Agenda of universal requests
What is a universal request?
The universal request agenda allows you to create a request for any (supported) object in the IdM. A advantage versus the previous agendas for dealing with requests is versatility when there is no need to create a separate agenda for each additional approved object (such as the agenda for automatic roles requests and the agenda of requests for change a permissions).
How it works?
If the approval mode is enabled, it is not possible to edit the object on a standard URL. This means that even if the user has the right to edit, the object will be read-only (details will be read only, edit buttons will not be available, bulk operations will not be available). An object can only be edited after you have moved to a specific request URL.
Example of a URL role and the same role edit role within the request:
* /role/{role ID}/detail * /requests/{request ID}/role/{role ID}/detail
Creation of the request's items
If we already have a request, we can start making individual changes. As described above, individual REST request calls are "redirected" to the REST request interface of that object type. Each partial change (called REST interface) creates a request item (IdmRequestItem). This item includes, in particular, ownership of the owner, that is, the link to the object being edited.
Additionally, the request entry contains a complete object in the form of how to get from the interface. This object is used to apply changes when applying for approval. The object is saved in JSON format. This format has been chosen with respect to backward compatibility. There is a lower probability of any problems with a change in the structure of the target object. JSON format allows us to perform additional transformations (to ensure compatibility) against binary serialization of the whole object.
How to enable the requesting for specific object?
Requesting mode can be enabled for every supported object by property in the application configuration:
idm.pub.core.request.<requestable object>.enabled=true
, where <requestable object> is the name of requestable object (DTO).
idm.pub.core.request.idm-role.enabled=true