[midPoint] Dynamically set approvers of an approval step

Ezequiel Alonso ealonso at identicum.com
Tue Apr 3 23:15:35 CEST 2018


 Hello Petr, thanks for your answer!

The role that we are trying to set approver actually doesn't have any
approver, that's why we are trying to set it dynamically from the
information of the user object that is being assign.
The user object of the request have an attribute (extension attribute
managerName) that references to an attribute value of another user (name),
so what we need to do is get that attribute from the user, search for the
user that meet that criteria and return the approver oid for the
ApproverExpression.

What we have up to now is the following script:

<approverExpression>
    <script>
          <code>
               import com.evolveum.midpoint.xml.ns._
public.common.common_3.*;
               import java.util.*;

               managerName = basic.getExtensionPropertyValue(object, '
http://midpoint.identicum.com/xml/ns/metaPerson', 'managerName');
               log.debug("Manager Name : " + managerName);

               userInMPQuery = QueryBuilder.queryFor(UserType.class,
getPrismContext()).item(UserType.F_NAME).eq(managerName).build();
               userInMP = midpoint.searchObjects(UserType.class,
userInMPQuery);

               log.debug(" Query Result" + userInMP.get(0).toString());

               return userInMP.get(0).getOid();
          </code>
     <script>
</approverExpression>

But for some reason we are not getting any value from that query, we get
the "managerName" value successfully but then we can't search for the users
that meet that criteria.

Can anyone give us a clue on how can we execute a query with that criteria ?

Thanks!


2018-03-28 6:15 GMT-03:00 <petr.kulheim at ibacz.eu>:

> Hi Ezequiel,
> actually we are using metarole with policyRule in inducement with
> approverExpression, e.g.:
> <inducement id="1">
>          <policyRule>
>             <policyConstraints>
>                <assignment>
>                   <operation>add</operation>
>                   <relation>q:any</relation>
>                </assignment>
>             </policyConstraints>
>             <policyActions>
>                <approval>
>                   <compositionStrategy>
>                      <order>20</order>
>                   </compositionStrategy>
>                   <approvalSchema>
>                      <level>
>                         <name>Role Approvers</name>
>                         <approverExpression>
>                            <script xsi:type="c:
> ScriptExpressionEvaluatorType">
>                               <code>
>                                 import com.evolveum.midpoint.xml.ns._
> public.common.common_3.*;
>                                 import java.util.*;
>
>                                 //object - user's  object whom the
> approval is related to
>
>                                 roleApproverRefs = target.getApproverRef();
>                                 approvers = [];
>                                 for (user in roleApproverRefs) {
>                                        approvers.add(user.getOid());
>                                 }
>                                 return approvers;
>                             </code>
>                            </script>
>                         </approverExpression>
>                         <evaluationStrategy>firstDecides</
> evaluationStrategy>
>                         <outcomeIfNoApprovers>reject</
> outcomeIfNoApprovers>
>                         <duration>PT1H</duration>
>                         <timedActions>
>                            <actions>
>                               <complete>
>                                  <outcome>reject</outcome>
>                               </complete>
>                            </actions>
>                         </timedActions>
>                      </level>
>                   </approvalSchema>
>                </approval>
>             </policyActions>
>          </policyRule>
> </inducement>
>
> Perhaps you can use *object*  and/or *target * objects and provide your
> list of approvers.
>
> Hope it helps
>
> Best regard
>
>
>
> Petr Kulheim
> JEE Developer
>
> IBA CZ, s.r.o.
> Office: Petržílkova 2565/23, 158 00 Praha, CZ
> Phone: +420 603 272826
> E-mail: petr.kulheim at ibacz.eu
>
> [image: IBACZ email signature]
> <http://www.ibacz.eu/email-signature/index.html>
>
>
>
>
>
>
> From:        Ezequiel Alonso <ealonso at identicum.com>
> To:        midpoint at lists.evolveum.com
> Date:        27/03/2018 23:23
> Subject:        [midPoint] Dynamically set approvers of an approval step
> Sent by:        "midPoint" <midpoint-bounces at lists.evolveum.com>
> ------------------------------
>
>
>
> Hello,
>
> We are trying to figure out how to set approvers of an approval step using
> a certain criteria instead of using references to roles or organizations as
> it is on several examples on the documentation.
>
> For example, if a user that is requesting a role needs an approval, then
> the approver should be the user that is referenced on an extension
> attribute of the user, so to set it as an approver, we need to get that
> attribute from the user then search the users that meets that condition in
> order to set it as the approver.
>
> Is this possible or we can only set approvers by members of a role or
> members of an Org.
>
> Thanks!
>
> --
> *Ezequiel Alonso*
> * I*
>
> *denticum S.A. Jorge Newbery 3226, Argentina Tel: +54 (11) 4552-3050*
> *ealonso at identicum.com* <ealonso at identicum.com>
> *www.identicum.com* <http://www.identicum.com/>_____________
> __________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> ------------------------------
> Disclaimer:
>
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it.
> It may contain confidential or legally privileged information.
> If you are not the intended recipient you are hereby notified that any
> disclosure, copying, distribution or taking any action in reliance on the
> contents of this information is strictly prohibited and may be unlawful.
> If you have received this communication in error, please notify us
> immediately by forwarding this email to ict at ibacz.eu and then delete it
> from your system.
> IBA Group is neither liable for the proper and complete transmission of
> the information contained in this communication nor for any delay in its
> receipt.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
*Ezequiel Alonso*



*Identicum S.A.Jorge Newbery 3226, ArgentinaTel: +54 (11) 4552-3050*

*ealonso at identicum.com <ealonso at identicum.com>www.identicum.com
<http://www.identicum.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180403/9dd94b8d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 48578 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180403/9dd94b8d/attachment.png>


More information about the midPoint mailing list