[midPoint] Assign approval work item to role
Дорофеев Илья
i.dorofeev at solarsecurity.ru
Mon Jul 27 13:23:30 CEST 2015
Hi Pavol,
Many thanks for your in-depth response. Now the subject has become much clearer to me. Earlier I didn’t notice "Work items claimable by me" section and thought that assignees are calculated immediately at the moment the work item is created. Now it turns out that we have a list of possible approvers synchronized with actual membership of a person in a role, which, in turn, is pretty cool ☺.
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Monday, July 27, 2015 2:01 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Assign approval work item to role
Ilija,
back from the vacation.
Created Org "wheel" with two users: admin1, admin2 (both having Superuser role, not to bother with security).
Created role "testrole" where approver == wheel.
Attempted to create "testuser" with assigned "testrole".
Work item was created, where candidate is wheel (org).
[cid:image001.png at 01D0C876.90F6BD90]
After logging in as "admin1" - no "My work items", but one "Work items claimable by me":
[cid:image002.png at 01D0C876.90F6BD90]
It can be claimed and released back, or directly processed.
Implementation is such that this Activiti Task is created like this - see the second row:
[cid:image003.png at 01D0C876.90F6BD90]
I.e. its candidate group is in the form of "org:oid" where oid is the midPoint OID of the "wheel" org.
For implementation, see e.g.
- PrepareApprover.execute (called from ItemApproval BPMN process) - maps approverRef of type Role or Org to "role:oid" or "org:oid" Activiti candidate group names
- and then see ItemApproval BPMN process, userTask id="loopLevels.loopApprovers.approve.withGroups" (lines 123-131)
- WorkItemProvider. createQueryForTasksRelatedToUser (searching for work items)
Hope this helps,
Pavol
On 22. 7. 2015 9:15, Дорофеев Илья wrote:
Pavol,
Thanks for the answer. I am sorry but the assignment to members of an org. unit didn’t work either. None of the members of the org. unit are offered a work item. I looked through the code and didn’t find any mentions of mapping between midPoint and Activiti groups. So, when an Activiti task is assigned to a candidate group org:c96bf133-10f6-4ed0-9c88-cb3c69bb27ec, the Activiti engine doesn’t really know the actual users of the group, and the task is basically assigned to no one.
Could you show me that piece of code responsible for this behavior in case I’m wrong?
Ilya
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Tuesday, July 21, 2015 4:44 PM
To: midPoint General Discussion
Subject: Re: [midPoint] Assign approval work item to role
Ilya,
I've implemented this quite a long ago, so I'm having a little trouble remembering the current status. ;)
But as described here: https://wiki.evolveum.com/display/midPoint/Current+status+and+future+plans:
#7: Ability to define approver not as an individual only, but also as a member of an org. unit; allowing to claim/release a work item. Currently this feature is limited to "direct" members, i.e. not to members of subordinate org. units. (Temporarily, it is possible to use a role as an approver as well, but this also applies only to users that have directly assigned this role - and perhaps support for this will be dropped in the future, see the following discussion on roles and orgs<https://wiki.evolveum.com/display/midPoint/Roles+and+Orgs>.)
So, the assignment to members of an org. unit works, but in a special mode: each of the members is offered the work item. (I.e. not assigned directly.) He/she may claim it, and work on it.
As written above, I would suggest not using roles for this, but org. units instead. (Note that org. unit is a very general term. It may well correspond to an arbitrary group of people.)
Hope this helps,
Pavol
________________________________
From: "Дорофеев Илья" <i.dorofeev at solarsecurity.ru<mailto:i.dorofeev at solarsecurity.ru>>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Sent: Tuesday, July 21, 2015 12:24:56 PM
Subject: [midPoint] Assign approval work item to role
Hi,
I have just come across a problem of assigning approval work item to a role.
<role>
<approverRef oid="1ae3ab25-188f-4685-a073-fe522c55e057" type="c:RoleType"><!-- resource_owner --></approverRef>
</role>
I expected that the created workitem(s) would be assigned to all the users included in the ‘resource_owner’ role. Is this not implemented yet?
Regards, Ilya
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150727/8e3eefc3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 13661 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150727/8e3eefc3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 12189 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150727/8e3eefc3/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 6278 bytes
Desc: image003.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150727/8e3eefc3/attachment-0002.png>
More information about the midPoint
mailing list