Managing approval requests

Approval requests can be approved, denied, and canceled programmatically via the dedicated ADSI interfaces. It is also possible to view, add, or remove the request approvers. You can apply the principles outlined in this article to write standalone scripts and programs or build custom integrations with third-party software. Besides, PowerShell scripts that manage approval requests can be executed from within Adaxes, for instance, from business rules, custom commands, and scheduled tasks.

Viewing approval requests

To view approval requests, you need to connect to your Adaxes service and bind to the container where approval requests are stored, also known as the ApprovalRequests container.

If your script will be executed inside Adaxes, it becomes even simpler. You don't have to explicitly connect to your Adaxes service. Instead, you can use a predefined PowerShell variable $Context to get the ADS path of the ApprovalRequests container and bind to it.

# Bind to the approval requests container.
$containerPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($containerPath)

After binding to the container, use the following methods of the IAdmApprovalRequestContainer interface implemented by the container to retrieve approval requests:

  • GetApprovalRequests – gets all approval requests in a specific state (Pending, Approved, Denied, Canceled). For a list of possible request states, see ADM_APPROVALSTATE_ENUM.

  • GetApprovalRequests2 – gets approval requests in a specific state, created during a specific time period.

  • GetProcessedApprovalRequests – gets approved or denied requests, created during a specific time period.

Every method returns an array of approval request GUIDs (each represented as an array of 16 bytes) that can be used to bind to approval request objects. Approval request objects implement the IAdmApprovalRequest, IAdmApprovalRequest2, IAdmApprovalRequest3, and IAdmApprovalRequest4 interfaces that can be used to obtain information about the request.

Examples

 Example 1 – Get information about pending requests

The following code sample outputs information about all pending approval requests.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to the approval requests container.
$containerPath = $service.Backend.GetConfigurationContainerPath("ApprovalRequests")
$container = $service.OpenObject($containerPath.ToString(), $null, $null, 0)

# Get all pending approval requests.
$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests.
foreach ($requestID in $requests)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<GUID=$guid>", $null, $null, 0)

    # Output request information.
    Write-Host "Requestor:" $request.Requestor.GetPropertyValue("name")
    Write-Host "Request Date:" $request.CreationDate.ToShortDateString()
    Write-Host "Operation:" $request.DescriptionOfOperationToApprove `n
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the approval requests container.
        string containerPath = service.Backend.GetConfigurationContainerPath("ApprovalRequests");
        IAdmApprovalRequestContainer container = (IAdmApprovalRequestContainer)service.OpenObject(
                containerPath, null, null, 0);

        // Get all pending approval requests.
        object[] requests = (IAdmApprovalRequest[])container.GetApprovalRequests(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_PENDING);

        // Iterate through the requests.
        foreach (Byte[] requestId in requests)
        {
            // Bind to the approval request.
            string guid = new Guid(requestId).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Output request information.
            Console.WriteLine("Requestor: " + request.Requestor.Get("name"));
            Console.WriteLine("Request Date: " + request.CreationDate.ToShortDateString());
            Console.WriteLine("Operation: " + request.DescriptionOfOperationToApprove);
            Console.WriteLine(string.Empty);
        }
    }
}
 Example 2 – Get information about denied requests created between specific dates

The following code sample gets outputs information about all denied requests created between May 4, 2023 and June 6, 2023.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to the approval requests container.
$containerPath = $service.Backend.GetConfigurationContainerPath("ApprovalRequests")
$container = $service.OpenObject($containerPath.ToString(), $null, $null, 0)

# Get requests denied within the specified date range.
$startDate = Get-Date "May 4, 2023"
$endDate = Get-Date "Jun 6, 2023"
$requests = $container.GetProcessedApprovalRequests("ADM_APPROVALSTATE_DENIED", $startDate, $endDate)

# Iterate through the requests.
foreach ($requestID in $requests)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<GUID=$guid>", $null, $null, 0)

    # Output request information.
    Write-Host "Requestor:" $request.Requestor.GetPropertyValue("name")
    Write-Host "Request Date:" $request.CreationDate.ToShortDateString()
    Write-Host "Operation:" $request.DescriptionOfOperationToApprove `n
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the approval requests container.
        string containerPath = service.Backend.GetConfigurationContainerPath("ApprovalRequests");
        IAdmApprovalRequestContainer container = (IAdmApprovalRequestContainer)service.OpenObject(
                containerPath, null, null, 0);

        // Get requests denied within the specified date range.
        DateTime startDate = DateTime.Parse("May 4, 2023");
        DateTime endDate = DateTime.Parse("Jun 6, 2023");
        object[] requests = (object[])container.GetProcessedApprovalRequests(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_DENIED, startDate, endDate);

        // Iterate through the requests.
        foreach (Byte[] requestId in requests)
        {
            // Bind to the approval request.
            string guid = new Guid(requestId).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Output request information.
            Console.WriteLine("Requestor: " + request.Requestor.Get("name"));
            Console.WriteLine("Request Date: " + request.CreationDate.ToShortDateString());
            Console.WriteLine("Operation: " + request.DescriptionOfOperationToApprove);
            Console.WriteLine(string.Empty);
        }
    }
}

Getting approval requests initiated/processed by a user

To get all approval requests initiated or processed by a specific user, you need to first bind to that user. After binding to the user, use one of the following methods of the IAdmUser interface:

  • GetApprovals – gets all approval requests in a specific state (Pending, Approved, Denied, Canceled), that the user has processed or is allowed to process. For a list of possible request states, see ADM_APPROVALSTATE_ENUM.

  • GetRequestsForApproval – gets all approval requests in a specific state, initiated by the user.

The IAdmUser2 interface exposes additional methods that enable you to retrieve only the requests created within a date range:

  • GetApprovals2 – gets all approval requests in a specific state, created between specific dates, that the user has processed or is allowed to process.

  • GetRequestsForApproval2 – gets all approval requests in a specific state, initiated by the user between specific dates.

Every method returns an array of approval request GUIDs (each represented as an array of 16 bytes) that can be used to bind to approval request objects. Approval request objects implement the IAdmApprovalRequest, IAdmApprovalRequest2, IAdmApprovalRequest3, and IAdmApprovalRequest4 interfaces that can be used to obtain information about the request.

Examples

 Example 1 – Get information about pending requests initiated by a specific user

The following code sample outputs information about pending approval requests initiated by a user named John Smith.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to the user.
$userDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0)

# Get pending approval requests initiated by the user.
$approvalRequestGuids = $user.GetRequestsForApproval("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests.
foreach ($requestID in $approvalRequestGuids)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<Guid=$guid>", $null, $null, 0)
    
    # Output request information.
    Write-Host "Operation:" $request.DescriptionOfOperationToApprove
    Write-Host "Requested on " $request.CreationDate.ToShortDateString() `n
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the user.
        const string userDN = "CN=John Smith,CN=Users,DC=domain,DC=com";
        IAdmUser user = (IAdmUser)service.OpenObject($"Adaxes://{userDN}", null, null, 0);

        // Get pending approval requests initiated by the user.
        object[] approvalRequestGuids = (object[])user.GetRequestsForApproval(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_PENDING);

        // Iterate through the requests.
        foreach (Byte[] requestGuidBytes in approvalRequestGuids)
        {
            // Bind to the approval request.
            string guid = new Guid(requestGuidBytes).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Output request information.
            Console.WriteLine("Operation: " + request.DescriptionOfOperationToApprove);
            Console.WriteLine("Requested on " + request.CreationDate.ToShortDateString());
            Console.WriteLine(string.Empty);
        }
    }
}
 Example 2 – Get information about requests initiated during the last 10 days and denied by a specific user

The following code sample outputs information about approval requests initiated during the last 10 days and denied by the user named John Smith.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$numDays = 10

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to the user.
$userDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0)

# Get approval requests initiated during the specified time period and denied by the user.
$startDateTime = (Get-Date).AddDays(-$numDays)
$endDateTime = Get-Date
$approvalRequestGuids = $user.GetApprovals2("ADM_APPROVALSTATE_DENIED", $startDateTime, $endDateTime)

# Iterate through the requests.
foreach ($requestID in $approvalRequestGuids)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<Guid=$guid>", $null, $null, 0)

    # Output request information.
    Write-Host "Target object: " $request.TargetObject.Name
    Write-Host "Operation: " $request.DescriptionOfOperationToApprove
    Write-Host "Reason for denial: " $request.DenialOrCancelingReason `n
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        const int numDays = 10;

        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the user.
        const string userDN = "CN=John Smith,CN=Users,DC=domain,DC=com";
        IAdmUser2 user = (IAdmUser2)service.OpenObject($"Adaxes://{userDN}", null, null, 0);

        // Get approval requests initiated during the requested time period and denied by the user.
        DateTime startDateTime = DateTime.Now.AddDays(-numDays);
        DateTime endDateTime = DateTime.Now;
        object[] approvalRequestGuids = (object[])user.GetApprovals2(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_DENIED, startDateTime, endDateTime);

        // Iterate through the requests.
        foreach (Byte[] requestGuidBytes in approvalRequestGuids)
        {
            // Bind to the approval request.
            string guid = new Guid(requestGuidBytes).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Output request information.
            Console.WriteLine("Target object: {0}", request.TargetObject.Name);
            Console.WriteLine("Operation: {0}", request.DescriptionOfOperationToApprove);
            Console.WriteLine("Reason for denial: {0}", request.DenialOrCancelingReason);
            Console.WriteLine();
        }
    }
}

Approving, denying, and canceling requests

To approve, deny, or cancel a request, you need to first bind to the approval request object. Then, use one of the following methods exposed by the IAdmApprovalRequest and IAdmApprovalRequest4 interfaces to process the request:

  • Approve – Approves the request without specifying the reason.

  • ApproveEx – Approves the request. You can specify the reason for approval by passing it as a parameter. If you specify null, the request will be approved without a reason.

  • Deny – Denies the request. You can specify the reason for denial by passing it as a parameter. If you specify null, the request will be denied without a reason.

  • Cancel – Cancels the request. You can specify the reason for canceling by passing it as a parameter. If you specify null, the request will be canceled without a reason.

A request can be approved or denied by its approvers and by Adaxes service administrators.


A request can be canceled only by the initiator.

Example

The following code sample denies all the requests that were created more than 30 days ago.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to the approval requests container.
$containerPath = $service.Backend.GetConfigurationContainerPath("ApprovalRequests")
$container = $service.OpenObject($containerPath.ToString(), $null, $null, 0)

# Get all pending approval requests.
$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests.
foreach ($requestID in $requests)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<Guid=$guid>", $null, $null, 0)
    
    # Check whether the request must be denied.
    $deadlineDate = $request.CreationDate.AddDays(30)
    if ([System.DateTime]::Now -ge $deadlineDate)
    {
        $request.Deny("The request is denied because it was not resolved within 30 days")
    }
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the approval requests container.
        string containerPath = service.Backend.GetConfigurationContainerPath("ApprovalRequests");
        IAdmApprovalRequestContainer container = (IAdmApprovalRequestContainer)service.OpenObject(
            containerPath, null, null, 0);

        // Get all pending approval requests.
        object[] requests = (object[])container.GetApprovalRequests(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_PENDING);

        // Iterate through the requests.
        foreach (Byte[] requestID in requests)
        {
            // Bind to the approval request.
            string guid = new Guid(requestID).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Check whether the request must be denied.
            DateTime deadlineDate = request.CreationDate.AddDays(30);
            if (DateTime.Now >= deadlineDate)
            {
                request.Deny("The request is denied because it has not been resolved within 30 days");
            }
        }
    }
}

Managing approvers

To manage request approvers, you need to bind to the approval request object and call the GetApproversInfo method of the IAdmApprovalRequest interface.

The object returned by GetApproversInfo represents detailed information about request approvers and implements the IAdmRequestApproversInfo and IAdmRequestApproversInfo2 interfaces. Use these interfaces to manage the approvers of a particular request.

Viewing approvers

To quickly check whether a specific user is allowed to approve a request, call IAdmRequestApproversInfo2::IsApproverEx.

To view all the request approvers, call IAdmRequestApproversInfo2::GetApproversEx. The object returned by GetApproversEx represents the list of approvers and implements the IAdmApprovers interface. You can iterate through the list and get detailed information about each approver using IADs and IAdmTop interfaces implemented by each object in the list.

Examples

 Example 1 – Check whether John Smith is allowed to approve a request

The following code sample checks whether John Smith is allowed to approve a particular request and outputs the result.

PowerShell
# The $request variable refers to an approval request.

# Get information about the approvers.
$approversInfo = $request.GetApproversInfo()

# Bind to the user and check their approver status.
$userDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0)

$isApprover = $approversInfo.IsApproverEx(
    $user, $request.Requestor, $request.TargetObject)

Write-Host "John Smith can approve this request: " $isApprover
C#
// The request variable refers to an approval request.

// Get information about the approvers.
IAdmRequestApproversInfo2 approversInfo = 
    (IAdmRequestApproversInfo2)request.GetApproversInfo();

// Bind to the user and check their approver status.
const string userDN = "CN=John Smith,CN=Users,DC=company,DC=com";
IAdmTop user = (IAdmTop)service.OpenObject($"Adaxes://{userDN}", null, null, 0);

bool isApprover = approversInfo.IsApproverEx(
    user, request.Requestor, request.TargetObject);

Console.WriteLine("John Smith can approve this request: " + isApprover);
 Example 2 – Output details about the approvers of all pending requests

The following code sample outputs the names and emails of all users who are allowed to approve at least one pending request.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to the approval requests container.
$containerPath = $service.Backend.GetConfigurationContainerPath("ApprovalRequests")
$container = $service.OpenObject($containerPath.ToString(), $null, $null, 0)

# Get all pending approval requests.
$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests.
$emails = @{}
foreach ($requestID in $requests)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<Guid=$guid>", $null, $null, 0)
    
    # Get users allowed to approve the request.
    $approversInfo = $request.GetApproversInfo()
    $approvers = $approversInfo.GetApproversEx($request.Requestor, $request.TargetObject)

    # Iterate through approvers.
    foreach ($approver in $approvers)
    {
        $name = $approver.Get("name")
        try
        {
            $email = $approver.Get("mail")
        }
        catch
        {
            Write-Warning "No email specified for $name"
            continue
        }
        
        # Add approver to the output if not already present.
        if (-not($emails.ContainsKey($email)))
        {
            $emails.Add($email, $name)
        }
    }
}

# Output information about approvers.
foreach ($item in $emails.GetEnumerator())
{
    Write-Host $item.Value ":" $item.Key
}
C#
using System;
using Softerra.Adaxes.Adsi;
using System.Collections.Generic;
using Softerra.Adaxes.Interop.Adsi;
using System.Runtime.InteropServices;
using Softerra.Adaxes.Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the approval requests container.
        string containerPath = service.Backend.GetConfigurationContainerPath("ApprovalRequests");
        IAdmApprovalRequestContainer container = (IAdmApprovalRequestContainer)service.OpenObject(
            containerPath, null, null, 0);

        // Get all pending approval requests.
        object[] requests = (object[])container.GetApprovalRequests(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_PENDING);

        // Iterate through the requests.
        Dictionary<string, string> emails = new Dictionary<string, string>(
            StringComparer.OrdinalIgnoreCase);
        foreach (Byte[] requestID in requests)
        {
            // Bind to the approval request.
            string guid = new Guid(requestID).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Get users allowed to approve the request.
            IAdmRequestApproversInfo2 approversInfo =
                (IAdmRequestApproversInfo2)request.GetApproversInfo();
            IAdmApprovers approvers = approversInfo.GetApproversEx(
                request.Requestor, request.TargetObject);

            // Iterate through approvers.
            foreach (IADs approver in approvers)
            {
                string name = (string)approver.Get("name");
                string email;
                try
                {
                    email = (string)approver.Get("mail");
                }
                catch
                {
                    Console.WriteLine("WARNING: No email specified for " + name);
                    continue;
                }

                // Add approver to the output if not already present.
                if (!emails.ContainsKey(email))
                {
                    string name = (string)approver.Get("name");
                    emails.Add(email, name);
                }
            }
        }
        // Output information about approvers.
        foreach (KeyValuePair<string, string> item in emails)
        {
            string line = string.Format("{0} : {1}", item.Value, item.Key);
            Console.WriteLine(line);
        }
        Console.ReadLine();
    }
}

Adding and removing approvers

Users and groups allowed to approve a request are represented by IAdmApproverTrustees and IAdmApproverGroups interfaces respectively. You can access them via the ApproverTrustees and ApproverGroups properties of the IAdmRequestApproversInfo interface.

Both, IAdmApproverTrustees and IAdmApproverGroups expose similarly named methods for adding and removing approvers:

  • Add – adds the user or group specified as a parameter to the list of approvers.

  • Remove – removes the user or group specified as a parameter from the list of approvers.

  • Clear – removes all users or all groups from the list of approvers.

You can also enable dynamic approval options. For example, allow the manager of the requestor to approve the request. If the requestor's manager changes, the new manager will automatically obtain the rights to approve the request and the previous manager will lose those rights.

To do this, use the following properties:

  • ManagerOfTrusteeIsApprover – set to true to allow the manager of the requestor to approve the request.

    This property is exposed by the IAdmRequestApproversInfo interface.

  • ManagerOfTargetObjectIsApprover – set to true to allow the manager/owners of the target object to approve the request.

    This property is exposed by the IAdmRequestApproversInfo2 interface.

  • OwnerOfRequestorOUIsApprover – set to true to allow the owners of the requestor's OU to approve the request.

    This property is exposed by the IAdmRequestApproversInfo2 interface.

  • OwnerOfTargetObjectOUIsApprover – set to true to allow the owners of the target object's OU to approve the request.

    This property is exposed by the IAdmRequestApproversInfo2 interface.

To apply the updated approver information to the request, call IAdmApprovalRequest::SetApproversInfo and pass the object that represents the information about request approvers as a parameter.

Finally, save the changes to the approval request by calling SetInfo

Example

The following code sample modifies the list of approvers of all pending requests that were not handled within 30 days. The script adds a specific user and group to the list of request approvers and allows the manager of the user who initiated the operation to approve or deny it.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service.
$ns = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$service = $ns.GetServiceDirectly("localhost")

# Bind to new approvers.
$newApproverUserDN = "CN=John Smith,CN=Users,DC=company,DC=com"
$newApproverUser = $service.OpenObject(
    "Adaxes://$newApproverUserDN", $null, $null, 0)

$newApproverGroupDN = "CN=Approvers,OU=Groups,DC=company,DC=com"
$newApproverGroup = $service.OpenObject(
    "Adaxes://$newApproverGroupDN", $null, $null, 0)

# Bind to the approval requests container.
$containerPath = $service.Backend.GetConfigurationContainerPath("ApprovalRequests")
$container = $service.OpenObject($containerPath.ToString(), $null, $null, 0)

# Get all pending approval requests.
$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

# Iterate through the requests.
foreach ($requestID in $requests)
{
    # Bind to the approval request.
    $guid = [Guid]$requestID
    $request = $service.OpenObject("Adaxes://<Guid=$guid>", $null, $null, 0)
    
    # Check whether the approvers of the request must be modified.
    $deadlineDate = $request.CreationDate.AddDays(30)
    if ([System.DateTime]::Now -lt $deadlineDate)
    {
        continue
    }

    $approvers = $request.GetApproversInfo()

    # Add the user to the list of approvers.
    if (-not($approvers.ApproverTrustees.IsApprover($newApproverUser)))
    {
        $approvers.ApproverTrustees.Add($newApproverUser)
    }
    
    # Add the group to the list of approvers.
    if (-not($approvers.ApproverGroups.IsApprover($newApproverGroup)))
    {
        $approvers.ApproverGroups.Add($newApproverGroup)
    }
    
    # Allow the manager of the initiator to approve or deny the request.
    $approvers.ManagerOfTrusteeIsApprover = $true
    
    # Save the changes.
    $request.SetApproversInfo($approvers)
    $request.SetInfo()
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi;
using Softerra.Adaxes.Interop.Adsi.ApprovalRequests;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service.
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to new approvers
        const string newApproverUserDN = "CN=John Smith,CN=Users,DC=company,DC=com";
        IAdmTop newApproverUser = (IAdmTop)service.OpenObject(
            $"Adaxes://{newApproverUserDN}", null, null, 0);

        const string newApproverGroupDN = "CN=Approvers,OU=Groups,DC=company,DC=com";
        IAdmGroup newApproverGroup = (IAdmGroup)service.OpenObject(
            $"Adaxes://{newApproverGroupDN}", null, null, 0);

        // Bind to the approval requests container.
        string containerPath = service.Backend.GetConfigurationContainerPath("ApprovalRequests");
        IAdmApprovalRequestContainer container = (IAdmApprovalRequestContainer)service.OpenObject(
            containerPath, null, null, 0);

        // Get all pending approval requests.
        object[] requests = (object[])container.GetApprovalRequests(
            ADM_APPROVALSTATE_ENUM.ADM_APPROVALSTATE_PENDING);

        // Iterate through the requests.
        foreach (Byte[] requestID in requests)
        {
            // Bind to the approval request.
            string guid = new Guid(requestID).ToString("B");
            string requestPath = $"Adaxes://<GUID={guid}>";
            IAdmApprovalRequest request = (IAdmApprovalRequest)service.OpenObject(
                requestPath, null, null, 0);

            // Check whether the approvers of the request must be modified.
            DateTime deadlineDate = request.CreationDate.AddDays(30);
            if (DateTime.Now < deadlineDate)
            {
                continue;
            }

            IAdmRequestApproversInfo approvers = request.GetApproversInfo();

            // Add the user to the list of approvers.
            if (!approvers.ApproverTrustees.IsApprover(newApproverUser))
            {
                approvers.ApproverTrustees.Add(newApproverUser);
            }
            
            // Add the group to the list of approvers.
            if (!approvers.ApproverGroups.IsApprover((IAdmTop)newApproverGroup))
            {
                approvers.ApproverGroups.Add(newApproverGroup);
            }

            // Allow the manager of the initiator to approve or deny the request.
            approvers.ManagerOfTrusteeIsApprover = true;

            // Save the changes.
            request.SetApproversInfo(approvers);
            request.SetInfo();
        }
    }
}

See also