Versions Compared

Old Version 1

changes.mady.by.user Chris Hyzer

Saved on

compared with

New Version 2

changes.mady.by.user Chris Hyzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • List of Group objects for which subject has privilege

Availability

Mandatory.

...

assignPermission()

Code Block
boolean addMember(GroupLookup groupassignPermission(PermissionLookup permissionLookup, String action, Subject subject, bool addOnly=false)

Input

  • grouppermissionLookup: GroupLookup objectPermissionLookup object
  • action: qualifies the assignment
  • subject: Subject object
  • addOnly: If true, addMember() fails if subject is already a member of groupID.

Output

  • true if subject assignment is successfully added or if addOnly is false and subject is already a member of groupID, false otherwise.

Availability

Optional. Data store may be read-only.

addPrivilege()

Code Block

boolean addPrivilege(GroupLookup group, Subject subject, enum privilege, bool addOnly=false)

Input

  • group: GroupLookup object
  • subject: Subject object
  • privilege: Type of privilege to be added (privileges TBD)
  • addOnly: If true, addPrivilege() fails if subject alreody has privilege for groupID.

Output

  • true if privilege is successfully added or if addOnly is false and subject alreody has privilege for groupID, false otherwise.

Availability

Optional. Data store may be read-only.

removeMember()

Code Block

boolean removeMember(GroupLookup group, Subject subject, boolean removeOnly=false)

Input

  • group: GroupLookup object
  • subject: Subject object
  • removeOnly: If true, removeMember() fails if subject is not a member of groupID.

Output

  • true if subject is successfully removed or if removeOnly is false and subject is not a member of groupID, false otherwise.

Availability

Optional. Data store may be read-only.

removePrivilege()

Code Block

boolean removePrivilege(GroupLookup group, Subject subject, enum privilege, boolean removeOnly=false)

Input

  • group: GroupLookup object
  • subject: Subject object
  • privilege: Type of privilege to be added (privileges TBD)
  • removeOnly: If true, removePrivilege() fails if subject does not have privilege for groupID.

Output

  • true if privilege is successfully removed or if removeOnly is false and subject does not have privilege for groupID, false otherwise.

Availability

Optional. Data store may be read-only.

saveGroup()

Code Block

Group saveGroup(Group group)

Input

  • group: Group object. If group:id and group:uuid are blank, a new group is being requested.

Output

  • Group object holding group id/uuid (possibly newly assigned).
  • assigned to permissionID and action, false otherwise.

Availability

Optional. Data store may be read-only.

deleteGroup()

Code Block

urn deleteGroup(GroupLookup group, boolean deleteOnly=false)

Input

  • group: GroupLookup object
  • deleteOnly: If true, deleteGroup() fails if group does not exist.

Output

  • true if group is successfully deleted or if deleteOnly is false and group does not exist, false otherwise.

Availability

Optional. Data store may be read-only.

findGroups()

Code Block

List<Group> findGroups(List<GroupLookup> groupLookups, urn folder, enum folderDepth=one|sub,
                       List<enum> fieldNames=urn|displayName|description, String fieldSearchString,
                       String wildcard, boolean splitStringOnWhitespace, boolean caseSensitive)

Input

  • groupLookups: list of group lookups to find.  max 100.
  • folder: (optional): if results should be constrained in a certain folder
  • folderDepth: (required if folder set): "one" for results directly in the folder, "sub" for results in the folder or subfolders
  • fieldNames: (optional): if searching by a substring of a field, can be urn|displayName|description.  Note, if multiple are set, then the search string could be in any of the fields.
  • fieldSearchString: (required if fieldName set): this is the search string to find groups.  Can contain caller-specified wildcards.
  • wildcard: (optional, can only be set if fieldName is set): if not set, there is no wildcard in the search.  If set, can be one or more chars, and this found in the fieldSearchString will be treated as a wildcard.  Note there is no way to escape this wildcard, so client should pick something not otherwise being searched
  • splitStringOnWhitespace: (required if fieldName set): if true, then any whitespace in the fieldSearchString will cause the search to be split on whitespace, and and'ed together.  
  • caseSensitive: (required if fieldName set): if true then the search string should be checked as is, if false then should be case-sensitive

Note, either or multiple of the groupLookups or folder or fieldNames needs to be set

For example, if the folder URN is: urn:group:school/apps/confluence
and the folderDepth is: sub
and the search string is: *english* *dept*
and the wildcard is: *
and the fieldNames are: urn and displayName
and caseSensitive is: false
and splitStringOnWhitespace is: true

Then the query run will get all groups the caller is allowed to see in the school/apps/confluence folder or subfolders, that have "english" and "dept" somewhere in the urn or displayName case insensitive.

Output

  • List of Group objects

Availability

Mandatory

Questions

TODO

...

  • Identifier mapping: uuid, eppn, eptid, uid/username, openid
  • Standard attributes from eduperson
  • Need to reconcile how application ID's fit with "person's"

...