 1: ... then the member is added to the current group
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
RuleThenEnum.addMemberToOwnerGroup.name());


// Rule 2: on the "recent" group…
grouperSession = GrouperSession.startRootSession();
recentGroup = GroupFinder.findByName(grouperSession,
"Apps:Provisioning:auto:Active-Students-Recent");
AttributeAssign attributeAssignRecent =
recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
"g:isa");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
"GrouperSystem");

// Rule 2: Fires when a member is added to the "Current" group
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
"Apps:Provisioning:auto:Active-Students-Current");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());

// Rule 2: Then removed the member from the "recent" group (because if you
are current, you are no longer recent)
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
RuleThenEnum.removeMemberFromOwnerGroup.name());


// Now, for the opposite rules
// Rule 3: on the "recent" group…
grouperSession = GrouperSession.startRootSession();
recentGroup = GroupFinder.findByName(grouperSession,
"Apps:Provisioning:auto:Active-Students-Recent");
AttributeAssign attributeAssignRecent =
recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
"g:isa");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
"GrouperSystem");

// Rule 3: Fires when a member is removed from the corresponding
loader-managed group
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
"Apps:Provisioning:auto:Active-Students");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipRemove.name());

// Then add member to the "recent" group
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
RuleThenEnum.addMemberToOwnerGroup.name());







Archive powered by MHonArc 2.6.16.

Top of Page