In a patch in Grouper 2.4, Grouper will have a electronic forms workflow / approvals capability. This will start simple and we can add more features later. There will be the capability to have an interface so external workflow services can satisfy the request
High level description
Think of this like a paper form, but electronic. It is simple and if you need something more complicated likely you might need a BPM or workflow system and integrate with it.
- Grouper admins (or members of etc:workflowEditors group) can configure a workflow on a group
- Specify which groups need to approve the request
- Configure the workflow and form fields with JSON
- Configure the form itself with HTML
- Workflow daemon will run to send out notifications
- Screens to view and manage the requests
- Automatic provisioning into group(s)
A copy of the form being submitted will be stored at every state of the form to AWS S3 or the file system. That includes the history of the form and who approved it when
- There is not a lightweight open source workflow library to add to grouper core, so we will create our own
- The first part of this task is to confirm this statement
- Note: the workflow should be able to be kicked off by the daemon when the status is "initiate". So that workflow can be kicked off by web service. Daemon should check every 5 minutes. If this is the UI it should be immediate, send the email, and go to the next state.
Configuration
The configuration will follow the same attribute structure as other Grouper modules like reporting
Attribute definitions for config
Definition | Assigned To | Purpose | Value | Cardinality |
|---|---|---|---|---|
workflowConfigDef | group | identify a workflow config | marker | Multi assign |
workflowConfigValueDef | group assignment | name/value pairs | string | Single assign, single valued |
Attribute names for config
Note: for non-grouper workflows configured in grouper.properties, only the marker and type will be set. For Grouper workflows, all the attributes will be available
Name | Definition | Required? | Value |
|---|---|---|---|
workflowConfigMarker | workflowConfigDef | <none> | |
| workflowConfigType | workflowConfigValueDef | required | if grouper is the only implementation in grouper.properties, auto populate with "grouper", otherwise list other implementations |
| workflowConfigApprovals | workflowConfigValueDef | required | This is a JSON config of the workflow approvals. must have "initiate" and "complete" {
states: [
{
stateName: "initiate",
// optional, if no group specified, then whoever has OPTIN
allowedGroupId: "abc123def456"
},
{
stateName: "supervisor",
approverSubjectId: "${initiatorSubject.attribute['supervisorSubjectId']}",
approverSubjectSourceId: "mypeople"
},
{
stateName: "dataOwner",
//who can approve
approverGroupId: "sdgf76gdf87",
//who is notified, if blank, then use approverGroupId
approverNotifyGroupId: "dfkjh234kjb"
},
{
stateName: "complete",
//if blank use the selected groups from form or just the group
//the workflow is assigned to
actionAssignToGroup: "sgk234kh234"
}
]
}
|
workflowConfigName | workflowConfigValueDef | required | Name of workflow. No two workflows in the same owner should have the same name |
| workflowConfigId | workflowConfigValueDef | required | Camel-case alphanumeric id of workflow. No two workflows in all of Grouper can have the same ID |
| workflowConfigDescription | workflowConfigValueDef | required | Textarea which describes the information in the workflow. Must be less than 4k |
workflowConfigParams | workflowConfigValueDef | required | Note: max 10 params, checkbox is true/false {
params: [
{
paramName: "agreeToTerms",
type: "checkbox",
editableInStates: "initiate",
required: "true"
},
{
paramName: "notes",
type: "textarea",
editableInStates: "initiate"
},
{
paramName: "notesForApprovers",
type: "textarea",
editableInStates: "supervisor, dataOwner"
},
{
paramName: "reason",
type: "textfield",
editableInStates: "initiate"
}
]
}
|
| workflowConfigForm | workflowConfigValueDef | optional | Note: Grouper with javascript will enable or disable these form fields, or fill in values, as needed. The form field names need to match the names in the params. The id must match with "Id" appended to the end. If a name or id doesnt exist in the HTML there will be an error Fill out this form to be added to this group.<br /><br /> Several approvals will take place which usually take less than 2 business days<br /><br /> State the reason you would like this access: <input type="text" name="reason" id="reasonId" /><br /><br > <input type="checkbox" name="agreeToTerms" id="agreeToTermsId" /> I agree this this institutions' <a href="https://whatever.whatever/whatever">terms and conditions</a><br /><br /> Notes: <textarea rows="4" cols="50" name="notes" id="notesId"></textarea><br /><br /> Notes for approvers: <textarea rows="4" cols="50" name="notesForApprovers" id="notesForApproversId"></textarea><br /><br /> |
| workflowConfigViewersGroupId | workflowConfigValueDef | optional | GroupId of people who can view this workflow and instances of this workflow. Grouper admins can view any workflow (blank means admin only). Anyone in an approver group can view the workflow. |
workflowConfigSendEmail | workflowConfigValueDef | required (default to true, no blank option available) | true/false if email should be sent |
workflowConfigEnabled | workflowConfigValueDef | default to true (required, no blank option) | Could by "true", "false", or "noNewSubmissions", i.e. let current forms go through |
| workflowPriority | workflowConfigValueDef | integer | no two workflows on the same group can have the same priority. If two workflows are available for the same subject, then pick the one with the highest priority, if the "join group" button is pressed |
Attribute definitions for instance (a workflow that was run)
This attribute is assigned to the same owner as the config attribute (e.g. the same group/folder)
Definition | Assigned To | Purpose | Value | Cardinality |
|---|---|---|---|---|
| workflowInstanceDef | group | identify a workflow that was run | marker | Multi assign |
| workflowInstanceValueDef | folder assignment, group assignment | name/value pairs | string | Single assign, single valued |
Attribute names for instance
Note: the ID is the attribute assign id of the marker (this is passed in URLs/emails etc)
Name | Definition | Value |
|---|---|---|
workflowInstanceMarker | workflowInstanceDef | <none> |
| workflowInstanceState | workflowInstanceValueDef | Any of the states, plus "exception" if there is a problem |
| workflowInstanceLastUpdatedMillisSince1970 | workflowInstanceValueDef | number of millis since 1970 when this instance was last updated |
workflowInstanceConfigMarkerAssignmentId | workflowInstanceValueDef | Attribute assign ID of the marker attribute of the config (same owner as this attribute, but there could be many workflows configured on one owner) |
| workflowInstanceInitiatedMillisSince1970 | workflowInstanceValueDef | millis since 1970 that this workflow was submitted |
| workflowInstanceUuid | workflowInstanceValueDef | uuid assigned to this workflow instance |
| workflowInstanceFilename | workflowInstanceValueDef | filename of workflow directory that holds the workflow files |
| workflowInstanceFilePointer | workflowInstanceValueDef | depending on storage type, this is a pointer to the workflow in storage, e.g. the S3 address. note the S3 address is .csv suffix, but change to __metadata.json for instance metadata |
| workflowInstanceEncryptionKey | workflowInstanceValueDef | randomly generated 16 char alphanumeric encryption key (never allow display or edit of this) |
workflowLastEmailedDate | workflowInstanceValueDef | yyyy/mm/dd date that this was last emailed so multiple emails dont go out on same day |
| workflowLastEmailedState | workflowInstanceValueDef | the state of the workflow instance when it was last emailed |
| workflowLog | workflowInstanceValueDef | has brief info about who did what when on this instance |
| workflowError | workflowInstanceValueDef | error message including stack of why this instance is in "exception" state |
Changes to group drop down
Under groups, in the more actions, should be "Electronic forms", which goes to View forms screen.
"Join" a group could kick off a workflow too
Notifications
Emails should be sent out to approvers when they need to approve forms. Emails should be sent out when the state changes, or daily (in a digest per user)
Hooks on workflow
Workflow should have hooks at various place so it can be customized
View electronic forms screen
This is the default screen. Drop down with the following options:
- View forms
- Edit forms
Miscellaneous → Forms
- My forms - see forms the current user submitted
- Forms waiting for my approval - see forms that need approvals
- Form search - for form admins, can search for forms, see status, search by submitter, able to approve forms for approvers
To Do later
- Enable kicking off workflows from other events (e.g. folder create, group create, membership add , membership remove , attribute values add/change/remove, etc…)