[midPoint] get the name of OrgType in filter

Emil Militzer emil.militzer at posteo.de
Sat Feb 5 21:15:29 CET 2022 

Hello,

You don’t have access to the name of the org in the expression context because inside the expression you need to compute the value list for the possible name parameters in the query.
If I understand your requirement correctly you want to allow the read access to all orgs which are configured in the Organisation attribute of the user.
Can you try the following configuration?
(It works with midpoint 4.3 and later, if you use an older version you can access midpoint.getPrincipal().getUser() to get the UserType object.)


<authorization>
    <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
    <object>
        <type>OrgType</type>
        <filter>
            <q:equal>
                <q:path>name</q:path>
                <expression>
                    <script>
                        <code>import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
                        return ((UserType)midpoint.getPrincipal().getFocus()).getOrganization()
                        </code>
                    </script>
                </expression>
            </q:equal>
        </filter>
    </object>
</authorization>

Kind Regards,
Emil


I want to restrict the authorization to view only OrgType that in a predefined list of each user.
Below is the code and I am wondering how to get something like the variable “thisInputOrgName”.
Any idea?

[cid:image001.png at 01D819DF.61DF3890 <https://lists.evolveum.com/mailman/listinfo/midpoint>]


Many thanks for the help in advance!

Best regards,
Hsin-Fang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220204/a22d90d1/attachment-0001.htm <https://lists.evolveum.com/pipermail/midpoint/attachments/20220204/a22d90d1/attachment-0001.htm>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 76589 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220204/a22d90d1/attachment-0001.png <https://lists.evolveum.com/pipermail/midpoint/attachments/20220204/a22d90d1/attachment-0001.png>>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220205/009fd3e9/attachment.htm>

More information about the midPoint mailing list