Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
grouper_training/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
94 lines (78 sloc)
5.47 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gs = GrouperSession.startRootSession(); | |
delStem("401.3.1") | |
addRootStem("401.3.end", "401.3.end") | |
// 401.3.1 | |
parent_stem_path = "app"; | |
app_extension = "board_effect"; | |
app_name = "board_effect"; | |
stem = addStem(parent_stem_path, app_extension, app_name); | |
security = addStem(stem.name, "security", "security"); | |
service = addStem(stem.name, "service", "service"); | |
policy = addStem(service.name, "policy", "policy"); | |
ref = addStem(service.name, "ref", "ref"); | |
admin_group_name = "${app_extension}Admins"; | |
admin_group = addGroup(security.name, admin_group_name, admin_group_name); | |
mgr_group_name = "${app_extension}Updaters"; | |
mgr_group = addGroup(security.name, mgr_group_name, mgr_group_name); | |
view_group_name = "${app_extension}Readers"; | |
view_group = addGroup(security.name, view_group_name, view_group_name); | |
addGroup("app:board_effect:service:policy", "board_effect_access", "board_effect_access"); | |
addGroup("app:board_effect:service:policy", "board_effect_access_allow", "board_effect_access_allow"); | |
addGroup("app:board_effect:service:policy", "board_effect_access_deny", "board_effect_access_deny"); | |
addComposite("app:board_effect:service:policy:board_effect_access", CompositeType.COMPLEMENT, "app:board_effect:service:policy:board_effect_access_allow", "app:board_effect:service:policy:board_effect_access_deny"); | |
// 401.3.2 | |
addGroup("app:board_effect:service:policy", "workroom_finance", "workroom_finance"); | |
addGroup("app:board_effect:service:policy", "workroom_finance_allow", "workroom_finance_allow"); | |
addGroup("app:board_effect:service:policy", "workroom_finance_deny", "workroom_finance_deny"); | |
addComposite("app:board_effect:service:policy:workroom_finance", CompositeType.COMPLEMENT, "app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:policy:workroom_finance_deny"); | |
addMember("app:board_effect:service:policy:board_effect_access_allow", "app:board_effect:service:policy:workroom_finance"); | |
// 401.3.3 nothing to do | |
// 401.3.4 nothing to do | |
// 401.3.5 | |
addGroup("app:board_effect:service:ref", "finance_committee", "finance_committee"); | |
grantPriv("app:board_effect:service:ref:finance_committee", "app:board_effect:security:board_effectAdmins", AccessPrivilege.ADMIN); | |
addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:finance_committee"); | |
addMember("app:board_effect:security:board_effectAdmins", "amartinez410"); | |
GrouperSession.start(findSubject("amartinez410")) | |
addMember("app:board_effect:service:ref:finance_committee", "ksmith3") | |
gs = GrouperSession.startRootSession(); | |
// 401.3.6 | |
addGroup("app:board_effect:service:ref", "finance_committee_helpers", "finance_committee_helpers"); | |
addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:finance_committee_helpers"); | |
addGroup("app:board_effect:service:ref", "workroom_helpers", "workroom_helpers"); | |
addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:workroom_helpers"); | |
group_name = "app:board_effect:service:ref:workroom_helpers"; | |
workroom_helpers = GroupFinder.findByName(gs, group_name); | |
numDays = 3; | |
actAs = SubjectFinder.findRootSubject(); | |
attribAssign = workroom_helpers.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); | |
attribValueDelegate = attribAssign.getAttributeValueDelegate(); | |
attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId()); | |
attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F"); | |
attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId()); | |
attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name()); | |
attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name()); | |
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name()); | |
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString()); | |
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T"); | |
// 401.3.7 | |
addStem("ref", "role", "role"); | |
addGroup("ref:role", "president_assistant", "president_assistant"); | |
addMember("ref:role:president_assistant", "amartinez410"); | |
addMember("app:board_effect:security:board_effectUpdaters", "ref:role:president_assistant"); | |
delMember("app:board_effect:security:board_effectAdmins", "amartinez410"); | |
// 401.3.8 | |
addStem("ref", "board", "board"); | |
group = GroupFinder.findByName(gs, "app:board_effect:service:ref:finance_committee", true); | |
stem = StemFinder.findByName(gs, "ref:board", true); | |
group.move(stem); | |
addStem("ref:board", "security", "security"); | |
group2 = addGroup("ref:board:security", "boardUpdaters", "boardUpdaters"); | |
grantPriv("ref:board:finance_committee", group2.toSubject().id, AccessPrivilege.UPDATE); | |
grantPriv("ref:board:finance_committee", group2.toSubject().id, AccessPrivilege.READ); | |
addMember("ref:board:security:boardUpdaters", "ref:role:president_assistant"); | |
boardeffectAdmins = GroupFinder.findByName(gs, "app:board_effect:security:board_effectAdmins", true); | |
boardeffectUpdaters = GroupFinder.findByName(gs, "app:board_effect:security:board_effectUpdaters", true); | |
revokePriv("ref:board:finance_committee", boardeffectAdmins.toSubject().id, AccessPrivilege.ADMIN); | |
revokePriv("ref:board:finance_committee", boardeffectUpdaters.toSubject().id, AccessPrivilege.UPDATE); | |
revokePriv("ref:board:finance_committee", boardeffectUpdaters.toSubject().id, AccessPrivilege.READ); | |