[midPoint] Condition expression: Org assignment with relation

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Sat Mar 17 23:18:53 CET 2018 

OK, thanks!

Finally I've got it working with this condition script:

<condition>                       
        result = false;
        assignments = user.getAssignment();
        for (assName in assignments) {
        relation =
assName.getTargetRef()?.getRelation()?.getLocalPart()?.toString();
        type =
assName.getTargetRef()?.getType()?.getLocalPart()?.toString();
        status = assName.getActivation()?.getEffectiveStatus()?.toString();

        if ( type == 'OrgType' && relation == 'manager'
&& status == 'ENABLED' ) { result = true; }
        }
        return result;
</condition>


W dniu 16.03.2018 o 09:17, Ivan Noris pisze:
>
> Hi Wojciech,
>
> I only did something /similar/ but not exactly what you need.
>
> I wanted to have an conditional inducement in my metarole, that would
> only return true if the role is not assigned with manager relation.
> (Actually this is from the midPoint Advanced Customization training.)
>
> . . .
>
>     <inducement>
>         <description>Inducement to create an account as a projection
> of user having assigned an organization with this metarole.</description>
>         <construction>
>             <description>Creates an account for user, and associates
> with group created for the organization assigned to the
> user.</description>
>             <resourceRef oid="3961ffc8-2209-11e8-8018-7738b0ea3fa2"
> type="c:ResourceType"/>
>             <kind>account</kind>
>             <intent>default</intent>
>             <association>
>             <ref>ri:ldapOrgGroup</ref>
>             <outbound>
>                 <strength>strong</strength>
> *                <source>
>                     <path>$focusAssignment/targetRef</path><!-- XXX to
> get relation -->
>                 </source>
> *                <expression>
>                     <associationFromLink>
>                         <projectionDiscriminator>
>                             <kind>entitlement</kind>
>                             <intent>ldapOrgGroup</intent>
>                         </projectionDiscriminator>
>                     </associationFromLink>
>                 </expression>
> *                <condition>**
> **                    <script>**
> **                        <code>**
> **import com.evolveum.midpoint.schema.constants.SchemaConstants;**
> **
> **if (targetRef != null) {**
> **    //log.info("LDAP Org Metarole targetRef relation is: {} ",
> targetRef.getRelation())**
> **    if (targetRef.getRelation() != SchemaConstants.ORG_MANAGER) {**
> **        return true**
> **    }**
> **}**
> **                        </code>**
> **                    </script>**
> **                </condition>*
>             </outbound>
>         </association>
>         <strength>weak</strength><!-- Will not create account unless
> it already exists -->
>         </construction> 
>         <order>2</order>
>         <focusType>UserType</focusType>
>     </inducement>
> . . .
>
> I believe you can have a mapping in the object template that will have
> assignments as a source, and you need to iterate through them and
> check all that are OrgType and where relation is org:manager. I don't
> have this handy, but maybe someone else has.
>
> Best regards,
> Ivan
>
> On 15.03.2018 20:06, Wojciech Staszewski wrote:
>> Hello!
>>
>> Maybe I wrote my post somehow unclear...
>> I'm looking for condition expression for mapping in the user template,
>> that assign specified role to an organization manager.
>>
>> So I have to check if the user has an active assignment of Org type with
>> org:manager relation.
>> Unfortunately I don't know how to do it, I cannot find any example in
>> the wiki or mailing list archives.
>>
>> Any help appreciated.
>> Thanks a lot!
>> WS
>>
>>
>> W dniu 05.03.2018 o 08:38, Wojciech Staszewski pisze:
>>> Hello!
>>>
>>> I have to make a mapping condition expression that checks if the user
>>> has assignment of Org type with Manager relation.
>>> What methods should I use for this?
>>>
>>> Thanks!
>>> WS
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180317/6fc341b7/attachment.htm>

More information about the midPoint mailing list