usecase/workflow/certificationRoles.bpmn20.xml

	certificationRoles.bpmn20.xml revision d1d86cce199bac0cae2564859cdce940fc674efc
d1d86cce199bac0cae2564859cdce940fc674efcomebold<?xml version="1.0" encoding="UTF-8"?>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold<definitions id="definitions"
d1d86cce199bac0cae2564859cdce940fc674efcomebold             xmlns="http://www.omg.org/spec/BPMN/20100524/MODEL"
d1d86cce199bac0cae2564859cdce940fc674efcomebold             xmlns:activiti="http://activiti.org/bpmn"
d1d86cce199bac0cae2564859cdce940fc674efcomebold             targetNamespace="Examples" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
d1d86cce199bac0cae2564859cdce940fc674efcomebold             xsi:schemaLocation="
d1d86cce199bac0cae2564859cdce940fc674efcomebold             http://www.omg.org/spec/BPMN/20100524/MODEL http://local.openicf.forgerock.org/BPMN20.xsd">
d1d86cce199bac0cae2564859cdce940fc674efcomebold    <process id="certification" name="Certification process">
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <startEvent id="start" activiti:initiator="startUserId" />
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="start" targetRef="readUserData"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <scriptTask id="readUserData" name="Prepare Task" scriptFormat="groovy">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <script><![CDATA[
d1d86cce199bac0cae2564859cdce940fc674efcomebold                user = openidm.read('managed/user/' + userId);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                userName = user.userName;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                givenName = user.givenName;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                sn = user.sn;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                mail = user.mail;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                department = user.department;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                params = [ _queryId: 'getManager', userId: userId];
d1d86cce199bac0cae2564859cdce940fc674efcomebold                candidateManagers = openidm.query('endpoint/getusermanager', params).result;
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                availableRoles = openidm.query('managed/role', [_queryId:'query-all-ids']).result;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                roles = [];
d1d86cce199bac0cae2564859cdce940fc674efcomebold                availableRoles.each {
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    roles.push([rid:'managed/role/' + it._id, name:it._id, dynamic:false, actualManaged:false, newManaged:false]);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                }
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                user.effectiveRoles.each {
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    role = roles.find {e -> e.rid.equals(it)};
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    if (role != null) {
d1d86cce199bac0cae2564859cdce940fc674efcomebold                        role.dynamic = !user.roles.contains(it);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                        role.actualManaged = true;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                        role.newManaged = true;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    }
d1d86cce199bac0cae2564859cdce940fc674efcomebold                }
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('userName', userName);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('givenName', givenName);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('sn', sn);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('mail', mail);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('department', department);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('candidateManagers', candidateManagers);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('roles', roles);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('availableRoles', availableRoles);
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                decisionOptions = [ 'change':'Change', 'certify':'Certify', 'escalate':'Escalate'];
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('decisionOptions', decisionOptions);
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                ]]>
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </script>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </scriptTask>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="readUserData" targetRef="managerApproval"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <userTask id="managerApproval" name="Role Status Check" activiti:candidateUsers="${candidateManagers}" activiti:formKey="certificationRolesForm.xhtml">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <extensionElements>
d1d86cce199bac0cae2564859cdce940fc674efcomebold                <activiti:taskListener event="assignment" expression="${execution.setVariable('assignedManager', task.assignee)}" />
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </extensionElements>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </userTask>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="managerApproval" targetRef="managerDecisionMadeGateway"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <exclusiveGateway id="managerDecisionMadeGateway" name="Manager Decision Made" default="endProcess"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="managerDecisionMadeGateway" targetRef="changeDecisionOptions">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <conditionExpression xsi:type="tFormalExpression"><![CDATA[ ${decision=='escalate'} ]]>
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </conditionExpression>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </sequenceFlow>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="managerDecisionMadeGateway" targetRef="patchManagedUser">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <conditionExpression xsi:type="tFormalExpression"><![CDATA[ ${decision=='change'} ]]>
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </conditionExpression>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </sequenceFlow>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <scriptTask id="changeDecisionOptions"  scriptFormat="groovy">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <script>
d1d86cce199bac0cae2564859cdce940fc674efcomebold                newdecisionOptions = [ 'change':'Change' , 'certify':'Certify'];
d1d86cce199bac0cae2564859cdce940fc674efcomebold                execution.setVariable('decisionOptions', newdecisionOptions);
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </script>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </scriptTask>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="changeDecisionOptions" targetRef="administratorApproval"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <userTask id="administratorApproval" name="Access Status Check" activiti:assignee="superadmin" activiti:formKey="certificationRolesForm.xhtml">
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </userTask>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <exclusiveGateway id="adminDecisionMadeGateway" name="Administrator Decision Made"  default="endEscalation"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="administratorApproval" targetRef="adminDecisionMadeGateway"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <scriptTask id="patchManagedUser" scriptFormat="groovy">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <script><![CDATA[
d1d86cce199bac0cae2564859cdce940fc674efcomebold                availableRoles.each {
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    role = roles.find {e -> e.name.equals(it._id)};
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    role.newManaged = execution.hasVariable(it._id+'_newManaged') || role.dynamic;
d1d86cce199bac0cae2564859cdce940fc674efcomebold                }
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                user = openidm.read('managed/user/' + userId);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                newManagedRoles = user.roles.findAll {it.startsWith('openidm-')}.toList();
d1d86cce199bac0cae2564859cdce940fc674efcomebold                roles.each {
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    if (it.newManaged && !it.dynamic) {
d1d86cce199bac0cae2564859cdce940fc674efcomebold                        newManagedRoles.push(it.rid);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                    }
d1d86cce199bac0cae2564859cdce940fc674efcomebold                }
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                patchParams = [[operation:'replace', field: 'roles', value : newManagedRoles]];
d1d86cce199bac0cae2564859cdce940fc674efcomebold                openidm.patch('managed/user/'+userId, null, patchParams);
d1d86cce199bac0cae2564859cdce940fc674efcomebold                ]]>
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </script>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </scriptTask>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="patchManagedUser" targetRef="sendAcceptNotification"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <scriptTask id="sendAcceptNotification" scriptFormat="groovy">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <script>
d1d86cce199bac0cae2564859cdce940fc674efcomebold                java.text.SimpleDateFormat formatUTC = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.S'Z'");
d1d86cce199bac0cae2564859cdce940fc674efcomebold                formatUTC.setTimeZone(TimeZone.getTimeZone("UTC"));
d1d86cce199bac0cae2564859cdce940fc674efcomebold                requestDate = formatUTC.format(new Date());
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                def requesterNotification = [
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "receiverId": userId,
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "requesterId" : "",
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "requester" : "",
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "createDate" : requestDate,
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "notificationType" : "info",
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "notificationSubtype" : "",
d1d86cce199bac0cae2564859cdce940fc674efcomebold                "message" : "Your system access was reviewed by your manager"
d1d86cce199bac0cae2564859cdce940fc674efcomebold                ];
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold                openidm.create('repo/ui/notification/', null, requesterNotification);
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </script>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </scriptTask>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="sendAcceptNotification" targetRef="end"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow sourceRef="adminDecisionMadeGateway" targetRef="patchManagedUser">
d1d86cce199bac0cae2564859cdce940fc674efcomebold            <conditionExpression xsi:type="tFormalExpression"><![CDATA[ ${decision=='change'} ]]>
d1d86cce199bac0cae2564859cdce940fc674efcomebold            </conditionExpression>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        </sequenceFlow>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow id ="endProcess" sourceRef="managerDecisionMadeGateway" targetRef="end"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <sequenceFlow id ="endEscalation" sourceRef="adminDecisionMadeGateway" targetRef="end"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold        <endEvent id="end"/>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold    </process>
d1d86cce199bac0cae2564859cdce940fc674efcomebold
d1d86cce199bac0cae2564859cdce940fc674efcomebold</definitions>