From 238dced2e132b2ca54fba47fef5d3ec72ad6cc23 Mon Sep 17 00:00:00 2001
From: Michael Simon <simon@kit.edu>
Date: Wed, 11 Nov 2015 14:16:15 +0100
Subject: [PATCH] example service filter

---
 rules/service-filter.drl | 66 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/rules/service-filter.drl b/rules/service-filter.drl
index 7b2f7c728..8e2d337dd 100644
--- a/rules/service-filter.drl
+++ b/rules/service-filter.drl
@@ -20,6 +20,30 @@ rule "FH1 Filter"
 
 end
 
+rule "FH2 Filter"
+
+    when
+        $user : UserEntity()
+        $service : ServiceEntity( shortName == "fh2" )
+        $group : LocalGroupEntity( name == "fh2-access" )
+    then
+    	logger.debug( "allow user {} for service {}, because of membership in group {}", $user.getEppn(), $service.getName(), $group.getName() );
+    	retract( $service );
+
+end
+
+rule "FHC Filter"
+
+    when
+        $user : UserEntity()
+        $service : ServiceEntity( shortName == "fhc" )
+        $group : LocalGroupEntity( name == "fhc-access" )
+    then
+    	logger.debug( "allow user {} for service {}, because of membership in group {}", $user.getEppn(), $service.getName(), $group.getName() );
+    	retract( $service );
+
+end
+
 rule "UC1 Filter"
 
     when
@@ -27,7 +51,7 @@ rule "UC1 Filter"
         	&& 
         	( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"] 
         		matches ".*(^|;)http://bwidm.de/entitlement/bwUniCluster(;|$).*" ) )
-        $service : ServiceEntity( shortName == "uc1" )
+        $service : ServiceEntity( shortName == "bwuc" )
     then
     	logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
     	retract( $service );
@@ -103,3 +127,43 @@ rule "ICC Filter"
     	retract( $service );
 
 end
+
+rule "bwFileStorage Filter"
+
+    when
+        $user : UserEntity( idp.getEntityCategoryList() contains "http://aai.dfn.de/category/bwidm-member" )
+        $service : ServiceEntity( shortName == "lsdf-file" )
+    then
+    	logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
+    	retract( $service );
+
+end
+
+rule "bwSNS Filter"
+
+    when
+        $user : UserEntity( ( idp.getEntityCategoryList() contains "http://aai.dfn.de/category/bwidm-member" )
+        	&& 
+        	( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"] 
+        		matches ".*(^|;)http://bwidm.de/entitlement/bwLSDF-SyncShare(;|$).*" ) )
+        $service : ServiceEntity( shortName == "sns" )
+    then
+    	logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
+    	retract( $service );
+
+end
+
+rule "LSDF-DIS Filter"
+
+    when
+        $user : UserEntity( ( idp.entityId == "https://idp.scc.kit.edu/idp/shibboleth" ) 
+        	&& 
+        	( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"] 
+        		matches ".*(^|;)http://bwidm.scc.kit.edu/entitlement/lsdf-dis(;|$).*" ) )
+        $service : ServiceEntity( shortName == "lsdfdis" )
+    then
+    	logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
+    	retract( $service );
+
+end
+
-- 
GitLab