Question

Question regarding Laserfiche Workflow SDK script

Laserfiche Workflow SDK Version 10 Ideas

Updated April 6, 2022

asked on April 5, 2022

Hello everyone,

This is a follow-up post to one I made here:

User Security Properties Report Data Location - Laserfiche Answers

I've almost got my script to work; however, instead of pulling all groups a user is associated with, it is only showing the first one. Here is my script:

protected override void Execute()
{
// Write your code here. The BoundEntryInfo property will access the entry, RASession will get the Repository Access session
try
{
SecurityIdentifier EVERYONE_SID = new SecurityIdentifier("S-1-1-0");

var trusteeList = Trustee.EnumAllWindowsAccounts(this.RASession).Select(account => account.Sid);

foreach (var sid in trusteeList)
{
AccountReference acctRef = new AccountReference(sid, this.RASession);
string accountName = acctRef.AccountName;

if (acctRef.TrusteeType == TrusteeType.WindowsAccount && !acctRef.IsUser)
continue; // Don't retrieve groups for other groups

try
{
EffectiveAccessTokenInfo tokenInfo = Trustee.GetEffectiveAccessTokenInfo(sid, this.RASession);

foreach (var groupSid in tokenInfo.Groups)
{
if (groupSid == EVERYONE_SID)
continue;

AccountReference grp = new AccountReference(groupSid, this.RASession);
string[] groupNames = new string[] { grp.AccountName };

foreach (var groupName in groupNames)
{
SetTokenValue(accountName, groupName);
}
}
}
catch {}
}
}
catch {}
}

I need all groups a user is associated with to populate in the token value section of the watch tab in Workflow SDK script activity. Any insight is greatly appreciated.

Thanks!

1 0

Answer

SELECTED ANSWER

replied on April 6, 2022

Hey Mark,

I haven't tried your method, but I did get it to work yesterday using something similar:

namespace WorkflowActivity.Scripting.SDKScript
{
    using System;
    using System.Configuration;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Data.SqlClient;
    using System.Text;
    using Laserfiche.RepositoryAccess;
    using System.Linq;
    using System.Security.Principal;

    /// <summary>
    /// Provides one or more methods that can be run when the workflow scripting activity is performed.
    /// </summary>
    public class Script1 : RAScriptClass104
    {
        /// <summary>
        /// This method is run when the activity is performed.
        /// </summary>
        protected override void Execute()
        {
            // Write your code here. The BoundEntryInfo property will access the entry, RASession will get the Repository Access session
            try
            {
                SecurityIdentifier EVERYONE_SID = new SecurityIdentifier("S-1-1-0");

                var trusteeList = Trustee.EnumAllWindowsAccounts(this.RASession).Select(account => account.Sid);

                foreach (var sid in trusteeList)
                {
                    AccountReference acctRef = new AccountReference(sid, this.RASession);
                    string accountName = acctRef.AccountName;

                    if (acctRef.TrusteeType == TrusteeType.WindowsAccount && !acctRef.IsUser)
                        continue; // Don't retrieve groups for other groups

                    try
                    {
                        EffectiveAccessTokenInfo tokenInfo = Trustee.GetEffectiveAccessTokenInfo(sid, this.RASession);

                        List<string> groupNames = new List<string>();

                        foreach (var groupSid in tokenInfo.Groups)
                        {
                            if (groupSid == EVERYONE_SID)
                                continue;

                            AccountReference grp = new AccountReference(groupSid, this.RASession);
                            groupNames.Add(grp.AccountName);

                            List<string> userGroups = new List<string>();

                            foreach (var groupName in groupNames)
                            {
                                if (!groupName.Contains("INTRANET") && !groupName.Contains(@"NT AUTHORITY\Authenticated Users"))
                                {
                                    userGroups.Add(groupName);
                                    SetTokenValue(accountName, userGroups);
                                }
                            }
                        }
                    }
                    catch {}
                }
            }
            catch {}
        }
    }
}

If you remove everything from your SDK script activity and paste this, you should get a similar result, but for your users.

0 0

Replies

replied on April 5, 2022 • Show version history

I recommend using the "code" tag to make it easier to read the code in your post - there's a button for it in the tool bar ( ).

I didn't test your code myself - but I had an idea. Could it be that you are exporting a single value token instead of a multi-value token?

You are using SetTokenValue within a loop, and could maybe use SetMultiValueToken without the loop?

0 0

replied on April 5, 2022

protected override void Execute()
        {
            // Write your code here. The BoundEntryInfo property will access the entry, RASession will get the Repository Access session
            try
            {
                SecurityIdentifier EVERYONE_SID = new SecurityIdentifier("S-1-1-0");

                var trusteeList = Trustee.EnumAllWindowsAccounts(this.RASession).Select(account => account.Sid);

                foreach (var sid in trusteeList)
                {
                    AccountReference acctRef = new AccountReference(sid, this.RASession);
                    string accountName = acctRef.AccountName;

                    if (acctRef.TrusteeType == TrusteeType.WindowsAccount && !acctRef.IsUser)
                        continue; // Don't retrieve groups for other groups

                    try
                    {
                        EffectiveAccessTokenInfo tokenInfo = Trustee.GetEffectiveAccessTokenInfo(sid, this.RASession);
                        
                        foreach (var groupSid in tokenInfo.Groups)
                        {
                            if (groupSid == EVERYONE_SID)
                                continue;

                            AccountReference grp = new AccountReference(groupSid, this.RASession);
                            string[] groupNames = new string[] { grp.AccountName };

                            foreach (var groupName in groupNames)
                            {
                                SetTokenValue(accountName, groupName);
                            }
                        }
                    }
                    catch {}
                }
            }
            catch {}
        }

Hey Matthew,

I tried using SetMultiValueToken, but it requires me to convert bool to string, and I'm not entirely sure how I would go about that. Also, I apologize, as I am very new to coding...

0 0

replied on April 5, 2022

I tried to run your code, and it's failing for me, and I'm not entirely certain where it is failing. But you said it is working for you, but only outputing one value. That would be becauase you only have the single value token being exported, and also, it's happening within the loop, so it's likely looping through each value and updating each one individually into the token, so at the end, you just have the last value in the token.

So why don't you try this:

Add this line prior to line 4 - it creates a string list variable named accountNameListVariable:

List<string> accountNameListVariable = new List<string>();

Then, comment out line 32 where you are setting the token value (add // to the beginning so the script ignores it - this is a trick to test removal of the code without actually deleting it and potentially needing to re-type it if you want to add it back later. After that line, add this code, that will take the groupName value that is currently accessed in the loop and add it into the accountNameListVariable list that we created earlier:

accountNameListVariable.Add(groupName);

Finally, after line 39, add this line which will take everything included in the accountNameListVariable and output it to Workflow as a multi-value token named accountNameListToken:

SetMultiValueToken("accountNameListToken", accountNameListVariable, false);

Final code should look like this:

protected override void Execute()
        {
            // Write your code here. The BoundEntryInfo property will access the entry, RASession will get the Repository Access session
            List<string> accountNameListVariable = new List<string>();
            try
            {
                SecurityIdentifier EVERYONE_SID = new SecurityIdentifier("S-1-1-0");

                var trusteeList = Trustee.EnumAllWindowsAccounts(this.RASession).Select(account => account.Sid);

                foreach (var sid in trusteeList)
                {
                    AccountReference acctRef = new AccountReference(sid, this.RASession);
                    string accountName = acctRef.AccountName;

                    if (acctRef.TrusteeType == TrusteeType.WindowsAccount && !acctRef.IsUser)
                        continue; // Don't retrieve groups for other groups

                    try
                    {
                        EffectiveAccessTokenInfo tokenInfo = Trustee.GetEffectiveAccessTokenInfo(sid, this.RASession);
                        
                        foreach (var groupSid in tokenInfo.Groups)
                        {
                            if (groupSid == EVERYONE_SID)
                                continue;

                            AccountReference grp = new AccountReference(groupSid, this.RASession);
                            string[] groupNames = new string[] { grp.AccountName };

                            foreach (var groupName in groupNames)
                            {
                                //SetTokenValue(accountName, groupName);
                                accountNameListVariable.Add(groupName);
                            }
                        }
                    }
                    catch {}
                }
            }
            catch {}
            SetMultiValueToken("accountNameListToken", accountNameListVariable, false);
        }

As I said, I couldn't get the code to work myself, and I haven't spent the time to determine why - but based on your statement that it was working, only returning a single value, I think that these changes may work.

0 0

SELECTED ANSWER

replied on April 6, 2022

Hey Mark,

I haven't tried your method, but I did get it to work yesterday using something similar:

namespace WorkflowActivity.Scripting.SDKScript
{
    using System;
    using System.Configuration;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Data.SqlClient;
    using System.Text;
    using Laserfiche.RepositoryAccess;
    using System.Linq;
    using System.Security.Principal;

    /// <summary>
    /// Provides one or more methods that can be run when the workflow scripting activity is performed.
    /// </summary>
    public class Script1 : RAScriptClass104
    {
        /// <summary>
        /// This method is run when the activity is performed.
        /// </summary>
        protected override void Execute()
        {
            // Write your code here. The BoundEntryInfo property will access the entry, RASession will get the Repository Access session
            try
            {
                SecurityIdentifier EVERYONE_SID = new SecurityIdentifier("S-1-1-0");

                var trusteeList = Trustee.EnumAllWindowsAccounts(this.RASession).Select(account => account.Sid);

                foreach (var sid in trusteeList)
                {
                    AccountReference acctRef = new AccountReference(sid, this.RASession);
                    string accountName = acctRef.AccountName;

                    if (acctRef.TrusteeType == TrusteeType.WindowsAccount && !acctRef.IsUser)
                        continue; // Don't retrieve groups for other groups

                    try
                    {
                        EffectiveAccessTokenInfo tokenInfo = Trustee.GetEffectiveAccessTokenInfo(sid, this.RASession);

                        List<string> groupNames = new List<string>();

                        foreach (var groupSid in tokenInfo.Groups)
                        {
                            if (groupSid == EVERYONE_SID)
                                continue;

                            AccountReference grp = new AccountReference(groupSid, this.RASession);
                            groupNames.Add(grp.AccountName);

                            List<string> userGroups = new List<string>();

                            foreach (var groupName in groupNames)
                            {
                                if (!groupName.Contains("INTRANET") && !groupName.Contains(@"NT AUTHORITY\Authenticated Users"))
                                {
                                    userGroups.Add(groupName);
                                    SetTokenValue(accountName, userGroups);
                                }
                            }
                        }
                    }
                    catch {}
                }
            }
            catch {}
        }
    }
}

If you remove everything from your SDK script activity and paste this, you should get a similar result, but for your users.

0 0

You are not allowed to follow up in this post.

Question

Question

Question regarding Laserfiche Workflow SDK script

Answer

Replies

Sign in to reply to this post.