Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make a bean available to retrieve users from keycloak roles #26

Open
Frits-Ritense opened this issue Jan 10, 2025 · 0 comments
Open

Make a bean available to retrieve users from keycloak roles #26

Frits-Ritense opened this issue Jan 10, 2025 · 0 comments
Assignees
@ThomasMinkeRitense
Labels
enhancement New feature or request

Comments

@Frits-Ritense
Copy link

Why

Why do we need this feature?

  • Problem Statement:
    It is currently not possible to retrieve a list of users from a keycloak ROLE in a service task or listener in a process model.

    Valtimo still offers the Task Notification bean.
    The task link produced by this service is a deep link to the task.
    This deep link is no longer supported by Valtimo so has no value anymore.

  • Value Proposition:
    In config only implementations we also use multi-instance user, send, service and script tasks.
    Users with specific roles can easily be targeted by Valtimo with these multi-instance tasks.

How

How do we envision this feature working?

  • Guiding Principles:
    Make a process bean available for the service behind the /api/v1/users/authority/ endpoint.

  • Key Use Cases:
    In order to send a notification to all users with a certain role we need to be able to get a list of this user's with there email addresses.

What

What needs to be done to implement this feature?

  • Feature Description:
    Same as the /api/v1/users/authority/ endpoint it should be possible to retrieve that information from this process bean.

  • Requirements:
    Minimal requirements:

    • Retrieve a list of users with the following properties:
      • Full name
      • Email address

  • Acceptance Criteria:
    With a service/script task or listener in a process model this bean can be reached and used to retrieve a list of usernames and email addresses

Additional Context

  • Stakeholders: Ritense (since the current functionality broke), and Amsterdam Erfpacht because in early golive there will be a lot of roles that do not have daily tasks in GZAC. These tasks are more weekly/monthly so we would like to notify the user groups when a task is available for them.

  • References:

    • Below the service that still is available to send a notification to a group of users, but the produced link is no longer accepted by Valtimo.
      ${notificationService.sendNotification(task, "[Mandrill template]")}

    • By creating a bean for the keycloak role information this sendNotification service can entirely be replaced by config only process modelling and scripting.

  • Potential Challenges:
    The current service class that contains the users/authority function also has more vulnerable functions.
    Therefor this function should be moved or copied to a new class in order to open that class with a process bean.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ThomasMinkeRitense ThomasMinkeRitense

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Frits-Ritense @ThomasMinkeRitense