[midPoint] parametrized authorization
Pascal PÉRICHON
pascal.perichon at u-paris.fr
Fri Feb 26 12:01:49 CET 2021
Hi,
I need in an authorization to know which value is actually presented by
<q:path>extension/listeAffectations</q:path>.
The problem is that "extension/listeAffectations" in users accounts is a
multi-valued field, and I need to compare this value presented by the
authorisation with another in a mutivalued field in the "actor" account.
Looking for the good groovy code.
<authorization>
<name>delegations-users-read-modify</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
<object>
<type>UserType</type>
<filter>
<q:and>
</q:equal>
<q:path>extension/listeAffectations</q:path>
<expression>
<script>
<code>
// the groovy code to know which
value is actually presented
// by
<q:path>extension/listeAffectations</q:path>
// to the variable actor or subject
return
the_good_choosen_value_depending_of_context;
</code>
</script>
</expression>
</q:equal>
</q:and>
</filter>
</object>
<item>emailAddress</item>
<item>extension/telephonePersonnel</item>
</authorization>
I checked with "this.binding.variables.each {k,v -> log.info("{} = {}",
k, v)};" to find this data... but nothing easy.
I know that maybe it's not the way that midpoint is working, but it's
for a very specific use and I can't use an organization structure.
any help ?
thanks a lot
-------
*Pascal PÉRICHON*
Responsable du référentiel d'identités
Direction des systèmes d'information et du numérique
Université de Paris
Bâtiment les Grands Moulins - Aile A - Bureau 721A
5 rue Thomas Mann 75013 Paris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210226/e84bada9/attachment.htm>
More information about the midPoint
mailing list