Minor Description
It would be very helpful if a Grouper install could be configured to have a set of "predefined structures" that could be used to quickly create a new variant of that predefined structure.
I am trying to use "folder1:XXX" to show relitive group/folder names" and "REF:...: " to show absolute references to things outside the scope of "folder1:..."
A very simple example of a template:
This is a single folder template. ( but it could be a structure of folders)
It has two groups in the folder. ( each folder could have N groups/members predefined or have empty memberships)
The "folder1:Users" group is a subtraction of "folder1:Allowed" - ( folder1:App Exclude Group + REF:REF2:REF4:REFN...:"master Exclude group")
Folder1
| -->Users ( A Group in "Folder1", that is "Allowed" - "Excluded" groups) ^(Exclude member of) --Excluded (Group, "Master Exclude Group" + "App Exclude Group") ^Member is "master Exclude group" (hard ref to existing group outside of "Folder1") ^Member is "App Exclude Group" ^( Include members of) -Allowed (Group) |
| -->Admins (A group in Folder1) --> Admins are granted permissions ("X") at the Folder1 level, "Y" for the "Allowed", and "Z" for the "Excluded" |
The string for "Folder1" would be definable as the "New template" is created in the UI. [ It would be great if the strings could have a "variable replacement model"
The template could define a "variable marker" Maybe something like "$$$" or "###" that wraps the string to replace. That way the folder could be named "APP-$$$New App Name$$$" and the user could be prompted for the new string for "New App Name" during the "template create" process. (And the resulting folder would be named "APP-BOBsApp".)
It would also be greate if ANY name in the template should support this kind of "place holder"/"Prompt string" concept. And the value should only be prompted for once. AKA: only one "New App Name" value will be collected, but it will be substituted into as many folder/groups/attribute values where the $$$New App Name$$$ exists in the template.
However, the sub groups/folders and their predefined permissions (relative to "Folder1") would not be editable during the creation of the "APP-BOBsApp" folder. And the predefined members of other groups outside of "Folder1" would be auto added to the new folder/groups being built.
This can allow for external hard references to be pre-granted privs/access that could be designed to be used in the new structure.
This would allow a "Grouper Admin" to "template" a structure (of folders/groups) that would be created (new) or referenced existing (hard coded from outside of "folder1"). This "Template" could be identified as a "folder" (or Group) template. Then Users who are allowed to "Add" (group or folders) could select a template in the "Add a new Folder/Group/Template" process.
If the logic is done generically enough, an "Extract Template" could also be added to use existing folder/group structures to create a new Template too. ( Basically clone what exists, make relative reference where possible and leave all other "external refs" in tact as "hard coded" pointers in the template. A Grouper Admin could then refine/correct the template as needed to make it more generally useful.)
I am picturing a "template" folder/branch similar to the Grouper Administration -->attribute folder to store the template definitions and allow the Grouper Admins to edit/maintain them there.