Major Description
Some situations require that users are added to groups corresponding to roles following a pattern, and removed from the other related groups.
For instance, User1 is in the roles employer_CompanyA, employer_CompanyC, employeetype_a, employeetype_b, internal_role_that_we_dont_care_about.
This user needs to be added to groups xwiki:XWiki.Employer_CompanyA, xwiki:XWiki.Employer_CompanyC that does not exists yet, xwiki:XWiki.EmployeeTyoe_A, xwiki:XWiki.EmployeeTypeB (if it exists), and not to xwiki:XWiki.Employer_CompanyB and xwiki:XWiki.EmployeeType_C, that exist.
A configuration shall allow this (while still ignoring internal_role_that_we_dont_care_about).
Roles shall be matched using a prefix, a suffix and a more complex regex.
Corresponding groups shall be specified using a prefix and/or a suffix. When a regex is provided for the role, a replacement can also be specified to specify which group corresponds to a given role. A configuration is not allowed to leave both the group prefix and the group suffix empty, or it would match any group, which would be dangerous.
A configuration shall specify if groups are to be autocreated if missing. Autocreation is the default.
A list of configurations shall be provided.
In the example, we would have:
xwiki.authentication.trusted.dynamicRole.configurations=employeetype|employer
xwiki.authentication.trusted.dynamicRole.configuration.employeetype.rolePrefix=employeetype_
xwiki.authentication.trusted.dynamicRole.configuration.employeetype.groupPrefix=xwiki:XWiki.EmployeeType_
xwiki.authentication.trusted.dynamicRole.configuration.employeetype.autocreate=false
xwiki.authentication.trusted.dynamicRole.configuration.employer.rolePrefix=employer_
xwiki.authentication.trusted.dynamicRole.configuration.employer.groupPrefix=xwiki:XWiki.Employer_