[midPoint] Approver identified by role

Radovan Semancik radovan.semancik at evolveum.com
Wed Sep 16 11:27:30 CEST 2015 

Hi,

I'm not sure if I understand what you are trying to do. But perhaps one 
clarification is needed:

In midPoint the roles are for giving access rights and organizations are 
for grouping identities. This is sometimes the same, but in some cases 
there is a big difference. It is explained here:

https://wiki.evolveum.com/display/midPoint/Roles+and+Orgs

So, if you want to have a role that have multiple approvers then the 
easiest way is to put all the approvers in one Org and then use the Org 
as an approver. (Remember: a user may belong to any number of Orgs in 
midPoint).

-- 
Radovan Semancik
Software Architect
evolveum.com



On 09/15/2015 12:45 PM, Fabio Contessi wrote:
> Hi,
> I have a problem with the approver expression in midpoint 3.2, in the 
> xml object "System Configuration".
>
> I need to identify the approver by role assignment. So, I’m using this 
> code snippet:
>
> <approverExpression>
>     <description></description>
>     <script>
>         <code>
>             import com.evolveum.midpoint.prism.query.RefFilter
>             import com.evolveum.midpoint.prism.PrismContext
>             import com.evolveum.midpoint.prism.query.ObjectQuery
>             import javax.xml.namespace.QName
>             import com.evolveum.midpoint.prism.path.ItemPath
>             import 
> com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType
>             import 
> com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
>             String[] names = ["Role-Approvatore-AD-XXX"]
>             PrismContext prismContext = 
> midpoint.createEmptyObject(UserType.class).asPrismObject().getPrismContext() 
>
>             RefFilter filter = 
> RefFilter.createReferenceEqual(UserType.F_ASSIGNMENT,UserType.class,prismContext,names)
>             ObjectQuery query = ObjectQuery.createObjectQuery(filter)
>             list = midpoint.searchObjects(UserType.class, query)
>             for (def i = 0; i < list.size(); i++) {
>                 def oid = list.get(i).getOid()
>                 lOut.add(oid)
>             }
>             return lOut
>         </code>
>     </script>
> </approverExpression>
>
> but I get this error:
>
> Error: 
> com.evolveum.midpoint.util.exception.ExpressionEvaluationException: 
> java.lang.ClassCastException: 
> com.evolveum.midpoint.prism.PrismContainerDefinition cannot be cast to 
> com.evolveum.midpoint.prism.PrismReferenceDefinition (new) 
> approverExpression
> 2015-09-15 12:37:04,163 [MODEL] [Thread-57] ERROR 
> (com.evolveum.midpoint.model.common.expression.Expression): Error 
> evaluating expression in approverExpression: 
> java.lang.ClassCastException: 
> com.evolveum.midpoint.prism.PrismContainerDefinition cannot be cast to 
> com.evolveum.midpoint.prism.PrismReferenceDefinition (new) 
> approverExpression
> com.evolveum.midpoint.util.exception.ExpressionEvaluationException: 
> java.lang.ClassCastException: 
> com.evolveum.midpoint.prism.PrismContainerDefinition cannot be cast to 
> com.evolveum.midpoint.prism.PrismReferenceDefinition (new) 
> approverExpression
>
> Maybe I’m doing something wrong. Anyone could help me?
>
> Thanks and regards.
>
>   Fabio
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150916/b18296fd/attachment.htm>

More information about the midPoint mailing list