[midPoint] how to remove values from attributes whose maxOccurs=unbounded

Hsin-Fang Hsu hsin-fang.hsu at itconcepts.ch
Tue Jul 27 22:51:50 CEST 2021


Dear all,

I have an extension attribute (whose maxOccurs=” unbounded”) called “Access Requests”.
I want to modify and even remove some of its value based on the value of my connected resource.


For example, the GUI list shows:
[cid:image001.png at 01D78335.6F16A7A0]
And I want to remove APP_HASTUS_ADD_PENDING from the list.


Does anyone know how I can do this with script?


-----------------------------------------------------------------------------------------------------------------------------------------------------------
Here is what I tried but failed.
The main concept of what I tried is the following 4 steps:
(1) I can get all values shown in the GUI list
(i.e., list_access_request = [‘APP_BASEWARE’, ‘APP_HASTUS_ADD_PENDING’, ‘APP_HASTUS’])

def list_access_request = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests'))

(2) I use this to remove all current values

user.setExtension(new ExtensionType())

(3) list_after_reset shows that the value indeed become empty afterwards.

def list_after_reset = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests'))

(4) I removed some values in list_access_request and finally return list_access_request


Even the return value list_access_request is correct, the list shown in the GUI is still wrong: new values that wasn’t in the GUI list can be added but it’s not possible to remove any value from the GUI list.






This is the script of what I tried in the attribute of the resource:
<attribute>
    <c:ref xmlns:ri=http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>ri:lifecycle_state</c:ref>
    <displayName>lifecycle state is</displayName>
    <limitations>
        <access>
            <read>true</read>
            <add>true</add>
            <modify>true</modify>
        </access>
    </limitations>
    <tolerant>true</tolerant>
    <exclusiveStrong>false</exclusiveStrong>
    <inbound>
        <authoritative>true</authoritative>
        <exclusive>false</exclusive>
        <strength>strong</strength>
        <source>
            <name>requested_role</name>
            <path>$projection/attributes/ri:requested_role</path>
        </source>
        <source>
            <name>userName</name>
            <path>$user/name</path>
        </source>
        <expression>
            <script>
                <code>
                    import com.evolveum.midpoint.schema.util.ObjectTypeUtil

                    // getCurrent accessRequests
                    def list_access_request = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests'))

                    // remove unused requests
                    if (list_access_request == null) {
                        list_access_request = []
                    } else {
                        if (list_access_request.indexOf(requested_role) != -1) {
                            list_access_request.remove(list_access_request.indexOf(requested_role))
                        }
                    }

                    // modify request based on input
                    if (input == 0 | input == 1) {
                        list_access_request.add(userName + '_' + requested_role + '_ADD_PENDING')
                    } else if (input == 2) {
                        list_access_request.add(requested_role)
                    }


                    // reset accessRequests List
                    user.setExtension(new ExtensionType())
                    def list_after_reset = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.tpg.ch/xml/ns/extended-userobject', 'accessRequests'))
                    log.info('-----after clean up, accessRequests  is: ' + list_after_reset.toString())

                    log.info('------return accessRequests is: ' + list_access_request.toString())
                    return list_access_request

                </code>
            </script>
        </expression>
        <target>
            <path>$user/extension/accessRequests</path>
        </target>
    </inbound>
</attribute>



This is the definition of the extension part

<xsd:element name="accessRequests" type="xsd:string" minOccurs="0" maxOccurs="unbounded">
    <xsd:annotation>
        <xsd:appinfo>
            <a:indexed>true</a:indexed>
            <a:displayName>Access Requests</a:displayName>
            <a:displayOrder>113</a:displayOrder>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>




Thank you very much for your help in advance!


Best regards,
Hsin-Fang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210727/7e6a596a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18700 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210727/7e6a596a/attachment-0001.png>


More information about the midPoint mailing list