Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

That's it. The variable legal is a special-purpose variable that is available in the activation mappings. It is set to true if the account is legal. That means if there is a valid assignment for that account or if the account is allowed by any other policy (such as Projection Policy). The legal variable is set to false if there is no "habeas corpus" for that account. I.e. the account should not be there. What this mapping does is that it will simply pass the user's administrative status (which is stored in the input variable) in case that the account is legal. But it will always set the account status to disabled if the account is not legal.

Even more

Even more complex logic can be used in activation expressions using the "shadow" implicit variable. Following code fragment will create account only after focus has been fully enabled in midPoint and never delete the account.

Code Block
languagexml
<existence>
	<outbound>
		<strength>weak</strength>						
		<expression>							
			<variable>
				<name>effectiveStatus</name>
				<c:path>$focus/activation/effectiveStatus</c:path>
			</variable>
			<c:script>								
				<c:code>
					import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
					
                	focusExists && (effectiveStatus == ActivationStatusType.ENABLED || shadow != null)
                </c:code>
			</c:script>
		</expression>
	</outbound>
</existence>

Examples

There is a complete example in midPoint Integration Tests:

...