Subject: Grouper Users - Open Discussion List
- From: Shilen Patel <>
- To: Jeffrey Crawford <>
- Cc: Gouper Users List <>
- Subject: Re: [grouper-users] Re: composite-ng intersection
- Date: Sat, 13 Aug 2016 18:33:46 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:K2F/xBOvFJOggId1mCkl6mtUPXoX/o7sNwtQ0KIMzox0K/X+rarrMEGX3/hxlliBBdydsK0UzbeN+Pm9EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i76xXcoFx7+LQt4IPjuUs6X1pzvlrP6x5qGQQhGiiCwcPtZNhypowLLuoFCg4ZsJLw82xDhv3BTcKJbyX4+dnyJmBOp3cex+JNluxxZp/8lv5pbUaT+cqIQQaFbAXIrP31jt56jjgXKUQbavihUaW4RiBcdRlGdtBw=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
This was actually partially working in Grouper 2.3, but there were a couple of issues.
1. The shorthand method of creating rules (e.g. RuleApi.groupIntersection) was indeed using direct members. That said, it is possible to create rules with effective memberships by either changing the rule after creation or using the longhand method. The trick is that instead of specifying "RuleCheckType.membershipRemove.name()" as the check type, you would specify "RuleCheckType.flattenedMembershipRemove.name()".
The way that the flattened membership rules work is that they use a built in change log consumer (grouperRules) to fire the rules. As long as you're running the Grouper Daemon and you haven't disabled that change log consumer, this should work.
2. Doing the above would get your rules to fire properly with effective memberships. But there's still another problem. There's a rules daemon that runs with the Grouper Daemon. In the case of group intersection, if somebody got added to the first group but they weren't a member of the second, it is the rules daemon that would remove the membership in the first group. However, in 2.3 the rules daemon wasn't set up for flattened membership removes (only for direct membership removes).
So anyways, I added a fix in Grouper 2.4 to address these issues. All newly created rules (except veto rules) created via the shorthand method will default to effective memberships. Existing rules won't change automatically, but we may need to discuss whether there should be an easy way to change existing rules during the 2.4 upgrade. And also, the rules daemon is fixed (again in 2.4).
I opted to put this fix in 2.4 since it's a change in requirements for having the rule work properly (you need to run the grouperRules change log consumer). But if it's needed in 2.3, let me know and I'll create a patch in 2.3.
From: Jeffrey Crawford <>
Date: Friday, July 1, 2016 at 8:35 PM
To: Gouper Users List <>
Subject: [grouper-users] Re: composite-ng intersection
- Re: [grouper-users] Re: composite-ng intersection, Shilen Patel, 08/13/2016
Archive powered by MHonArc 2.6.19.