...
Add this rule to the group where the membership is added. Todo: Add an if condition enum to check membership source. Instead of checking if it's a group, check to see if it's in the list of allowed sources and out of denied sources.'
Configure rule for v5+
Configure rule for v4 and previous
GSH example
Code Block |
---|
grouperSession = GrouperSession.startRootSession(); ruleGroup = GroupFinder.findByName(grouperSession, "test:testGroup", true); AttributeAssign attributeAssign = ruleGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate(); attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa"); attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem"); attributeValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name()); attributeValueDelegate.assignValue(RuleUtils.ruleIfConditionElName(), "\${safeSubject.sourceId != 'g:gsa'}"); attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.veto.name()); attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), "rule.entity.must.be.a.group"); attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "Entity must be a group"); String isValidString = attributeValueDelegate.retrieveValueString(RuleUtils.ruleValidName()); if (!GrouperUtil.equals("T", isValidString)) {throw new RuntimeException(isValidString);} |
...