[midPoint] how to remove values from attributes whose maxOccurs=unbounded
Oleksandr Nekriach
o.nekriach at dynatech.lv
Wed Jul 28 09:03:43 CEST 2021
Hi,
You can use Range for mapping to define authoritative behaviour.
Range
Specifies the range of the mapping (in mathematical sense). I.e. this specifies the values that the mapping can produce. Range specification makes sense only for authoritative mappings. If the range is specified then the mapping will scan existing values of the target property.
It will look for values that are there and that are also in the range of the mapping. If such values are not in the expression results, then such values will be removed (placed in the minus set).
https://docs.evolveum.com/midpoint/reference/expressions/mappings/#range
Best regards,
Oleksandr
On 27 Jul 2021, at 23:51, Hsin-Fang Hsu via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
Dear all,
I have an extension attribute (whose maxOccurs=” unbounded”) called “Access Requests”.
I want to modify and even remove some of its value based on the value of my connected resource.
For example, the GUI list shows:
<image001.png>
And I want to remove APP_HASTUS_ADD_PENDING from the list.
Does anyone know how I can do this with script?
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Here is what I tried but failed.
The main concept of what I tried is the following 4 steps:
(1) I can get all values shown in the GUI list
(i.e., list_access_request = [‘APP_BASEWARE’, ‘APP_HASTUS_ADD_PENDING’, ‘APP_HASTUS’])
def list_access_request = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests<http://midpoint.xxx.oo/xml/ns/extended-userobject',%20'accessRequests>'))
(2) I use this to remove all current values
user.setExtension(new ExtensionType())
(3) list_after_reset shows that the value indeed become empty afterwards.
def list_after_reset = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests<http://midpoint.xxx.oo/xml/ns/extended-userobject',%20'accessRequests>'))
(4) I removed some values in list_access_request and finally return list_access_request
Even the return value list_access_request is correct, the list shown in the GUI is still wrong: new values that wasn’t in the GUI list can be added but it’s not possible to remove any value from the GUI list.
This is the script of what I tried in the attribute of the resource:
<attribute>
<c:ref xmlns:ri=http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>ri:lifecycle_state</c:ref>
<displayName>lifecycle state is</displayName>
<limitations>
<access>
<read>true</read>
<add>true</add>
<modify>true</modify>
</access>
</limitations>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<source>
<name>requested_role</name>
<path>$projection/attributes/ri:requested_role</path>
</source>
<source>
<name>userName</name>
<path>$user/name</path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.schema.util.ObjectTypeUtil
// getCurrent accessRequests
def list_access_request = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests<http://midpoint.xxx.oo/xml/ns/extended-userobject',%20'accessRequests>'))
// remove unused requests
if (list_access_request == null) {
list_access_request = []
} else {
if (list_access_request.indexOf(requested_role) != -1) {
list_access_request.remove(list_access_request.indexOf(requested_role))
}
}
// modify request based on input
if (input == 0 | input == 1) {
list_access_request.add(userName + '_' + requested_role + '_ADD_PENDING')
} else if (input == 2) {
list_access_request.add(requested_role)
}
// reset accessRequests List
user.setExtension(new ExtensionType())
def list_after_reset = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.tpg.ch/xml/ns/extended-userobject', 'accessRequests<http://midpoint.tpg.ch/xml/ns/extended-userobject',%20'accessRequests>'))
log.info<http://log.info/>('-----after clean up, accessRequests is: ' + list_after_reset.toString())
log.info<http://log.info/>('------return accessRequests is: ' + list_access_request.toString())
return list_access_request
</code>
</script>
</expression>
<target>
<path>$user/extension/accessRequests</path>
</target>
</inbound>
</attribute>
This is the definition of the extension part
<xsd:element name="accessRequests" type="xsd:string" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>Access Requests</a:displayName>
<a:displayOrder>113</a:displayOrder>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Thank you very much for your help in advance!
Best regards,
Hsin-Fang
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210728/cb452046/attachment-0001.htm>
More information about the midPoint
mailing list