<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Oh I forgot: there is one more option how to find out about org
being added or removed:</p>
<p>You can go through <b>modelContext.evaluatedAssignmentTriple</b>.
That structure contains assignments that were added, deleted, or
kept unchanged. I'm not sure if that structure is correctly
filled-in in the final stage, though. An inspiration can be found
in the <a moz-do-not-send="true"
href="https://github.com/Evolveum/midpoint/blob/v3.7/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/HasAssignmentConstraintEvaluator.java">HasAssignmentConstraintEvaluator
class</a>. But again, it is only a hint. You'd need to play a
bit (or a lot) with that to see how it works.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 02.02.2018 15:27, Pavol Mederly
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ea173c5b-2c38-b520-be8f-b577552f30ea@evolveum.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>I'm sure more people on this list did something like that. I
don't have a code ready, so I can provide just a few hints:</p>
<ol>
<li><b>modelContext</b> variable holds the whole context of the
operation (see <a moz-do-not-send="true"
href="https://github.com/Evolveum/midpoint/blob/v3.7/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java">LensContext</a>)<br>
</li>
<li><b>modelContext.focusContext.primaryDelta</b> contains the
primary delta</li>
<li>And here comes the hard part :) First of all, you should
skip processing if the <b>delta.isDelete()</b> is true - the
object is being deleted<br>
</li>
<li>Then you have to find out what assignments are being added
or removed... either you manually treat <b>delta.isAdd()</b>
case (object is being added) and <b>delta.isModify()</b> case
(there is a list of item deltas to be applied), or you use <b>delta.factorOut(Collections.singletonList(new
ItemPath(FocusType.F_ASSIGNMENT)), true)</b> method that
would provide you with item deltas related to assignments.</li>
<li>You would need through the assignment values being added or
deleted to find out if any of them is relevant for your case.</li>
</ol>
<p>I know it is quite hard, but definitely doable. I hope someone
here has the code.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 02.02.2018 15:11, Alcides Carlos
de Moraes Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMLLNmkeNcbw-4VNK7NWYFs_ZW0P4nVAMXzJSa2yvq0jS3Pcxw@mail.gmail.com">
<div dir="ltr">
<div>
<div>I think that would work, yes. Nice feature, I didn't
know about it.<br>
<br>
</div>
How would one detect a new assignment? Are there more
examples?<br>
<br>
</div>
Thanks!<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-02-02 12:00 GMT-02:00 Pavol
Mederly <span dir="ltr"><<a
href="mailto:mederly@evolveum.com" target="_blank"
moz-do-not-send="true">mederly@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>I think I understand. One option (although maybe not
the cleanest and nicest one) would be this:</p>
<p>You could write a <a
href="https://wiki.evolveum.com/display/midPoint/Scripting+Hooks"
target="_blank" moz-do-not-send="true">scripting
hook</a> that would detect when a user is added to
the organization. The hook would be attached to the
final state, so it would be activated only after the
whole operation is executed. If the hook detects that
the organization assignment was recently added, it
would start a new operation of adding all the roles
from the default set for that organization.</p>
<p>The new operation would contain new assignments in
its primary delta, so they could be approved or
rejected, as necessary.</p>
<p>But the approved roles would stay with the user
indefinitely, even after he is unassigned from the
organization. If you'd need to change this, you'd have
to implement another hook that would take care of
that.</p>
<p>Hope this helps,<br>
</p>
<span class="">
<pre class="m_-7510766948931513366moz-signature" cols="72">Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
</span>
<div>
<div class="h5">
<div class="m_-7510766948931513366moz-cite-prefix">On
02.02.2018 14:45, Alcides Carlos de Moraes Neto
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Hi Pavol,<br>
<br>
</div>
Thanks for the help. This is what I'm trying
to accomplish: I want to be able to configure
a set of roles to be a default set for an
organization. For the roles I want to be
applied every time, I can just use
inducements, or mappings, from the OrgType,
that's easy.<br>
</div>
<div>But I wanted some of the roles to be upon
approval only, and I wanted the approval
workflow to happen automatically, so as soon
as the new employee is in the Org, his manager
gets notified to approve his roles.<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-02-01 19:36
GMT-02:00 Pavol Mederly <span dir="ltr"><<a
href="mailto:mederly@evolveum.com"
target="_blank" moz-do-not-send="true">mederly@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello Alcides Carlos,</p>
<p>yes, it is intended so. There are some
conceptual reasons behind it, mainly
along the line of how we should react to
rejection.</p>
<p>What's your use case? Why do you want
to approve something that was given by
the mapping?</p>
<p>Best regards,<br>
</p>
<pre class="m_-7510766948931513366m_39755774036504307moz-signature" cols="72">Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
<div>
<div class="m_-7510766948931513366h5">
<div
class="m_-7510766948931513366m_39755774036504307moz-cite-prefix">On
01.02.2018 21:19, Alcides Carlos de
Moraes Neto wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="m_-7510766948931513366h5">
<div dir="ltr">
<div>
<div>Hello list,<br>
<br>
</div>
I have a role that has a policy
rule for approval by the user's
manager. It works when I assign
the role to a user manually.<br>
</div>
<br>
However, I now have a mapping in
user template for this role.
Assignments from this mapping do
not start the approval workflow.
Is this intended? Is there a way
to require approval from role
assigned from mappings?<br>
</div>
<br>
<fieldset
class="m_-7510766948931513366m_39755774036504307mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-7510766948931513366m_39755774036504307moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-7510766948931513366m_39755774036504307moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset
class="m_-7510766948931513366mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-7510766948931513366moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-7510766948931513366moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>