[midPoint] AutomaticallyCompleted condition on role assignment
Nicolas Rossi
nrossi at identicum.com
Tue Feb 5 18:58:22 CET 2019
Sorry guys. It was a misconfiguration on the role. It is working now.
Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Oficina: +54 (11) 4552-3050
Móvil: +54 (911) 6041-3920
www.identicum.com
On Tue, Feb 5, 2019 at 12:16 PM Arnošt Starosta - AMI Praha a.s. <
arnost.starosta at ami.cz> wrote:
> ok, sorry, i'm not that versed in assignment policy and thought that this
> inducement from metarole (without any orderConstraint) would check
> assignments for the role itself and not the user assignments.
>
> than i don't see the problem either. you can try tracing
> the com.evolveum.midpoint.wf.impl loggers, it may tell you more.
>
> good luck
>
> út 5. 2. 2019 v 15:17 odesílatel Nicolas Rossi <nrossi at identicum.com>
> napsal:
>
>> I already tried with the SchemaConstants and I got the same behavior. The
>> debug message is not logged. Even when I change it to log.error. This is
>> the operation log I get:
>>
>> 2019-02-04 18:01:22,678 [] [pool-4-thread-29] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork): Allow
>> assignment/unassignment to user:b1ddb76d-769a-4937-a88b-dd6c2798a79b(
>> andressa.silva at customer.com) becasue access to assignment
>> container/properties is explicitly allowed
>>
>> 2019-02-04 18:01:22,745 [] [pool-4-thread-29] DEBUG
>> (com.evolveum.midpoint.wf.impl.processes.itemApproval.ItemApprovalProcessInterface):
>> About to start approval process instance 'Assigning role "Role with
>> Approval" to user "andressa.silva at customer.com"'
>>
>> 2019-02-04 18:01:22,747 [] [pool-4-thread-29] DEBUG
>> (com.evolveum.midpoint.wf.impl.processes.itemApproval.ItemApprovalProcessInterface):
>> Approval schema XML:
>>
>> <value xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>
>> xmlns:c="
>> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>
>> xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3
>> "
>>
>> xmlns:icfs="
>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>> "
>>
>> xmlns:ri="
>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>
>> xsi:type="c:ApprovalSchemaType">
>>
>> <stage xmlns="
>> http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>>
>> <number>1</number>
>>
>> <approverRef oid="53579500-962e-4b81-a946-7099bb077b8b"
>>
>> relation="org:default"
>>
>> type="c:UserType"><!-- nrossi --></approverRef>
>>
>> <outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
>>
>> <groupExpansion>byClaimingWorkItem</groupExpansion>
>>
>> </stage>
>>
>> </value>
>>
>> 2019-02-04 18:01:22,763 [] [pool-4-thread-29] DEBUG
>> (com.evolveum.midpoint.wf.impl.processes.itemApproval.ItemApprovalProcessInterface):
>> Attached rules:
>>
>> <value xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>
>> xmlns:c="
>> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>
>> xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3
>> "
>>
>> xmlns:icfs="
>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>> "
>>
>> xmlns:ri="
>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>
>> xsi:type="c:SchemaAttachedPolicyRulesType"/>
>>
>> 2019-02-04 18:01:22,953 [] [pool-4-thread-29] DEBUG
>> (com.evolveum.midpoint.wf.impl.processes.itemApproval.InitializeLoopThroughApproversInStage):
>> Approval process instance Assigning role "Role with Approval" to user "
>> andressa.silva at customer.com <andressa.silva at decolar.com>" (id 9803),
>> stage 1:null: predetermined outcome: null, approvers:
>> [com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType at 9a18f61[_referenceValue=PRV(oid=53579500-962e-4b81-a946-7099bb077b8b,
>> targetType={.../common/common-3}UserType,
>> relation={.../common/org-3}default)]]
>>
>> 2019-02-04 18:01:23,149 [] [pool-4-thread-29] DEBUG
>> (com.evolveum.midpoint.wf.impl.processes.itemApproval.PrepareForTaskCreation):
>> Creating work item for
>> assignee=UserType:53579500-962e-4b81-a946-7099bb077b8b,
>> candidateGroups=null, additionalInformation='[]'
>>
>> The metarole is induced to the role that needs to be approved. It's
>> working because the user defined as ApproverRef on the metarole receives
>> the work item to approve it when the role is requested.
>>
>>
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Oficina: +54 (11) 4552-3050
>> Móvil: +54 (911) 6041-3920
>> www.identicum.com
>>
>>
>> On Tue, Feb 5, 2019 at 6:26 AM Arnošt Starosta - AMI Praha a.s. <
>> arnost.starosta at ami.cz> wrote:
>>
>>> Hi Nicolas,
>>>
>>> i use SchemaConstants.MODEL_APPROVAL_OUTCOME_* as return values, maybe
>>> your 'approve' string is not exactly the same thing?
>>>
>>> The debug message is logged?
>>>
>>> And is it really induced to the user object? I don't see any focusType
>>> and/or orderConstraint in your inducement.
>>>
>>> arnost
>>>
>>>
>>> po 4. 2. 2019 v 23:10 odesílatel Nicolas Rossi <nrossi at identicum.com>
>>> napsal:
>>>
>>>> Hi guys,
>>>>
>>>> I was trying to bypass an approval step using the automaticallyComplete
>>>> configuration on an approval-metarole. I can't get it to work. It is
>>>> ignored even when it returns always "approve". Sample here
>>>> <https://github.com/Evolveum/midpoint/blob/1c1975fa450bbee741314c2822c5715ebf68f6b2/model/workflow-impl/src/test/resources/policy/assignments/role-role25-very-complex-approval.xml>
>>>> .
>>>>
>>>> Here is my metarole code:
>>>>
>>>> <role>
>>>>
>>>> <name>Sample Approval</name>
>>>>
>>>> <inducement id="1">
>>>>
>>>> <policyRule>
>>>>
>>>> <policyConstraints>
>>>>
>>>> <assignment id="2">
>>>>
>>>> <operation>add</operation>
>>>>
>>>> </assignment>
>>>>
>>>> </policyConstraints>
>>>>
>>>> <policyActions>
>>>>
>>>> <approval id="3">
>>>>
>>>> <compositionStrategy>
>>>>
>>>> <order>10</order>
>>>>
>>>> </compositionStrategy>
>>>>
>>>> <approvalSchema>
>>>>
>>>> <stage>
>>>>
>>>> <approverRef oid="53579500-962e-4b81-a946-7099bb077b8b" type="UserType"
>>>> />
>>>>
>>>> <automaticallyCompleted>
>>>>
>>>> <script>
>>>>
>>>> <code>
>>>>
>>>> log.debug("AutomaticallyCompleted condition");
>>>>
>>>> return 'approve';
>>>>
>>>> </code>
>>>>
>>>> </script>
>>>>
>>>> </automaticallyCompleted>
>>>>
>>>> </stage>
>>>>
>>>> </approvalSchema>
>>>>
>>>> </approval>
>>>>
>>>> </policyActions>
>>>>
>>>> </policyRule>
>>>>
>>>> </inducement>
>>>>
>>>> <roleType>policy</roleType>
>>>>
>>>> </role>
>>>>
>>>> When I assign a role containing the metarole, the selected approver
>>>> receives the work item, so the metarole is working but the
>>>> automaticallyCompleted configuration is being ignored.
>>>>
>>>> Any thoughts ?
>>>>
>>>>
>>>> Ing Nicolás Rossi
>>>> Identicum S.A.
>>>> Jorge Newbery 3226
>>>> Oficina: +54 (11) 4552-3050
>>>> Móvil: +54 (911) 6041-3920
>>>> www.identicum.com
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>
>>>
>>> --
>>>
>>> *Arnošt Starosta*
>>> solution architect
>>>
>>> gsm: [+420] 603 794 932
>>> e‑mail: arnost.starosta at ami.cz
>>>
>>> *AMI Praha a.s.*
>>> Pláničkova 11, 162 00 Praha 6
>>>
>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>> za společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>> obsahovat důvěrné nebo osobní
>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>> zveřejňování, zprostředkování
>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>> neoprávněně, informujte o tom prosím
>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>>> všech jeho příloh. Nakládáním
>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>> postihu.
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190205/0036ed34/attachment.htm>
More information about the midPoint
mailing list