Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Loading status checks…
issue-8; readme clean-up; adding nano and emacs; updating jenkins for… 
… 201.1
John Gasper committed Oct 1, 2018
1 parent b6d82c6 commit fce4e0d
Showing 5 changed files with 78 additions and 3 deletions.
2 changes: 1 addition & 1 deletion Jenkinsfile
View file
@@ -15,7 +15,7 @@
**/
exceriseSets = [
// 'ex101' : [3, 2],
// 'ex201' : [2, 2, 5, 6],
'ex201' : [1],
// 'ex301' : [2, 2, 5, 6],
'ex401' : [6, 9]
]
2 changes: 1 addition & 1 deletion README.md
View file
@@ -79,7 +79,7 @@ Now browse to http://localhost:15672/ and login with `guest`/`guest`, and create
Now start the ex401 Grouper with this slightly modified command:

```bash
docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \
docker run -d -p 389:389 -p 8443:443 -p 3306:3306 \
--link rabbitmq:rabbitmq --name gte tier/grouper-training-env:exXXX

```
2 changes: 1 addition & 1 deletion base/Dockerfile
View file
@@ -12,7 +12,7 @@ ENV ENV=training \
USERTOKEN=3.2.0_base

RUN yum install -y epel-release \
&& yum install -y mariadb mariadb-server openldap openldap-clients openldap-servers phpMyAdmin phpldapadmin \
&& yum install -y emacs mariadb mariadb-server nano openldap openldap-clients openldap-servers phpMyAdmin phpldapadmin \
&& yum clean all

COPY container_files/seed-data/ /seed-data/
17 changes: 17 additions & 0 deletions ex401/ex401.1.1/container_files/seed-data/ephemeral.gsh
View file
@@ -0,0 +1,17 @@
// Script parameters
group_name = "app:boardeffect:ref:workroom_helpers";
numDays = 3;


actAs = SubjectFinder.findRootSubject();
vpn_adhoc = getGroups(group_name)[0];
attribAssign = vpn_adhoc.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
attribValueDelegate = attribAssign.getAttributeValueDelegate();
attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F");
attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name());
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString());
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
58 changes: 58 additions & 0 deletions ex401/ex401.1.1/container_files/seed-data/skeleton.gsh
View file
@@ -0,0 +1,58 @@
// SET THESE
parent_stem_path = "app";
app_extension = "board_effect";
app_name = "Board Effect";


if (!app_name?.trim())
{
app_name = app_extension;
}

def makeStemInheritable(obj, stemName, groupName, priv="admin") {
baseStem = obj.getStems(stemName)[0];
aGroup = obj.getGroups(groupName)[0];
RuleApi.inheritGroupPrivileges(
SubjectFinder.findRootSubject(),
baseStem,
Stem.Scope.SUB,
aGroup.toSubject(),
Privilege.getInstances(priv)
);
RuleApi.runRulesForOwner(baseStem);
if(priv == 'admin')
{
RuleApi.inheritFolderPrivileges(
SubjectFinder.findRootSubject(),
baseStem,
Stem.Scope.SUB,
aGroup.toSubject(),
Privilege.getInstances("stem, create"));
}
RuleApi.runRulesForOwner(baseStem);
}

stem = addStem(parent_stem_path, app_extension, app_name);
etc_stem = addStem(stem.name, "etc", "etc");
admin_group_name = "${app_extension}_admins";
admin_group = addGroup(etc_stem.name, admin_group_name, admin_group_name);
admin_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN);
mgr_group_name = "${app_extension}_mgr";
mgr_group = addGroup(etc_stem.name, mgr_group_name, mgr_group_name);
mgr_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN);
mgr_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE);
mgr_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.READ);
view_group_name = "${app_extension}_viewers";
view_group = addGroup(etc_stem.name, view_group_name, view_group_name);
view_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ);
view_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN);
view_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE);
view_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.READ);
admin_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ);
mgr_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ);
// Child objects should also grant perms to these groups.
makeStemInheritable(this, stem.name, admin_group.name, 'admin');
makeStemInheritable(this, stem.name, mgr_group.name, 'update');
makeStemInheritable(this, stem.name, mgr_group.name, 'read');
makeStemInheritable(this, stem.name, view_group.name, 'read');
admin_group.revokePriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE);

0 comments on commit fce4e0d

Please sign in to comment.