...
Code Block | ||
---|---|---|
| ||
public void groupPostCommitInsert(HooksContext hooksContext, HooksGroupBean postCommitInsertBean) { Group beanGroup = postCommitInsertBean.getGroup(); // get group informations /* Read-Privilege for staff for all target groups */ if ( beanGroup.getName().startsWith("targets:")) { // all target groups String employersGroupId = GroupFinder.findByName (GrouperSession.startRootSession(), "stem:group_of_employees", false).getId(); // id of staff group beanGroup.grantPriv ( SubjectFinder.findById ( employersGroupId, false) , AccessPrivilege.READ ); // granting read privilege } /* Admin Privileges for xGroup for all myNet groups (i.e. groups that contain the string "myNet" in their full name */ if ( beanGroup.getName().contains( "myNet" )) { // all groups that contain "myNet" String xGroupId = GroupFinder.findByName (GrouperSession.startRootSession(), "stem:xGroup", false).getId(); // id of xGroup beanGroup.grantPriv ( SubjectFinder.findById ( xGroupId, true), AccessPrivilege.ADMIN ); // granting admin privilege } } |
Writing log entries into syslog if members or groups are deleted/added within a certain stem
Using MyMembershipHook. We want to log all membership changes of groups within the stem "xxx:myNet" into syslog.
Code Block | ||
---|---|---|
| ||
/* Adding a member */
public void membershipPostAddMember(HooksContext hooksContext, HooksMembershipChangeBean postAddMemberBean) {
if ( postAddMemberBean.getMembership().getOwnerGroupId() != null ) { // could also be a stem as owner, but we're just interested in groups and their members
if (postAddMemberBean.getGroup().getName().contains ("myNet") && // the stem we want to monitor
postAddMemberBean.getMembership().getFieldId().equals (FieldFinder.find ("members", true).getUuid())) { // we don't want to get privs, just real members
logToSyslog (hooksContext, postAddMemberBean, "Added"); // logging
}
}
}
/* Removing a member */
public void membershipPostRemoveMember(HooksContext hooksContext, HooksMembershipChangeBean postDeleteMemberBean) {
if ( postDeleteMemberBean.getMembership().getOwnerGroupId() != null ) { // could also be a stem as owner, but we're just interested in groups and their members
if (postDeleteMemberBean.getGroup().getName().contains ("myNet") && // the stem we want to monitor
postDeleteMemberBean.getMembership().getFieldId().equals (FieldFinder.find ("members", true).getUuid())) { // we don't want to get privs, just real members
logToSyslog (hooksContext, postDeleteMemberBean, "Removed");
}
}
} |