Improvements to 201.end and 401.end

docker · Oct 8, 2024 · 6a19e11 · 6a19e11
1 parent 6c8b6a9
commit 6a19e11
Showing 2 changed files with 184 additions and 191 deletions.
diff --git a/ex201/ex201.end/container_files/grouper/bootstrap.gsh b/ex201/ex201.end/container_files/grouper/bootstrap.gsh
@@ -59,7 +59,28 @@ class HelperMethods {
         println "\tAdd ${s.name} to ${g.name}: ${countBefore} -> ${countAfter} (${countAfter - countBefore})"
     }
 
-    static void newApplicationTemplate(Stem parentStem, String templateKey, String templateFriendlyName, String templateDescription, List<String> myServiceActionIds = []) {
+    static void newApplicationTemplate(String parentStemName, String templateKey, String templateFriendlyName, String templateDescription, Set<String> includeActionIds, Set<String> excludeActionIds) {
+        /*
+         * List of keywords corresponding to checkboxes; add to excludeActionIds to "uncheck the box"
+            newAppStem
+            newAppServiceFolder
+            newAppPolicyFolder
+            newAppRefFolder
+            newAppRefType
+            newAppAttributeFolder
+            newAppSecurityFolder
+            newAppSecurityType
+            newAppAdminsGroup
+            newAppAdminPrivilege
+            newAppAdminPrivilege2
+            newAppAdminPrivilege3
+            newAppReadersGroup
+            newAppReadersPrivilege
+            newAppUpdatersPrivilege
+            newAppUpdatersPrivilege2
+            newAppReadersGroupMemberOfUpdaters
+         */
+        Stem parentStem = StemFinder.findByName(parentStemName, true)
         def stemTemplateContainer = new GroupStemTemplateContainer()
         stemTemplateContainer.templateKey = templateKey
         stemTemplateContainer.templateFriendlyName = templateFriendlyName
@@ -69,12 +90,15 @@ class HelperMethods {
         templateLogic.stemId = parentStem.uuid
         templateLogic.stemTemplateContainer = stemTemplateContainer
 
-        List<ServiceAction> selectedServiceActions = []
-        if (myServiceActionIds == null || myServiceActionIds.isEmpty()) {
-            selectedServiceActions = templateLogic.getServiceActions()
-        } else {
-            Map<String, ServiceAction> allPolicyServiceActionMap = templateLogic.getServiceActions().collectEntries { [it.id, it] }
-            selectedServiceActions = myServiceActionIds.collect { allPolicyServiceActionMap[it] }
+        // simulate checking certain boxes in the ui
+        println includeActionIds
+        println excludeActionIds
+
+        List<ServiceAction> selectedServiceActions = templateLogic.getServiceActions().
+                findAll {it.defaultChecked || (includeActionIds != null && includeActionIds.contains(it.id))}.
+                findAll {excludeActionIds == null || !excludeActionIds.contains(it.id)}
+        selectedServiceActions.each {
+            println "    - ${it.id}"
         }
         templateLogic.validate(selectedServiceActions)
 
@@ -87,31 +111,50 @@ class HelperMethods {
         }
     }
 
-    static void newPolicyTemplate(Stem parentStem, String templateKey, String templateFriendlyName, String templateDescription, List<String> myServiceActionIds = []) {
+    static void newPolicyTemplate(String parentStemName, String templateKey, String templateFriendlyName, String templateDescription, Set<String> includeActionIds, Set<String> excludeActionIds) {
+        /*
+         * List of keywords corresponding to checkboxes; add to excludeActionIds to "uncheck the box"
+            policyGroupCreate
+            policyGroupType
+            policyGroupAllowGroupCreate
+            allowIntermediatgeGroupType
+            policyGroupAllowManualGroupCreate
+            policyGroupAddManualToAllow
+            allowManualGroupType
+            policyGroupDenyGroupCreate
+            denyIntermediatgeGroupType
+            policyGroupLockoutGroup_0
+            policyGroupDenyManualGroupCreate
+            policyGroupAddManualToDeny
+            denyManualGroupType
+            policyGroupRequireGroup_0
+         */
+        Stem parentStem = StemFinder.findByName(parentStemName, true)
         // note that this doesn't work < 2.5.56 due to dependence on the UI
         def policyStemTemplateContainer = new GroupStemTemplateContainer()
         policyStemTemplateContainer.templateKey = templateKey
         policyStemTemplateContainer.templateFriendlyName = templateFriendlyName
         policyStemTemplateContainer.templateDescription = templateDescription
 
-        GrouperTemplatePolicyGroupLogic policyTemplateLogic = new GrouperTemplatePolicyGroupLogic()
-        policyTemplateLogic.stemId = parentStem.uuid
-        policyTemplateLogic.stemTemplateContainer = policyStemTemplateContainer
+        GrouperTemplatePolicyGroupLogic templateLogic = new GrouperTemplatePolicyGroupLogic()
+        templateLogic.stemId = parentStem.uuid
+        templateLogic.stemTemplateContainer = policyStemTemplateContainer
 
         // simulate checking certain boxes in the ui
-        List<ServiceAction> selectedServiceActions = []
-        if (myServiceActionIds == null || myServiceActionIds.isEmpty()) {
-            selectedServiceActions = policyTemplateLogic.getServiceActions()
-        } else {
-            Map<String, ServiceAction> allPolicyServiceActionMap = policyTemplateLogic.getServiceActions().collectEntries { [it.id, it] }
-            selectedServiceActions = myServiceActionIds.collect { allPolicyServiceActionMap[it] }
+        println includeActionIds
+        println excludeActionIds
+        List<ServiceAction> selectedServiceActions = templateLogic.getServiceActions().
+                findAll {it.defaultChecked || (includeActionIds != null && includeActionIds.contains(it.id))}.
+                findAll {excludeActionIds == null || !excludeActionIds.contains(it.id)}
+        selectedServiceActions.each {
+            println "    - ${it.id}"
         }
+        templateLogic.validate(selectedServiceActions)
 
-        policyTemplateLogic.validate(selectedServiceActions)
         selectedServiceActions.each { serviceAction ->
             serviceAction.getServiceActionType().createTemplateItem(serviceAction)
         }
-        String policyErrorKey = policyTemplateLogic.postCreateSelectedActions(selectedServiceActions)
+        String policyErrorKey = templateLogic.postCreateSelectedActions(selectedServiceActions)
         if (policyErrorKey != null) {
             println "Creating policy group returned error: ${policyErrorKey}"
         }
@@ -227,38 +270,24 @@ HelperMethods.addSubjectWithCount(studentGroup, classSubject)
 
 /* New application Template */
 
-HelperMethods.newApplicationTemplate(StemFinder.findByName(gs, "app", true),
-    "gitlab",
-    "GitLab",
-    "Access policies for the ITS GitLab version control system",
-    null)
+HelperMethods.newApplicationTemplate("app",
+        "gitlab",
+        "GitLab",
+        "Access policies for the ITS GitLab version control system",
+        null,
+        ['newAppAttributeFolder'] as Set)
 
 
 /* New policy Template */
 
-Stem policyStem = StemFinder.findByName(gs, "app:gitlab:service:policy", true)
-ArrayList<String> myServiceActionIds = [
-        'policyGroupCreate',
-        'policyGroupType',
-        'policyGroupAllowGroupCreate',
-        'allowIntermediatgeGroupType',
-        //'policyGroupAllowManualGroupCreate',
-        //'policyGroupAddManualToAllow',
-        //'allowManualGroupType',
-        'policyGroupDenyGroupCreate',
-        'denyIntermediatgeGroupType',
-        'policyGroupLockoutGroup_0',
-        //'policyGroupDenyManualGroupCreate',
-        //'policyGroupAddManualToDeny',
-        //'denyManualGroupType',
-]
-
-HelperMethods.newPolicyTemplate(policyStem,
+HelperMethods.newPolicyTemplate(
+        "app:gitlab:service:policy",
         "gitlab_access",
         "GitLab Access",
         "Overall access policy for the ITS GitLab version control system",
-        myServiceActionIds
-)
+        null,
+        null)
+
 
 /* Add members to gitlab_access_allow */
 Group gitlabAccessAllow = GroupFinder.findByName(gs, "app:gitlab:service:policy:gitlab_access_allow", true)
@@ -277,11 +306,13 @@ HelperMethods.addSubjectWithCount(gitlabUpdaters, infrastructureStaff.toSubject(
 
 /***** 201.3 eduPersonAffiliation *****/
 
-HelperMethods.newApplicationTemplate(StemFinder.findByName(gs, "app", true),
+HelperMethods.newApplicationTemplate("app",
         "eduPersonAffiliation",
         "eduPersonAffiliation",
         "eduPersonAffiliation (defined in eduPerson 1.0); OID: 1.3.6.1.4.1.5923.1.1.1.1 Specifies the person's relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.",
-        null)
+        null,
+        ['newAppAttributeFolder'] as Set)
+
 
 Stem policyStem = StemFinder.findByName(gs, "app:eduPersonAffiliation:service:policy", true)
 HelperMethods.assignObjectTypeForStem(policyStem, "policy")
@@ -305,36 +336,22 @@ HelperMethods.provisionObject(policyStem, "eduPersonAffiliation", '''{"md_groupe
 
 /***** 201.4 eduPersonEntitlement *****/
 
-HelperMethods.newApplicationTemplate(StemFinder.findByName(gs, "app", true),
+HelperMethods.newApplicationTemplate("app",
         "wiki",
         "wiki",
         "Student wiki",
-        null)
+        null,
+        ['newAppAttributeFolder'] as Set)
 
 Stem policyStem = StemFinder.findByName(gs, "app:wiki:service:policy", true)
-ArrayList<String> myServiceActionIds = [
-        'policyGroupCreate',
-        'policyGroupType',
-        'policyGroupAllowGroupCreate',
-        'allowIntermediatgeGroupType',
-        //'policyGroupAllowManualGroupCreate',
-        //'policyGroupAddManualToAllow',
-        //'allowManualGroupType',
-        'policyGroupDenyGroupCreate',
-        'denyIntermediatgeGroupType',
-        'policyGroupLockoutGroup_0',
-        //'policyGroupDenyManualGroupCreate',
-        //'policyGroupAddManualToDeny',
-        //'denyManualGroupType',
-        //'policyGroupRequireGroup_0'
-]
-
-HelperMethods.newPolicyTemplate(policyStem,
+
+HelperMethods.newPolicyTemplate(
+        "app:wiki:service:policy",
         "wiki_user",
         "wiki_user",
         "Access policy for student wiki",
-        myServiceActionIds
-)
+        null,
+        null)
 
 Group group = GroupFinder.findByName(gs, "${policyStem.name}:wiki_user_allow", true)
 Subject subject = SubjectFinder.findByIdentifierAndSource("ref:student:students", "g:gsa", true)
@@ -357,48 +374,34 @@ HelperMethods.provisionObject(group, "eduPersonEntitlement", '''{"md_entitlement
 
 /***** 201.5: Policy groups and dynamic application permissions (Cognos) *****/
 
-HelperMethods.newApplicationTemplate(StemFinder.findByName(gs, "app", true),
+HelperMethods.newApplicationTemplate("app",
         "cognos",
         "cognos",
         "Manage policy roles for Cognos application",
-        null)
+        null,
+        ['newAppAttributeFolder'] as Set)
+
+
+/* New policy Template */
 
-Stem policyStem = StemFinder.findByName(gs, "app:cognos:service:policy", true)
-ArrayList<String> myServiceActionIds = [
-        'policyGroupCreate',
-        'policyGroupType',
-        'policyGroupAllowGroupCreate',
-        'allowIntermediatgeGroupType',
-        //'policyGroupAllowManualGroupCreate',
-        //'policyGroupAddManualToAllow',
-        //'allowManualGroupType',
-        'policyGroupDenyGroupCreate',
-        'denyIntermediatgeGroupType',
-        'policyGroupLockoutGroup_0',
-        //'policyGroupDenyManualGroupCreate',
-        //'policyGroupAddManualToDeny',
-        //'denyManualGroupType',
-        //'policyGroupRequireGroup_0'
-]
-
-HelperMethods.newPolicyTemplate(policyStem,
+HelperMethods.newPolicyTemplate(
+        "app:cognos:service:policy",
         "cg_fin_report_reader",
         "cg_fin_report_reader",
         "Report Reader Access Policy",
-        myServiceActionIds
-)
+        null,
+        null)
 
-HelperMethods.newPolicyTemplate(policyStem,
+HelperMethods.newPolicyTemplate(
+        "app:cognos:service:policy",
         "cg_fin_report_writer",
         "cg_fin_report_writer",
         "Report Writer Access Policy",
-        myServiceActionIds
-)
-
+        null,
+        null)
 
 Group financeStaff = GroupFinder.findByName(gs, "basis:hr:employee:dept:10810:staff", true)
 Group cg_fin_report_reader_allow = GroupFinder.findByName(gs, "app:cognos:service:policy:cg_fin_report_reader_allow", true)
-"app:cognos:service:policy:cg_fin_report_reader_allow"
 
 HelperMethods.addSubjectWithCount(cg_fin_report_reader_allow, financeStaff.toSubject())