Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: rule overwriting old rule?

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: rule overwriting old rule?


Chronological Thread 
  • From: Jeffrey T Eaton <>
  • To: Chris Hyzer <>
  • Cc: "" <>
  • Subject: [grouper-users] Re: rule overwriting old rule?
  • Date: Tue, 1 Apr 2014 18:17:37 +0000
  • Accept-language: en-US

Thank you! I was staring at that code so long my eyes were going cross, and
never once noticed the difference between assign and add.

-jeaton

On Apr 1, 2014, at 1:58 PM, Chris Hyzer
<>
wrote:

> You are taking the same assignment, and changing the value of attributes.
> "assign" is if you want to assign one attribute/rule, "add" will add more
> assignments (multi-assign)
>
> You need a new attribute assignment for each rule.
>
> FROM:
>
> AttributeAssign attributeAssignRecent =
> recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>
> TO:
>
> AttributeAssign attributeAssignRecent =
> recentGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>
> Note, when you edit these rules, you need to get the right one by looking
> at the attribute values.
>
> Thanks,
> Chris
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Jeffrey T Eaton
> Sent: Tuesday, April 01, 2014 1:47 PM
> To:
>
> Subject: [grouper-users] rule overwriting old rule?
>
>
> I’m trying to set up a set of Grouper Rules on some groups, and am running
> into a problem where when I add a new rule, it overwrites one of the old
> rules.
>
> Basically, what I have is one group, which is populated by a loader job
> automatically. The group contains all subjects with a current Student
> affiliation. I want to have a set of groups that reflect “current”
> students, and one that has “recent” students, so that we can have certain
> permissions granted to people who were recently students (so that when you
> lose your affiliation, you still have access to certain resources for a
> period of time).
>
> If I try to add the following series of rules, using gsh, exiting gsh
> entirely after each rule, and verifying that I can see the rules in the
> lite UI "View or assign attributes” screen, the first two work fine. When
> I add the third rule, it overwrites the second rule. There are no other
> rules in the system when I start.
>
> Is there some limitation on having two rules, owned by the same group, but
> with different actions?
>
> We are using Grouper 2.1.4. I did a quick check of the 2.1.5 release
> notes, and nothing about rules jumped out at me, but I can try to get my
> system upgraded if that will help.
>
> -jeaton
>
> The rules:
>
>
> // Rule 1: on the "current" group…
> grouperSession = GrouperSession.startRootSession();
> currentGroup = GroupFinder.findByName(grouperSession,
> "Apps:Provisioning:auto:Active-Students-Current");
> AttributeAssign attributeAssignCurrent =
> currentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
> "g:isa");
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
> "GrouperSystem");
>
> // Rule 1: Fires when a member is added to the corresponding loader-managed
> group
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
> "Apps:Provisioning:auto:Active-Students");
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());
>
> // Rule 1: ... then the member is added to the current group
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
> RuleThenEnum.addMemberToOwnerGroup.name());
>
>
> // Rule 2: on the "recent" group…
> grouperSession = GrouperSession.startRootSession();
> recentGroup = GroupFinder.findByName(grouperSession,
> "Apps:Provisioning:auto:Active-Students-Recent");
> AttributeAssign attributeAssignRecent =
> recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
> "g:isa");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
> "GrouperSystem");
>
> // Rule 2: Fires when a member is added to the "Current" group
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
> "Apps:Provisioning:auto:Active-Students-Current");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());
>
> // Rule 2: Then removed the member from the "recent" group (because if you
> are current, you are no longer recent)
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
> RuleThenEnum.removeMemberFromOwnerGroup.name());
>
>
> // Now, for the opposite rules
> // Rule 3: on the "recent" group…
> grouperSession = GrouperSession.startRootSession();
> recentGroup = GroupFinder.findByName(grouperSession,
> "Apps:Provisioning:auto:Active-Students-Recent");
> AttributeAssign attributeAssignRecent =
> recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
> "g:isa");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
> "GrouperSystem");
>
> // Rule 3: Fires when a member is removed from the corresponding
> loader-managed group
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
> "Apps:Provisioning:auto:Active-Students");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipRemove.name());
>
> // Then add member to the "recent" group
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
> RuleThenEnum.addMemberToOwnerGroup.name());




Archive powered by MHonArc 2.6.16.

Top of Page