[Midpoint-dev] Issues in creating approval workflow

Shelly Piplani shelly.piplani at ilantus.com
Fri Nov 7 11:26:59 CET 2014 

​Thanks Pavol....

I will test this and let you know the results..


Regards,

Shelly

________________________________
From: midPoint-dev <midpoint-dev-bounces at lists.evolveum.com> on behalf of Pavol Mederly <pavol.mederly at gmail.com>
Sent: 07 November 2014 15:39
To: midpoint-dev at lists.evolveum.com
Subject: Re: [Midpoint-dev] Issues in creating approval workflow

Hello Shelly,

it took me some time to look at this.

The problem is with outdated wiki documentation - I apologize for that. I've updated it, see https://wiki.evolveum.com/display/midPoint/Some+examples. Basically, you have to change user -> object and that's it.

Please note, however, that in order to recognize user as a Org manager, it is necessary to have the following defined for him (taken from samples/org/org-monkey-island-simple.xml):

<parentOrgRef oid="00000000-8888-6666-0000-100000000001" type="c:OrgType" relation="org:manager" xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'/>

And, if a user has no managers, the role assignment will be automatically approved, as described on the wiki page. (There was a bug related to automatic approvals that prevented them from being applied succesfully. It's been fixed yesterday in the master branch: https://github.com/Evolveum/midpoint/commit/c96f38b0262da8cfb3861379d10b7af44a1ba2fe.)

Best regards,
Pavol



Hi ,

Request you to provide help on this issue. Attached is the role scipt and also the logs for the reference.

Regards,
Shelly



________________________________



Hi Pavol,


I  have increased the log level.

Attached is the log file for reference and also the SensitiveRole3 script which I am trying to assign to the user.

The error I am receiving in the  logs is :


groovy.lang.MissingPropertyException: No such property: user for class: Script7 (new) approverExpression
com.evolveum.midpoint.util.exception.ExpressionEvaluationException: groovy.lang.MissingPropertyException: No such property: user for class: Script7 (new) approverExpression
    at com.evolveum.midpoint.model.common.expression.script.jsr223.Jsr223ScriptEvaluator.evaluate(Jsr223ScriptEvaluator.java:124) ~[model-common-3.0.jar:na]
    at com.evolveum.midpoint.model.common.expression.script.ScriptExpression.evaluate(ScriptExpression.java:108) ~[model-common-3.0.jar:na]
    at com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluator.transformSingleValue(ScriptExpressionEvaluator.java:58) [model-common-3.0.jar:na]
    at com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluateScriptExpression(AbstractValueTransformationExpressionEvaluator.java:276) [model-common-3.0.jar:na]




Looks like we need to define this user  variable which I am using in the script of SensitiveRole3. But not sure how to exactly define that.


Please provide your inputs for the same.



Regards,

Shelly

________________________________
From: Sai Chandra
Sent: 09 October 2014 21:41
To: Shelly Piplani
Subject: RE: [Midpoint-dev] Issues in creating approval workflow



Thanks and Regards
Saichandra.T

From: midPoint-dev [mailto:midpoint-dev-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: 09 October 2014 14:12
To: midpoint-dev at lists.evolveum.com<mailto:midpoint-dev at lists.evolveum.com>
Subject: Re: [Midpoint-dev] Issues in creating approval workflow

Shelly,

you (and I as well) need the stack trace for the error you've mentioned. Stack traces are written to the log if the logging is at DEBUG or TRACE levels.
So, set you debug level to TRACE for Workflow module, try again, and post the log here.

Best regards,
Pavol

On 8. 10. 2014 17:37, Shelly Piplani wrote:

Hi ,



I am trying to create approval workflow. Ihave created a manager for an Organisation Unit and created a role called SensitiveRole3 as given in the following link:



https://github.com/Evolveum/midpoint/blob/master/samples/roles/sensitive-role-3.xml
[X]<https://github.com/Evolveum/midpoint/blob/master/samples/roles/sensitive-role-3.xml>

midpoint/sensitive-role-3.xml at master · Evolveum/midpoint · GitHub
midpoint - MidPoint Identity Manager
Read more...<https://github.com/Evolveum/midpoint/blob/master/samples/roles/sensitive-role-3.xml>




 However, I have removed the  following from the role:


<automaticallyApproved>

<description>If the user works in F0006 (Scumm Bar), the assignment of this role is automatically approved for him.</description>

<script>

<code>midpoint.isMemberOf(user, midpoint.getOrgByName("F0006").getOid())</code>

</script>

</automaticallyApproved>


After assigning that Organisation unit to the user, I am trying to assign SensitiveRole3 to this user.
I am getting the following error in idm logs:


2014-10-08 20:53:21,861 [MODEL] [http-8008-5] ERROR (com.evolveum.midpoint.wf.impl.jobs.JobController): Couldn't send a request to start a process instance to workflow management system, reason: Couldn't evaluate approvers expressions
2014-10-08 20:53:21,910 [MODEL] [http-8008-5] ERROR (com.evolveum.midpoint.wf.impl.processors.primary.PrimaryChangeProcessor): Workflow process(es) could not be started, reason: Workflow process instance creation could not be requested.

Please provide your inputs on this.

Regards,
Shelly




This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.



_______________________________________________

midPoint-dev mailing list

midPoint-dev at lists.evolveum.com<mailto:midPoint-dev at lists.evolveum.com>


http://lists.evolveum.com/mailman/listinfo/midpoint-dev


This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
_______________________________________________
midPoint-dev mailing list
midPoint-dev at lists.evolveum.com<mailto:midPoint-dev at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint-dev



--
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com
  ___________________________________________
           "Idem per idem - semper idem Vix."
This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.


--
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com
  ___________________________________________
           "Idem per idem - semper idem Vix."


This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.


_______________________________________________
midPoint-dev mailing list
midPoint-dev at lists.evolveum.com<mailto:midPoint-dev at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint-dev


This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
This message contains information that may be privileged or confidential and is the property of ILANTUS Technologies. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20141107/e72a927b/attachment-0001.html>

More information about the midPoint-dev mailing list