[midPoint] Condition expression: Org assignment with relation

Ivan Noris ivan.noris at evolveum.com
Fri Mar 16 09:17:50 CET 2018 

Hi Wojciech,

I only did something /similar/ but not exactly what you need.

I wanted to have an conditional inducement in my metarole, that would
only return true if the role is not assigned with manager relation.
(Actually this is from the midPoint Advanced Customization training.)

. . .

    <inducement>
        <description>Inducement to create an account as a projection of
user having assigned an organization with this metarole.</description>
        <construction>
            <description>Creates an account for user, and associates
with group created for the organization assigned to the user.</description>
            <resourceRef oid="3961ffc8-2209-11e8-8018-7738b0ea3fa2"
type="c:ResourceType"/>
            <kind>account</kind>
            <intent>default</intent>
            <association>
            <ref>ri:ldapOrgGroup</ref>
            <outbound>
                <strength>strong</strength>
*                <source>
                    <path>$focusAssignment/targetRef</path><!-- XXX to
get relation -->
                </source>
*                <expression>
                    <associationFromLink>
                        <projectionDiscriminator>
                            <kind>entitlement</kind>
                            <intent>ldapOrgGroup</intent>
                        </projectionDiscriminator>
                    </associationFromLink>
                </expression>
*                <condition>**
**                    <script>**
**                        <code>**
**import com.evolveum.midpoint.schema.constants.SchemaConstants;**
**
**if (targetRef != null) {**
**    //log.info("LDAP Org Metarole targetRef relation is: {} ",
targetRef.getRelation())**
**    if (targetRef.getRelation() != SchemaConstants.ORG_MANAGER) {**
**        return true**
**    }**
**}**
**                        </code>**
**                    </script>**
**                </condition>*
            </outbound>
        </association>
        <strength>weak</strength><!-- Will not create account unless it
already exists -->
        </construction> 
        <order>2</order>
        <focusType>UserType</focusType>
    </inducement>
. . .

I believe you can have a mapping in the object template that will have
assignments as a source, and you need to iterate through them and check
all that are OrgType and where relation is org:manager. I don't have
this handy, but maybe someone else has.

Best regards,
Ivan

On 15.03.2018 20:06, Wojciech Staszewski wrote:
> Hello!
>
> Maybe I wrote my post somehow unclear...
> I'm looking for condition expression for mapping in the user template,
> that assign specified role to an organization manager.
>
> So I have to check if the user has an active assignment of Org type with
> org:manager relation.
> Unfortunately I don't know how to do it, I cannot find any example in
> the wiki or mailing list archives.
>
> Any help appreciated.
> Thanks a lot!
> WS
>
>
> W dniu 05.03.2018 o 08:38, Wojciech Staszewski pisze:
>> Hello!
>>
>> I have to make a mapping condition expression that checks if the user
>> has assignment of Org type with Manager relation.
>> What methods should I use for this?
>>
>> Thanks!
>> WS
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180316/f6196f3d/attachment.htm>

More information about the midPoint mailing list