[midPoint] Problem with role with manager approval

Aivo Kuhlberg aivo.kuhlberg at rmit.ee
Fri Aug 12 13:47:09 CEST 2016 

Hi Pavol,

Here is the log:
2016-08-12 14:49:02,001 [] [http-nio-8083-exec-9] TRACE (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): orgOids: [5b763e10-6c87-4a38-babb-067447f95f73]
2016-08-12 14:49:02,003 [] [http-nio-8083-exec-9] TRACE (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): retval: []
2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] TRACE (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): nextLevelOids: []
2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] WARN (com.evolveum.midpoint.wf.impl.processes.itemApproval.InitializeLoopThroughApproversInLevel): No approvers at the level 'null' for process Assigning testrole-needsmanagerapproval to testuser (id 10193)

and here are objects (credentials removed):

testorg: http://pastebin.com/1rX21Chs

testuser: http://pastebin.com/8iXPbefJ

testmanager: http://pastebin.com/PiKAcKdg


Regards,

Aivo

________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol Mederly <mederly at evolveum.com>
Saadetud: 12. august 2016 14:09
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] Problem with role with manager approval


Hello Aivo,


that's interesting. It should work. I don't see any obvious problem; but have not enough time to try it myself now.


You could enable TRACE logging for com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl and run your test once again.

If still no clue, please paste here relevant parts of the log, as well as XML of your testuser, testmanager, testorg objects.


Best regards,

Pavol Mederly
Software developer
evolveum.com


On 12.08.2016 13:00, Aivo Kuhlberg wrote:

Hello,

I am trying to test (in MP 3.4) the situation where user requests a role which requires user's organization manager approval but so far have not succeded.
I created following role (based on Sensitive Role 3 example here: https://wiki.evolveum.com/display/midPoint/Some+examples )

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>>
    <name>testrole-needsmanagerapproval</name>
    <requestable>true</requestable>
    <approverExpression>
        <description>Get user's managers (except the user itself)</description>
        <script>
            <code>midpoint.getManagersOidsExceptUser(object)</code>
        </script>
    </approverExpression>
</role>

I have created users testuser and testmanager and added both to the organization testorg as members and also testmanager as manager.
I added role Approver to testmanager.
Now when I request the role "testrole-needsmanagerapproval" for user testuser the role gets automatically assigned without manager approval. Seems that the getManagersOidsExceptUser function does not find any manager for that user and therefore approves automatically this role. Why it is so?


Best regards,

Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160812/446751e6/attachment.htm>

More information about the midPoint mailing list