[midPoint] remove roles from disabled users

Thu Jan 11 00:07:54 CET 2018

Hello All,

can someone help me with change of following script?  Script is removing 
roles from users that were administratively marked as disabled (activation 
status -> combobox). I would like to have it also in case that user is 
disabled by Valid To attribute.

<hook>

    <name>Remove assignments from disabled users</name>

    <state>secondary</state>

    <focusType>c:UserType</focusType>

    <script>

       <code>

            import com.evolveum.midpoint.prism.delta.*;

            import com.evolveum.midpoint.xml.ns._public.common.common_3.*;

            UserType user = (UserType) focus;

            ActivationStatusType administrativeStatus = user.getActivation()
.getAdministrativeStatus();

            if (administrativeStatus == ActivationStatusType.DISABLED) {    

                changed = false;              

                for (AssignmentType assign : user.getAssignment()) {

                    assignmentDelta = ContainerDelta.
createModificationDelete(UserType.F_ASSIGNMENT, UserType.class, 
prismContext, assign.clone());                                              

                    log.debug('Removing assignment ' + assignmentDelta + ' 
from disabled user ' + user.getName());                   

                    modelContext.getFocusContext().swallowToSecondaryDelta
(assignmentDelta);

                    changed = true;

                }

                if (changed) { 

                    modelContext.rot(); // this makes Projector to recompute
the model context

                }

            }

        </code>

    </script>

</hook>

Thanks Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180111/880d50d3/attachment.htm>