Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-6754

Event handlers - Requester as default administrator object oppose to actual requester

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 4.2
    • Fix Version/s: 4.3
    • Component/s: Notifications
    • Labels:
    • Environment:

      version: 4.2.1-SNAPSHOT
      git describe: v4.2support-5-g32d4296437

    • Subscription:
      Active subscription

      Description

      Use - case:
      Manager requests account construction role for employee
      Request is created as a workflow case and approved by “security admin” role members
      Notification is sent to manager (as the requester) with his new employees account information

      Issue:

      “recipientExpression” event handler for notifications contains the parameter requester set as the administrator user ->
      requester = user:00000000-0000-0000-0000-000000000002(administrator)

      This causes a problem retaining the email information from the actual requester and the expression ends with no recipients.

      Misc:
      I tried this request for a different user without the approval workflow and the requestor is set as the right user.

      Adding policy rule :

      <policyRule>
                  <policyConstraints>
                      <assignment>
                      	<operation>add</operation>
                      </assignment>
                  </policyConstraints>
                  <policyActions>
                      <approval>
         		  <condition>
                      		<script>
                                  <code>!midpoint.isDirectlyAssigned(actor,"FoooBaar") &amp;&amp; !midpoint.isDirectlyAssigned(actor,"00000000-0000-0000-0000-000000000004")</code>
                      		</script>
              	   </condition>
                          <compositionStrategy>
                              <order>100</order>
                          </compositionStrategy>
                          <approvalSchema>
                              <stage>
                                  <name>Role Assignment Approval</name>
                                  <approverRef type="RoleType">
                                      <filter>
                                          <q:equal>
                                              <q:path>identifier</q:path>
                                              <q:value>Approver - Privileged Roles</q:value>
                                          </q:equal>
                                      </filter>
                                      <resolutionTime>run</resolutionTime>
                                  </approverRef>
                                  <evaluationStrategy>firstDecides</evaluationStrategy>
                                  <groupExpansion>onWorkItemCreation</groupExpansion>
                                  <outcomeIfNoApprovers>reject</outcomeIfNoApprovers>
                              </stage>
                          </approvalSchema>
                      </approval>
                  </policyActions>
              </policyRule>
      

      Adding handler configuration:

       <handler>
                  <accountPasswordNotifier>
                      <expressionFilter>
                          <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
                              <code>
                              import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
                              
                             
                              def inteintPool= ["foo","baar","fooz","bxx","cxx"]
                              
                              
                              
                              if (!event?.isShadowKind(ShadowKindType.ACCOUNT)){
                              return false
                              }
                              
                              
                              
                              for (intentComapred in inteintPool){
                              	if (event?.isShadowIntent(intentComapred)){
                              	
                              	return true
                              	}
                              }
                              
                              
                              </code>
                          </script>
                      </expressionFilter>
                      <recipientExpression>
                          <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
                              <code>
            				def recs = []
      
                          requesteeItUserGLobal = basic.getExtensionPropertyValue(requestee, 'http://fooBaar.com/xml/ns/schema', 'itUserGlobal')
                          isRequesteeMailEnabled = "2".equals(requesteeItUserGLobal)
                          
                          	if(!isRequesteeMailEnabled || midpoint.hasArchetype(requestee, "ca3f9c9c-b694-436d-9509-9719bcadd7b3")){
      
          						if (requester!=null){
          						
                          		 requesterMail = basic.getPropertyValue(requester, 'emailAddress')
      								if (requesterMail!=null &amp;&amp; !requesterMail.isEmpty()){
      		
      									recs.add(requesterMail) 
      log.info("### TEST notification: The requester mail: {}",requesterMail)
      								}                    	
                          		}
                          	 
                          	}else{
                          		requesteeMail = basic.getPropertyValue(requestee, 'emailAddress')
      log.info("### TEST notification: The requestee mail: {}",requesteeMail)
      							recs.add(requesteeMail) 
                          	}
                          
                          if (!(recs!=null &amp;&amp; !recs.isEmpty())){
                          requesteeName = basic.getPropertyValue(requestee, 'name')
                          	
                          	log.warn("The notification for account activation for the user {} was not sent.", requesteeName);
                          	
                          }
      					
      this.binding.variables.each {k,v -&gt; log.info "### TEST notification:  vars: $k = $v"}
                       
                       return recs
                          </code>
                          </script>
                      </recipientExpression>
                      <subjectExpression>
                          <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
                              <code>
      	                    return "Identity and Access Management System Notification"
      	                </code>
                          </script>
                      </subjectExpression>
                      <bodyExpression>
                          <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
                              <code>          
      	                   import com.evolveum.midpoint.notifications.impl.notifiers.GeneralNotifier;
      	                   import com.evolveum.midpoint.notifications.api.events.ModelEvent;
      	                   import com.evolveum.midpoint.prism.delta.ObjectDelta;
      	                   import com.evolveum.midpoint.notifications.api.events.ResourceObjectEvent;
      	           
                             def inteintPool= ["foo","baar","fooz","bxx","cxx"]
                      
            
      	                   ResourceObjectEvent resourceObjectEvent = (ResourceObjectEvent) event
      	           
      	                   loginName = basic.getPropertyValue(requestee, 'name')
      	                  
      	                   password = resourceObjectEvent.getPlaintextPassword()
      	                 
      					   accountType = ""
      					
      						
      						for (intentComapred in inteintPool){
                      	        	if (event?.isShadowIntent(intentComapred)){
                              	
                          	    	accountType = intentComapred
                          	    	break;
                              	}
                              }
      
      	                   loginName=accountType+"_"+loginName
      	                   params = new HashMap()
      
      	                   params.put("loginName", loginName)
      	                   params.put("password", password)
      	                   params.put("accountType", accountType)
      
      	                   return emailTemplates.execute("getPasswordChangeNotificationPrivilegedBody", params)
      	                   </code>
                          </script>
                      </bodyExpression>
                      <contentType>text/html; charset=UTF-8</contentType>
                      <transport>mail</transport>
                  </accountPasswordNotifier>
              </handler>
      

        Attachments

          Activity

            People

            Assignee:
            mmacik Matus Macik
            Reporter:
            mmacik Matus Macik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: