...
If a user is not an employee in a certain org in a folder, do not allow to be added to application group
Add this rule to the group where the membership is being added.
Configure rule for v5+
Configure rule for v4 and previous
Java example
Code Block |
---|
//add a rule on stem:a saying if not in stem:b, then dont allow add to stem:a AttributeAssign attributeAssign = ruleGroup .getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate(); attributeValueDelegate.assignValue( RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa"); attributeValueDelegate.assignValue( RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem"); attributeValueDelegate.assignValue( RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name()); attributeValueDelegate.assignValue( RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.noGroupInFolderHasImmediateEnabledMembership.name()); attributeValueDelegate.assignValue( RuleUtils.ruleIfOwnerNameName(), "stem:orgs:itEmployee"); attributeValueDelegate.assignValue( RuleUtils.ruleIfStemScopeName(), "SUB"); attributeValueDelegate.assignValue( RuleUtils.ruleThenEnumName(), RuleThenEnum.veto.name()); //key which would be used in UI messages file if applicable attributeValueDelegate.assignValue( RuleUtils.ruleThenEnumArg0Name(), "rule.entity.must.be.in.IT.employee.to.be.in.group"); //error message (if key in UI messages file not there) attributeValueDelegate.assignValue( RuleUtils.ruleThenEnumArg1Name(), "Entity cannot be a member of group if not in the IT department org"); //should be valid String isValidString = attributeValueDelegate.retrieveValueString( RuleUtils.ruleValidName()); if (!StringUtils.equals("T", isValidString)) { throw new RuntimeException(isValidString); } |
...