# Sample scripts
## Introduction
Note that Soffid supports different scripting languages, you can configure it in the [Smart engine settings](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/smart-engine-settings "Smart engine settings") screen. **Soffid 4** configures the smart engine with **Javascript** scripting language as the default.
Additionally, in the initial configuration of the container, we can configure the SOFFID\_TRUSTED\_SCRIPTS environment variable to allow the use of insecure classes. You can find this information visiting [the Installing IAM Console page](https://bookstack.soffid.com/link/27#bkmrk-4.-installation).
## Custom scripts page
The following **examples** of custom scripts can be run directly on the [Custom script](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/custom-scripts-addon-admin "Custom scripts (addon admin)") page.
These scripts can also be used in any other Soffid script component.
The scripts have been generated for the **Javascript engine**.
### Identity scripts
#### Recover a user for userName
```Java
var u = serviceLocator.getUserService().findUserByUserName("admin");
out.print("User: " + u.firstName);
```
#### Print some attributes
```Java
var u = serviceLocator.getUserService().findUserByUserName("test");
out.println("UserName: " + u.userName);
out.println("Name: " + u.firstName);
out.println("LastName: " + u.lastName);
```
#### Print by user the email
```Java
var u = serviceLocator.getUserService().findUserByUserName("test");
out.print("Email: " + u.shortName + "@" + u.mailDomain);
```
#### Print by user some additional data
```Java
llistaDadesUsuari = serviceLocator.getUserService().findUserDataByUserName("test");
for (var i=0; i 0) {
out.println("Users whose username contains 'a':");
for (var i = 0; i < users.size(); i++) {
var user = users.get(i);
out.println(user.userName);
}
} else {
out.println("No users found with 'a' in their username.");
}
```
#### Create a new identity
```Java
var newUser = new com.soffid.iam.base.api.User();
newUser.userName = "jkepler";
newUser.firstName = "Johannes";
newUser.lastName = "Kepler";
newUser.userType = "I";
newUser.primaryGroup = "world";
newUser.active = true;
serviceLocator.getUserService().create(newUser);
out.println("Created "+newUser.userName);
```
#### Update an identity
```Java
var u = serviceLocator.getUserService().findUserByUserName("jkepler");
u.userType = "E";
u = serviceLocator.getUserService().update(u);
out.println("Updated "+u.userName);
```
#### Delete an identity
```Java
var u = serviceLocator.getUserService().findUserByUserName("jkepler");
if (u!=null) {
serviceLocator.getUserService().delete(u);
out.println("Deleted "+u.userName);
} else {
out.println("User not found");
}
```
### Account scripts
#### Recover accounts of users in Soffid 3
```Java
la = serviceLocator.getAccountService().findAccountByJsonQuery("users.user.userName eq \"02\" ");
for(a:la) {
out.println("Cuenta: " + a.name);
out.println("ID: " + a.id);
out.println("System: " + a.system + "\n");
}
```
#### Recover accounts of users in Soffid 4 with AI with pagination
```Java
/** search all account whose owner's userName contains the letter 'd' and print the name of the account and the system by the screen
**/
var query = new com.soffid.zkdb.api.Query();
query.filter = "users.user.userName co \"a\"";
query.pageSize = 2;
query.startIndex = 0;
var pagedResult;
do {
pagedResult = serviceLocator.getAccountService().findAccounts(query);
var accounts = pagedResult.resources;
for (var i = 0; i < accounts.size(); i++) {
var account = accounts.get(i);
out.println("Account: " + account.name + ", System: " + account.system);
}
query.startIndex += query.pageSize;
} while (query.startIndex < pagedResult.totalResults);
```
#### Remove attribute values of a metadata in Soffid 3
```Java
public void removeUnAttributeValues(String attribute, String system) {
la = serviceLocator.getAccountService().findAccountByJsonQuery("system eq \""+system+"\"");
for (a : la) {
laa = serviceLocator.getAccountService().getAccountAttributes(a);
for (aa : laa) {
if (aa.attribute.equals(attribute)) {
if (aa.value!=null) {
out.print("accountName: "+accountName+", attribute.value: "+aa.value);
serviceLocator.getAccountService().removeAccountAttribute(aa);
out.println(" ---> removed");
}
}
}
}
}
removeUnAttributeValues("manager","AD");
```
#### Remove attribute values of a metadata in Soffid 4
```javascript
function removeUnAttributeValues(attribute, system) {
var query = new com.soffid.zkdb.api.Query();
query.filter = "system eq \"" + system + "\"";
var pagedResult = serviceLocator.getAccountService().findAccounts(query);
var la = pagedResult.getResources();
for (var i = 0; i < la.size(); i++) {
var a = la.get(i);
var laa = serviceLocator.getAccountService().getAccountAttributes(a);
for (var j = 0; j < laa.size(); j++) {
var aa = laa.get(j);
if (aa.attribute == attribute) {
if (aa.value != null) {
out.print("accountName: " + a.name + ", attribute.value: " + aa.value);
serviceLocator.getAccountService().removeAccountAttribute(aa);
out.println(" ---> removed");
}
}
}
}
}
removeUnAttributeValues("manager", "AD");
```
### Role scripts
#### Recover roles of a user
```Java
user = serviceLocator.getUserService().findUserByUserName("Ivan");
out.println("Usuari: " + user.userName + "\n");
rolsUser = serviceLocator.getUserService().findUserRolesHierachyByUserName(user.userName);
for(listrRolsUser:rolsUser){
out.println("Nombre: " + listrRolsUser.name);
out.println("Descripcion: " + listrRolsUser.description);
out.println();
}
```
#### Print the associated roles for each account
```Java
var queryUsuaris = new com.soffid.zkdb.api.Query();
queryUsuaris.filter = "userName eq \"david.gomez\"";
var pagedUsuaris = serviceLocator.getUserService().findUsers(queryUsuaris);
var llistaUsuaris = pagedUsuaris.getResources();
for (var i = 0; i < llistaUsuaris.size(); i++) {
var usuari = llistaUsuaris.get(i);
var queryComptes = new com.soffid.zkdb.api.Query();
queryComptes.filter = "users.user.userName eq \"" + usuari.userName + "\"";
var pagedComptes = serviceLocator.getAccountService().findAccounts(queryComptes);
var llisstacuentas = pagedComptes.getResources();
for (var j = 0; j < llisstacuentas.size(); j++) {
var cuenta = llisstacuentas.get(j);
out.print(" Cuenta : " + cuenta.name);
var llistaRole = serviceLocator.getApplicationService().findRoleAccountByAccount(cuenta.id);
for (var k = 0; k < llistaRole.size(); k++) {
var role = llistaRole.get(k);
out.print(" Role: " + role.roleName + "\n");
}
}
}
```
#### Print for an account the roles and applications for each of them
```Java
var queryUsuaris = new com.soffid.zkdb.api.Query();
queryUsuaris.filter = "userName eq \"david.gomez\"";
var pagedUsuaris = serviceLocator.getUserService().findUsers(queryUsuaris);
var llistaUsuaris = pagedUsuaris.getResources();
for (var i = 0; i < llistaUsuaris.size(); i++) {
var usuari = llistaUsuaris.get(i);
var queryComptes = new com.soffid.zkdb.api.Query();
queryComptes.filter = "users.user.userName eq \"" + usuari.userName + "\"";
var pagedComptes = serviceLocator.getAccountService().findAccounts(queryComptes);
var llisstacuentas = pagedComptes.getResources();
for (var j = 0; j < llisstacuentas.size(); j++) {
var cuenta = llisstacuentas.get(j);
out.print(" Cuenta : " + cuenta.name);
out.println(" ID: " + cuenta.id);
var llistaRole = serviceLocator.getApplicationService().findRoleAccountByAccount(cuenta.id);
for (var k = 0; k < llistaRole.size(); k++) {
var role = llistaRole.get(k);
out.print(" Role: " + role.roleName + "\n");
out.println(" Aplicacion: " + role.informationSystemName);
}
}
}
```
#### Print the roles associated with each account
```Java
var query = new com.soffid.zkdb.api.Query();
query.filter = "";
var paged = serviceLocator.getUserService().findUsers(query);
var usuCuenta = paged.getResources();
for (var i = 0; i < usuCuenta.size(); i++) {
var listaUsuCuenta = usuCuenta.get(i);
out.println("Usuario: " + listaUsuCuenta.userName);
out.println("Nombre: " + listaUsuCuenta.firstName);
var rolsUser = serviceLocator.getUserService().findUserRolesHierachyByUserName(listaUsuCuenta.userName);
for (var j = 0; j < rolsUser.size(); j++) {
var listaRolsUser = rolsUser.get(j);
out.println("Nombre del Rol: " + listaRolsUser.name);
out.println("Descripcion: " + listaRolsUser.description);
out.println();
}
}
```
#### Create a new role
```Java
try {
var newRol = new com.soffid.iam.iga.api.Role();
newRol.name = "Rol_New_Script";
newRol.description = "Rol Script";
newRol.informationSystemName = "SOFFID";
newRol.system = "soffid";
serviceLocator.getApplicationService().create(newRol);
out.println("Created: " + newRol.name);
} catch(e) {
out.println("Error: " + e);
}
```
#### Update a role
```Java
var query = new com.soffid.zkdb.api.Query();
query.filter = "name eq \"Rol editado por script\" and informationSystemName eq \"APPLICATION01\"";
var pagedResult = serviceLocator.getApplicationService().findRoles(query);
var editRole = pagedResult.getResources();
for (var i = 0; i < editRole.size(); i++) {
var role = editRole.get(i);
out.println(role.name);
role.name = "ROL01";
try {
role = serviceLocator.getApplicationService().update(role);
out.println(role.name);
} catch(e) {
out.println("Error: " + e.message);
out.println("Stack: " + e.stack);
}
}
```
#### Delete a role
```Java
try {
var editRole = serviceLocator.getApplicationService().findRoleById(16576);
serviceLocator.getApplicationService().delete(editRole);
} catch(e) {
out.println("Error: " + e.message);
}
```
#### List the roles of an application
```Java
var query = new com.soffid.zkdb.api.Query();
query.filter = "informationSystemName eq \"SOFFID\"";
var pagedResult = serviceLocator.getApplicationService().findRoles(query);
var list = pagedResult.getResources();
for (var i = 0; i < list.size(); i++) {
var role = list.get(i);
out.println(role.name);
}
```
### Mail scripts
#### Send a simple email
```Java
serviceLocator.getMailService().sendTextMail("user@domian.com", "Test", "Hello world!");
out.println("Mail sent!");
```
#### Send emails with attached files
```JavaScript
import javax.mail.BodyPart;
import javax.mail.internet.MimeBodyPart;
import javax.activation.DataHandler;
import javax.activation.FileDataSource;
import java.util.ArrayList;
path = "/tmp/";
name = "file.txt";
BodyPart att = new MimeBodyPart();
att.setDataHandler(new DataHandler(new FileDataSource(path+name)));
att.setFileName(name);
to = "aretha@soffid.com";
cc = "etaylor@soffid.com";
subject = "This is an email with attachment ";
body = "In this email you can see an attachment.";
mimeBodyParts = new ArrayList();
mimeBodyParts.add(att);
serviceLocator.getMailService().sendHtmlMail(to, subject, body, mimeBodyParts);
serviceLocator.getMailService().sendHtmlMail(to, cc, subject, body, mimeBodyParts);
serviceLocator.getMailService().sendTextMailToActors(new String[]{"aretha"}, subject, body, mimeBodyParts);
serviceLocator.getMailService().sendTextMailToActors(new String[]{"aretha"}, cc, subject, body, mimeBodyParts);
out.println("Mails sent!");
```
### Event Sample scripts
#### On grant permission
Update a user attribute when assigning a specific permission
```shell
if (grant.roleName.equals("RS002")) {
user = serviceLocator.getUserService().findUserByUserName(grant.user);
if (user != null) {
attributes = serviceLocator.getUserService().findUserAttributes(user.userName);
if (attributes == null) {
attributes = new HashMap();
}
attributes.put("language", "Spanish");
serviceLocator.getUserService().updateUserAttributes(user.userName, attributes);
}
}
```
#### On user change
Run a Python script when the user has assigned an specific role
```javascript
if (user != null) {
roleGrantList = serviceLocator.getApplicationService().findEffectiveRoleGrantByUser(user.id);
for(roleGrant:roleGrantList){
if (roleGrant.roleName.equals("SOFFID_TEST")) {
// RUN SCRIPT
String command = "python3 /opt/soffid/iam-console-3/conf/exampleScript.py > /opt/soffid/iam-console-3/conf/resultscript01.txt";
Process process = Runtime.getRuntime().exec(command);
user.comments = "ADD comments";
user = serviceLocator.getUserService().update(user);
}
}
}
```
### Agent scripts
#### User full name
```Java
return firstName + lastName;
```
#### Create mainDomain if it doesn't exit
```Java
var mailDomain = "exampledomain";
if (mailDomain != null && mailDomain.contains("@")) {
var mailTokens = email.split("@");
mailDomain = mailTokens[1];
}
var service = serviceLocator.getMailListsService();
var domain = service.findMailDomainByName(mailDomain);
if (domain == null) {
domain = new com.soffid.iam.iga.api.MailDomain(); // ← iga.api
domain.setCode(mailDomain);
domain.setDescription(mailDomain);
domain.setObsolete(new java.lang.Boolean(false));
domain = service.create(domain);
}
return mailDomain;
```
#### Recover active agents
```Java
var llistaAgents = serviceLocator.getDispatcherService().findAllActiveDispatchers();
for (var i = 0; i < llistaAgents.size(); i++) {
var agent = llistaAgents.get(i);
out.println("Nom: " + agent.name);
out.println("Class Name: " + agent.className + "\n");
}
```
#### Show by a user the agents that have associates
```Java
var queryUsuaris = new com.soffid.zkdb.api.Query();
queryUsuaris.filter = "userName eq \"admin\"";
var pagedUsuaris = serviceLocator.getUserService().findUsers(queryUsuaris);
var llistaUsuaris = pagedUsuaris.getResources();
for (var i = 0; i < llistaUsuaris.size(); i++) {
var usuari = llistaUsuaris.get(i);
out.println("Usuario: " + usuari.userName);
var queryComptes = new com.soffid.zkdb.api.Query();
queryComptes.filter = "users.user.userName eq \"" + usuari.userName + "\"";
var pagedComptes = serviceLocator.getAccountService().findAccounts(queryComptes);
var llisstacuentas = pagedComptes.getResources();
for (var j = 0; j < llisstacuentas.size(); j++) {
var cuenta = llisstacuentas.get(j);
out.print(" Cuenta : " + cuenta.name);
out.println(" ID: " + cuenta.id);
var llistaRole = serviceLocator.getApplicationService().findRoleAccountByAccount(cuenta.id);
for (var k = 0; k < llistaRole.size(); k++) {
var role = llistaRole.get(k);
out.print(" Role: " + role.roleName + "\n");
out.println(" Aplicacion: " + role.informationSystemName);
out.println(" Agente: " + role.system);
}
}
}
```