[midPoint] Problem with role with manager approval
Pavol Mederly
mederly at evolveum.com
Fri Aug 12 14:09:08 CEST 2016
Aivo,
this is really strange.
I've imported your objects (testorg, testuser, testmanager, and
testrole-needsmanagerapproval). Assigned testrole-needsmanagerapproval
to testuser and it works...
It's true that I have 3.5-SNAPSHOT, but I don't know of any differences
in the code in this respect...
Just to be sure, could you try on master? Or, could you enable a TRACE
logging on:
* com.evolveum.midpoint.repo.sql.helpers.ObjectRetriever
* com.evolveum.midpoint.repo.sql.query2
and try again? (Unfortunately, this would produce tons of log data.)
Pavol Mederly
Software developer
evolveum.com
On 12.08.2016 13:47, Aivo Kuhlberg wrote:
>
> Hi Pavol,
>
> Here is the log:
> 2016-08-12 14:49:02,001 [] [http-nio-8083-exec-9] TRACE
> (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl):
> orgOids: [5b763e10-6c87-4a38-babb-067447f95f73]
> 2016-08-12 14:49:02,003 [] [http-nio-8083-exec-9] TRACE
> (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): retval: []
> 2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] TRACE
> (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl):
> nextLevelOids: []
> 2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] WARN
> (com.evolveum.midpoint.wf.impl.processes.itemApproval.InitializeLoopThroughApproversInLevel):
> No approvers at the level 'null' for process Assigning
> testrole-needsmanagerapproval to testuser (id 10193)
>
> and here are objects (credentials removed):
>
> testorg: http://pastebin.com/1rX21Chs
>
> testuser: http://pastebin.com/8iXPbefJ
>
> testmanager: http://pastebin.com/PiKAcKdg
>
>
> Regards,
>
> Aivo
>
> ------------------------------------------------------------------------
> *Saatja:* midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol
> Mederly <mederly at evolveum.com>
> *Saadetud:* 12. august 2016 14:09
> *Adressaat:* midpoint at lists.evolveum.com
> *Teema:* Re: [midPoint] Problem with role with manager approval
>
> Hello Aivo,
>
>
> that's interesting. It should work. I don't see any obvious problem;
> but have not enough time to try it myself now.
>
>
> You could enable TRACE logging for
> com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl and run
> your test once again.
>
> If still no clue, please paste here relevant parts of the log, as well
> as XML of your testuser, testmanager, testorg objects.
>
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
> On 12.08.2016 13:00, Aivo Kuhlberg wrote:
>>
>> Hello,
>>
>> I am trying to test (in MP 3.4) the situation where user requests a
>> role which requires user's organization manager approval but so far
>> have not succeded.
>> I created following role (based on Sensitive Role 3 example here:
>> https://wiki.evolveum.com/display/midPoint/Some+examples )
>>
>> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>> <name>testrole-needsmanagerapproval</name>
>> <requestable>true</requestable>
>> <approverExpression>
>> <description>Get user's managers (except the user itself)</description>
>> <script>
>> <code>midpoint.getManagersOidsExceptUser(object)</code>
>> </script>
>> </approverExpression>
>> </role>
>>
>> I have created users testuser and testmanager and added both to the
>> organization testorg as members and also testmanager as manager.
>> I added role Approver to testmanager.
>> Now when I request the role "testrole-needsmanagerapproval" for user
>> testuser the role gets automatically assigned without manager
>> approval. Seems that the getManagersOidsExceptUser function does not
>> find any manager for that user and therefore approves automatically
>> this role. Why it is so?
>>
>> Best regards,
>>
>> Aivo Kuhlberg
>>
>>
>> ------------------------------------------------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
>> tunnistatud teavet.
>> This e-mail may contain information which is classified for official
>> use.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160812/29fb888b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: leoghikfppkfmgij.png
Type: image/png
Size: 43137 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160812/29fb888b/attachment.png>
More information about the midPoint
mailing list