The following approval-related operations are currently available via REST service:
- starting an approval process,
- determining the status of the approval process.
The following is doable, but currently only using an unsupported "hack":
- approving or rejecting an item (i.e. the actual decision making).
In this document we'll show how to carry out these operations.
Starting an approval process
In midPoint the approval process is started automatically when an operation requiring approval is started. I.e. there's no special "start an approval process" method.
Let us illustrate this on an example.
This is user
This is role
sensitive that we want to assign to
The role has an approver, named
Paul has an assignment to role
sensitive with a relation of
approver, so it is an approver for all assignments of that role.
Now let's start the approval process. We will do that by assigning role
special to user
The above XML is sent to the REST service and it will be applied (as an object delta) to object
peter. It has one item delta, in particular creation of an assignment to
d4930444-c5e5-4710-af96-19f79eb078cb i.e. to the
The response is then like this:
I.e. the operation was successful.
Determining the status of the approval process
The approval processes are wrapped into the task objects. So they can be retrieved just like any other using the REST search operation. The only difference is that the work items that are part of the task objects are not retrieved by default, so they have to be requested explicitly. An example:
The above search query returns all approval processes that deal with the user
peter and are stil waiting to be resolved.
Note that there are two kinds of approval-related tasks:
- Operation-level tasks, covering the whole operation. Each operation can consist of one or more elementary actions, like "add assignment to role R1", "add assignment to role R2", "remove assignment of role R3".
- Individual approval tasks; each covering a single elementary action, like "add assignment to role R1". Each such task corresponds to a single approval process.
The above query would result in the following (some comments added):
Approving or rejecting a work item
This is currently not supported via REST directly. However, it can be achieved using a workaround (an euphemism for really ugly hack):
Note that you have to provide correct work item ID as the first parameter of
Unfortunately, the approval/rejection is logged under
administrator account. It is not possible to use non-admin account to carry out this action, because Groovy script execution requires the strongest authorization (because of the security implications).