Grouper Users - Open Discussion List

[Jeffrey T Eaton <>]

Thank you!  I was staring at that code so long my eyes were going cross, and 
never once noticed the difference between assign and add.

-jeaton

On Apr 1, 2014, at 1:58 PM, Chris Hyzer 
<>
 wrote:

> You are taking the same assignment, and changing the value of attributes.  
> "assign" is if you want to assign one attribute/rule, "add" will add more 
> assignments (multi-assign)
>  
> You need a new attribute assignment for each rule.
>  
> FROM:
>  
> AttributeAssign attributeAssignRecent = 
> recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>  
> TO:
>  
> AttributeAssign attributeAssignRecent = 
> recentGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>  
> Note, when you edit these rules, you need to get the right one by looking 
> at the attribute values.
>  
> Thanks,
> Chris
>  
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Jeffrey T Eaton
> Sent: Tuesday, April 01, 2014 1:47 PM
> To: 
> 
> Subject: [grouper-users] rule overwriting old rule?
>  
>  
> I’m trying to set up a set of Grouper Rules on some groups, and am running 
> into a problem where when I add a new rule, it overwrites one of the old 
> rules.
>  
> Basically, what I have is one group, which is populated by a loader job 
> automatically.  The group contains all subjects with a current Student 
> affiliation.  I want to have a set of groups that reflect “current” 
> students, and one that has “recent” students, so that we can have certain 
> permissions granted to people who were recently students (so that when you 
> lose your affiliation, you still have access to certain resources for a 
> period of time).
>  
> If I try to add the following series of rules, using gsh, exiting gsh 
> entirely after each rule, and verifying that I can see the rules in the 
> lite UI "View or assign attributes” screen, the first two work fine.  When 
> I add the third rule, it overwrites the second rule.    There are no other 
> rules in the system when I start.
>  
> Is there some limitation on having two rules, owned by the same group, but 
> with different actions?
>  
> We are using Grouper 2.1.4.  I did a quick check of the 2.1.5 release 
> notes, and nothing about rules jumped out at me, but I can try to get my 
> system upgraded if that will help.
>  
> -jeaton
>  
> The rules:
>  
>  
> // Rule 1: on the "current" group…
> grouperSession = GrouperSession.startRootSession();
> currentGroup = GroupFinder.findByName(grouperSession, 
> "Apps:Provisioning:auto:Active-Students-Current");
> AttributeAssign attributeAssignCurrent = 
> currentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>  
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
>  "g:isa");
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
>  "GrouperSystem");
>  
> // Rule 1: Fires when a member is added to the corresponding loader-managed 
> group
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
>  "Apps:Provisioning:auto:Active-Students");
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());
>  
> // Rule 1: ... then the member is added to the current group
> attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
>  RuleThenEnum.addMemberToOwnerGroup.name());
>  
>  
> // Rule 2: on the "recent" group…
> grouperSession = GrouperSession.startRootSession();
> recentGroup = GroupFinder.findByName(grouperSession, 
> "Apps:Provisioning:auto:Active-Students-Recent");
> AttributeAssign attributeAssignRecent = 
> recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>  
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
>  "g:isa");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
>  "GrouperSystem");
>  
> // Rule 2: Fires when a member is added to the "Current" group
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
>  "Apps:Provisioning:auto:Active-Students-Current");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());
>  
> // Rule 2: Then removed the member from the "recent" group (because if you 
> are current, you are no longer recent)
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
>  RuleThenEnum.removeMemberFromOwnerGroup.name());
>  
>  
> // Now, for the opposite rules
> // Rule 3: on the "recent" group…
> grouperSession = GrouperSession.startRootSession();
> recentGroup = GroupFinder.findByName(grouperSession, 
> "Apps:Provisioning:auto:Active-Students-Recent");
> AttributeAssign attributeAssignRecent = 
> recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
>  
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(),
>  "g:isa");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(),
>  "GrouperSystem");
>  
> // Rule 3: Fires when a member is removed from the corresponding 
> loader-managed group
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(),
>  "Apps:Provisioning:auto:Active-Students");
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipRemove.name());
>  
> // Then add member to the "recent" group
> attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(),
>  RuleThenEnum.addMemberToOwnerGroup.name());