[midPoint] Problem with role with manager approval
Aivo Kuhlberg
aivo.kuhlberg at rmit.ee
Fri Aug 12 13:47:09 CEST 2016
Hi Pavol,
Here is the log:
2016-08-12 14:49:02,001 [] [http-nio-8083-exec-9] TRACE (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): orgOids: [5b763e10-6c87-4a38-babb-067447f95f73]
2016-08-12 14:49:02,003 [] [http-nio-8083-exec-9] TRACE (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): retval: []
2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] TRACE (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): nextLevelOids: []
2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] WARN (com.evolveum.midpoint.wf.impl.processes.itemApproval.InitializeLoopThroughApproversInLevel): No approvers at the level 'null' for process Assigning testrole-needsmanagerapproval to testuser (id 10193)
and here are objects (credentials removed):
testorg: http://pastebin.com/1rX21Chs
testuser: http://pastebin.com/8iXPbefJ
testmanager: http://pastebin.com/PiKAcKdg
Regards,
Aivo
________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol Mederly <mederly at evolveum.com>
Saadetud: 12. august 2016 14:09
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] Problem with role with manager approval
Hello Aivo,
that's interesting. It should work. I don't see any obvious problem; but have not enough time to try it myself now.
You could enable TRACE logging for com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl and run your test once again.
If still no clue, please paste here relevant parts of the log, as well as XML of your testuser, testmanager, testorg objects.
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 12.08.2016 13:00, Aivo Kuhlberg wrote:
Hello,
I am trying to test (in MP 3.4) the situation where user requests a role which requires user's organization manager approval but so far have not succeded.
I created following role (based on Sensitive Role 3 example here: https://wiki.evolveum.com/display/midPoint/Some+examples )
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>>
<name>testrole-needsmanagerapproval</name>
<requestable>true</requestable>
<approverExpression>
<description>Get user's managers (except the user itself)</description>
<script>
<code>midpoint.getManagersOidsExceptUser(object)</code>
</script>
</approverExpression>
</role>
I have created users testuser and testmanager and added both to the organization testorg as members and also testmanager as manager.
I added role Approver to testmanager.
Now when I request the role "testrole-needsmanagerapproval" for user testuser the role gets automatically assigned without manager approval. Seems that the getManagersOidsExceptUser function does not find any manager for that user and therefore approves automatically this role. Why it is so?
Best regards,
Aivo Kuhlberg
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160812/446751e6/attachment.htm>
More information about the midPoint
mailing list