How to get access to comment in approval stage?

Question

I have a custom command which require approve before it starts. How can I get access to approve message within my custom command?

Comments

Hello!

Do we understand correctly that you need to customize email notifications for approval requests? If so, it can only be done system-wide and the modifications will be applied to all approval request notifications. For information on how to customize the notifications, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageApprovalRequests.CustomizeNotificationTemplates.html.

If this is not what you meant, please, provide us with all the possible details regarding the desired behavior. Screenshots and live examples would be much appreciated.

---

I am talking about this window. How can I get this 'reason' value in my custom command?

---

It would be nice to get username which approve request

---

Hello!

The only possibility to get the approval reason and the approver name is by executing a PowerShell script in the Custom Command. The Approval Request will be searched by the target object, initiator and the Custom Command ID, they should match with the corresponding properties of the Custom Command where the script is executed. However if there are several approved requests that were initiated by one user and the target object is the same, there will be no possibility to determine which request is related to the current Custom Command execution.

To suggest a solution, please, provide us with a screenshot of the Custom Command you have and describe the desired workflow in all the possible details.

Additionally, please, specify Adaxes version you are using. For information on how to check the version, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageService.CheckAdaxesServiceVersion.html.

---

The process looks something like that:

1. User requests access to some application on self-manage portal: fills the username and access level fields (which are parameters in a custom command)
2. Before proccess this custom command, adaxes sends approve request to manager of application
3. Manager approves request and overrides access level to application from HIGH to LOW in approve field "Reason"
4. Adaxes checks this "Reason" value before runs custom command and overrides some parameter in the script

Adaxes version is 3.13.18001.0

---

Hello!

Thank you for the provided details. For further troubleshooting, please, post here or send us (support[at]adaxes.com) the script executed in the Custom Command.

User requests access to some application on self-manage portal: fills the username and access level fields (which are parameters in a custom command)

Please, clarify what object type the Custom Command is configured for. If it is configured for the User object, do we understand correctly that the command will always be executed on the currently signed in user?

Adaxes checks this "Reason" value before runs custom command and overrides some parameter in the script

Do we understand correctly that the values for the script parameters are taken from the Custom Command parameters?

---

We created cutsom command

Custom command has two parametrs: username - editbox, access level - editbox

Actions: powershell script (required approve, run as adaxes service account)

$username = '%editboxUsername%'
$accesslevel = '%editboxAccessLevel%'
$REASON = '% SOME VALUE WE WANT TO GET %'

if ($REASON -is $null)
{ create user with $accesslevel }
else
{ create user with $REASON }

We placed this custom command in user interface and gave user access to execute this command

Answer 1

Hello!

Thank you for clarifying.

To achieve the desired a Custom Command and a Business Rule triggering After updating an ApprovalRequest can be used. The script that creates user accounts will be executed in the Business Rule, not in the Custom Command. This way the required approval request will be the target object of the rule and there will be no need to search the request. The Custom Command will be configured to save values of the parameters to custom text attributes of the user on which the command is executed and then submit the approval request. If the request is approved, the script in the Business Rule will check whether the approve reason is specified and if it is, overwrite the value of the access level parameter with the value of the approve reason. If the request is denied or canceled, the custom attribute values will be cleared using a PowerShell script.

i. Creating the Custom Command

1. Launch Adaxes Administration Console.
2. In the Console Tree, right-click your service node.
3. In the context menu, navigate to New and click Custom Command.
4. On step 2 of the Create Custom Command wizard, select the User object type.
5. Click Next.
6. Click New.
7. Select Edit box and click Next.
8. Specify a parameter name and display name (e.g. Username and User name).
9. Click Next and finish creating the parameter.
10. Click New again.
11. Select Edit box and click Next.
12. Specify a parameter name and display name (e.g. Accesslevel and Access level).
13. Click Next and finish creating the parameter.
14. Click Next.
15. Click Add an action.
16. Select Update the user.
17. Click Add.
18. In the Property to modify drop-down, select the custom text attribute (e.g. CustomAttributeText1) that will be used to store the value of the parameter created on steps 6-9 and used to specify the user name.
19. In the New value field, specify the value reference containing the name of the parameter created on steps 6-9 with the param- prefix (e.g. %param-Username%).
20. Click OK.
21. Click Add again.
22. In the Property to modify drop-down, select the custom text attribute (e.g. CustomAttributeText2) that will be used to store the value of the parameter created on steps 10-13 and used to specify the access level.
23. In the New value field, specify the value reference containing the name of the parameter created on steps 10-13 with the param- prefix (e.g. %param-Accesslevel%).
24. Click OK.
25. Finally, the configuration of the action should look like the following:
26. Click OK.
27. Right-click the created action and then click Add New Action.
28. Select Send this operation for approval.
29. Specify the required approvers and click OK.
30. Click Next and finish creating the Custom Command.
31. Finally, the command configuration should look like the following:

ii. Creating the Business Rule

1. Launch Adaxes Administration Console.
2. In the Console Tree, right-click your service node.
3. In the context menu, navigate to New and click Business Rule.
4. On step 2 of the Create Business Rule wizard, select the Show all object types checkbox.
5. Select the ApprovalRequest object type.
6. Select After updating a ApprovalRequest.
7. Click Next.
8. Click Add an action.
9. Click OK without selecting any actions.
10. Right-click the If the operation succeeded condition and then click Edit Condition.
11. Select If the main operation failed and then click OK.
12. Right-click the modified condition and then click Add New Condition.
13. Select If operation <result>.
14. Select If the main operation suspended.
15. Click OK.
16. Right-click the created condition and then click Add New Condition.
17. Select If PowerShell script returns true.
18. Paste the below script into the Script field. In the script, the $customCommandId variable specifies the ID of the Custom Command created in section i. For information on how to get the ID, see http://adaxes.com/sdk/HowDoI.GetCustomCommandID.

$customCommandId = '{9a55c89f-42b9-4ba6-af6f-67027e5879d0}' # TODO: modify me
$Context.ConditionIsMet = $False

if ($Context.TargetObject.ActionToApprove.CustomCommandID -ne $customCommandId)
{
    $Context.ConditionIsMet = $True
}

19. Specify a description for the script and click OK.
20. Click the AND logical operator to change it to OR.
21. Right-click the created condition and then click Add Else If.
22. In the created Else If block, right-click <no condition> and then click Add Condition.
23. Select If <property> <relation> <value>.
24. Select If ApprovalState equals 1.
25. Right-click Do nothing and then click Add Action.
26. Select Run a program or PowerShell script.
27. Modify the below script to meet your needs and then paste it into the Script field. In the script:
    • $usernameAttributeName - Specifies the LDAP name of the custom text attribute you specified in section i on step 18.
    • $accessLevelAttributeName - Specifies the LDAP name of the custom text attribute you specified in section i on step 22.

$usernameAttributeName = "adm-CustomAttributeText1" # TODO: modify me
$accessLevelAttributeName = "adm-CustomAttributeText2" # TODO: modify me

# Get the approval request target user
$user = $Context.TargetObject.TargetObject

# Get the custom attribute values
try
{
    $username = $user.Get($usernameAttributeName)
    $accessLevel = $user.Get($accessLevelAttributeName)
}
catch
{
    $Context.LogMessage("Failed to get attribute values", "Error")
    return
}

# Get approve reason
$reason = $Context.TargetObject.ApprovingReason

if (-not ([System.String]::IsNullOrEmpty($reason)))
{
    # Replace access level with approve reason
    $accessLevel = $reason
}

# Provide the rest of your script here. 
# The $username variable contains the value of the username specified in the Custom Command parameter.
# The $accessLevel variable contains the value of the access level specified in the Custom Command parameter. If the approve reason is specified, the $accessLevel variable contains the value of the approve reason.

# Clear custom attributes
$user.Put($usernameAttributeName, $NULL)
$user.Put($accessLevelAttributeName, $NULL)
$user.SetInfo()

28. Provide a description for the script and click OK.
29. Right-click the created action and then click Add Else.
30. Right-click Do nothing and then click Add Action.
31. Select Run a program or PowerShell script.
32. Paste the below script into the Script filed. In the script:
    • $usernameAttributeName - Specifies the LDAP name of the custom text attribute you specified in section i on step 18.
    • $accessLevelAttributeName - Specifies the LDAP name of the custom text attribute you specified in section i on step 22.

$usernameAttributeName = "adm-CustomAttributeText1" # TODO: modify me
$accessLevelAttributeName = "adm-CustomAttributeText2" # TODO: modify me

# Get the approval request target user
$user = $Context.TargetObject.TargetObject

# Clear custom attributes
$user.Put($usernameAttributeName, $NULL)
$user.Put($accessLevelAttributeName, $NULL)
$user.SetInfo()

33. Specify a description for the script and click OK.
34. Click Next and finish creating the Business Rule.
35. Finally, the rule should look like the following: