[midPoint] Condition expression: Org assignment with relation
Wojciech Staszewski
wojciech.staszewski at diagnostyka.pl
Sat Mar 17 23:18:53 CET 2018
OK, thanks!
Finally I've got it working with this condition script:
<condition>
result = false;
assignments = user.getAssignment();
for (assName in assignments) {
relation =
assName.getTargetRef()?.getRelation()?.getLocalPart()?.toString();
type =
assName.getTargetRef()?.getType()?.getLocalPart()?.toString();
status = assName.getActivation()?.getEffectiveStatus()?.toString();
if ( type == 'OrgType' && relation == 'manager'
&& status == 'ENABLED' ) { result = true; }
}
return result;
</condition>
W dniu 16.03.2018 o 09:17, Ivan Noris pisze:
>
> Hi Wojciech,
>
> I only did something /similar/ but not exactly what you need.
>
> I wanted to have an conditional inducement in my metarole, that would
> only return true if the role is not assigned with manager relation.
> (Actually this is from the midPoint Advanced Customization training.)
>
> . . .
>
> <inducement>
> <description>Inducement to create an account as a projection
> of user having assigned an organization with this metarole.</description>
> <construction>
> <description>Creates an account for user, and associates
> with group created for the organization assigned to the
> user.</description>
> <resourceRef oid="3961ffc8-2209-11e8-8018-7738b0ea3fa2"
> type="c:ResourceType"/>
> <kind>account</kind>
> <intent>default</intent>
> <association>
> <ref>ri:ldapOrgGroup</ref>
> <outbound>
> <strength>strong</strength>
> * <source>
> <path>$focusAssignment/targetRef</path><!-- XXX to
> get relation -->
> </source>
> * <expression>
> <associationFromLink>
> <projectionDiscriminator>
> <kind>entitlement</kind>
> <intent>ldapOrgGroup</intent>
> </projectionDiscriminator>
> </associationFromLink>
> </expression>
> * <condition>**
> ** <script>**
> ** <code>**
> **import com.evolveum.midpoint.schema.constants.SchemaConstants;**
> **
> **if (targetRef != null) {**
> ** //log.info("LDAP Org Metarole targetRef relation is: {} ",
> targetRef.getRelation())**
> ** if (targetRef.getRelation() != SchemaConstants.ORG_MANAGER) {**
> ** return true**
> ** }**
> **}**
> ** </code>**
> ** </script>**
> ** </condition>*
> </outbound>
> </association>
> <strength>weak</strength><!-- Will not create account unless
> it already exists -->
> </construction>
> <order>2</order>
> <focusType>UserType</focusType>
> </inducement>
> . . .
>
> I believe you can have a mapping in the object template that will have
> assignments as a source, and you need to iterate through them and
> check all that are OrgType and where relation is org:manager. I don't
> have this handy, but maybe someone else has.
>
> Best regards,
> Ivan
>
> On 15.03.2018 20:06, Wojciech Staszewski wrote:
>> Hello!
>>
>> Maybe I wrote my post somehow unclear...
>> I'm looking for condition expression for mapping in the user template,
>> that assign specified role to an organization manager.
>>
>> So I have to check if the user has an active assignment of Org type with
>> org:manager relation.
>> Unfortunately I don't know how to do it, I cannot find any example in
>> the wiki or mailing list archives.
>>
>> Any help appreciated.
>> Thanks a lot!
>> WS
>>
>>
>> W dniu 05.03.2018 o 08:38, Wojciech Staszewski pisze:
>>> Hello!
>>>
>>> I have to make a mapping condition expression that checks if the user
>>> has assignment of Org type with Manager relation.
>>> What methods should I use for this?
>>>
>>> Thanks!
>>> WS
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180317/6fc341b7/attachment.htm>
More information about the midPoint
mailing list