[midPoint] REST interface

Pavol Mederly mederly at evolveum.com
Wed Jul 8 19:00:12 CEST 2015 

Jens,

you're right - activation (e.g. validFrom/validTo/administrativeStatus) 
is another source of troubles.

As for conditions, they cannot be setup in GUI (yet), but only directly 
in objects' XML representation, e.g. via "Repository Objects" section.
I mean something like this (see role-wannabe.xml 
<https://github.com/Evolveum/midpoint/blob/master/model/model-intest/src/test/resources/rbac/role-wannabe.xml>):

<inducementid="1112">
    <!-- Honorable Wannabe -->
    <targetRefoid="12345678-d34d-b33f-f00d-555555557704"type="RoleType"/>
    <condition>
       <source>
          <path>$user/honorificSuffix</path>
       </source>
       <expression>
          <script>
             <code>(Boolean)honorificSuffix?.trim()</code>
          </script>
       </expression>
    </condition>
</inducement>

This role induces another role with OID 
12345678-d34d-b33f-f00d-555555557704, but only if a user has 
honorificSuffix set.

As a note, conditions are frequently used also in object templates. But 
templates themselves are only partially interesting from your point of 
view (if at all).

> Do you think it's worth to try out the java connector to gather the 
> info I need?
I don't quite understand ... what Java connector do you mean?

Regards,
Pavol


> Hi Pavol,
>
> thanks for the fast response. I am validating the activation section 
> on my own, but I didn't see any conditional settings in the Admin-UI 
> (yet :-)
> Would be nice if you can give me a hint what exactly you have in mind. 
> Do you think it's worth to try out the java connector to gather the 
> info I need?
>
>
> CU
>
> Jens
>
>
>
> Am 08/07/15 um 15:15 schrieb Pavol Mederly:
>> Hello Jens,
>>
>> I'm afraid that getting the entire set of valid roles defined for a 
>> particular user (like "Show all assignments" in GUI) is a bit 
>> trickier than simply traversing all role inducements.
>>
>> The reason is that some assignments or inducements can be 
>> conditional; i.e. you would have to evaluate these conditions to see 
>> whether they apply or not.
>>
>> Fortunately, there is a method called previewChanges (in 
>> ModelController) that is used to do that in GUI and that could be 
>> published via REST/WS interface. However, I don't know if/when 
>> something like that is planned. 
>> (https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature).
>>
>> Best regards,
>> Pavol
>>
>> PS: As a partial workaround, I originally thought about using the " 
>> resolve" option in GetOperationOptions structure. However, this is 
>> not recursive and moreover, seems to be not working for multi-segment 
>> paths, like assignment/targetRef (MID-2435 
>> <https://jira.evolveum.com/browse/MID-2435>).
>>
>>
>> On 8. 7. 2015 14:18, Jens Breitenstein wrote:
>>> Hi midpoint experts,
>>>
>>> we are fairly new to midpoint but we already have a running instance 
>>> now, we added some organisational data and added users and roles 
>>> using the admin interface.
>>> While investigating the REST connector we are now able to retrieve 
>>> all information for a particular user, but it's somehow cumbersome 
>>> to "manually" parse / traverse all parentOrgs, collecting all single 
>>> roles and again traversing all role inducements to gather the 
>>> overall role set.
>>>
>>> Is there any chance to retrieve the entire set of valid roles 
>>> defined for a particular user in "one go" without executing multiple 
>>> REST calls?
>>>
>>>
>>> Thanks in advance
>>>
>>> Jens
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150708/28941c95/attachment.htm>

More information about the midPoint mailing list