Skip to content

Commit

Permalink
Merge pull request #167 from internet2/pc_July23
Browse files Browse the repository at this point in the history 
changes for midpoint's grouper resource
  • Loading branch information
@pcaskey
pcaskey authored Oct 12, 2023
2 parents 55498e9 + 8fade63 commit 12b973b
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 59 deletions.
40 changes: 37 additions & 3 deletions ...server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,14 @@
</variable>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.midpoint.schema.constants.*
import com.evolveum.midpoint.schema.*
import javax.xml.namespace.*
import com.evolveum.midpoint.util.*
import com.evolveum.midpoint.prism.path.*
import com.evolveum.midpoint.prism.polystring.*
import com.evolveum.midpoint.prism.PrismContainer.*
import com.evolveum.midpoint.prism.polystring.*
import com.evolveum.midpoint.prism.PrismContainer.*

def nameunique = false
def uidunique = false
Expand Down Expand Up @@ -126,4 +126,38 @@
</condition>
</mapping>
</item>

<mapping>
<description>
This mapping will remove assignments with grouper-grouper subtype for all users who don't have account linked on Grouper resource.
This is addressing the situation when a user account on Grouper resource is deleted and therefore is not logner synchronized.
Also, this will clean up all grouper-group assignments that shouldn't exist. We want such assignments exist only if they exists in Grouper resource.
</description>
<strength>strong</strength>
<expression>
<script>
<code>
return null
</code>
</script>
</expression>
<target>
<path>assignment</path>
<set>
<condition>
<script>
<code>
//OID points to Grouper resource
if(!midpoint.hasLinkedAccount('fb0bbf07-e33f-4ddd-85a1-16a7edc237f2')) {
return assignment?.subtype?.contains('grouper-group')
} else {
return false
}
</code>
</script>
</condition>
</set>
</target>
</mapping>

</objectTemplate>
62 changes: 6 additions & 56 deletions ...idpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper-new.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,12 @@
<synchronize/>
</actions>
</reaction>
<reaction>
<situation>deleted</situation>
<actions>
<synchronize/>
</actions>
</reaction>
</synchronization>

</objectType>
Expand Down Expand Up @@ -289,62 +295,6 @@
<fetchStrategy>explicit</fetchStrategy>
</attribute>

<association>
<ref>ri:subjects</ref>
<inbound>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>name</q:path>
<expression>
<script>
<code>
def groupName;
if (entitlement!=null){
def attrs = entitlement.getAttributes();
pcvi = attrs.asPrismContainerValue().getItems();

for (obj in pcvi){
if (obj.isSingleValue()){

if("uid".equals(obj?.getElementName().toString())){

groupName = obj?.getValue()?.getRealValue()

//TODO remove log
log.info("The group name: " +groupName)

return groupName
}
}
}

}

return groupName;
</code>
</script>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</inbound>
<kind>account</kind>
<intent>default</intent>
<direction>subjectToObject</direction>
<associationAttribute>ri:members</associationAttribute>
<valueAttribute>icfs:uid</valueAttribute>
<shortcutAssociationAttribute>ri:member_of</shortcutAssociationAttribute>
<shortcutValueAttribute>icfs:uid</shortcutValueAttribute>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity>
</association>

<correlation>
<correlators>
<items>
Expand Down

0 comments on commit 12b973b

Please sign in to comment.