[midPoint] Problem with role with manager approval

Pavol Mederly mederly at evolveum.com
Fri Aug 12 14:09:08 CEST 2016 

Aivo,


this is really strange.


I've imported your objects (testorg, testuser, testmanager, and 
testrole-needsmanagerapproval). Assigned testrole-needsmanagerapproval 
to testuser and it works...



It's true that I have 3.5-SNAPSHOT, but I don't know of any differences 
in the code in this respect...


Just to be sure, could you try on master? Or, could you enable a TRACE 
logging on:

  * com.evolveum.midpoint.repo.sql.helpers.ObjectRetriever
  * com.evolveum.midpoint.repo.sql.query2

and try again? (Unfortunately, this would produce tons of log data.)

Pavol Mederly
Software developer
evolveum.com

On 12.08.2016 13:47, Aivo Kuhlberg wrote:
>
> Hi Pavol,
>
> Here is the log:
> 2016-08-12 14:49:02,001 [] [http-nio-8083-exec-9] TRACE 
> (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): 
> orgOids: [5b763e10-6c87-4a38-babb-067447f95f73]
> 2016-08-12 14:49:02,003 [] [http-nio-8083-exec-9] TRACE 
> (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): retval: []
> 2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] TRACE 
> (com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl): 
> nextLevelOids: []
> 2016-08-12 14:49:02,004 [] [http-nio-8083-exec-9] WARN 
> (com.evolveum.midpoint.wf.impl.processes.itemApproval.InitializeLoopThroughApproversInLevel): 
> No approvers at the level 'null' for process Assigning 
> testrole-needsmanagerapproval to testuser (id 10193)
>
> and here are objects (credentials removed):
>
> testorg: http://pastebin.com/1rX21Chs
>
> testuser: http://pastebin.com/8iXPbefJ
>
> testmanager: http://pastebin.com/PiKAcKdg
>
>
> Regards,
>
> Aivo
>
> ------------------------------------------------------------------------
> *Saatja:* midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol 
> Mederly <mederly at evolveum.com>
> *Saadetud:* 12. august 2016 14:09
> *Adressaat:* midpoint at lists.evolveum.com
> *Teema:* Re: [midPoint] Problem with role with manager approval
>
> Hello Aivo,
>
>
> that's interesting. It should work. I don't see any obvious problem; 
> but have not enough time to try it myself now.
>
>
> You could enable TRACE logging for 
> com.evolveum.midpoint.model.impl.expr.OrgStructFunctionsImpl and run 
> your test once again.
>
> If still no clue, please paste here relevant parts of the log, as well 
> as XML of your testuser, testmanager, testorg objects.
>
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
> On 12.08.2016 13:00, Aivo Kuhlberg wrote:
>>
>> Hello,
>>
>> I am trying to test (in MP 3.4) the situation where user requests a 
>> role which requires user's organization manager approval but so far 
>> have not succeded.
>> I created following role (based on Sensitive Role 3 example here: 
>> https://wiki.evolveum.com/display/midPoint/Some+examples )
>>
>> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>> <name>testrole-needsmanagerapproval</name>
>> <requestable>true</requestable>
>> <approverExpression>
>> <description>Get user's managers (except the user itself)</description>
>>         <script>
>> <code>midpoint.getManagersOidsExceptUser(object)</code>
>>         </script>
>> </approverExpression>
>> </role>
>>
>> I have created users testuser and testmanager and added both to the 
>> organization testorg as members and also testmanager as manager.
>> I added role Approver to testmanager.
>> Now when I request the role "testrole-needsmanagerapproval" for user 
>> testuser the role gets automatically assigned without manager 
>> approval. Seems that the getManagersOidsExceptUser function does not 
>> find any manager for that user and therefore approves automatically 
>> this role. Why it is so?
>>
>> Best regards,
>>
>> Aivo Kuhlberg
>>
>>
>> ------------------------------------------------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
>> tunnistatud teavet.
>> This e-mail may contain information which is classified for official 
>> use.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160812/29fb888b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: leoghikfppkfmgij.png
Type: image/png
Size: 43137 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160812/29fb888b/attachment.png>

More information about the midPoint mailing list