from psdi.server import MXServer;
from psdi.mbo import MboConstants;
## get context
set = None;
group = mbo.getMboSet("MAXGROUP").moveFirst();
user = mbo.getMboSet("MAXUSER").moveFirst();
userid = user.getString("USERID");
personid = user.getString("PERSONID");
needed_set = user.getMboSet("NEEDED_PARAMETERS");
fields = ["APP", "CONDITION", "DFLT_QUERY", "DFLT_SITE", "PARAMETER", "PERSON_GROUP", "QUERY_OWNER", "ROW_TYPE", "SECURITY_GROUP"];
if (group.getBoolean("ISROLE_GRE")):
if (interactive):
session = service.webclientsession();
vapp = mbo.getThisMboSet().getParentApp();
if (vapp == "SECURGROUP"):
set = user.getMboSet("ROLE_MEMBERSHIP");
if (vapp == "USER"):
set = session.getDataBean("src_roles").getMboSet();
else:
set = user.getMboSet("ROLE_MEMBERSHIP");
vapp = "";
## set values
actions = "";
roles = "";
action_flag = False;
role_selected = False;
## first, make a list of things we don't want to delete
s = set.moveFirst();
while (s):
if (not s.toBeDeleted()):
prov_set = s.getMboSet("PROVISION");
p = prov_set.moveFirst();
while (p):
n = needed_set.add();
n.copyValue(p, fields, fields, 11L);
p = prov_set.moveNext();
s = set.moveNext();
# # # Now we proceed w/the work # # #
## get values
prov_set = mbo.getMboSet("DEPROVISION");
action_flag = True;
process_area = mbo.getString("MAXGROUP.PROCESS_AREA");
role = mbo.getString("MAXGROUP.ROLE_GRE");
roles = roles + chr(10) + process_area + " - " + role;
# # # DO THE WORK # # #
try:
## DB objects for querying
statement = None;
rs = None;
conn = None;
connKey = MXServer.getMXServer().getDBManager().getSystemConnectionKey();
conn = MXServer.getMXServer().getDBManager().getConnection(connKey);
statement = conn.createStatement();
# # # Security Group Membership # # #
prov_set.setWhere("ROW_TYPE = 'SECURITY_GROUP'");
prov_set.reset();
p = prov_set.moveFirst();
msg = "";
while (p):
## see if we need to keep this particular group
parameter = p.getString("SECURITY_GROUP");
found = False;
n = needed_set.moveFirst();
while (n):
if (n.getString("SECURITY_GROUP") == parameter and n.getString("ROW_TYPE") == "SECURITY_GROUP"):
found = True;
break;
n = needed_set.moveNext();
if (not found):
msg = msg + str(mbo.getUniqueIDValue()) + " ";
try:
sql = "DELETE groupuser WHERE groupname = '" + parameter + "' AND userid = '" + userid + "'";
msg = msg + chr(10) + sql;
# statement.executeUpdate(sql);
action_flag = True;
except:
actions = actions + chr(10) + "FAILED to remove from SECURITY GROUP: " + parameter + "";
finally:
actions = actions + chr(10) + "Removed from SECURITY GROUP: " + parameter + "";
p = prov_set.moveNext();
# if (msg != ""):
# service.error("GRE", "MESSAGE", [msg]);
# # # Person Group Membership # # #
prov_set.setWhere("ROW_TYPE = 'PERSON_GROUP'");
prov_set.reset();
p = prov_set.moveFirst();
while (p):
## see if we need to keep this particular group
parameter = p.getString("PERSON_GROUP");
found = False;
n = needed_set.moveFirst();
while (n):
if (n.getString("PERSON_GROUP") == parameter and n.getString("ROW_TYPE") == "PERSON_GROUP"):
found = True;
break;
n = needed_set.moveNext();
if (not found):
try:
sql = "DELETE persongroupteam WHERE persongroup = '" + parameter + "' AND respparty = '" + personid + "'";
statement.executeUpdate(sql);
action_flag = True;
except:
actions = actions + chr(10) + "FAILED to remove from PERSON GROUP: " + parameter + "";
finally:
actions = actions + chr(10) + "Removed from PERSON GROUP: " + parameter + "";
p = prov_set.moveNext();
# # # Default Queries # # #
prov_set.setWhere("ROW_TYPE = 'DFLT_QUERY'");
prov_set.reset();
p = prov_set.moveFirst();
while (p):
try:
parameter = p.getString("DFLT_QUERY");
target = p.getString("APP");
sql = "DELETE defaultquery WHERE app = '" + target + "' AND userid = '" + userid + "'";
statement.executeUpdate(sql);
action_flag = True;
except:
actions = actions + chr(10) + "FAILED to remove default query for application: " + target + "";
finally:
actions = actions + chr(10) + "Removed DEFAULT QUERY for application: " + target + "";
p = prov_set.moveNext();
finally:
if (rs != None):
rs.close();
if (statement != None):
statement.close();
if (conn != None):
conn.close();
# # # WRAP UP # # #
if (vapp == "USER"):
if (action_flag):
message = "The user was removed from the following roles:" + chr(10) + roles;
if (actions == ""):
actions = chr(10) + "";
message = message + chr(10) + chr(10) + "The following incremental actions were taken to deprovision this user:" + chr(10) + actions;
session.showMessageBox("GRE", "MESSAGE", [message]);
else:
session.showMessageBox("GRE", "MESSAGE", ["This user is already fully deprovisioned for the following roles" + roles + ""]);