from psdi.server import MXServer; from psdi.mbo import MboConstants; ## get context if (interactive): session = service.webclientsession(); appbean = session.getCurrentApp().getAppBean(); vapp = mbo.getThisMboSet().getParentApp(); if (appbean.getMboName() == "MAXUSER"): context = "USER"; user = mbo.getOwner(); group = mbo.getMboSet("MAXGROUP").moveFirst(); groupname = group.getString("GROUPNAME"); if (appbean.getMboName() == "MAXGROUP"): context = "GROUP"; group = mbo.getOwner(); groupname = group.getString("GROUPNAME"); user = mbo.getMboSet("MAXUSER").moveFirst(); else: context = "NON-INTERACTIVE"; user = mbo.getMboSet("MAXUSER").moveFirst(); group = mbo.getMboSet("MAXGROUP").moveFirst(); groupname = group.getString("GROUPNAME"); vapp = ""; ## ensure that we are allowed to add this particular user to this group c = group.getString("CONDITIONNUM"); if (c != ""): c_result = mbo.evaluateCondition(c); if (c_result == False): cond_key = group.getString("CONDITION.MAXMESSAGES.MSGKEY"); cond_group = group.getString("CONDITION.MAXMESSAGES.MSGGROUP"); cond_error = group.getString("CONDITION.MAXMESSAGES.VALUE"); mbo.setValue("MESSAGE_GRE", cond_error, 11L); service.error(cond_group, cond_key, [groupname]); if (group.getBoolean("ISROLE_GRE") and not MXServer.getBulletinBoard().isPosted("GRE_GRP_PROV", mbo.getUserInfo()) and not mbo.getBoolean("PROVISION_GRE")): try: MXServer.getBulletinBoard().post("GRE_GRP_PROV", mbo.getUserInfo()); ## get values prov_set = group.getMboSet("ROLE_PROVISION") process_area = group.getString("PROCESS_AREA"); role = group.getString("ROLE_GRE"); userid = mbo.getString("USERID"); personid = mbo.getString("PERSON.PERSONID"); if (personid == ""): personid = mbo.getOwner().getString("PERSONID"); actions = ""; action_flag = False; ## check to make sure we've saved first... ## if (group.toBeSaved() and group.getBoolean("ISROLE_GRE")): ## service.error("GRE", "MESSAGE", ["Please save before adding users"]); # # # Security Group Membership # # # do_security_groups = True; if (context == "USER" and mbo.getOwner().getBoolean("STATUSIFACE")): do_security_groups = False; if (do_security_groups): ## DB objects for querying statement = None; rs = None; conn = None; connKey = MXServer.getMXServer().getDBManager().getSystemConnectionKey(); conn = MXServer.getMXServer().getDBManager().getConnection(connKey); statement = conn.createStatement(); ## Loop through security group includes... prov_set.setWhere("row_type = 'SECURITY_GROUP' AND security_group <> '" + groupname + "' AND security_group NOT IN (SELECT groupname FROM groupuser WHERE userid = '" + userid + "')"); prov_set.reset(); p = prov_set.moveFirst(); while (p): try: parameter = p.getString("SECURITY_GROUP"); ## check to see if the group is already there... found = False; ## need to check in bean... if (context == "USER"): bean = session.getDataBean("main_groups_table"); if (bean): set = bean.getMboSet(); s = set.moveFirst(); while (s): if (s.getString("GROUPNAME") == parameter): found = True; break; s = set.moveNext(); ## need to check in DB... sql = "SELECT * FROM groupuser WHERE userid = '" + userid + "' AND groupname = '" + parameter + "'"; rs = statement.executeQuery(sql); found = True if rs.next() else found; if (not found): try: sql = "INSERT INTO groupuser (userid, groupname, provision_gre, message_gre, groupuserid) VALUES ('" + userid + "', '" + parameter + "', 1, 'Provisioned as part of addition to " + process_area + " - " + role + " role', groupuserseq.nextval)"; statement.executeUpdate(sql); sql = "COMMIT"; statement.executeUpdate(sql); except: action_flag = True; finally: action_flag = True; except: actions = actions + chr(10) + "FAILED to add to SECURITY GROUP: " + parameter + ""; finally: if (not found): actions = actions + chr(10) + "Added to SECURITY GROUP: " + parameter + ""; else: actions = actions + chr(10) + "Verified membership in SECURITY GROUP: " + parameter + ""; p = prov_set.moveNext(); if (rs != None): rs.close(); if (statement != None): statement.close(); if (conn != None): conn.close(); # # # Person Group Membership # # # pgroup_set = MXServer.getMXServer().getMboSet("PERSONGROUPTEAM", mbo.getUserInfo()); prov_set.setWhere("ROW_TYPE = 'PERSON_GROUP' AND person_group NOT IN (SELECT persongroup FROM persongroupteam WHERE resppartygroup = '" + personid + "')"); prov_set.reset(); p = prov_set.moveFirst(); while (p): try: parameter = p.getString("PERSON_GROUP"); ## figure out sequence pgtseq_set = mbo.getMboSet("$PGTS", "PERSONGROUPTEAM", "persongroup = '" + parameter + "'"); if (pgtseq_set.moveFirst() != None): seq = pgtseq_set.max("RESPPARTYGROUPSEQ") + 1; else: seq = 1; g = pgroup_set.add(); g.setValue("PERSONGROUP", parameter, 7L); g.setValue("RESPPARTYGROUP", personid, 7L); g.setValue("RESPPARTY", personid, 7L); g.setValue("RESPPARTYGROUPSEQ", seq, 11L); g.setValue("RESPPARTYSEQ", seq, 11L); if (seq == 1): g.setValue("GROUPDEFAULT", True); pgroup_set.save(); action_flag = True; except: if (do_security_groups): actions = actions + chr(10) + "FAILED to add to PERSON GROUP: " + parameter + ""; finally: actions = actions + chr(10) + "Added to PERSON GROUP: " + parameter + ""; p = prov_set.moveNext(); pgroup_set.save(); pgroup_set.cleanup(); pgroup_set.close(); # # # Default Queries # # # prov_set.setWhere("ROW_TYPE = 'DFLT_QUERY'"); prov_set.reset(); p = prov_set.moveFirst(); while (p): try: parameter = p.getString("DFLT_QUERY"); target = p.getString("APP"); ## determine if default query already defined for the application q_set = MXServer.getMXServer().getMboSet("DEFAULTQUERY", mbo.getUserInfo()); q_set.setWhere("app = '" + target + "' AND userid = '" + userid + "'"); q_set.reset(); g = q_set.moveFirst() if (g == None): g = q_set.add(); g.setValue("CLAUSENAME", parameter, 11L); g.setValue("APP", target, 11L); g.setValue("USERID", userid, 11L); g.setValue("OWNER", "QUERYADM", 11L); action_flag = True; actions = actions + chr(10) + "Added DEFAULT QUERY for application: " + target + ""; elif (g.getString("CLAUSENAME") != parameter or g.getString("OWNER") != "QUERYADM"): g.setValue("CLAUSENAME", parameter, 11L); g.setValue("APP", target, 11L); g.setValue("USERID", userid, 11L); g.setValue("OWNER", "QUERYADM", 11L); action_flag = True; actions = actions + chr(10) + "Updated DEFAULT QUERY for application: " + target + ""; except: actions = actions + chr(10) + "FAILED to update DEFAULT QUERY for application: " + target + ""; finally: q_set.save(); q_set.cleanup(); q_set.close(); p = prov_set.moveNext(); # # # Default Insert Site # # # prov_set.setWhere("ROW_TYPE = 'DFLT_SITE'"); prov_set.reset(); p = prov_set.moveFirst(); if (p): parameter = p.getString("PARAMETER"); action_flag = True; actions = actions + chr(10) + "Set DEFAULT INSERT SITE = " + parameter; user.setValue("DEFSITE", parameter); # # # WRAP UP # # # prov_set.setWhere(""); prov_set.reset(); if (action_flag): actions = "The following incremental actions were taken to provision this user:" + chr(10) + actions; else: actions = "This user is fully provisioned for the " + process_area + " - " + role + " role." + chr(10) + chr(10) + "The role has been assigned to this user."; mbo.setValue("MESSAGE_GRE", actions, 11L); finally: if (interactive and vapp == "USER"): session.showMessageBox("GRE", "MESSAGE", [actions]); if (MXServer.getBulletinBoard().isPosted("GRE_GRP_PROV", mbo.getUserInfo())): MXServer.getBulletinBoard().remove("GRE_GRP_PROV", mbo.getUserInfo());