Citrix Recipe Box: Storefront approvals

Citrix Recipe Box: Storefront approvals

9:52 PM
Citrix Recipe Box: Storefront approvals -


Now that Storefront 3.0 is out, I wanted to return the issue approvals workflow and give a little more guidance, which can use the new receiver APIs are built.

My previous post showed what the tech preview was possible, but it seemed the light on a few teething problems. I think I can safely say this is all solved.

. For this post, I want a relatively normative to give, "How To"

You can, of course, tweak my code examples, but I will do my best to give a complete recipe. The gap will be a self-select the song that takes a pending request and either marked as approved or rejected approvals system. You can build these as you wish, and an incoming mail from my colleague John McBride is an example using Octoblu as workflow system give

STEP ONE :. Decide what Cook

How do you manage workflow? There are really two options:

  1. publishing applications in XA / XD to groups of users, known as "require approval" are marked, and then use the storefront subscription service to record when approval is granted.
  2. use an Active Directory group to determine who is authorized to use an app.

The first approach is ideal for a PoC and perfectly suited for the production, but in practice, many customers I have spoken already have a back-end system that they want to use, and tends to use the second approach. I'll both do here; 0% of which is the same.

I'm the (somewhat unrealistic) example of using workflow to allow access to the "Paint" app. I want to see all users in the group "Design", the app, and to require able this.

For the first approach, I will use the facade Subscription store to determine who is allowed access. however (AD is used for the authorization) for the second approach, I will accept it, is a group "Paint Users', and that the back-end workflow system adds the people approved to this group as access.

called

Behind the scenes for this second approach , we will use two applications: the "true" color-app with access to the conventional manner controlled based on AD group membership and a "surrogate" painting app that is purely there to trigger the workflow process.

Why two apps? Well, the real app is displayed only to users who approved the access have (ie, members of the Paint users AD group), so we have something to show potential users (ie members of the 'design')

STEP TWO :. Prepare app (s)

The next step is to publish the Paint app on XenApp. For the most part this is a regular application, but we will use keywords to mark it as special. The WFS keyword is recognized by the Storefront workflow plugin (see below) to view the app needs permission. The other keywords are new and used by code in this blog. I am with XenApp 7.6 for the following screenshots

For Approach 1 (Storefront approvals) .:

Publish the Color app the group "Design", and add following the end of the description 

 keywords :. WFS WFQuestion = "Please explain why you need this app?"

For Formulation 2 (AD approvals):

Publish the Color App users in the group "Paint users" (this is the application, which is granted to the user ultimately). It not is going to have the workflow keyword, but we will mark it as a workflow based, so we can be shown to automate the creation of a second, surrogate app users. We also add the "AUTO" keyword, so if it is granted to a user, it will be automatically subscribed

Add the following to the end of the description 

 Keywords: AUTO .. WFGroup = "design" WFQuestion = "Please explain why you need this app?" 
  We will automate the creation of surrogate applications and so on XA 7 is a few dozen lines of PowerShell.   This PowerShell is provided in the download bundle available and is called CreateSurrogateApps.ps1

It makes the following :.

  • Searches for all applications with keyword WFGroup
  • For each of these applications, a surrogate App created (if not already present) indicated in the delivery group (note this group delivery already exists must be)

you. from the PS command shell on the DDC

For the only earlier versions, or who prefer the manual approach, publish, a surrogate app with the following, this running characteristics (or clone / edit, to the real)

  • name, folder, icon etc: identical to the real color app
  • Executable:. any - will never be executed. For example, C: nothing.exe
  • Description is to be the same as for the real color app, but with the following keywords in the end: 
     Tags: WFS WFQuestion = "Please explain why you need this app? "

    (ie identical keywords to case 1)

Regardless of how you create the surrogate, here's how it should look in Studio:

STEP THREE: Turn on the stove

This is a change to the storefront server. You need to install the simple workflow handler and activate, as we did in the previous blog. , This ensures that each workflow application that is subscribed to is put in a floating state

Install details as for Tech Preview are:

  1. Find the directory where the memory you want to enable workflow. For example, C: inetpub wwwroot Purple
  2. Edit web.config in this directory and add the following to the end of section
  3. download from the download bundle the Simple workflow handler DLL and in the bin directory (eg C: inetpub wwroot purple bin) store. Note that this has a few bug fixes over the previous version in the blog

STEP FOUR: baking.

This is where your custom integration comes in.

As with the tech preview, we add code to showcase the subscription memory for outstanding will requirements, and fire some custom logic to start to monitor the approval process. This will ultimately lead us the subscription with state update = approved (for non-AD-case) or adding the user to the appropriate group (for the AD case). In both cases, if the registration fails, the app state has marked = denied. Again, we will use PowerShell for applications entering the "floating" state to monitor, and you should use the code below update to name your workflow system (see next or blog, Kevin on OctoBlu for workflow).

Note that as in the tech preview you need the SubscriptionStoreHelper dll from the download package download (at the end of this article), and add the current user to the CitrixSubscriptionsStoreServiceUsers local group allow access. See the previous workflow blog for more details.

contain PowerShell below in the download package and can be done by calling 

 processPendingApprovals.ps Purple

From the PowerShell command line, assuming 'Purple' is the name of your shop.

Note that this script has a big hole in the middle, the need to fill up with a call to your workflow system following substitute Write-Host 

 "RUN Workflow for ruling under ......... "Write-host" user: ". $ Entry.User Write-Host "App Name:" $ appName Write-Host "basic" $ response

For the testing (Senario 1) You can manually approve or an app from the command line to deny the SSClient App : For example,
SSClient.exe -store Purple - Update -User "WWCO Richard" resource "Paint" status approved
For scenario 2 tests, simply add the requesting user to the AD group "Paint Users'.

step Five :. JavaScript Icing

There are several small, but important, details that we with some client clean -seitiges script

  1. [1945010stellensie] to the user why they want the app, and make that information on the workflow system available
  2. the workflow system they let know that the name of the app, rather than just their internal ID
  3. tell the approver Let why they rejected a request
  4. , that we clean up the replacement app to ensure the AD case that has been requested, so that users do not see two copies.

in order to achieve this we have a number of small enhancements add, and use the opportunity to save any objects Subscription storage. All of these enhancements are contained in a single script.js file in the download section of the blog.

First, we need to ensure that the enhanced app and subscription properties are sent to recipients. In script.js we allow this by:

CTXS.ExtensionAPI.enableSubscriptionProperties ();

Next, we want to provide the user a question, if they ask for the app, and save your answer in the storefront subscription store.

We will consider the custom properties on the app, a subscription feature to decide what to ask, and add to store the response. Note - For dialogue reuse I put the 'Show Message "Extension API, but its content to a snippet of HTML with a box This gives us the following. (Could I have added over style.css without restyling). that if the WFQuestion is not specified in the application keywords, we will not show the dialogue.

I have also added some code to the name of the passed app back as a subscription property This is because, by default, only our subscription store detects the internal app ID -. and if you want to link to a back-end workflow system, it probably will not use our identifier [!

script.js See for full code, but the essence of this is: 

 the app // check has an array Subscription properties app.subscriptionproperties = app.subscriptionproperties || {}; // set properties for the app name and the answer to the question workflow app.subscriptionproperties ["appname"] = app.name; app.subscriptionproperties ["WFAnswer"] = response;

for the AD case, we have to substitute want to check apps that have been requested and "real" applications have the same. If we find them, we break the request and the surrogate mother to hide. For the non-AD case (Scenario 1), this code is harmless, but not necessary.

The easiest place to duplicates can be seen by hooking preProcessAppData , when we get all the information about app at a time. That's too early to actually update the apps, as we until the app objects have to wait to be created, so we hook the excludeApp call to mark the duplicate as hidden, and [1945030more(thenputbackinitsdefaultstatereadyforthenexttime)] afterDisplayState homescreen as a good point to call the server to tell it to mark the surrogates because no requested.

I have included the code to do all of this in-line down as it is a useful example of a common pattern - to examine applications and they are then processed later: 

  / / they create a list of substitute applications that have subscribed to "real" apps   // This is used for AD case only  var surrogateAppsToUnsubscribe = {}; CTXS.Extensions.preProcessAppData = function (store, json) { // find all apps that are pending  var pending = {}; var i; for (i = 0; i  // find all subscribed applications that have a pending application with the same name  for (i = 0; i  // exclude surrogate Apps, and as a side effect, the App objects remind  CTXS.Extensions.excludeApp = function (app) {if ((app.subscriptionstatus == "pending") && surrogateAppsToUnsubscribe [app.name]) ) {surrogateAppsToUnsubscribe [app.name] = app; return true; } Else {return false; }; }  // A private function surrogate applications  function unsubscribeSurrogateApps () {for (var i in surrogateAppsToUnsubscribe) {var app = surrogateAppsToUnsubscribe [i] unsubscribe; app.subscriptionstatus = "unsubscribed"; app.subscriptionproperties = {};  // discard all properties  CTXS.ExtensionAPI.updateSubscriptionProperties (app); }}  // an appropriate time to call our logoff function before   // the main UI displayed  CTXS.Extensions.beforeDisplayHomeScreen = function (callback) {unsubscribeSurrogateApps (); }

Last, but not least, we need to know, a user can know why an app has been denied (one reason is given under the assumption). The first part is to arrange that the reason for the rejection is recorded in subscription memory. that information is to obtain from the scope of this blog, but in the store the recording is simply a case add a property if you set denied the app.

For example, the CLI tool from last blog use (also in the download package): -update
SSClient.exe -STORE Purple -User "WWCO Richard" resource "Paint "status denied -props DeniedReason =" Because you can not draw "
Finally, we need the message to the user the next time they run to present receiver.

There is no direct hooks into the "denial ui" (something for v2 ...), but we can achieve hook and the same effect elsewhere. Since the general "were some applications denied" message is displayed when the user first opened, so we need early showing custom ui to obtain and as not denied to highlight the applications, so that the regular UI not shown ,

, the download bundle for the Code View (all in script.js), but here's the bottom line:

step Six: Enjoy

Apart from the obvious omission of a workflow backend that should need all pretty much. Note: this blog built on the previous blog, so you can ask that more step for details on how to install the workflow helper and subscription shop DLLs. I have these dlls updated and contain all of the code in this blog here in a download package used. These are below the standard Citrix Developer Network license (again see previous blog)

Please let me know if this is for you - and all the extras you want to meet me in the future

blogs in this series

  • Welcome to the receiver X1
  • providing and branding receiver X1
  • X1 adjustment: deeper with CSS
  • Scripting X1
  • receiver X1 APIs
  • X1 skin for NetScaler Gateway
  • X1 DIY approvals
  • alto receiver is dead Long Live New receiver
  • Citrix recipe box:. storefront approvals
Next
« Prev Post
Previous
Next Post »

1 comment

Subscribe to: Post Comments (Atom)