<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I'm sure more people on this list did something like that. I
don't have a code ready, so I can provide just a few hints:</p>
<ol>
<li><b>modelContext</b> variable holds the whole context of the
operation (see <a moz-do-not-send="true"
href="https://github.com/Evolveum/midpoint/blob/v3.7/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java">LensContext</a>)<br>
</li>
<li><b>modelContext.focusContext.primaryDelta</b> contains the
primary delta</li>
<li>And here comes the hard part :) First of all, you should skip
processing if the <b>delta.isDelete()</b> is true - the object
is being deleted<br>
</li>
<li>Then you have to find out what assignments are being added or
removed... either you manually treat <b>delta.isAdd()</b> case
(object is being added) and <b>delta.isModify()</b> case (there
is a list of item deltas to be applied), or you use <b>delta.factorOut(Collections.singletonList(new
ItemPath(FocusType.F_ASSIGNMENT)), true)</b> method that would
provide you with item deltas related to assignments.</li>
<li>You would need through the assignment values being added or
deleted to find out if any of them is relevant for your case.</li>
</ol>
<p>I know it is quite hard, but definitely doable. I hope someone
here has the code.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 02.02.2018 15:11, Alcides Carlos de
Moraes Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMLLNmkeNcbw-4VNK7NWYFs_ZW0P4nVAMXzJSa2yvq0jS3Pcxw@mail.gmail.com">
<div dir="ltr">
<div>
<div>I think that would work, yes. Nice feature, I didn't know
about it.<br>
<br>
</div>
How would one detect a new assignment? Are there more
examples?<br>
<br>
</div>
Thanks!<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-02-02 12:00 GMT-02:00 Pavol
Mederly <span dir="ltr"><<a
href="mailto:mederly@evolveum.com" target="_blank"
moz-do-not-send="true">mederly@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>I think I understand. One option (although maybe not
the cleanest and nicest one) would be this:</p>
<p>You could write a <a
href="https://wiki.evolveum.com/display/midPoint/Scripting+Hooks"
target="_blank" moz-do-not-send="true">scripting hook</a>
that would detect when a user is added to the
organization. The hook would be attached to the final
state, so it would be activated only after the whole
operation is executed. If the hook detects that the
organization assignment was recently added, it would
start a new operation of adding all the roles from the
default set for that organization.</p>
<p>The new operation would contain new assignments in its
primary delta, so they could be approved or rejected, as
necessary.</p>
<p>But the approved roles would stay with the user
indefinitely, even after he is unassigned from the
organization. If you'd need to change this, you'd have
to implement another hook that would take care of that.</p>
<p>Hope this helps,<br>
</p>
<span class="">
<pre class="m_-7510766948931513366moz-signature" cols="72">Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
</span>
<div>
<div class="h5">
<div class="m_-7510766948931513366moz-cite-prefix">On
02.02.2018 14:45, Alcides Carlos de Moraes Neto
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Hi Pavol,<br>
<br>
</div>
Thanks for the help. This is what I'm trying to
accomplish: I want to be able to configure a set
of roles to be a default set for an
organization. For the roles I want to be applied
every time, I can just use inducements, or
mappings, from the OrgType, that's easy.<br>
</div>
<div>But I wanted some of the roles to be upon
approval only, and I wanted the approval
workflow to happen automatically, so as soon as
the new employee is in the Org, his manager gets
notified to approve his roles.<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-02-01 19:36
GMT-02:00 Pavol Mederly <span dir="ltr"><<a
href="mailto:mederly@evolveum.com"
target="_blank" moz-do-not-send="true">mederly@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello Alcides Carlos,</p>
<p>yes, it is intended so. There are some
conceptual reasons behind it, mainly along
the line of how we should react to
rejection.</p>
<p>What's your use case? Why do you want to
approve something that was given by the
mapping?</p>
<p>Best regards,<br>
</p>
<pre class="m_-7510766948931513366m_39755774036504307moz-signature" cols="72">Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
<div>
<div class="m_-7510766948931513366h5">
<div
class="m_-7510766948931513366m_39755774036504307moz-cite-prefix">On
01.02.2018 21:19, Alcides Carlos de
Moraes Neto wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="m_-7510766948931513366h5">
<div dir="ltr">
<div>
<div>Hello list,<br>
<br>
</div>
I have a role that has a policy
rule for approval by the user's
manager. It works when I assign
the role to a user manually.<br>
</div>
<br>
However, I now have a mapping in
user template for this role.
Assignments from this mapping do not
start the approval workflow. Is this
intended? Is there a way to require
approval from role assigned from
mappings?<br>
</div>
<br>
<fieldset
class="m_-7510766948931513366m_39755774036504307mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-7510766948931513366m_39755774036504307moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-7510766948931513366m_39755774036504307moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset
class="m_-7510766948931513366mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-7510766948931513366moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-7510766948931513366moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>