[midPoint] Sample notification for accounts that have been enabled
Pavol Mederly
pavol.mederly at gmail.com
Fri Feb 27 21:48:40 CET 2015
Hello Jason,
I quickly hacked a method event.isRelatedToItem(itemPath) that tells you
if the event is somehow related to an item with a given path.
It is to be used in the following way:
<simpleResourceObjectNotifier>
<expressionFilter>
<script>
<code>
*event.isRelatedToItem(new
com.evolveum.midpoint.prism.path.ItemPath("activation",
"administrativeStatus"))*
</code>
</script>
</expressionFilter>
....
</simpleResourceObjectNotifier>
You can use it with <simpleUserNotifier> as well.
It seems to work, but I haven't had time to test it thoroughly. I leave
this to you. :-)
Generally, it is experimental implementation. Known situations where it
does not work is deletion of values: for example, if you delete an
object, this method does not know if there was
activation/administrativeStatus set in that object or not (so it returns
false). In a similar way, if there was a REPLACE delta, the method knows
nothing about the values that were deleted by execution of such delta.
Or, in a DELETE delta where the whole container (activation in this
case) is deleted. Nevertheless, in your specific case, none of these
should occur. :-)
Hope this helps,
Pavol
> I was actually going over all my user attributes and after looking at
> them and thinking about how often they would be changed and if they
> would ever be changed I am thinking I would only need to filter out
> phone number, the other attributes should never really change.
>
> JASON
>
> On Fri, Feb 27, 2015 at 10:12 AM, Jason Everling <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>> wrote:
>
> Yeah I basically only want to send a notification when their
> account is disabled or enabled, I already have notifications
> working for "ADD" new account notifications and it works fine. We
> do not delete accounts, once a username has been issued it will
> never be used again except by that same person if he/she returns
> to the school even if it is years down the road. I will probably
> create a generic delete notification sent to us admins just
> in-case someone deletes something.
>
> So the workaround would probably work, I would basically need to
> filter everything that is not relevant for the administrative
> status modifications. If you could write 1 filter for an attribute
> I could write the rest like if I wanted to filter out phone number
> changes.
>
> This notification is only going to be for when the
> student/faculty/ or staff's account is disabled or enabled. So
> when a student/faculty/staff leaves us they would get a
> notification letting them at least know that their account was
> disabled and why they are unable to login. Same for when they
> return, they would get an email with a custom body letting them
> know their accounts are re-enabled.
>
> JASON
>
> On Fri, Feb 27, 2015 at 9:52 AM, Pavol Mederly
> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>
> Jason,
>
> I'm not quite sure I understand you correctly. But these
> things are clear:
>
> 1) If watchAuxiliaryAttributes = false, only "user visible"
> items are taken into account (i.e. user/account attributes,
> account associations, administrativeStatus and a few others).
> 2) If watchAuxiliaryAttributes = true, all these PLUS also
> auxiliary attributes are taken into account.
> 3) If you edit the "bodyExpression", you can hide all the
> attributes you don't want to be present in the message.
> 4) BUT - as you correctly stated - even if you are interested
> only in the activation part, the message would be generated
> for ALL changes (e.g. modifying phone number)
>
> Just BTW, Ivan noticed this just today and created a jira
> issue MID-2237 <https://jira.evolveum.com/browse/MID-2237> for
> that. (Unfortunately because of all the pressures it is
> currently scheduled for 3.3.)
>
> A workaround would be to filter out (via expressionFilter) all
> the changes with attributes that are not relevant for you.
> I'm not sure about what midPoint method would be the most
> convenient to use. Maybe it does not exist yet.
>
> But if you confirm that I understand you correctly, and if you
> would send here a specific list of attributes to be watched, I
> could find/provide such a method.
>
> BTW, what about ADD and DELETE operations? Should they
> generate any messages?
>
> Best regards,
> Pavol
>
>> Thanks for the clarification,
>>
>> So is it on the modify operation I am assuming. Wouldn't that
>> send a notification for every modify like phone or
>> department, I just really want the activation part of it, the
>> enable/disable and if any of the other auxiliaries are
>> changed. I would use a body expression to specify the message
>> so that the un-needed items are not present, something like
>> this but wouldn't it send for every modify like stated above?
>>
>> <handler>
>> <expressionFilter>
>> <script>
>> <code>
>> event.isUserRelated() &&
>> requestee.getCostCenter() == 'ASHIT'
>> </code>
>> </script>
>> </expressionFilter>
>> <simpleUserNotifier>
>> <name>Account Modified</name>
>> <operation>modify</operation>
>> <status>success</status>
>> <recipientExpression>
>> <script>
>> <code>
>> basic.getExtensionPropertyValue(requestee,
>> 'http://www.bshp.edu/xml/ns/public/bshp', 'otherMailbox')
>> </code>
>> </script>
>> </recipientExpression>
>>
>> <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>
>> <subjectExpression>
>> <script>
>> <code>"Your Account has been modified"</code>
>> </script>
>> </subjectExpression>
>> <bodyExpression>
>> <script>
>> <code>
>> "Some message to the student/faculty
>> or staff" +
>> *
>> *
>> *
>> *
>> *
>> *
>> *
>> *
>> *
>> *
>> *
>> *
>> **
>>
>> On Fri, Feb 27, 2015 at 4:39 AM, Pavol Mederly
>> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>> Hello Jason,
>>
>> activation/administrativeStatus is among attributes that
>> are "watched" by default.
>>
>> So, if you change it, you'll get a notification - like this:
>>
>> ============================================ Fri Feb 27
>> 11:30:45 CET 2015
>> Message{to='[aaa at aaa.sk <mailto:aaa at aaa.sk>]',
>> subject='Account modification notification',
>> contentType='null', body='Notification about
>> account-related operation
>>
>> User: Boss1 (boss1, oid 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>> Notification created on: Fri Feb 27 11:30:45 CET 2015
>>
>> Resource: Localhost CSVfile (oid
>> ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>> Account: boss1
>>
>> The account has been successfully modified on the
>> resource. Modified attributes are:
>> - Activation/Administrative Status:
>> - REPLACE: DISABLED
>>
>> '}
>>
>> Actually, you can use watchAuxiliaryAttributes, but this
>> would lead to providing unimportant messages and/or
>> attributes in them. For example, when I enabled it, like
>> this:
>>
>> <notificationConfiguration>
>> <handler>
>> <simpleResourceObjectNotifier>
>> <recipientExpression>
>> <value>aaa at aaa.sk <mailto:aaa at aaa.sk></value>
>> </recipientExpression>
>> *<watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>*
>> <transport>mail</transport>
>> </simpleResourceObjectNotifier>
>> </handler>
>> <mail>
>> <debug>false</debug>
>> <redirectToFile>notifications.txt</redirectToFile>
>> </mail>
>> </notificationConfiguration>
>>
>> I'll get the following notification after re-enabling the
>> account again:
>>
>> ============================================ Fri Feb 27
>> 11:31:40 CET 2015
>> Message{to='[aaa at aaa.sk <mailto:aaa at aaa.sk>]',
>> subject='Account modification notification',
>> contentType='null', body='Notification about
>> account-related operation
>>
>> User: Boss1 (boss1, oid 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>> Notification created on: Fri Feb 27 11:31:40 CET 2015
>>
>> Resource: Localhost CSVfile (oid
>> ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>> Account: boss1
>>
>> The account has been successfully modified on the
>> resource. Modified attributes are:
>> - Activation/Administrative Status:
>> - REPLACE: ENABLED
>> - Activation/enableTimestamp:
>> - REPLACE: 27.2.2015 11:31:40
>> - Metadata/modifyChannel:
>> - REPLACE:
>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>> - Metadata/modifyTimestamp:
>> - REPLACE: 27.2.2015 11:31:40
>> - Metadata/modifierRef:
>> - REPLACE: administrator (user)
>>
>> '}
>>
>> Just BTW, these attributes are currently considered
>> auxiliary:
>>
>> - metadata container
>> - activation/validityStatus
>> - activation/validityChangeTimestamp
>> - activation/effectiveStatus (this is not the same as
>> administrativeStatus!)
>> - activation/disableTimestamp
>> - activation/enableTimestamp
>> - activation/archiveTimestamp
>> - iteration
>> - iterationToken
>> - linkRef (for focal objects)
>> - trigger
>>
>> And these are considered synchronization-related
>> (notifications for them are also disabled by default):
>>
>> - synchronizationSituation
>> - synchronizationSituationDescription
>> - synchronizationTimestamp
>> - fullSynchronizationTimestamp
>>
>> Hope this helps,
>> Pavol
>>
>>
>> On 26. 2. 2015 15:36, Jason Everling wrote:
>>> Would you happen to have a sample or provide one for use thewatchAuxiliaryAttributes in a notification?
>>> What I was mainly looking for is a way to send a notification when the activation/administrativeStatus has changed for an account. I have my other notifiers for account adds but this would make a wonderful addition so when withdrawn students return they would get a notification letting them know their accounts have been re-enabled.
>>> JASON
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary
>>> and confidential; intended for only the recipient(s)
>>> named above and may contain information that is
>>> privileged. You should not retain, copy or use this
>>> e-mail or any attachments for any purpose, or disclose
>>> all or any part of the contents to any person. Any views
>>> or opinions expressed in this e-mail are those of the
>>> author and do not represent those of the Baptist School
>>> of Health Professions. If you have received this e-mail
>>> in error, or are not the named recipient(s), you are
>>> hereby notified that any review, dissemination,
>>> distribution or copying of this communication is
>>> prohibited by the sender and to do so might constitute a
>>> violation of the Electronic Communications Privacy Act,
>>> 18 U.S.C. section 2510-2521. Please immediately notify
>>> the sender and delete this e-mail and any attachments
>>> from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above
>> and may contain information that is privileged. You should
>> not retain, copy or use this e-mail or any attachments for
>> any purpose, or disclose all or any part of the contents to
>> any person. Any views or opinions expressed in this e-mail
>> are those of the author and do not represent those of the
>> Baptist School of Health Professions. If you have received
>> this e-mail in error, or are not the named recipient(s), you
>> are hereby notified that any review, dissemination,
>> distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of
>> the Electronic Communications Privacy Act, 18 U.S.C. section
>> 2510-2521. Please immediately notify the sender and delete
>> this e-mail and any attachments from your computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150227/9ee278aa/attachment.htm>
More information about the midPoint
mailing list