[midPoint] automatically unassign all roles on disable

Pascal PERICHON pascal.perichon at u-paris.fr
Thu Oct 12 12:34:27 CEST 2023 

Hi,

The documentation was not updated.

Something like that :

    /assignmentDelta = midpoint.deltaFor(UserType.class)

    /

    //for (AssignmentType assign : user.getAssignment()) {

              ...

    /        assignmentDelta =
    assignmentDelta.item(UserType.F_ASSIGNMENT).delete(assign)
    /

    /         ...
    /

    /}
    /

    /myDeltas = assignmentDelta.asItemDeltas()
    modelContext.getFocusContext().swallowToSecondaryDelta(myDeltas)/

    /modelContext.rot()
    /


You should call only one time "swallowToSecondaryDelta()": put it out of 
the "for" iteration.

Not sure that "assign.clone()" works: maybe (not sure) you should use 
only "assign".

Best regards et bon courage :)

Le 12/10/2023 à 11:58, Markus Calmius via midPoint a écrit :
> Hi,
>
> I am trying to figure out how to make sure all roles are unassigned 
> when a user is removed or disabled from HR.
> I've found: 
> https://docs.evolveum.com/midpoint/reference/concepts/clockwork/scripting-hooks/ which 
> contain Example 1 that should do the trick.
> Although, it doesn't quite work on 4.7.2 it seems, I get: "Expression 
> error: Groovy Evaluation Failed: No such property: ContainerDelta for 
> class: (new)_"
>
> Two questions:
>
>  1. is there an easier way?
>  2. trying to figure out what is wrong is not super easy, it's been
>     years since I actually coded. Any guidance is greatly appreciated.
>     I assume the createModificationDelete has changed some input
>     parameters
>
>
> I'm testing the script in the query playground with one disabled user.
> <expression>
>     <script>
> <code>
>             import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
>             import com.evolveum.midpoint.prism.*;
>
>    UserType user = (UserType) 
> midpoint.searchObjectByName(UserType.class, '<redacted username>');
>    ActivationStatusType administrativeStatus = 
> user.getActivation().getEffectiveStatus();
>    if (administrativeStatus == ActivationStatusType.DISABLED) {
>             for (AssignmentType assign : user.getAssignment()) {
>                     changed = false;
>                     assignmentDelta = 
> ContainerDelta.createModificationDelete(UserType.F_ASSIGNMENT, 
> UserType.class, prismContext, assign.clone());
> modelContext.getFocusContext().swallowToSecondaryDelta(assignmentDelta);
>                     changed = true;
>                 }
>                 if (changed) {
>                     modelContext.rot(); // this makes Projector to 
> recompute the model context
>                 }
>    }
> </code>
> </script>
> </expression>
>
> Thanks in Advance
> Markus
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231012/1c635090/attachment.htm>

More information about the midPoint mailing list