Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
4.2
-
version: 4.2.1-SNAPSHOT
git describe: v4.2support-5-g32d4296437
-
Active subscription
Description
Use - case:
Manager requests account construction role for employee
Request is created as a workflow case and approved by “security admin” role members
Notification is sent to manager (as the requester) with his new employees account information
Issue:
“recipientExpression” event handler for notifications contains the parameter requester set as the administrator user ->
requester = user:00000000-0000-0000-0000-000000000002(administrator)
This causes a problem retaining the email information from the actual requester and the expression ends with no recipients.
Misc:
I tried this request for a different user without the approval workflow and the requestor is set as the right user.
Adding policy rule :
<policyRule> <policyConstraints> <assignment> <operation>add</operation> </assignment> </policyConstraints> <policyActions> <approval> <condition> <script> <code>!midpoint.isDirectlyAssigned(actor,"FoooBaar") && !midpoint.isDirectlyAssigned(actor,"00000000-0000-0000-0000-000000000004")</code> </script> </condition> <compositionStrategy> <order>100</order> </compositionStrategy> <approvalSchema> <stage> <name>Role Assignment Approval</name> <approverRef type="RoleType"> <filter> <q:equal> <q:path>identifier</q:path> <q:value>Approver - Privileged Roles</q:value> </q:equal> </filter> <resolutionTime>run</resolutionTime> </approverRef> <evaluationStrategy>firstDecides</evaluationStrategy> <groupExpansion>onWorkItemCreation</groupExpansion> <outcomeIfNoApprovers>reject</outcomeIfNoApprovers> </stage> </approvalSchema> </approval> </policyActions> </policyRule>
Adding handler configuration:
<handler> <accountPasswordNotifier> <expressionFilter> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType"> <code> import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType; def inteintPool= ["foo","baar","fooz","bxx","cxx"] if (!event?.isShadowKind(ShadowKindType.ACCOUNT)){ return false } for (intentComapred in inteintPool){ if (event?.isShadowIntent(intentComapred)){ return true } } </code> </script> </expressionFilter> <recipientExpression> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType"> <code> def recs = [] requesteeItUserGLobal = basic.getExtensionPropertyValue(requestee, 'http://fooBaar.com/xml/ns/schema', 'itUserGlobal') isRequesteeMailEnabled = "2".equals(requesteeItUserGLobal) if(!isRequesteeMailEnabled || midpoint.hasArchetype(requestee, "ca3f9c9c-b694-436d-9509-9719bcadd7b3")){ if (requester!=null){ requesterMail = basic.getPropertyValue(requester, 'emailAddress') if (requesterMail!=null && !requesterMail.isEmpty()){ recs.add(requesterMail) log.info("### TEST notification: The requester mail: {}",requesterMail) } } }else{ requesteeMail = basic.getPropertyValue(requestee, 'emailAddress') log.info("### TEST notification: The requestee mail: {}",requesteeMail) recs.add(requesteeMail) } if (!(recs!=null && !recs.isEmpty())){ requesteeName = basic.getPropertyValue(requestee, 'name') log.warn("The notification for account activation for the user {} was not sent.", requesteeName); } this.binding.variables.each {k,v -> log.info "### TEST notification: vars: $k = $v"} return recs </code> </script> </recipientExpression> <subjectExpression> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType"> <code> return "Identity and Access Management System Notification" </code> </script> </subjectExpression> <bodyExpression> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType"> <code> import com.evolveum.midpoint.notifications.impl.notifiers.GeneralNotifier; import com.evolveum.midpoint.notifications.api.events.ModelEvent; import com.evolveum.midpoint.prism.delta.ObjectDelta; import com.evolveum.midpoint.notifications.api.events.ResourceObjectEvent; def inteintPool= ["foo","baar","fooz","bxx","cxx"] ResourceObjectEvent resourceObjectEvent = (ResourceObjectEvent) event loginName = basic.getPropertyValue(requestee, 'name') password = resourceObjectEvent.getPlaintextPassword() accountType = "" for (intentComapred in inteintPool){ if (event?.isShadowIntent(intentComapred)){ accountType = intentComapred break; } } loginName=accountType+"_"+loginName params = new HashMap() params.put("loginName", loginName) params.put("password", password) params.put("accountType", accountType) return emailTemplates.execute("getPasswordChangeNotificationPrivilegedBody", params) </code> </script> </bodyExpression> <contentType>text/html; charset=UTF-8</contentType> <transport>mail</transport> </accountPasswordNotifier> </handler>