Details
Blocker Description
I have a filter in an authorization that works in the query playground and advanced filter search, but it doesn't work in an authorization. It seems to be related to being an objectReference from a UserType extension. Built in objectReferences seem to work in the object filters.
I did manage to get an AXIOM filter to work for this, but I need to be able to use 'actor.oid' to pull the oid from the currently signed in user. If that's possible with AXIOM and I just missed it, I don't have a problem with using it, I just don't see a way to use non-literal values in an AXIOM query.
XML Query:
<authorization>
<name>target-read</name>
<description>Authorization that allows to read users the signed in user manages and their accounts</description>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<object>
<type>UserType</type>
<filter>
<q:ref>
<q:path>extension/supervisorRef</q:path>
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
ObjectReferenceType ort = new ObjectReferenceType();
ort.setOid(actor.oid);
ort.setType(UserType.COMPLEX_TYPE);
return ort;
</code>
</script>
</expression>
</q:ref>
</filter>
</object>
<object>
<type>ShadowType</type>
</object>
</authorization>