<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>Thanks for that explanation and now things are more clear:</p>
- "operation" is related to the whole focus object<br>
- as explain in the documentation "Constraint that triggers on focal
object modification, addition or deletion"<br>
- operation=modify, item=emailAddress, triggers when modify
emailAddress of existing user (i.e. modification of focal object).<br>
<br>
operation=modify constraint on UserType object is triggered when I
add, modify<b> AND DELETE</b> the attribute "emailAddress"
(modification of focal object) :<br>
<br>
<i> <policyConstraints></i><br>
<i>
<modification></i><br>
<i>
<operation>modify</operation></i><br>
<i>
<item>emailAddress</item></i><br>
<i>
</modification></i><br>
<i>
<policyConstraints></i><br>
<br>
It works as explained in the documentation, that's great.<br>
It was not working for me for delete because I didn't see that I put
a filter in the globalPolicyRule :<br>
<p> <q:not><br>
<q:equal><br>
<q:path>emailAddress</q:path><br>
</q:equal><br>
</q:not><br>
</p>
<p>ooppss<br>
</p>
<p>Thanks</p>
<p>---
<br>
Pascal Périchon
<br>
Université Paris Cité <br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Le 21/06/2024 à 09:54, Slavek
Licehammer via midPoint a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:88c9d74c-3c17-4f99-9cff-74f0c14b2edd@evolveum.com">Hi
Pascal.
<br>
<br>
The "operation" is related to the whole focus object, in this case
the User object. The "item" specifies that modification of
configured item needs to be part of the operation.
<br>
<br>
Examples when the individual constraints are triggered:
<br>
<br>
operation=add, item=emailAddress
<br>
Triggers when you create (ADD) a new user who has non-empty
emailAddress.
<br>
<br>
operation=modify, item=emailAddress
<br>
Triggers when modify emailAddress of existing user. Technically
you are modifying the user object and item=emailAddress means the
emailAddress property needs to be part of the modification.
<br>
<br>
operation=delete, item=emailAddress
<br>
Triggers when you delete a user who has non-empty emailAddress.
Operation is delete, so you need to delete the whole user object
to trigger it. Having also item=emailAddress means the policy will
trigger only if emailAddress will be changed as part of deletion
of the User. In other words, if emailAddress is non-empty it will
be modified as part of the deletion of the whole object and
therefore it will trigger the policy.
<br>
<br>
Hope this helps.
<br>
<br>
Slavek
<br>
<br>
<br>
<br>
On 20/06/2024 16:44, Pascal PERICHON via midPoint wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I've got a problem to understand how works the
"<operation>delete</operation>" in the following
example : I want to add/update a field
dateOfModificationOfTheMail when we add/update the
field emailAddress, or delete this date when emailAddress is
deleted :
<br>
<br>
/ <globalPolicyRule>
<br>
// <focusSelector>
<br>
<type>UserType</type>
<br>
</focusSelector>
<br>
// <policyConstraints>
<br>
<modification>
<br>
<operation>add</operation>
<br>
<operation>modify</operation>
<br>
<operation>delete</operation>
<br>
<item>emailAddress</item>
<br>
</modification>
<br>
</policyConstraints>
<br>
<policyActions>
<br>
<scriptExecution>
<br>
<executeScript
xmlns:s=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">"http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"</a>><br>
<s:action>
<br>
<s:type>execute-script</s:type>
<br>
<s:parameter>
<br>
<s:name>script</s:name>
<br>
<value
xsi:type="c:ScriptExpressionEvaluatorType">
<br>
<code>
<br>
log.info("------> I
should add/update the field dateOfModificationOfTheMail or
delete this date the mail is deleted")
<br>
</code>
<br>
</value>
<br>
</s:parameter>
<br>
</s:action>
<br>
</executeScript>
<br>
</scriptExecution>
<br>
</policyActions>
<br>
</globalPolicyRule>
<br>
/
<br>
<br>
it works fine for operation=add/modify but nothing is triggered
for operation=delete.
<br>
<br>
I tried to remove all operations tags (supposed to act like if
add/modify/delete tags are all there): same result.
<br>
<br>
The documentation
/<a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/devel/design/policy-constraints/#currently-implemented-constraints/">https://docs.evolveum.com/midpoint/devel/design/policy-constraints/#currently-implemented-constraints/</a>
seems to say that's implemented (I use midPoint 4.4.8).
<br>
<br>
Any ideas ?
<br>
<br>
Thanks
<br>
<br>
---
<br>
<br>
Pascal Périchon
<br>
Université Paris Cité
<br>
<br>
_______________________________________________
<br>
midPoint mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
<br>
</blockquote>
_______________________________________________
<br>
midPoint mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
<br>
</blockquote>
</body>
</html>