Query Language Example Conversions

Last modified 12 Mar 2021 10:22 +01:00

Java DSL

And, Matching Rule

Java DSL
ObjectFilter filter =
    getPrismContext().queryFor(UserType.class)
        .item(UserType.F_GIVEN_NAME).eq("Jack").matchingCaseIgnore()
        .and().item(UserType.F_FULL_NAME).contains("arr")
        .buildFilter();
Query Language
givenName =[stringIgnoreCase] "Jack" and fullName contains "arr"
Query Language
fullName != givenName

Fulltext

Java DSL
FullTextFilterImpl.createFullText("jack");
Query Language
. fullText "jack"

Container Matches

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .exists(UserType.F_ASSIGNMENT)
    .item(AssignmentType.F_DESCRIPTION).eq("Assignment 2")
    .buildFilter();
Query Language
assignment matches ( description = "Assignment 2" )

Substringd

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_LOCALITY).startsWith("C")
    .buildFilter();
Query Language
locality startsWith "C"

Or Filter

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_GIVEN_NAME).eq("Jack")
    .or().item(UserType.F_GIVEN_NAME).eq("Jackie")
    .buildFilter();
Query Language
givenName = "Jack" or givenName = "Jackie"

Equals

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_GIVEN_NAME).eq("Jackie")
    .buildFilter();
Query Language
givenName = "Jackie"

Equals in Extension

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(ItemPath.create(UserType.F_EXTENSION, "indexedString"), def).eq("alpha")
    .buildFilter();
Query Language
extension/indexedString = "alpha"

Null, Not Exists

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_LOCALITY).isNull()
    .buildFilter();
Query Language
locality not exists
Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_NAME).isNull()
    .buildFilter();
Query Language
name not exists

And, Or, Substring, Equals

Java DSL
ObjectFilter filter =
    getPrismContext().queryFor(UserType.class)
        .item(UserType.F_FAMILY_NAME).eq("Sparrow")
        .and().item(UserType.F_FULL_NAME).contains("arr")
        .and()
        .block()
        .item(UserType.F_GIVEN_NAME).eq("Jack")
        .or().item(UserType.F_GIVEN_NAME).eq("Jackie")
        .endBlock()
        .buildFilter();
Query Language
familyName = "Sparrow" and fullName contains "arr" and ( givenName = "Jack" or givenName = "Jackie" )

PolyString

Strict

Java DSL
PolyString name = new PolyString("jack", "jack");
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_NAME).eq(name)
    .buildFilter();
Query Language
name matches (orig = "jack" and norm = "jack")

Norm

Java DSL
getPrismContext().queryFor(UserType.class)
    PolyString name = new PolyString("jack", "jack");
    .item(UserType.F_NAME).eq(name).matchingNorm()
    .buildFilter());
Query Language with matches
name matches (norm = "jack")
Query Language with matching rule
name =[polyStringNorm] "jack"

Orig

Java DSL
PolyString name = new PolyString("jack", "jack");
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_NAME).eq(name).matchingOrig()
    .buildFilter());
Query Language with matches
name matches (orig = "jack")
Query Language with matching rule
name =[polyStringOrig] "jack"

Matches container

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .exists(UserType.F_ASSIGNMENT)
    .item(AssignmentType.F_DESCRIPTION).eq("Assignment NONE")
    .buildFilter();
Query Language
assignment matches (description = "Assignment NONE")

Container exists

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .exists(UserType.F_ASSIGNMENT)
    .buildFilter();
Query Language
assignment exists
Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_ASSIGNMENT, AssignmentType.F_DESCRIPTION).eq("Assignment 2")
    .buildFilter();
Query Language
 assignment/description = "Assignment 2"

References

Oid

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_ACCOUNT_REF).ref("c0c010c0-d34d-b33f-f00d-aaaaaaaa1113")
    .buildFilter();
Query Language
accountRef matches ( oid = "c0c010c0-d34d-b33f-f00d-aaaaaaaa1113")

Relation

Java DSL
ObjectFilter filter = getPrismContext().queryFor(UserType.class)
    .item(UserType.F_ACCOUNT_REF).refRelation(new QName("a-relation"))
    .buildFilter();
Query Language
accountRef matches (relation = a-relation)

Other

Java DSL
ObjectFilter filter =
    getPrismContext().queryFor(UserType.class)
        .item(PrismConstants.T_ID).gt("00")
        .buildFilter();
Query Language
# > "00"

XML

Specific shadow on resource

XML
<q:filter xsi:type="q:SearchFilterType"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:c=".../common/common-3"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:q=".../query-3">

    <q:and>
        <q:ref>
            <q:path>c:resourceRef</q:path>
            <q:value>
                <c:oid>aae7be60-df56-11df-8608-0002a5d5c51b</c:oid>
            </q:value>
        </q:ref>
        <q:equal>
            <q:path>declare namespace icfs=".../connector/icf-1/resource-schema-3";
                c:attributes/icfs:name</q:path>
            <q:value xsi:type="xsd:string">uid=jbond,ou=People,dc=example,dc=com</q:value>
        </q:equal>
    </q:and>
</q:filter>
Query Language
resourceRef = "aae7be60-df56-11df-8608-0002a5d5c51b" and attributes/icfs:name = "uid=jbond,ou=People,dc=example,dc=com"
XML
<q:filter xsi:type="q:SearchFilterType"
        xmlns=".../query-3"
        xmlns:q=".../query-3"
        xmlns:c=".../common/common-3"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <and>
        <equal>
            <matching>insensitive</matching>
            <path>c:tag</path>
            <value>abc</value>
        </equal>
        <equal>
            <matching>norm</matching>
            <path>c:name</path>
            <value>someName</value>
        </equal>
    </and>
</q:filter>
XML + Query Language
c:tag =[insensitive] "abc" and c:name =[norm] "someName"
XML
<filter xsi:type="SearchFilterType"
        xmlns:c=".../common/common-3"
       xmlns=".../query-3"
       xmlns:t=".../types-3"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <and>
        <equal>
            <path>c:name</path>
            <value>
                <t:orig>generic object</t:orig>
                <t:norm>generic object</t:norm>
            </value>
        </equal>
        <equal>
            <path>
                declare namespace p="http://midpoint.evolveum.com/xml/ns/test/extension";
                c:extension/p:intType
            </path>
            <value xsi:type="xsd:int">123</value>
        </equal>
    </and>
</filter>
Query Language
c:name and (orig = "generic object" and norm = "generic object") and c:extension/p:intType = 123
XML
<filter
    xmlns=".../query-3" xmlns:c=".../common/common-3"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <!-- <and> -->
    <type>
        <type>c:UserType</type>
        <filter>
            <equal>
                <path>c:name</path>
                <value>some name identificator</value>
            </equal>
        </filter>
    </type>
</filter>
XML + Query Language
type = c:UserType and c:name = "some name identificator"
XML
<object xsi:type="SearchFilterType"
    xmlns=".../query-3" xmlns:c=".../common/common-3"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <!-- <and> -->
    <equal>
        <path>c:connectorType</path>
        <value>org.identityconnectors.ldap.LdapConnector</value>
    </equal>
    <!-- </and> -->
</object>
XML + Query Language
c:connectorType = "org.identityconnectors.ldap.LdapConnector"
XML
<filter xmlns:c=".../common/common-3"
        xmlns:ext="http://midpoint.evolveum.com/xml/ns/test/extension"
        xmlns:q=".../query-3"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="q:SearchFilterType">
    <q:not>
        <q:equal>
            <q:path>c:extension/ext:longType</q:path>
        </q:equal>
    </q:not>
</filter>
XML + Query Language
XML
<filter xmlns:c=".../common/common-3"
    xmlns=".../query-3">

    <or xmlns=".../query-3">
        <substring>
            <path>c:employeeType</path>
            <c:expression>
                <c:script>
                    <c:code>
                        return "12345"
                    </c:code>
                </c:script>
            </c:expression>
            <anchorStart>false</anchorStart>
            <anchorEnd>false</anchorEnd>
        </substring>
    </or>
</filter>
XML + Query Language
c:employeeType contains ```return "12345"```
XML
<filter xsi:type="q:SearchFilterType"
    xmlns=".../query-3"
    xmlns:q=".../query-3"
    xmlns:c=".../common/common-3"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

    <or>
        <equal>
            <path>c:intent</path>
            <value>some account type</value>
        </equal>
        <equal>
            <path>
                declare namespace f="http://midpoint.evolveum.com/blabla";
                c:attributes/f:foo
            </path>
            <value xsi:type="xsd:string">foo value</value>
        </equal>
        <equal>
            <path>
                declare namespace p="http://midpoint.evolveum.com/xml/ns/test/extension";
                c:extension/p:stringType
            </path>
            <value xsi:type="xsd:string">uid=test,dc=example,dc=com</value>
        </equal>
        <ref>
            <path>c:resourceRef</path>
            <value>
                <oid>d0db5be9-cb93-401f-b6c1-86ffffe4cd5e</oid>
                <relation>boss</relation>
            </value>
        </ref>
    </or>
</filter>
XML + Query Language
c:intent = "some account type" or c:attributes/f:foo = "foo value"
  or c:extension/p:stringType = "uid=test,dc=example,dc=com"
  or c:resourceRef matches (
    oid = "d0db5be9-cb93-401f-b6c1-86ffffe4cd5e"
    and relation = "boss"
  )
XML
<query xmlns=".../query-3" xmlns:c=".../common/common-3">
    <filter>
        <equal>
            <matching>polyStringOrig</matching>
            <path>c:name</path>
            <value>some-name</value>
        </equal>
    </filter>
</query>
XML + Query Language
c:name polyStringOrig some-name

Equals Multiple Values

This is VALUE IN SET rather then VALUE EQUALS SET
XML
<!-- test210EqualMultiple -->
<query xmlns=".../query-3" xmlns:c=".../common/common-3">
    <filter>
        <equal>
            <path>c:employeeType</path>
            <value>STD</value>
            <value>TEMP</value>
        </equal>
    </filter>
</query>
XML + Query Language
c:employeeType in ("STD", "TEMP")
XML
<query xmlns=".../query-3" xmlns:c=".../common/common-3">
    <filter>
        <equal>
            <path>c:employeeNumber</path>
            <rightHandSidePath>c:costCenter</rightHandSidePath>
        </equal>
    </filter>
</query>
XML + Query Language
c:employeeNumber = c:costCenter
XML
<!-- filter test410OrgFilterSubtree -->
<query xmlns=".../query-3">
    <filter>
        <org>
            <orgRef>
                <oid>111</oid>
            </orgRef>
            <scope>SUBTREE</scope>
        </org>
    </filter>
</query>
. inOrg '111'
XML
<query xmlns=".../query-3">
    <filter>
        <inOid>
            <value>oid1</value>
            <value>oid2</value>
            <value>oid3</value>
        </inOid>
    </filter>
</query>
XML + Query Language
. inOid ['oid1', 'oid2', 'oid3' ]
XML
<resource oid="84a420cc-2904-11e8-862b-0fc0d7ab7174">

  <connectorRef type="ConnectorType">
      <filter>
          <q:and>
              <q:equal>
                  <q:path>connectorType</q:path>
                  <q:value>com.evolveum.icf.dummy.connector.DummyConnector</q:value>
              </q:equal>
              <q:equal>
                  <q:path>connectorVersion</q:path>
                  <q:value>2.0</q:value>
              </q:equal>
          </q:and>
      </filter>
  </connectorRef>

  <protected>
      <filter>
          <q:equal>
              <q:path>attributes/name</q:path>
              <q:value>daviejones</q:value>
          </q:equal>
      </filter>
  </protected>
  <protected>
      <filter>
          <q:equal>
              <q:path>attributes/name</q:path>
              <q:value>calypso</q:value>
          </q:equal>
      </filter>
  </protected>
</resource>
XML + Query Language
XML
<authorization>
    <name>read-requestable-roles</name>
    <description>
        Allow to read requestable roles. This allows to search for requestable roles in user interface.
    </description>
    <action>.../security/authorization-model-3#read</action>
    <object>
        <type>RoleType</type>
        <filter>
            <q:equal>
                <q:path>requestable</q:path>
                <q:value>true</q:value>
            </q:equal>
        </filter>
    </object>
    <!-- Note: for production use you should consider limiting the items that can be read. -->
</authorization>
XML + Query Language
XML
<authorization>
    <name>self-owned-task-add-execute-changes</name>
    <description>
        Authorization to create a new 'execute changes' task owned by a currently logged-in user.
        This is needed to execute asynchronous operations from the GUI.
    </description>
    <action>.../security/authorization-model-3#add</action>
    <object>
        <type>TaskType</type>
        <filter>
            <q:or>
                <q:equal>
                    <q:path>handlerUri</q:path>
                    <q:value>.../model/synchronization/task/execute/handler-3</q:value>
                </q:equal>
                <q:equal>
                    <q:path>handlerUri</q:path>
                    <q:value>.../model/iterative-scripting/handler-3</q:value>    <!-- members-related operations -->
                </q:equal>
            </q:or>
        </filter>
        <owner>
            <special>self</special>
        </owner>
    </object>
</authorization>
XML + Query Language
XML
<authorization>
    <name>read all</name>
    <action>.../security/authorization-model-3#read</action>
    <object>
        <type>UserType</type>
        <filter>
            <q:equal>
               <q:path>employeeType</q:path>
               <q:value>CAPTAIN</q:value>
            </q:equal>
        </filter>
    </object>
</authorization>
XML + Query Language

270-object-collection-task-active.xml

XML
<type>TaskType</type>
<filter>
    <q:and>
        <q:equal>
            <q:path>executionStatus</q:path>
            <q:value>runnable</q:value>
        </q:equal>
        <q:equal>
            <q:path>parent</q:path>
        </q:equal>
    </q:and>
</filter>
XML + Query Language
XML
midpoint/gui/admin-gui/src/main/resources/initial-objects/285-object-collection-audit-24h.xml
<filter>
    <q:and>
        <q:equal>
            <q:path>eventStage</q:path>
            <q:value>execution</q:value>
        </q:equal>
        <q:greater>
            <q:path>timestamp</q:path>
            <expression>
                <script>
                    <code>
                        calendar = basic.addDuration(basic.currentDateTime(), "-P1D");
                        return calendar;
                    </code>
                </script>
            </expression>
        </q:greater>
    </q:and>
</filter>
XML + Query Language
XML
midpoint/gui/admin-gui/src/main/resources/initial-objects/330-object-collection-my-cases.xml
<filter>
    <q:and>
        <q:ref>
            <q:path>requestorRef</q:path>
            <expression>
                <script>
                    <code>
                        import com.evolveum.midpoint.xml.ns._public.common.common_3.*
                        new ObjectReferenceType().oid(midpoint.principalOid)
                    </code>
                </script>
            </expression>
        </q:ref>
        <q:not>
            <q:equal>
                <q:path>state</q:path>
                <q:value>closed</q:value>
            </q:equal>
        </q:not>
    </q:and>
</filter>
XML + Query Language
XML
<protected>
    <filter>
        <q:equal>
            <q:path>attributes/name</q:path>
            <q:value>daviejones</q:value>
        </q:equal>
    </filter>
</protected>
<protected>
    <filter>
        <q:equal>
            <q:path>attributes/name</q:path>
            <q:value>calypso</q:value>
        </q:equal>
    </filter>
</protected>
<protected>
    <filter>
        <q:equal>
            <q:path>attributes/name</q:path>
            <q:value>admin</q:value>
        </q:equal>
    </filter>
</protected>
XML + Query Language
XML
<role oid="10000000-0000-0000-0000-000000001605"
        xmlns=".../common/common-3"
        xmlns:c=".../common/common-3"
        xmlns:t=".../types-3"
        xmlns:ri=".../resource/instance-3"
        xmlns:q=".../query-3"
        xmlns:icfs=".../connector/icf-1/resource-schema-3"
        xmlns:piracy=".../samples/piracy">
    <name>Mapmaker</name>
    <inducement>
        <construction>
            <resourceRef oid="10000000-0000-0000-0000-000000000004" type="c:ResourceType"/>
            <kind>account</kind>
            <association>
                <ref>ri:group</ref>
                <outbound>
                    <expression>
                        <associationTargetSearch>
                            <filter>
                                <q:equal>
                                    <q:path>declare namespace icfs=".../connector/icf-1/resource-schema-3";
                                        attributes/icfs:name</q:path>
                                    <q:value>mapmakers</q:value>
                                </q:equal>
                            </filter>
                            <searchStrategy>onResourceIfNeeded</searchStrategy>
                        </associationTargetSearch>
                    </expression>
                </outbound>
            </association>
        </construction>
    </inducement>
</role>
XML + Query Language
XML
<filter>
    <q:equal>
        <q:matching>.../matching-rule-3#stringIgnoreCase</q:matching>
     <q:path>attributes/ri:dn</q:path>
     <q:value>uid=idm,ou=Administrators,dc=example,dc=com</q:value>
 </q:equal>
</filter>
XML + Query Language
XML
<filter>
    <q:equal>
        <q:path>c:name</q:path>
        <expression>
            <script>
                <code>
                    return memberOf.split(";", -1)[0]
                </code>
            </script>
        </expression>
    </q:equal>
</filter>
XML + Query Language
XML
<mapping>
    <name>Access role assignment</name>
    <strength>strong</strength>
    <source>
        <path>extension/memberOf</path>
    </source>
    <expression>
        <assignmentTargetSearch>
            <targetType>c:RoleType</targetType>
            <filter>
                <q:equal>
                    <q:path>c:name</q:path>
                    <expression>
                        <script>
                            <code>
                                return memberOf.split(";", -1)[0]
                            </code>
                        </script>
                    </expression>
                </q:equal>
            </filter>
            <populate>
XML + Query Language
XML
<role xmlns=".../common/common-3"
      xmlns:q=".../query-3"
      xmlns:ext=".../samples/piracy">
    <assignment>
        <targetRef type="RoleType">
            <filter>
                <q:equal>
                    <q:path>ext:name</q:path>
                    <expression>
                        <path>$ext:roleName</path>
                    </expression>
                </q:equal>
            </filter>
        </targetRef>
    </assignment>
</role>
XML + Query Language
XML
<role oid="12345678-d34d-b33f-f00d-55555555a020"
        xmlns=".../common/common-3"
        xmlns:q=".../query-3"
        xmlns:ext=".../samples/piracy"
        xmlns:ri=".../resource/instance-3">
    <name>Generic Metarole</name>
    <description>Metarole for all roles which are assigned directly to users</description>
    <inducement id="1">
        <construction>
            <resourceRef type="ResourceType"> <!-- should be evaluated to oid="10000000-0000-0000-0000-000000000004"  -->
                <filter>
                    <q:equal>
                        <q:path>name</q:path>
                        <expression>
                            <path>$assignment/extension/ext:resourceName</path>  <!--  should be Dummy Resource -->
                                    <!-- originally here was "immediateRole"; however, this does not work on the path of
                                         (e.g.) Engineer->JobMetarole->GenericMetarole ... so perhaps the easier solution
                                         is to use magic assignment that contains all the extensions on the path -->
                        </expression>
                    </q:equal>
                </filter>
XML + Query Language
XML
<inducement id="2">
    <construction>
        <resourceRef type="ResourceType"> <!-- should be evaluated to oid="10000000-0000-0000-0000-000000000004"  -->
            <filter>
                <q:inOid>
                    <expression>
                        <script>
                            <code>
                                val = basic.getExtensionReferenceValue(immediateRole, ".../samples/piracy", "resourceRef")
                                log.info("#######value " + val)
                                return val?.getOid()
                            </code>
                        </script>
                    </expression>
XML + Query Language
XML
<objectCollection oid="f61bcb4a-f8ae-11e8-9f5c-c3e7f27ee878"
                            xmlns=".../common/common-3"
                            xmlns:c=".../common/common-3"
                            xmlns:t=".../types-3"
                            xmlns:q=".../query-3"
                            xmlns:piracy=".../samples/piracy">
                        <name>Active employees</name>
                        <type>UserType</type>
                        <filter>
                            <q:equal>
                                <q:path>activation/effectiveStatus</q:path>
                                <q:value>enabled</q:value>
                            </q:equal>
                        </filter>
XML + Query Language

midpoint/model/model-intest/src/test/resources/gensync/resource-dummy-purple.xml

XML
<association>
    <ref>ri:priv</ref>
    <inbound>
        <name>mate-inbound</name>
        <strength>strong</strength>
        <expression>
            <assignmentTargetSearch>
                <targetType>c:RoleType</targetType>
                <filter>
                    <q:equal>
                        <q:path>name</q:path>
                        <expression>
                            <script>
                                <code>
                                    return entitlement?.getName()?.getOrig()
                                </code>
                            </script>
                        </expression>
                    </q:equal>
XML + Query Language
<association>
    <ref>ri:priv</ref>
    <inbound>
        <name>mate-inbound</name>
        <strength>strong</strength>
        <expression>
            <assignmentTargetSearch>
                <targetType>c:RoleType</targetType>
                <filter>name = `return entitlement?.getName()?.getOrig()`</filter>
XML
<role oid="f23ab26c-69df-11e6-8330-979c643ea51c"
        xmlns=".../common/common-3"
        xmlns:c=".../common/common-3"
        xmlns:t=".../types-3"
        xmlns:q=".../query-3"
        xmlns:org='.../common/org-3'
        xmlns:piracy=".../samples/piracy">
    <name>Project Omnimanager</name>
    <description>Manager of all projects</description>
    <inducement>
        <targetRef>
            <type>OrgType</type>
            <filter>
                <q:equal>
                    <q:path>orgType</q:path>
                    <q:value>project</q:value>
                </q:equal>
            </filter>
XML + Query Language
<role oid="f23ab26c-69df-11e6-8330-979c643ea51c"
        xmlns=".../common/common-3"
        xmlns:c=".../common/common-3"
        xmlns:t=".../types-3"
        xmlns:q=".../query-3"
        xmlns:org='.../common/org-3'
        xmlns:piracy=".../samples/piracy">
    <name>Project Omnimanager</name>
    <description>Manager of all projects</description>
    <inducement>
        <targetRef>
            <type>OrgType</type>
            <filter>orgType = project</filter>
XML
<systemConfiguration xmlns=".../common/common-3"
                     xmlns:c=".../common/common-3"
                     xmlns:q=".../query-3">

    <globalPolicyRule>
           <name>citizen exclusion</name>
           <policyConstraints>
            <exclusion>
                <targetRef type="RoleType">
                    <filter>
                        <q:equal>
                            <q:path>roleType</q:path>
                            <q:value>citizen</q:value>
                        </q:equal>
                    </filter>
                    <resolutionTime>run</resolutionTime>
                </targetRef>
            </exclusion>
XML + Query Language
<systemConfiguration xmlns=".../common/common-3"
                     xmlns:c=".../common/common-3"
                     xmlns:q=".../query-3">

    <globalPolicyRule>
           <name>citizen exclusion</name>
           <policyConstraints>
            <exclusion>
                <targetRef type="RoleType">
                  <filter>roleType = "citizen"</filter>
XML
<filter>
    <q:substring>
        <q:matching>stringIgnoreCase</q:matching>
        <q:path>
            declare namespace icfs=".../connector/icf-1/resource-schema-3";
            attributes/icfs:name
        </q:path>
        <q:value>-aDm</q:value>
        <q:anchorEnd>true</q:anchorEnd>
    </q:substring>
</filter>
XML + Query Language
<filter xmlns:icfs="...">
  attributes/icfs:name endsWith[ignoreCase] "-aDm"
</filter>
XML
<protected>
    <filter>
        <q:equal>
            <q:matching>.../matching-rule-3#distinguishedName</q:matching>
         <q:path>attributes/ri:dn</q:path>
         <!-- WilDCapiTaLIzaTioN and spacing makes sure that this is matched properly -->
         <q:value>uid=cAlyPSo, ou=PeoPle,    DC=example,dc=COM</q:value>
     </q:equal>
   </filter>
</protected>
XML + Query Language
<protected>
  <filter>
    attributes/ri:dn =[distinguishedName] "uid=cAlyPSo, ou=PeoPle,    DC=example,dc=COM"
  </filter>
</protected>
XML
<mapping>
    <name>Org-org mapping</name>
    <authoritative>true</authoritative>
    <source>
        <path>declare namespace ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext";extension/ext:orgpath</path>
    </source>
    <source>
        <path>orgType</path>
    </source>
    <expression>
        <assignmentTargetSearch>
            <targetType>c:OrgType</targetType>
            <filter>
                <q:equal>
                    <q:path>c:name</q:path>
                    <expression>
                        <script>
                            <code>
                                parent = orgpath.tokenize('/')[1]
                                if (!parent) {
                                    return "TOP";
                                } else {
                                    return parent;
                                }
                            </code>
                        </script>
                    </expression>
                </q:equal>
Query Language
<mapping>
    <name>Org-org mapping</name>
    <authoritative>true</authoritative>
    <source>
        <path>declare namespace ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext";extension/ext:orgpath</path>
    </source>
    <source>
        <path>orgType</path>
    </source>
    <expression>
        <assignmentTargetSearch>
            <targetType>c:OrgType</targetType>
            <filter>
              c:name = ```orgpath.tokenize("/")[1]
                if (!parent) {
                  return "TOP";
                } else {
                  return parent;
                }
              ```
            </filter>