[midPoint] catch delta events in template
Radovan Semancik
radovan.semancik at evolveum.com
Wed Apr 13 10:47:22 CEST 2016
Hi,
We have done similar things using the iteration feature:
https://wiki.evolveum.com/display/midPoint/Unique+Account+Username+HOWTO
There are preIterationCondition and postIterationCondition that might be
used exactly as you want to (see the wiki page). However, I'm not sure
if this is executed only when the value changes. You have try it.
The question about alert popup is a bit tricky. The mappings are not
always executed as synchronous GUI-driven tasks. E.g. there is live sync
or scheduled reconciliation. So it is not directly possible to display
any kind of alert. However, we have the OperationResult structure
(https://wiki.evolveum.com/display/midPoint/OperationResult) that is
designed to maintain complex state of all operations. If an error or
warning is added to the operation result then it will be displayed in
the GUI and it will eventually find its way into the task result, etc.
So this is the right way to do it. OperationResult is currently not
directly available to the mapping. But throwing an error from the
mapping will be recorded in the parent operation result. If you are
thinking about a warning, that should be possible too. Perhaps the best
way would be to create a new method for this. It should not be
difficult. Let me know if you need that.
--
Radovan Semancik
Software Architect
evolveum.com
On 04/12/2016 10:44 AM, Pavol Mederly wrote:
> Hello Roman,
>
> thank you for the explanation; now I think I understand :)
>
> The information you are looking for is in ExpressionEvaluationContext
> instance. However, I don't see any clean way of obtaining that object
> as of now. (It would be easy to add a ThreadLocal holding it, but
> currently it isn't there.)
>
> An alternative, and quite ugly, way would be to obtain LensContext and
> analyze primary and secondary deltas stored there. You can access it
> like this:
>
> LensContext ctx =
> com.evolveum.midpoint.model.impl.expr.ModelExpressionThreadLocalHolder.getLensContext();
>
> and then analyze e.g. ctx.focusContext.primaryDelta /
> ctx.focusContext.secondaryDelta to see if there's a change on
> currentADDisplayName ... but it is really dirty.
>
> Maybe someone (Radovan?) could provide a better way. Or maybe we could
> implement this feature in the future.
>
> Best regards,
> Pavol
>
> On 12.04.2016 10:10, Roman Pudil - AMI Praha a.s. wrote:
>> Hi Pavol,
>> I am sorry.
>> Goal: If attribute $user/extension/currentADDisplayName is changed,
>> then search user with the same currentADDisplayName attribute value -
>> only with new value, not with old/removed value (duplicity); If
>> found, then throw exeption, else save new value.
>> Problem: This code is always performed, even if the attribute
>> $user/extension/currentADDisplayName does not change.
>> My suggestion: Check, if $user/extension/currentADDisplayName
>> currently changing. It is OK?
>> PS: It is some way to show some "alert window" in groovy similar to
>> javascript alert window?
>> <mapping>
>> <name>AD Display Name</name>
>> <strength>normal</strength>
>> <source>
>> <c:path>$user/name</c:path>
>> </source>
>> <source>
>> <c:path>$user/extension/currentADDisplayName</c:path>
>> </source>
>> <expression>
>> <script>
>> <relativityMode>relative</relativityMode>
>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>> <code>
>> import java.text.Normalizer;
>> import javax.xml.namespace.QName;
>> import com.evolveum.midpoint.prism.query.ObjectQuery;
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
>> import com.evolveum.midpoint.prism.query.EqualFilter;
>> import com.evolveum.midpoint.prism.query.AndFilter;
>> import com.evolveum.midpoint.prism.query.NotFilter;
>> import com.evolveum.midpoint.prism.path.ItemPath;
>> import com.evolveum.midpoint.prism.PrismConstants;
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
>> import
>> com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
>> import
>> com.evolveum.prism.xml.ns._public.types_3.ObjectReferenceType;
>> import com.evolveum.midpoint.schema.SelectorOptions;
>> import com.evolveum.midpoint.schema.GetOperationOptions;
>> import
>> com.evolveum.midpoint.model.api.PolicyViolationException;
>> import com.evolveum.midpoint.prism.polystring.PolyString;
>>
>> // vyhledat duplicitu na currentADDisplayName
>> // ------------ needs to be edited -----------------
>> searchAttrName = "currentADDisplayName"; // name of
>> attribute to search
>> searchAttrValue = currentADDisplayName; // value of
>> attribute to search (filled from definition in "source" path above)
>> searchAttrUserName = "name"; // name of attribute to
>> search
>> searchAttrUserValue = name; // value of attribute to
>> search (filled from definition in "source" path above)
>> // ------------ needs to be edited (END) -----------------
>>
>> boolean isNew =
>> com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluationContext.getThreadLocal().isEvaluateNew();
>> if (isNew && !basic.isEmpty(searchAttrValue)) {
>> def filters = [];
>> filters.add(NotFilter.createNot(EqualFilter.createEqual(new
>> ItemPath(new QName(searchAttrUserName)),
>> user.asPrismObject().getDefinition().findPropertyDefinition(new
>> QName(searchAttrUserName)), null, searchAttrUserValue)));
>> filters.add(EqualFilter.createEqual(new ItemPath(new
>> ItemPath(PrismConstants.EXTENSION_LOCAL_NAME), new
>> QName('http://ami.cz/xml/ns/userExtension', searchAttrName)),
>> user.asPrismObject().getExtension().getDefinition().findPropertyDefinition(new
>> QName(searchAttrName)), null, new String(searchAttrValue)));
>> filter = AndFilter.createAnd(filters);
>> // use midPoint Library method "searchObjects"
>> allUsers = midpoint.searchObjects(UserType.class,
>> ObjectQuery.createObjectQuery(filter));
>> if (allUsers.size() > 0 ) {
>> allUsers.each {
>> throw new
>> com.evolveum.midpoint.model.api.PolicyViolationException('>>>>>
>> Duplicitní AD Display Name ' + currentADDisplayName + ', toto Display
>> Name má již uživatel ' + it?.getName() + '. <<<<<');
>> }
>> } else {
>> return currentADDisplayName;
>> }
>> }
>> </code>
>> </script>
>> </expression>
>> <target>
>> <c:path>$user/extension/currentADDisplayName</c:path>
>> </target>
>> <condition>
>> <script>
>> <code>!basic.isEmpty(basic.stringify(currentADDisplayName))</code>
>> </script>
>> </condition>
>> <evaluationPhase>afterAssignments</evaluationPhase>
>> </mapping>
>> Regards
>> Roman Pudil
>>
>> Roman Pudil
>> solution architect
>>
>> gsm: [+420] 775 663 666
>> e-mail:roman.pudil at ami.cz
>>
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel./fax: [+420] 274 783 239
>> web:www.ami.cz
>>
>>
>>
>>
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>> výhradně písemnou formu.
>>
>> ------ Původní zpráva ------
>> Od: "Pavol Mederly" <mederly at evolveum.com <mailto:mederly at evolveum.com>>
>> Komu: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>> Odesláno: 12.4.2016 6:35:59
>> Předmět: Re: [midPoint] catch delta events in template
>>> Hello Roman,
>>>
>>> I'm not sure I understand what you're trying to achieve.
>>>
>>> Do you want to do something like this?
>>>
>>> " IF attribute X was changed
>>> THEN do something with attribute Y ?"
>>>
>>> Could you provide a more specific description, please?
>>>
>>> Best regards,
>>> Pavol
>>>
>>>
>>> On 11.04.2016 16:21, Roman Pudil - AMI Praha a.s. wrote:
>>>> Hi Ivan,
>>>> once more:
>>>> How to get (or check) in user template, that current attribute
>>>> is changing? How to do it? Some code about deltas?
>>>> Your script about "isNew" variable (see later) evaluates attribute
>>>> every time when user object is changed (without changing this
>>>> attribute).
>>>> Thanks!
>>>> Regards
>>>>
>>>> Roman Pudil
>>>> solution architect
>>>>
>>>> gsm: [+420] 775 663 666
>>>> e-mail:roman.pudil at ami.cz
>>>>
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Pláničkova 11
>>>> 162 00 Praha 6
>>>> tel./fax: [+420] 274 783 239
>>>> web:www.ami.cz
>>>>
>>>>
>>>>
>>>>
>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>> za společnost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>> výhradně písemnou formu.
>>>>
>>>> ------ Původní zpráva ------
>>>> Od: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>
>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>> Odesláno: 7.4.2016 13:15:00
>>>> Předmět: Re[2]: [midPoint] catch delta events in template
>>>>> Thanks! This works!
>>>>>
>>>>> Roman Pudil
>>>>> solution architect
>>>>>
>>>>> gsm: [+420] 775 663 666
>>>>> e-mail:roman.pudil at ami.cz
>>>>>
>>>>>
>>>>>
>>>>> AMI Praha a.s.
>>>>> Pláničkova 11
>>>>> 162 00 Praha 6
>>>>> tel./fax: [+420] 274 783 239
>>>>> web:http://www.ami.cz/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>
>>>>>
>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>> za společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>> ------ Původní zpráva ------
>>>>> Od: "Ivan Noris" <ivan.noris at evolveum.com>
>>>>> Komu: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>>>>> Odesláno: 7.4.2016 11:51:30
>>>>> Předmět: Re: [midPoint] catch delta events in template
>>>>>> Hi Roman,
>>>>>>
>>>>>> I was using this in user template to copy each change of
>>>>>> emailAddress attribute, i.e. only new addresses entered there, to
>>>>>> extended attribute allMailAddresses (to keep all previous addresses):
>>>>>>
>>>>>> <mapping>
>>>>>> <name>copy emailAddress on change</name>
>>>>>> <source>
>>>>>> <path>$user/employeeType</path>
>>>>>> </source>
>>>>>> <source>
>>>>>> <path>$user/emailAddress</path>
>>>>>> </source>
>>>>>> <expression>
>>>>>> <script>
>>>>>> <code>
>>>>>> boolean isNew =
>>>>>> com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluationContext.getThreadLocal().isEvaluateNew()
>>>>>> if (isNew && !basic.isEmpty(emailAddress)) return
>>>>>> emailAddress
>>>>>> </code>
>>>>>> </script>
>>>>>> </expression>
>>>>>> <target>
>>>>>> <path>$user/extension/allMailAddresses</path>
>>>>>> </target>
>>>>>> <condition>
>>>>>> <script>
>>>>>> <code>employeeType == 'EMP' || employeeType ==
>>>>>> 'EXT'</code>
>>>>>> </script>
>>>>>> </condition>
>>>>>> <evaluationPhase>afterAssignments</evaluationPhase>
>>>>>> </mapping>
>>>>>>
>>>>>> Regards,
>>>>>> Ivan
>>>>>>
>>>>>>
>>>>>> On 04/07/2016 11:45 AM, Roman Pudil - AMI Praha a.s. wrote:
>>>>>>> Hi all,
>>>>>>> how to catch delta events in user template (similar "events"
>>>>>>> objects in notifications)?
>>>>>>> Situation - example:
>>>>>>>
>>>>>>> 1.
>>>>>>> User has familyName = "oldFamilyName"
>>>>>>> 2.
>>>>>>> Helpdesk Operator change familyname (in GUI) from
>>>>>>> "oldFamilyName" to "newFamilyName"
>>>>>>> 3.
>>>>>>> I need catch (probably in User Template?) ONLY new value
>>>>>>> "newFamilyName" and operate with this.
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Regards
>>>>>>> Roman Pudil
>>>>>>>
>>>>>>> Roman Pudil
>>>>>>> solution architect
>>>>>>>
>>>>>>> gsm: [+420] 775 663 666
>>>>>>> e-mail:roman.pudil at ami.cz
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> AMI Praha a.s.
>>>>>>> Pláničkova 11
>>>>>>> 162 00 Praha 6
>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>> web:http://www.ami.cz/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>
>>>>>>>
>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani
>>>>>>> neuzavírá za společnost AMI Praha a.s.
>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>> výhradně písemnou formu.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>> --
>>>>>> Ing. Ivan Noris
>>>>>> Senior Identity Management Engineer & IDM Architect
>>>>>> evolveum.com evolveum.com/blog/
>>>>>> ___________________________________________________
>>>>>> "Semper ID(e)M Vix."
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160413/3970a1ed/attachment.htm>
More information about the midPoint
mailing list