Versions Compared

Old Version 149

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

compared with

New Version 150

changes.mady.by.user Shilen Patel (duke.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
import java.util.List;
import java.util.Set;

import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GroupSave;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemSave;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.membership.MembershipType;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.jdbc.GcDbAccess;
import edu.internet2.middleware.subject.Subject;

//public class Test36revokePrivs {
//  
//  public static void main(String[] args) {

    GrouperSession grouperSession = GrouperSession.startRootSession();
    
    String subjectId = "test.subject.0";
    String subjectSourceId = "jdbc";
    
    Subject subject = SubjectFinder.findByIdAndSource(subjectId, subjectSourceId, true);
    
    Group group1 = new GroupSave().assignName("test:test1").assignCreateParentStemsIfNotExist(true).save();
    Group group2 = new GroupSave().assignName("test:test2").assignCreateParentStemsIfNotExist(true).save();        
    
    group1.delete();
    group2.delete();
    
    group1 = new GroupSave().assignName("test:test1").assignCreateParentStemsIfNotExist(true).save();
    group2 = new GroupSave().assignName("test:test2").assignCreateParentStemsIfNotExist(true).save(); 
    
    group1.grantPriv(subject, AccessPrivilege.READ, false);
    group1.grantPriv(subject, AccessPrivilege.UPDATE, false);
    group2.grantPriv(subject, AccessPrivilege.ADMIN, false);

    group2.addMember(subject);
    group1.addMember(subject);
    group2.grantPriv(group1.toSubject(), AccessPrivilege.READ, false);
    
    Stem stem1 = new StemSave().assignName("test1").assignCreateParentStemsIfNotExist(true).save();
    stem1.grantPriv(subject, NamingPrivilege.CREATE, false);
    stem1.grantPriv(subject, NamingPrivilege.STEM_ATTR_READ, false);
    Stem stem2 = new StemSave().assignName("test2").assignCreateParentStemsIfNotExist(true).save();        
    stem2.grantPriv(subject, NamingPrivilege.STEM_ADMIN, false);

    List<String> groupNames = new GcDbAccess().sql("select gg.name from grouper_groups gg where exists (" +
      " select 1 from grouper_memberships gmem, grouper_fields gf, grouper_members gm " + 
      " where gmem.field_id = gf.id and gf.type in ('naming', 'access', 'attributeDef') " +
      " and gmem.member_id = gm.id and gm.subject_id = gg.id and gm.subject_source = 'g:gsa') " +
      " and exists (select 1 from grouper_memberships gmem, grouper_fields gf, grouper_members gm " + 
      " where gmem.field_id = gf.id and gf.name = 'members' " +
      " and gm.subject_id = ? " +
      " and gmem.member_id = gm.id and gm.subject_source = '" + subjectSourceId + "')").addBindVar(subjectId).selectList(String.class);   

    for (String groupName : GrouperUtil.nonNull(groupNames)) {
      Group group = GroupFinder.findByName(groupName, true);
      group.deleteMember(subject, false);
      System.out.println("Deleted membership from group: " + group.getName() + ", since group has privilege on another object");
    }
      
    Set<Object[]> membershipsOwnersMembers = new MembershipFinder().addSubject(subject).assignFieldType(FieldType.ACCESS).
      assignMembershipType(MembershipType.IMMEDIATE).findMembershipResult().getMembershipsOwnersMembers();
    
    for (Object[] membershipOwnerMember : GrouperUtil.nonNull(membershipsOwnersMembers)) {
      Membership membership = (Membership)membershipOwnerMember[0];
      Group group = (Group)membershipOwnerMember[1];
      Member member = (Member)membershipOwnerMember[2];
      group.revokePriv(member.getSubject(), AccessPrivilege.listToPriv(membership.getField().getName() ));
      System.out.println("Deleted priv from group: " + group.getName() + ": " + membership.getField().getName());
    }
    
    membershipsOwnersMembers = new MembershipFinder().addSubject(subject).assignFieldType(FieldType.NAMING).
        assignMembershipType(MembershipType.IMMEDIATE).findMembershipResult().getMembershipsOwnersMembers();
      
    for (Object[] membershipOwnerMember : GrouperUtil.nonNull(membershipsOwnersMembers)) {
      Membership membership = (Membership)membershipOwnerMember[0];
      Stem stem = (Stem)membershipOwnerMember[1];
      Member member = (Member)membershipOwnerMember[2];
      stem.revokePriv(member.getSubject(), NamingPrivilege.listToPriv(membership.getField().getName() ));
      System.out.println("Deleted priv from folder: " + stem.getName() + ": " + membership.getField().getName());
    }
//
//  }
//}
//Deleted membership from group: test:test1, since group has privilege on another object
//Deleted priv from group: test:test1: readers
//Deleted priv from group: test:test1: updaters
//Deleted priv from group: test:test2: admins
//Deleted priv from folder: test2: stemAdmins
//Deleted priv from folder: test1: creators
//Deleted priv from folder: test1: stemAttrReaders


Delete all members from a subject source

Note that it is not normal to remove entries from the grouper_members table, which is what this example is doing.  But, for example, this may be useful if you temporarily added a subject source that you need to get rid of completely.  If you need to instead merge members from one source to another, there's another option here - Member change subject

Also note that this doesn't handle all the foreign keys that may exist on members.  So tweaks may be needed if some of the members are not able to be deleted.

Code Block
String sourceId = "sourceIdToDelete";
Set<Member> members = HibernateSession.byHqlStatic().createQuery("from Member as m where m.subjectSourceIdDb=:sourceId").setString("sourceId", sourceId).listSet(Member.class);
System.out.println("Found " + members.size() + " members to delete");

Set<Field> fields = FieldFinder.findAll();
for (Member member : members) {
  for (Field field : fields) {
    for (Membership membership : member.getImmediateMemberships(field)) {
      System.out.println("Deleting membership with id=" + membership.getImmediateMembershipId());
      membership.delete();
    }
  }

  try {
    HibernateSession.byObjectStatic().delete(member);
    System.out.println("Deleted " + member.getSubjectId());
  } catch (Exception e) {
    e.printStackTrace();
  }
}