public class RuleApi extends Object
Constructor and Description |
---|
RuleApi() |
Modifier and Type | Method and Description |
---|---|
static AttributeAssign |
emailOnFlattenedDisabledDate(Subject actAsSubject,
Group ruleGroup,
Integer daysInFutureDisabledDateMin,
Integer daysInFutureDisabledDateMax,
String emailToValue,
String emailSubjectValue,
String emailBodyValue)
send emails via daemon on impending disabled memberships
|
static AttributeAssign |
emailOnFlattenedMembershipAdd(Subject actAsSubject,
Group ruleGroup,
String emailToValue,
String emailSubjectValue,
String emailBodyValue) |
static AttributeAssign |
emailOnFlattenedMembershipAddFromStem(Subject actAsSubject,
Stem ruleStem,
Stem.Scope stemScope,
String emailToValue,
String emailSubjectValue,
String emailBodyValue) |
static AttributeAssign |
emailOnFlattenedMembershipRemove(Subject actAsSubject,
Group ruleGroup,
String emailToValue,
String emailSubjectValue,
String emailBodyValue) |
static AttributeAssign |
emailOnFlattenedMembershipRemoveFromStem(Subject actAsSubject,
Stem ruleStem,
Stem.Scope stemScope,
String emailToValue,
String emailSubjectValue,
String emailBodyValue) |
static AttributeAssign |
emailOnFlattenedPermissionDisabledDate(Subject actAsSubject,
AttributeDef permissionDef,
Integer daysInFutureDisabledDateMin,
Integer daysInFutureDisabledDateMax,
String emailToValue,
String emailSubjectValue,
String emailBodyValue) |
static AttributeAssign |
groupIntersection(Subject actAs,
Group ruleGroup,
Group mustBeInGroup)
put a rule on the rule group which says that if the user is not in the mustBeInGroup,
then remove from ruleGroup
|
static AttributeAssign |
groupIntersection(Subject actAs,
Group ruleGroup,
Group mustBeInGroup,
int daysInFutureForDisabledDate)
put a rule on the rule group which says that if the user is not in the mustBeInGroup,
then add an end date to the membership in the rule group X days in the future
|
static AttributeAssign |
groupIntersectionWithFolder(Subject actAs,
Group ruleGroup,
Stem folder,
Stem.Scope stemScope)
if a member is removed from a folder, and has no more memberships in any group in the folder, then
remove from the group
|
static boolean |
hasInheritedPrivilege(GrouperObject grouperObject,
Subject subject,
Privilege privilege,
boolean considerInGroup)
see if there is an inherited privilege
|
static boolean |
hasInheritedPrivilege(Map<MultiKey,Set<RuleDefinition>> inheritedRulesCacheByStemIdSubjectPrivilege,
GrouperObject grouperObject,
Subject subject,
Privilege privilege,
boolean considerInGroup)
see if there is an inherited privilege
|
static AttributeAssign |
inheritAttributeDefPrivileges(Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges)
make sure stem privileges are inherited in a attributeDef
|
static AttributeAssign |
inheritAttributeDefPrivileges(Subject actAs,
Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges)
Deprecated.
use the method without actAs inheritAttributeDefPrivileges(Stem stem, Scope stemScope,
Subject subjectToAssign, Set
|
static AttributeAssign |
inheritFolderPrivileges(Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges)
make sure stem privileges are inherited in a stem
|
static AttributeAssign |
inheritFolderPrivileges(Subject actAs,
Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges)
Deprecated.
use the method without actAs
|
static AttributeAssign |
inheritGroupPrivileges(Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges)
make sure group privileges are inherited in a stem
|
static AttributeAssign |
inheritGroupPrivileges(Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges,
String sqlLikeString)
make sure group privileges are inherited in a stem
|
static AttributeAssign |
inheritGroupPrivileges(Subject actAs,
Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges)
Deprecated.
use the non actAs method inheritGroupPrivileges(Stem stem, Scope stemScope,
Subject subjectToAssign, Set
|
static AttributeAssign |
inheritGroupPrivileges(Subject actAs,
Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges,
String sqlLikeString)
Deprecated.
use the method without actAs inheritGroupPrivileges(Stem stem, Scope stemScope,
Subject subjectToAssign, Set
|
static AttributeAssign |
permissionFolderIntersection(Subject actAs,
AttributeDef permissionToAssignRule,
Stem mustBeInGroupInFolder,
Stem.Scope stemScope) |
static AttributeAssign |
permissionGroupIntersection(Subject actAs,
AttributeDef permissionToAssignRule,
Group mustBeInGroup)
put a rule on an attribute def so that if a user comes out of a group, the user will be removed from
a role which has permissions or removed assignments directly to the user
|
static AttributeAssign |
permissionGroupIntersection(Subject actAs,
AttributeDef permissionToAssignRule,
Group mustBeInGroup,
int daysInFutureToDisable)
put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from
a role which has permissions or removed assignments directly to the user
|
static AttributeAssign |
reassignAttributeDefPrivilegesIfFromGroup(Subject actAs,
Stem ruleStem,
Stem.Scope stemScope)
normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
|
static AttributeAssign |
reassignGroupPrivilegesIfFromGroup(Subject actAs,
Stem ruleStem,
Stem.Scope stemScope)
normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
|
static AttributeAssign |
reassignStemPrivilegesIfFromGroup(Subject actAs,
Stem ruleStem,
Stem.Scope stemScope)
normalize privileges if the user who creates a stem is in a group which has create privileges on the stem
|
static int |
removePrivilegesIfNotAssignedByRule(boolean actAsRoot,
Stem stem,
Stem.Scope stemScope,
Subject subjectToAssign,
Set<Privilege> privileges,
String sqlLikeString)
remove group privileges are inherited in a stem
|
static String |
rulesToString() |
static String |
rulesToString(AttributeAssignable attributeAssignable) |
static int |
runRulesForOwner(AttributeAssignable attributeAssignable)
run rules for an attribute assignable
|
static AttributeAssign |
vetoMembershipIfNotInGroup(Subject actAs,
Group ruleGroup,
Group mustBeInGroup,
String vetoKey,
String vetoMessage) |
static AttributeAssign |
vetoMembershipIfNotInGroupInFolder(Subject actAs,
Group ruleGroup,
Stem mustBeInGroupInFolder,
Stem.Scope stemScope,
String vetoKey,
String vetoMessage) |
static AttributeAssign |
vetoMembershipIfTooManyMembers(Subject actAs,
Group ruleGroup,
Group groupToCheckMemberSize,
int maxMembers,
String sources,
String vetoKey,
String vetoMessage) |
static AttributeAssign |
vetoPermissionIfNotInGroup(Subject actAs,
AttributeDef permissionDef,
Group mustBeInGroup,
String vetoKey,
String vetoMessage)
veto a direct permission assignment if not in group
|
static AttributeAssign |
vetoSubjectAssignInFolderIfNotInGroup(Subject actAs,
Stem ruleStem,
Group mustBeInGroup,
boolean allowAll,
String sourceId,
Stem.Scope stemScope,
String vetoKey,
String vetoMessage)
add a rule on a stem saying that all subject use in the folder must be in a certain group.
|
public static AttributeAssign reassignGroupPrivilegesIfFromGroup(Subject actAs, Stem ruleStem, Stem.Scope stemScope)
actAs
- ruleStem
- stemScope
- public static AttributeAssign reassignAttributeDefPrivilegesIfFromGroup(Subject actAs, Stem ruleStem, Stem.Scope stemScope)
actAs
- ruleStem
- stemScope
- public static AttributeAssign vetoMembershipIfNotInGroupInFolder(Subject actAs, Group ruleGroup, Stem mustBeInGroupInFolder, Stem.Scope stemScope, String vetoKey, String vetoMessage)
actAs
- ruleGroup
- mustBeInGroupInFolder
- stemScope
- vetoKey
- vetoMessage
- public static AttributeAssign vetoSubjectAssignInFolderIfNotInGroup(Subject actAs, Stem ruleStem, Group mustBeInGroup, boolean allowAll, String sourceId, Stem.Scope stemScope, String vetoKey, String vetoMessage)
actAs
- ruleStem
- mustBeInGroup
- if blank and not allowAll, then restrict allallowAll
- if mustBeIn is blank and allowAll, then allow all (to override a restriction in ancestor folders)sourceId
- optional (recommended), to constraint this to subjects from certain sourcesstemScope
- vetoKey
- vetoMessage
- public static AttributeAssign vetoMembershipIfNotInGroup(Subject actAs, Group ruleGroup, Group mustBeInGroup, String vetoKey, String vetoMessage)
actAs
- ruleGroup
- mustBeInGroup
- vetoKey
- vetoMessage
- public static AttributeAssign vetoMembershipIfTooManyMembers(Subject actAs, Group ruleGroup, Group groupToCheckMemberSize, int maxMembers, String sources, String vetoKey, String vetoMessage)
actAs
- ruleGroup
- groupToCheckMemberSize
- null if ruleGroup, else the parent group to check membersmaxMembers
- number of members that are the max of ownersources
- comma separate sourceIds if checking source of members. e.g. source with your peoplevetoKey
- vetoMessage
- @Deprecated public static AttributeAssign inheritAttributeDefPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringpublic static AttributeAssign inheritAttributeDefPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from string@Deprecated public static AttributeAssign inheritFolderPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringpublic static AttributeAssign inheritFolderPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from string@Deprecated public static AttributeAssign inheritGroupPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringpublic static AttributeAssign inheritGroupPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringpublic static int removePrivilegesIfNotAssignedByRule(boolean actAsRoot, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)
actAsRoot
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringsqlLikeString
- public static boolean hasInheritedPrivilege(GrouperObject grouperObject, Subject subject, Privilege privilege, boolean considerInGroup)
grouperObject
- subject
- privilege
- considerInGroup
- if allow the subject to be in a group which has an inherited privilegepublic static boolean hasInheritedPrivilege(Map<MultiKey,Set<RuleDefinition>> inheritedRulesCacheByStemIdSubjectPrivilege, GrouperObject grouperObject, Subject subject, Privilege privilege, boolean considerInGroup)
inheritedRulesCacheByStemIdSubjectPrivilege
- grouperObject
- subject
- privilege
- considerInGroup
- if allow the subject to be in a group which has an inherited privilege@Deprecated public static AttributeAssign inheritGroupPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringsqlLikeString
- public static AttributeAssign inheritGroupPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)
actAs
- stem
- stemScope
- ONE or SUBsubjectToAssign
- privileges
- can use Privilege.getInstances() to convert from stringsqlLikeString
- public static AttributeAssign groupIntersectionWithFolder(Subject actAs, Group ruleGroup, Stem folder, Stem.Scope stemScope)
actAs
- ruleGroup
- folder
- stemScope
- public static AttributeAssign groupIntersection(Subject actAs, Group ruleGroup, Group mustBeInGroup)
actAs
- ruleGroup
- mustBeInGroup
- public static AttributeAssign groupIntersection(Subject actAs, Group ruleGroup, Group mustBeInGroup, int daysInFutureForDisabledDate)
actAs
- ruleGroup
- mustBeInGroup
- daysInFutureForDisabledDate
- public static String rulesToString()
public static String rulesToString(AttributeAssignable attributeAssignable)
attributeAssignable
- public static int runRulesForOwner(AttributeAssignable attributeAssignable)
attributeAssignable
- public static AttributeAssign permissionGroupIntersection(Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup, int daysInFutureToDisable)
actAs
- permissionToAssignRule
- mustBeInGroup
- daysInFutureToDisable
- public static AttributeAssign permissionGroupIntersection(Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup)
actAs
- permissionToAssignRule
- mustBeInGroup
- public static AttributeAssign permissionFolderIntersection(Subject actAs, AttributeDef permissionToAssignRule, Stem mustBeInGroupInFolder, Stem.Scope stemScope)
actAs
- permissionToAssignRule
- mustBeInGroupInFolder
- stemScope
- public static AttributeAssign vetoPermissionIfNotInGroup(Subject actAs, AttributeDef permissionDef, Group mustBeInGroup, String vetoKey, String vetoMessage)
actAs
- permissionDef
- mustBeInGroup
- vetoKey
- vetoMessage
- public static AttributeAssign emailOnFlattenedMembershipRemove(Subject actAsSubject, Group ruleGroup, String emailToValue, String emailSubjectValue, String emailBodyValue)
ruleGroup
- actAsSubject
- emailToValue
- e.g. "a@b.c, ${safeSubject.emailAddress}"emailSubjectValue
- e.g. "You will be removed from group: ${groupDisplayExtension}"emailBodyValue
- e.g. "template: testEmailGroupBodyFlattenedRemove"public static AttributeAssign emailOnFlattenedMembershipAddFromStem(Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, String emailToValue, String emailSubjectValue, String emailBodyValue)
actAsSubject
- ruleStem
- stemScope
- emailToValue
- emailSubjectValue
- emailBodyValue
- public static AttributeAssign emailOnFlattenedMembershipRemoveFromStem(Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, String emailToValue, String emailSubjectValue, String emailBodyValue)
actAsSubject
- ruleStem
- stemScope
- emailToValue
- emailSubjectValue
- emailBodyValue
- public static AttributeAssign emailOnFlattenedMembershipAdd(Subject actAsSubject, Group ruleGroup, String emailToValue, String emailSubjectValue, String emailBodyValue)
ruleGroup
- actAsSubject
- emailToValue
- e.g. "a@b.c, ${safeSubject.emailAddress}"emailSubjectValue
- e.g. "You were added to group: ${groupDisplayExtension}"emailBodyValue
- e.g. "template: testEmailGroupBodyFlattenedAdd"public static AttributeAssign emailOnFlattenedDisabledDate(Subject actAsSubject, Group ruleGroup, Integer daysInFutureDisabledDateMin, Integer daysInFutureDisabledDateMax, String emailToValue, String emailSubjectValue, String emailBodyValue)
actAsSubject
- ruleGroup
- daysInFutureDisabledDateMin
- daysInFutureDisabledDateMax
- emailToValue
- emailSubjectValue
- emailBodyValue
- public static AttributeAssign emailOnFlattenedPermissionDisabledDate(Subject actAsSubject, AttributeDef permissionDef, Integer daysInFutureDisabledDateMin, Integer daysInFutureDisabledDateMax, String emailToValue, String emailSubjectValue, String emailBodyValue)
actAsSubject
- permissionDef
- daysInFutureDisabledDateMin
- daysInFutureDisabledDateMax
- emailToValue
- emailSubjectValue
- emailBodyValue
- public static AttributeAssign reassignStemPrivilegesIfFromGroup(Subject actAs, Stem ruleStem, Stem.Scope stemScope)
actAs
- ruleStem
- stemScope
- Copyright © 2016 Internet2. All rights reserved.