[midPoint] assignment checking

Pavol Mederly mederly at evolveum.com
Thu Jun 30 15:27:29 CEST 2016


Hello Oskar,

I don't quite understand your situation.

 1. You create a user of 'employee' type and automatically assign him
    Employee role. OK.
 2. Then he leaves the company.
 3. You say that his account is cancelled by assigning ExpiredEmployee role.

Why don't you simply unassign the Employee role?

---

But back to your question: you can simply check all directly assigned 
roles by iterating through user.getAssignment() objects (of 
AssignmentType), and selecting those with getTargetRef() != null and 
getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).

Best regards,

Pavol


On 28.06.2016 15:15, Oskar Butovič - AMI Praha a.s. wrote:
> Hello All,
>
> I am trying to check in mapping in user template wether the user has 
> particular role.
>
> for example following scenario
> i create new user with identityType (extension parameter) employee. I 
> wan to assign role Employee to users with this type.
> in some time employee leaves company and his account is cancelled by 
> assigning expiredEmployee role
>
> i understand that so far it can be made by setting 
> <authoritative>true</authoritative>
>
> but i also want for this role to be kept when user is editted ad his 
> identity Type is no longer employee.
>
> this could be done with <authoritative>false</authoritative> but it 
> then prevent prevoius scenario. If i would be able to check current 
> roles of the user i could accomplish all required behaviour 
> with <authoritative>true</authoritative>.
>
> Do you have any advice or code snippet how to resolve this problem?
>
> Regards
>
> Oskar Butovič
>
> -- 
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
> 			
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 			
>
> AMI Praha a.s.
>
>
> AMI Praha a.s. 
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/04ef3d65/attachment.htm>


More information about the midPoint mailing list