public class AssignReadonlyAdminPrivilegeVetoMembershipHook extends MembershipHooks
assign READ to an admins group based on attribute assignment to a parent folder
configure in grouper.properties:
hooks.group.class=edu.internet2.middleware.grouper.hooks.examples.AssignReadonlyAdminPrivilegeGroupHook
hooks.membership.class=edu.internet2.middleware.grouper.hooks.examples.AssignReadonlyAdminPrivilegeVetoMembershipHook
grouper.readonlyAdminEnforced.attributeDefName = a:b:c:reaodnlyAdmin
grouper.readonlyAdminEnforced.groupName = c:d:readonlyAdmins
setup objects in GSH:
grouperSession = GrouperSession.startRootSession();
String attributeFolderName = "a:b:c";
attributeDef = new AttributeDefSave(grouperSession).assignName(attributeFolderName + ":readonlyAdminDef").assignToStem(true).assignAttributeDefType(AttributeDefType.attr).assignCreateParentStemsIfNotExist(true).assignValueType(AttributeDefValueType.marker).save();
attributeDef.getAttributeDefActionDelegate().configureActionList("assign");
attributeDefName = new AttributeDefNameSave(grouperSession, attributeDef).assignName(attributeFolderName + ":readonlyAdmin").assignCreateParentStemsIfNotExist(true).save();
groupAdmin = new GroupSave(grouperSession).assignName("c:d:readonlyAdmins").assignCreateParentStemsIfNotExist(true).save();
make a group to test:
stem = new StemSave(grouperSession).assignName("l:m").assignCreateParentStemsIfNotExist(true).save();
stem.getAttributeDelegate().assignAttribute(attributeDefName);
groupSub = new GroupSave(grouperSession).assignName("l:m:n:o").assignCreateParentStemsIfNotExist(true).save();
groupNotSub = new GroupSave(grouperSession).assignName("l:p").assignCreateParentStemsIfNotExist(true).save();
METHOD_MEMBERSHIP_POST_ADD_MEMBER, METHOD_MEMBERSHIP_POST_COMMIT_ADD_MEMBER, METHOD_MEMBERSHIP_POST_COMMIT_DELETE, METHOD_MEMBERSHIP_POST_COMMIT_INSERT, METHOD_MEMBERSHIP_POST_COMMIT_REMOVE_MEMBER, METHOD_MEMBERSHIP_POST_COMMIT_UPDATE, METHOD_MEMBERSHIP_POST_DELETE, METHOD_MEMBERSHIP_POST_INSERT, METHOD_MEMBERSHIP_POST_REMOVE_MEMBER, METHOD_MEMBERSHIP_POST_UPDATE, METHOD_MEMBERSHIP_PRE_ADD_MEMBER, METHOD_MEMBERSHIP_PRE_DELETE, METHOD_MEMBERSHIP_PRE_INSERT, METHOD_MEMBERSHIP_PRE_REMOVE_MEMBER, METHOD_MEMBERSHIP_PRE_UPDATE| Constructor and Description |
|---|
AssignReadonlyAdminPrivilegeVetoMembershipHook() |
| Modifier and Type | Method and Description |
|---|---|
void |
membershipPreRemoveMember(HooksContext hooksContext,
HooksMembershipChangeBean preDeleteMemberBean)
called right before a membership delete (high level, not the side effects)
|
membershipPostAddMember, membershipPostCommitAddMember, membershipPostCommitDelete, membershipPostCommitInsert, membershipPostCommitRemoveMember, membershipPostCommitUpdate, membershipPostDelete, membershipPostInsert, membershipPostRemoveMember, membershipPostUpdate, membershipPreAddMember, membershipPreDelete, membershipPreInsert, membershipPreUpdatepublic AssignReadonlyAdminPrivilegeVetoMembershipHook()
public void membershipPreRemoveMember(HooksContext hooksContext, HooksMembershipChangeBean preDeleteMemberBean)
MembershipHooksCopyright © 2016 Internet2. All rights reserved.