grouper-users - [grouper-users] RE: Does this make sense? or am I not looking at this right?
Subject: Grouper Users - Open Discussion List
List archive
- From: "Black, Carey M." <>
- To: "Hyzer, Chris" <>, "" <>
- Subject: [grouper-users] RE: Does this make sense? or am I not looking at this right?
- Date: Tue, 12 Sep 2017 15:37:15 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 128.146.163.15) smtp.mailfrom=osu.edu; internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=pass action=none header.from=osu.edu;
- Ironport-phdr: 9a23:VO0yqxAd8NyJWffVHHsmUyQJP3N1i/DPJgcQr6AfoPdwSPX9rsbcNUDSrc9gkEXOFd2CrakV26yO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhzexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoJNyA3/nzLisJ+j6xbrhCupx1jzIDbb46YL+Z+frrZcN8GWWZNQthdWipcCY28dYsPCO8BMP5Wo4Tgo1sBtwexBQq0COjy1DJHnGX20rM60u88Fg/KxgIsFM8JvXvPqNX6LrsdUeOvwKXV0znOYehb2TDm6IjVaBwuv+yDXa9pfMfX1EIhFBvFg02OpYP/Iz+Zy+EAv3WG4+Z9UO+vhWEqpx1trjWqyMcjlIbEiZgQx13B9yh13YI4KcWlREJlYtOoCoZcui6bOodsRs4vTHtktDgnxrEaoZK7cjYFxZc7yxPabvGKc5SH7Q7tVOuUPzt1i3Nod6+6ihu98UWtyOPxW8yo31lRtSVKiN/BvW0X2RPJ8MiIUP5981+h2TmR0wDT7flJL1gomKTcN5IszKc8m4cRvkjdByP2n175g7GMekUj5+io9//oYrL7pp+aKoB4kBn+Mr4pmsyjH+s3LhQOX2mc+eS6zrHj+lD5QKlOjv0xlanZs4rWKtgcpq68GwNV04Aj5AijDzq+ztgXh2ULIE9AdR6akoTlJlTDIP73APujn1ihlTlryO7JM7L7B5jAK3rOnKrlcLpl7k5T0gszzdRR55JODbEBJer+VVT1tNPCEhA5MBa4z/v5BNhzzY4eXnmPArKDPKzMrFCI+/ojI/OQa48NpDb9N/8l6ubhjX8jnl8dYLGp0oUNaHyhA/RmOFuWYWD3gtoaFWcKvxE+TPDxiFGcSzJTZnCyX74i6TEhDoKpE5vDSp63jLOfwSi7A84eWmcTQHCdA3ryM82vW+0Nc2jadspqki0WWKKJSpQqkwy2uQn8jbdrM7yQsmcXr5X+zNVvovDImAsp3T1yE8mH1WyRFSd5kn5CD2s5xqdiuUFnj0qY3LJjq/1eCdFJ4f5VCEE3OYOKnMJgDNWnECjFd9yKDB6NS8+rEHkUCJh5l9UKak1+XYz41TjExDfsDrMIwe/YTKco+77RiiCib/12zGzLgfEs
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Chris,
Thanks for the code snips. I am sure they will get me to a point that I can
start to build something. :)
Thanks for asking for a better explanation. I know I dumped a lot of stuff in
there . I think I now see how my post notation likely made the concepts more
confusing that I wanted.
Sorry about that, I was trying to be compact in my text.
Maybe the following helps? (Re written, expanded... more English than
notation. )
"
The existing permission of "Create" does not support Create Group vs Create
Stem (er... Folder) .
These two attribute names ( allowFolderCreate and allowGroupCreate)
provide a way to "tag" a stem and restrict those activities via a hook's
stemPreInsert method...
> Attributes that can be assigned to folders (stems)
> folderStructure (Is an attribute def that is "single
> assignable" for a stem)
> allowFolderCreate ( is an attribute name that is "single
> valued" , "String")
Description: Use this constraint from the parent
folder(s) to allow or veto a user create of new sub folders.
values only one of:
"ALL"(implied by not having the
attribute on any parent stem),
"ONE",
"NONE"
> allowGroupCreate ( is an attribute name that is "single
> valued", "String")
Description: Use this constraint from the parent
folder(s) to allow or veto a user create of new groups.
values only one of:
"ALL"(implied by not having the
attribute on any parent stem),
"ONE",
"NONE"
And if I really want to be hard on myself....( Version 2 of
these attributes would be defined this way )
> allowFolderCreateByGroup ( is an attribute name that is
> "*multiple* valued" , "String")
Description: Use this constraint from the parent
folder(s) to allow or veto a user create of new sub folders.
values are a pair of strings where
the first value is one of:
"ALL"(implied by not having the
attribute on any parent stem),
"ONE",
"NONE"
Followed by a second value that is
a "Group ID/REF" Example:
"etc:wheel"
NOTE: "*" would mean all groups
> Example values:
> "All", "etc:wheel"
> "NONE","*"
> "ONE","etc:MasterOfAllStems"
> allowGroupCreateByGroup ( is an attribute name that is
> "*multiple* valued", "String")
Description: Use this constraint from the parent
folder(s) to allow or veto a user create of new groups.
values are a pair of strings where:
"ALL"(implied by not having the
attribute on any parent stem),
"ONE",
"NONE"
Followed by a second value that is
a "Group ID/REF" Example:
"etc:wheel"
NOTE: "*" would mean all groups
> Example values:
> "All", "etc:wheel"
> "NONE","*"
> "ONE","etc:MasterOfAllStems"
"
I picture this kind of logic in the hook:
// Just using the "simple" model that does not depend on the users ACL's
// So not looking at the values in the " And if I really want to be hard on
myself...." (version 2) of these attributes.
If ( New stem's parent(s) had the attribute " allowFolderCreate" defined on
it) then
If (allowFolderCreate.value == "ALL") then
Allow folder creation inside the stem with
allowFolderCreate.value at all levels below the stem with the attribute.
else (allowFolderCreate.value == "ONE") then
Allow folder creation inside the stem with
allowFolderCreate.value at ONLY one level below the stem with the attribute
allowFolderCreate.value.
else (allowFolderCreate.value == "NONE") then
Do not allow stem's to be created below the stem with the
attribute.
end if
end if
Same general concept for the allowGroupCreate attribute.
A practical example...
Existing structures before attributes are added to any stems:
Stem: Stem1:
Stem: Stem1:Sub2
Stem: Stem1:Sub3
Stem: Stem1:Sub4
Add attribute allowFolderCreate: to Stem1, Sub2 and Sub3 (with illustrative
values)
Stem: Stem1:
Attribute: allowFolderCreate = "NONE" on Stem1 would VETO new folders
from being created.
Stem:Stem1:* Not allowed.
Stem: Stem1:Sub2
Attribute: allowFolderCreate = "ONE" on Sub2 would ALLOW new folders
from being created at Sub2's child level, but VETO at Sub2's children's
levels...
Attributes assigned in Sub2 would mask value on Stem1.
Stem:Stem1:Sub2:* allowed,
Stem:Stem1:Sub2:*:... Not allowed
Stem: Stem1:Sub3
Attribute: allowFolderCreate = "ALL" on Sub3 would ALLOW new folders
from being created beyond Sub3. (Child and Children levels)
Attributes assigned in Sub3 would mask value on Stem1.
Stem:Stem1:Sub3:* allowed,
Stem:Stem1:Sub3:*:*:.... allowed
Stem: Stem1:Sub4
No allowFolderCreate value assigned here. So Stem1's value would be
found and used for Sub4 as well.
VETO new folders from being created.
Stem:Stem1:Sub4:* Not allowed.
--
Carey Matthew
-----Original Message-----
From: Hyzer, Chris
[mailto:]
Sent: Monday, September 11, 2017 10:40 AM
To: Black, Carey M.
<>;
Subject: RE: Does this make sense? or am I not looking at this right?
> If you want to know my current wish list... here it is: (WARNING:
> Lots of details, might be half baked at this point....)
>
> Here is what I am thinking for attributes and their functions( Hook
> responses ):
After a quick read I dont really know how these attributes would be used with
hooks. Maybe some simple examples of attribute values and what the hook
would do...
thanks
Chris
>
> Attributes for folders (stems)
> folderStructure (def:single assignable)
> allowFolderCreate (name: single value) values only one of:
> "ALL"(implied by
> not having the attribute), "one level", "NONE"
> allowGroupCreate (name: single value) values only one of:
> "ALL"(implied by
> not having the attribute), "one level", "NONE"
> Use this constraint from the parent folder(s)
> to veto user
> creates.
<snip>
> --
> Carey Matthew Black.123
>
>
- [grouper-users] Does this make sense? or am I not looking at this right?, Black, Carey M., 09/10/2017
- [grouper-users] RE: Does this make sense? or am I not looking at this right?, Hyzer, Chris, 09/11/2017
- [grouper-users] RE: Does this make sense? or am I not looking at this right?, Black, Carey M., 09/12/2017
- [grouper-users] RE: Does this make sense? or am I not looking at this right?, Hyzer, Chris, 09/11/2017
Archive powered by MHonArc 2.6.19.