[midPoint] how to remove values from attributes whose maxOccurs=unbounded
Fabian Noll-Dukiewicz
fabian.noll-dukiewicz at fndit.de
Wed Jul 28 08:58:01 CEST 2021
Hi Hsin-Fang,
you need to use “range” in your inbound mapping. It is described in the documentation:
* https://docs.evolveum.com/midpoint/reference/expressions/mappings/inbound-mapping/#range-of-inbound-mappings
With range you can replace all values from source, instead of just add new values.
Kind regards,
Fabian
Von: Hsin-Fang Hsu <hsin-fang.hsu at itconcepts.ch>
Datum: Dienstag, 27. Juli 2021 um 22:51
An: MidPoint Mailing List <midpoint at lists.evolveum.com>
Betreff: [midPoint] how to remove values from attributes whose maxOccurs=unbounded
Dear all,
I have an extension attribute (whose maxOccurs=” unbounded”) called “Access Requests”.
I want to modify and even remove some of its value based on the value of my connected resource.
For example, the GUI list shows:
[cid:image001.png at 01D7838E.AAE83BA0]
And I want to remove APP_HASTUS_ADD_PENDING from the list.
Does anyone know how I can do this with script?
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Here is what I tried but failed.
The main concept of what I tried is the following 4 steps:
(1) I can get all values shown in the GUI list
(i.e., list_access_request = [‘APP_BASEWARE’, ‘APP_HASTUS_ADD_PENDING’, ‘APP_HASTUS’])
def list_access_request = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests'))
(2) I use this to remove all current values
user.setExtension(new ExtensionType())
(3) list_after_reset shows that the value indeed become empty afterwards.
def list_after_reset = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests'))
(4) I removed some values in list_access_request and finally return list_access_request
Even the return value list_access_request is correct, the list shown in the GUI is still wrong: new values that wasn’t in the GUI list can be added but it’s not possible to remove any value from the GUI list.
This is the script of what I tried in the attribute of the resource:
<attribute>
<c:ref xmlns:ri=http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>ri:lifecycle_state</c:ref>
<displayName>lifecycle state is</displayName>
<limitations>
<access>
<read>true</read>
<add>true</add>
<modify>true</modify>
</access>
</limitations>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<source>
<name>requested_role</name>
<path>$projection/attributes/ri:requested_role</path>
</source>
<source>
<name>userName</name>
<path>$user/name</path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.schema.util.ObjectTypeUtil
// getCurrent accessRequests
def list_access_request = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.xxx.oo/xml/ns/extended-userobject', 'accessRequests'))
// remove unused requests
if (list_access_request == null) {
list_access_request = []
} else {
if (list_access_request.indexOf(requested_role) != -1) {
list_access_request.remove(list_access_request.indexOf(requested_role))
}
}
// modify request based on input
if (input == 0 | input == 1) {
list_access_request.add(userName + '_' + requested_role + '_ADD_PENDING')
} else if (input == 2) {
list_access_request.add(requested_role)
}
// reset accessRequests List
user.setExtension(new ExtensionType())
def list_after_reset = ObjectTypeUtil.getExtensionPropertyValues(focus, new javax.xml.namespace.QName('http://midpoint.tpg.ch/xml/ns/extended-userobject', 'accessRequests'))
log.info('-----after clean up, accessRequests is: ' + list_after_reset.toString())
log.info('------return accessRequests is: ' + list_access_request.toString())
return list_access_request
</code>
</script>
</expression>
<target>
<path>$user/extension/accessRequests</path>
</target>
</inbound>
</attribute>
This is the definition of the extension part
<xsd:element name="accessRequests" type="xsd:string" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>Access Requests</a:displayName>
<a:displayOrder>113</a:displayOrder>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Thank you very much for your help in advance!
Best regards,
Hsin-Fang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210728/4ebedb09/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18701 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210728/4ebedb09/attachment-0001.png>
More information about the midPoint
mailing list