RuleApi (Grouper API 2.5.0-SNAPSHOT Java API.)

java.lang.Object
- edu.internet2.middleware.grouper.rules.RuleApi

```
public class RuleApi
extends Object
```
helper methods to assign rules to objects without having to deal with attributes note, you can use this from gsh too

Constructor Summary

Constructors
Constructor and Description

RuleApi()

Constructors
Constructor and Description
`RuleApi()`

Method Summary

All Methods Static Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`static AttributeAssign`	`emailOnFlattenedDisabledDate(Subject actAsSubject, Group ruleGroup, Integer daysInFutureDisabledDateMin, Integer daysInFutureDisabledDateMax, String emailToValue, String emailSubjectValue, String emailBodyValue)` send emails via daemon on impending disabled memberships
`static AttributeAssign`	`emailOnFlattenedMembershipAdd(Subject actAsSubject, Group ruleGroup, String emailToValue, String emailSubjectValue, String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedMembershipAddFromStem(Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, String emailToValue, String emailSubjectValue, String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedMembershipRemove(Subject actAsSubject, Group ruleGroup, String emailToValue, String emailSubjectValue, String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedMembershipRemoveFromStem(Subject actAsSubject, Stem ruleStem, Stem.Scope stemScope, String emailToValue, String emailSubjectValue, String emailBodyValue)`
`static AttributeAssign`	`emailOnFlattenedPermissionDisabledDate(Subject actAsSubject, AttributeDef permissionDef, Integer daysInFutureDisabledDateMin, Integer daysInFutureDisabledDateMax, String emailToValue, String emailSubjectValue, String emailBodyValue)`
`static AttributeAssign`	`groupIntersection(Subject actAs, Group ruleGroup, Group mustBeInGroup)` put a rule on the rule group which says that if the user is not in the mustBeInGroup, then remove from ruleGroup
`static AttributeAssign`	`groupIntersection(Subject actAs, Group ruleGroup, Group mustBeInGroup, int daysInFutureForDisabledDate)` put a rule on the rule group which says that if the user is not in the mustBeInGroup, then add an end date to the membership in the rule group X days in the future
`static AttributeAssign`	`groupIntersectionWithFolder(Subject actAs, Group ruleGroup, Stem folder, Stem.Scope stemScope)` if a member is removed from a folder, and has no more memberships in any group in the folder, then remove from the group
`static boolean`	`hasInheritedPrivilege(GrouperObject grouperObject, Subject subject, Privilege privilege, boolean considerInGroup)` see if there is an inherited privilege
`static boolean`	`hasInheritedPrivilege(Map<MultiKey,Set<RuleDefinition>> inheritedRulesCacheByStemIdSubjectPrivilege, GrouperObject grouperObject, Subject subject, Privilege privilege, boolean considerInGroup)` see if there is an inherited privilege
`static AttributeAssign`	`inheritAttributeDefPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)` make sure stem privileges are inherited in a attributeDef
`static AttributeAssign`	`inheritAttributeDefPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)` Deprecated. use the method without actAs inheritAttributeDefPrivileges(Stem stem, Scope stemScope, Subject subjectToAssign, Set privileges
`static AttributeAssign`	`inheritFolderPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)` make sure stem privileges are inherited in a stem
`static AttributeAssign`	`inheritFolderPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)` Deprecated. use the method without actAs
`static AttributeAssign`	`inheritGroupPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)` make sure group privileges are inherited in a stem
`static AttributeAssign`	`inheritGroupPrivileges(Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)` make sure group privileges are inherited in a stem
`static AttributeAssign`	`inheritGroupPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges)` Deprecated. use the non actAs method inheritGroupPrivileges(Stem stem, Scope stemScope, Subject subjectToAssign, Set privileges)
`static AttributeAssign`	`inheritGroupPrivileges(Subject actAs, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)` Deprecated. use the method without actAs inheritGroupPrivileges(Stem stem, Scope stemScope, Subject subjectToAssign, Set privileges, String sqlLikeString)
`static AttributeAssign`	`permissionFolderIntersection(Subject actAs, AttributeDef permissionToAssignRule, Stem mustBeInGroupInFolder, Stem.Scope stemScope)`
`static AttributeAssign`	`permissionGroupIntersection(Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup)` put a rule on an attribute def so that if a user comes out of a group, the user will be removed from a role which has permissions or removed assignments directly to the user
`static AttributeAssign`	`permissionGroupIntersection(Subject actAs, AttributeDef permissionToAssignRule, Group mustBeInGroup, int daysInFutureToDisable)` put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from a role which has permissions or removed assignments directly to the user
`static AttributeAssign`	`reassignAttributeDefPrivilegesIfFromGroup(Subject actAs, Stem ruleStem, Stem.Scope stemScope)` normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
`static AttributeAssign`	`reassignGroupPrivilegesIfFromGroup(Subject actAs, Stem ruleStem, Stem.Scope stemScope)` normalize privileges if the user who creates a group is in a group which has create privilegs on the stem
`static AttributeAssign`	`reassignStemPrivilegesIfFromGroup(Subject actAs, Stem ruleStem, Stem.Scope stemScope)` normalize privileges if the user who creates a stem is in a group which has create privileges on the stem
`static int`	`removePrivilegesIfNotAssignedByRule(boolean actAsRoot, Stem stem, Stem.Scope stemScope, Subject subjectToAssign, Set<Privilege> privileges, String sqlLikeString)` remove group privileges are inherited in a stem
`static String`	`rulesToString()`
`static String`	`rulesToString(AttributeAssignable attributeAssignable)`
`static int`	`runRulesForOwner(AttributeAssignable attributeAssignable)` run rules for an attribute assignable
`static AttributeAssign`	`vetoMembershipIfNotInGroup(Subject actAs, Group ruleGroup, Group mustBeInGroup, String vetoKey, String vetoMessage)`
`static AttributeAssign`	`vetoMembershipIfNotInGroupInFolder(Subject actAs, Group ruleGroup, Stem mustBeInGroupInFolder, Stem.Scope stemScope, String vetoKey, String vetoMessage)`
`static AttributeAssign`	`vetoMembershipIfTooManyMembers(Subject actAs, Group ruleGroup, Group groupToCheckMemberSize, int maxMembers, String sources, String vetoKey, String vetoMessage)`
`static AttributeAssign`	`vetoPermissionIfNotInGroup(Subject actAs, AttributeDef permissionDef, Group mustBeInGroup, String vetoKey, String vetoMessage)` veto a direct permission assignment if not in group
`static AttributeAssign`	`vetoSubjectAssignInFolderIfNotInGroup(Subject actAs, Stem ruleStem, Group mustBeInGroup, boolean allowAll, String sourceId, Stem.Scope stemScope, String vetoKey, String vetoMessage)` add a rule on a stem saying that all subject use in the folder must be in a certain group.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- RuleApi
```
public RuleApi()
```

Method Detail

reassignGroupPrivilegesIfFromGroup

public static AttributeAssign reassignGroupPrivilegesIfFromGroup(Subject actAs,
                                                                 Stem ruleStem,
                                                                 Stem.Scope stemScope)

normalize privileges if the user who creates a group is in a group which has create privilegs on the stem

Parameters:: actAs -; ruleStem -; stemScope -
Returns:: the attribute assignment

reassignAttributeDefPrivilegesIfFromGroup

public static AttributeAssign reassignAttributeDefPrivilegesIfFromGroup(Subject actAs,
                                                                        Stem ruleStem,
                                                                        Stem.Scope stemScope)

normalize privileges if the user who creates a group is in a group which has create privilegs on the stem

Parameters:: actAs -; ruleStem -; stemScope -
Returns:: the attribute assignment

vetoMembershipIfNotInGroupInFolder

public static AttributeAssign vetoMembershipIfNotInGroupInFolder(Subject actAs,
                                                                 Group ruleGroup,
                                                                 Stem mustBeInGroupInFolder,
                                                                 Stem.Scope stemScope,
                                                                 String vetoKey,
                                                                 String vetoMessage)

Parameters:: actAs -; ruleGroup -; mustBeInGroupInFolder -; stemScope -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

vetoSubjectAssignInFolderIfNotInGroup

public static AttributeAssign vetoSubjectAssignInFolderIfNotInGroup(Subject actAs,
                                                                    Stem ruleStem,
                                                                    Group mustBeInGroup,
                                                                    boolean allowAll,
                                                                    String sourceId,
                                                                    Stem.Scope stemScope,
                                                                    String vetoKey,
                                                                    String vetoMessage)

add a rule on a stem saying that all subject use in the folder must be in a certain group. note, the first rule found will be used

Parameters:: actAs -; ruleStem -; mustBeInGroup - if blank and not allowAll, then restrict all; allowAll - if mustBeIn is blank and allowAll, then allow all (to override a restriction in ancestor folders); sourceId - optional (recommended), to constraint this to subjects from certain sources; stemScope -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

vetoMembershipIfNotInGroup

public static AttributeAssign vetoMembershipIfNotInGroup(Subject actAs,
                                                         Group ruleGroup,
                                                         Group mustBeInGroup,
                                                         String vetoKey,
                                                         String vetoMessage)

Parameters:: actAs -; ruleGroup -; mustBeInGroup -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

vetoMembershipIfTooManyMembers

public static AttributeAssign vetoMembershipIfTooManyMembers(Subject actAs,
                                                             Group ruleGroup,
                                                             Group groupToCheckMemberSize,
                                                             int maxMembers,
                                                             String sources,
                                                             String vetoKey,
                                                             String vetoMessage)

Parameters:: actAs -; ruleGroup -; groupToCheckMemberSize - null if ruleGroup, else the parent group to check members; maxMembers - number of members that are the max of owner; sources - comma separate sourceIds if checking source of members. e.g. source with your people; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

inheritAttributeDefPrivileges

@Deprecated
public static AttributeAssign inheritAttributeDefPrivileges(Subject actAs,
                                                                        Stem stem,
                                                                        Stem.Scope stemScope,
                                                                        Subject subjectToAssign,
                                                                        Set<Privilege> privileges)

Deprecated. use the method without actAs inheritAttributeDefPrivileges(Stem stem, Scope stemScope, Subject subjectToAssign, Set privileges

make sure stem privileges are inherited in a attributeDef

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritAttributeDefPrivileges

public static AttributeAssign inheritAttributeDefPrivileges(Stem stem,
                                                            Stem.Scope stemScope,
                                                            Subject subjectToAssign,
                                                            Set<Privilege> privileges)

make sure stem privileges are inherited in a attributeDef

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritFolderPrivileges

@Deprecated
public static AttributeAssign inheritFolderPrivileges(Subject actAs,
                                                                  Stem stem,
                                                                  Stem.Scope stemScope,
                                                                  Subject subjectToAssign,
                                                                  Set<Privilege> privileges)

Deprecated. use the method without actAs

make sure stem privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritFolderPrivileges

public static AttributeAssign inheritFolderPrivileges(Stem stem,
                                                      Stem.Scope stemScope,
                                                      Subject subjectToAssign,
                                                      Set<Privilege> privileges)

make sure stem privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritGroupPrivileges

@Deprecated
public static AttributeAssign inheritGroupPrivileges(Subject actAs,
                                                                 Stem stem,
                                                                 Stem.Scope stemScope,
                                                                 Subject subjectToAssign,
                                                                 Set<Privilege> privileges)

Deprecated. use the non actAs method inheritGroupPrivileges(Stem stem, Scope stemScope, Subject subjectToAssign, Set privileges)

make sure group privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

inheritGroupPrivileges

public static AttributeAssign inheritGroupPrivileges(Stem stem,
                                                     Stem.Scope stemScope,
                                                     Subject subjectToAssign,
                                                     Set<Privilege> privileges)

make sure group privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string
Returns:: the assignment in case there are edits

removePrivilegesIfNotAssignedByRule

public static int removePrivilegesIfNotAssignedByRule(boolean actAsRoot,
                                                      Stem stem,
                                                      Stem.Scope stemScope,
                                                      Subject subjectToAssign,
                                                      Set<Privilege> privileges,
                                                      String sqlLikeString)

remove group privileges are inherited in a stem

Parameters:: actAsRoot -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string; sqlLikeString -
Returns:: the number removed

hasInheritedPrivilege

public static boolean hasInheritedPrivilege(GrouperObject grouperObject,
                                            Subject subject,
                                            Privilege privilege,
                                            boolean considerInGroup)

see if there is an inherited privilege

Parameters:: grouperObject -; subject -; privilege -; considerInGroup - if allow the subject to be in a group which has an inherited privilege
Returns:: true if so, or false if not

hasInheritedPrivilege

public static boolean hasInheritedPrivilege(Map<MultiKey,Set<RuleDefinition>> inheritedRulesCacheByStemIdSubjectPrivilege,
                                            GrouperObject grouperObject,
                                            Subject subject,
                                            Privilege privilege,
                                            boolean considerInGroup)

see if there is an inherited privilege

Parameters:: inheritedRulesCacheByStemIdSubjectPrivilege -; grouperObject -; subject -; privilege -; considerInGroup - if allow the subject to be in a group which has an inherited privilege
Returns:: true if so, or false if not

inheritGroupPrivileges

@Deprecated
public static AttributeAssign inheritGroupPrivileges(Subject actAs,
                                                                 Stem stem,
                                                                 Stem.Scope stemScope,
                                                                 Subject subjectToAssign,
                                                                 Set<Privilege> privileges,
                                                                 String sqlLikeString)

Deprecated. use the method without actAs inheritGroupPrivileges(Stem stem, Scope stemScope, Subject subjectToAssign, Set privileges, String sqlLikeString)

make sure group privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string; sqlLikeString -
Returns:: the assignment in case there are edits

inheritGroupPrivileges

public static AttributeAssign inheritGroupPrivileges(Stem stem,
                                                     Stem.Scope stemScope,
                                                     Subject subjectToAssign,
                                                     Set<Privilege> privileges,
                                                     String sqlLikeString)

make sure group privileges are inherited in a stem

Parameters:: actAs -; stem -; stemScope - ONE or SUB; subjectToAssign -; privileges - can use Privilege.getInstances() to convert from string; sqlLikeString -
Returns:: the assignment in case there are edits

groupIntersectionWithFolder

public static AttributeAssign groupIntersectionWithFolder(Subject actAs,
                                                          Group ruleGroup,
                                                          Stem folder,
                                                          Stem.Scope stemScope)

if a member is removed from a folder, and has no more memberships in any group in the folder, then remove from the group

Parameters:: actAs -; ruleGroup -; folder -; stemScope -
Returns:: the assignment in case there are edits

groupIntersection

public static AttributeAssign groupIntersection(Subject actAs,
                                                Group ruleGroup,
                                                Group mustBeInGroup)

put a rule on the rule group which says that if the user is not in the mustBeInGroup, then remove from ruleGroup

Parameters:: actAs -; ruleGroup -; mustBeInGroup -
Returns:: the assignment in case there are edits

groupIntersection

public static AttributeAssign groupIntersection(Subject actAs,
                                                Group ruleGroup,
                                                Group mustBeInGroup,
                                                int daysInFutureForDisabledDate)

put a rule on the rule group which says that if the user is not in the mustBeInGroup, then add an end date to the membership in the rule group X days in the future

Parameters:: actAs -; ruleGroup -; mustBeInGroup -; daysInFutureForDisabledDate -
Returns:: the assignment in case there are edits

rulesToString
```
public static String rulesToString()
```
Returns:

the string

rulesToString

public static String rulesToString(AttributeAssignable attributeAssignable)

Parameters:: attributeAssignable -
Returns:: the string

runRulesForOwner
```
public static int runRulesForOwner(AttributeAssignable attributeAssignable)
```
run rules for an attribute assignable

Parameters:

attributeAssignable -

Returns:

the number of rules ran (note, if not valid or not daemonable then dont run, then that doesnt count)

permissionGroupIntersection

public static AttributeAssign permissionGroupIntersection(Subject actAs,
                                                          AttributeDef permissionToAssignRule,
                                                          Group mustBeInGroup,
                                                          int daysInFutureToDisable)

put a rule on an attribute def so that if a user comes out of a group, the user will have disabled dates from a role which has permissions or removed assignments directly to the user

Parameters:: actAs -; permissionToAssignRule -; mustBeInGroup -; daysInFutureToDisable -
Returns:: the assignment in case there are edits

permissionGroupIntersection

public static AttributeAssign permissionGroupIntersection(Subject actAs,
                                                          AttributeDef permissionToAssignRule,
                                                          Group mustBeInGroup)

put a rule on an attribute def so that if a user comes out of a group, the user will be removed from a role which has permissions or removed assignments directly to the user

Parameters:: actAs -; permissionToAssignRule -; mustBeInGroup -
Returns:: the assignment in case there are edits

permissionFolderIntersection

public static AttributeAssign permissionFolderIntersection(Subject actAs,
                                                           AttributeDef permissionToAssignRule,
                                                           Stem mustBeInGroupInFolder,
                                                           Stem.Scope stemScope)

Parameters:: actAs -; permissionToAssignRule -; mustBeInGroupInFolder -; stemScope -
Returns:: the assignment in case there are edits

vetoPermissionIfNotInGroup

public static AttributeAssign vetoPermissionIfNotInGroup(Subject actAs,
                                                         AttributeDef permissionDef,
                                                         Group mustBeInGroup,
                                                         String vetoKey,
                                                         String vetoMessage)

veto a direct permission assignment if not in group

Parameters:: actAs -; permissionDef -; mustBeInGroup -; vetoKey -; vetoMessage -
Returns:: the assignment in case there are edits

emailOnFlattenedMembershipRemove

public static AttributeAssign emailOnFlattenedMembershipRemove(Subject actAsSubject,
                                                               Group ruleGroup,
                                                               String emailToValue,
                                                               String emailSubjectValue,
                                                               String emailBodyValue)

Parameters:: ruleGroup -; actAsSubject -; emailToValue - e.g. "a@b.c, ${safeSubject.emailAddress}"; emailSubjectValue - e.g. "You will be removed from group: ${groupDisplayExtension}"; emailBodyValue - e.g. "template: testEmailGroupBodyFlattenedRemove"
Returns:: the assignment in case there are edits

emailOnFlattenedMembershipAddFromStem

public static AttributeAssign emailOnFlattenedMembershipAddFromStem(Subject actAsSubject,
                                                                    Stem ruleStem,
                                                                    Stem.Scope stemScope,
                                                                    String emailToValue,
                                                                    String emailSubjectValue,
                                                                    String emailBodyValue)

Parameters:: actAsSubject -; ruleStem -; stemScope -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: the assignment in case there are edits

emailOnFlattenedMembershipRemoveFromStem

public static AttributeAssign emailOnFlattenedMembershipRemoveFromStem(Subject actAsSubject,
                                                                       Stem ruleStem,
                                                                       Stem.Scope stemScope,
                                                                       String emailToValue,
                                                                       String emailSubjectValue,
                                                                       String emailBodyValue)

Parameters:: actAsSubject -; ruleStem -; stemScope -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: the assignment to tweak it

emailOnFlattenedMembershipAdd

public static AttributeAssign emailOnFlattenedMembershipAdd(Subject actAsSubject,
                                                            Group ruleGroup,
                                                            String emailToValue,
                                                            String emailSubjectValue,
                                                            String emailBodyValue)

Parameters:: ruleGroup -; actAsSubject -; emailToValue - e.g. "a@b.c, ${safeSubject.emailAddress}"; emailSubjectValue - e.g. "You were added to group: ${groupDisplayExtension}"; emailBodyValue - e.g. "template: testEmailGroupBodyFlattenedAdd"
Returns:: the assignment to tweak it

emailOnFlattenedDisabledDate

public static AttributeAssign emailOnFlattenedDisabledDate(Subject actAsSubject,
                                                           Group ruleGroup,
                                                           Integer daysInFutureDisabledDateMin,
                                                           Integer daysInFutureDisabledDateMax,
                                                           String emailToValue,
                                                           String emailSubjectValue,
                                                           String emailBodyValue)

send emails via daemon on impending disabled memberships

Parameters:: actAsSubject -; ruleGroup -; daysInFutureDisabledDateMin -; daysInFutureDisabledDateMax -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: the attribute assign for customizing

emailOnFlattenedPermissionDisabledDate

public static AttributeAssign emailOnFlattenedPermissionDisabledDate(Subject actAsSubject,
                                                                     AttributeDef permissionDef,
                                                                     Integer daysInFutureDisabledDateMin,
                                                                     Integer daysInFutureDisabledDateMax,
                                                                     String emailToValue,
                                                                     String emailSubjectValue,
                                                                     String emailBodyValue)

Parameters:: actAsSubject -; permissionDef -; daysInFutureDisabledDateMin -; daysInFutureDisabledDateMax -; emailToValue -; emailSubjectValue -; emailBodyValue -
Returns:: attribute assign for customizing

reassignStemPrivilegesIfFromGroup

public static AttributeAssign reassignStemPrivilegesIfFromGroup(Subject actAs,
                                                                Stem ruleStem,
                                                                Stem.Scope stemScope)

normalize privileges if the user who creates a stem is in a group which has create privileges on the stem

Parameters:: actAs -; ruleStem -; stemScope -
Returns:: the attribute assignment

Class RuleApi

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

RuleApi

Method Detail

reassignGroupPrivilegesIfFromGroup

reassignAttributeDefPrivilegesIfFromGroup

vetoMembershipIfNotInGroupInFolder

vetoSubjectAssignInFolderIfNotInGroup

vetoMembershipIfNotInGroup

vetoMembershipIfTooManyMembers

inheritAttributeDefPrivileges

inheritAttributeDefPrivileges

inheritFolderPrivileges

inheritFolderPrivileges

inheritGroupPrivileges

inheritGroupPrivileges

removePrivilegesIfNotAssignedByRule

hasInheritedPrivilege

hasInheritedPrivilege

inheritGroupPrivileges

inheritGroupPrivileges

groupIntersectionWithFolder

groupIntersection

groupIntersection

rulesToString

rulesToString

runRulesForOwner

permissionGroupIntersection

permissionGroupIntersection

permissionFolderIntersection

vetoPermissionIfNotInGroup

emailOnFlattenedMembershipRemove

emailOnFlattenedMembershipAddFromStem

emailOnFlattenedMembershipRemoveFromStem

emailOnFlattenedMembershipAdd

emailOnFlattenedDisabledDate

emailOnFlattenedPermissionDisabledDate

reassignStemPrivilegesIfFromGroup