/** * Add an <code>Attribute</code> to a <code>GroupType</code>. * * <p> * * @param i BeanShell interpreter. * @param stack BeanShell call stack. * @param type Add to this <code>GroupType</code>. * @param name Name of <code>Attribute</code>. * @param read <code>Privilege</code> required for reading. * @param write <code>Privilege</code> required for writing. * @param req Is <code>Attribute</code> required. * @return <code>Field</code> * @throws GrouperShellException * @since 0.1.0 */ public static Field invoke( Interpreter i, CallStack stack, String type, String name, Privilege read, Privilege write, boolean req) throws GrouperShellException { GrouperShell.setOurCommand(i, true); try { GrouperSession s = GrouperShell.getSession(i); GroupType t = GroupTypeFinder.find(type); return t.addAttribute(s, name, read, write, req); } catch (InsufficientPrivilegeException eIP) { GrouperShell.error(i, eIP); } catch (SchemaException eS) { GrouperShell.error(i, eS); } throw new GrouperShellException(E.TYPE_ADDATTR + name); } // public static Field invoke(i, stack, type, name, read, write, req)
/** * Update Groups Registry from XML at URL. * * <p> * * @param i BeanShell interpreter. * @param stack BeanShell call stack. * @param url Use the XML at this <tt>URL</tt> for updates. * @return True if successful. * @throws GrouperShellException * @since 0.1.0 */ public static boolean invoke(Interpreter i, CallStack stack, URL url) throws GrouperShellException { GrouperShell.setOurCommand(i, true); try { GrouperSession s = GrouperShell.getSession(i); XmlImporter importer = new XmlImporter(s, new Properties()); importer.update(XmlReader.getDocumentFromURL(url)); return true; } catch (GrouperException eG) { GrouperShell.error(i, eG); } return false; } // public static boolean invoke(i, stack, url)
/** * Check if subject has privilege. * * <p> * * @param i BeanShell interpreter. * @param stack BeanShell call stack. * @param name Check for privilege on this {@link Group} or {@link Stem}. * @param subjId Check if this {@link Subject} has privilege. * @param priv Check this {@link AccessPrivilege}. * @return True if succeeds. * @throws GrouperShellException * @since 0.0.1 */ public static boolean invoke( Interpreter i, CallStack stack, String name, String subjId, Privilege priv) throws GrouperShellException { GrouperShell.setOurCommand(i, true); try { GrouperSession s = GrouperShell.getSession(i); Subject subj = SubjectFinder.findByIdOrIdentifier(subjId, true); if (Privilege.isAccess(priv)) { Group g = GroupFinder.findByName(s, name, true); if (priv.equals(AccessPrivilege.ADMIN)) { return g.hasAdmin(subj); } else if (priv.equals(AccessPrivilege.OPTIN)) { return g.hasOptin(subj); } else if (priv.equals(AccessPrivilege.OPTOUT)) { return g.hasOptout(subj); } else if (priv.equals(AccessPrivilege.READ)) { return g.hasRead(subj); } else if (priv.equals(AccessPrivilege.UPDATE)) { return g.hasUpdate(subj); } else if (priv.equals(AccessPrivilege.GROUP_ATTR_READ)) { return g.hasGroupAttrRead(subj); } else if (priv.equals(AccessPrivilege.GROUP_ATTR_UPDATE)) { return g.hasGroupAttrUpdate(subj); } else if (priv.equals(AccessPrivilege.VIEW)) { return g.hasView(subj); } else { throw new RuntimeException("Not expecting privilege: " + priv); } } else if (Privilege.isNaming(priv)) { Stem ns = StemFinder.findByName(s, name, true); if (priv.equals(NamingPrivilege.CREATE)) { return ns.hasCreate(subj); } else if (priv.equals(NamingPrivilege.STEM_ATTR_READ)) { return ns.hasStemAttrRead(subj); } else if (priv.equals(NamingPrivilege.STEM_ATTR_UPDATE)) { return ns.hasStemAttrUpdate(subj); } else if (priv.equals(NamingPrivilege.STEM) || priv.equals(NamingPrivilege.STEM_ADMIN)) { return ns.hasStemAdmin(subj); } else { throw new RuntimeException("Not expecting privilege: " + priv); } } else if (Privilege.isAttributeDef(priv)) { AttributeDef attributeDef = AttributeDefFinder.findByName(name, true); if (priv.equals(AttributeDefPrivilege.ATTR_ADMIN)) { return attributeDef.getPrivilegeDelegate().hasAttrAdmin(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_OPTIN)) { return attributeDef.getPrivilegeDelegate().hasAttrOptin(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_OPTOUT)) { return attributeDef.getPrivilegeDelegate().hasAttrOptout(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_READ)) { return attributeDef.getPrivilegeDelegate().hasAttrRead(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_UPDATE)) { return attributeDef.getPrivilegeDelegate().hasAttrUpdate(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_READ)) { return attributeDef.getPrivilegeDelegate().hasAttrDefAttrRead(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE)) { return attributeDef.getPrivilegeDelegate().hasAttrDefAttrUpdate(subj); } else if (priv.equals(AttributeDefPrivilege.ATTR_VIEW)) { return attributeDef.getPrivilegeDelegate().hasAttrView(subj); } else { throw new RuntimeException("Not expecting privilege: " + priv); } } else { throw new RuntimeException("Invalid privilege type: " + priv); } } catch (GroupNotFoundException eGNF) { GrouperShell.error(i, eGNF); } catch (StemNotFoundException eNSNF) { GrouperShell.error(i, eNSNF); } catch (SubjectNotFoundException eSNF) { GrouperShell.error(i, eSNF); } catch (SubjectNotUniqueException eSNU) { GrouperShell.error(i, eSNU); } return false; } // public static boolean invoke(i, stack, name, subjId, priv)