Filter sub organization permissions

ChanikaRuchini · Jan 22, 2024 · 76be91b · 76be91b
1 parent 9ead882
commit 76be91b
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/...le.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/RoleConstants.java b/...le.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/RoleConstants.java
@@ -67,6 +67,9 @@ private RoleConstants() {
     public static final String ORGANIZATION = "organization";
     public static final String SYSTEM = "system";
 
+    public static final String INTERNAL_SCOPE_PREFIX = "internal_";
+    public static final String INTERNAL_ORG_SCOPE_PREFIX = "internal_org_";
+
     /**
      * Grouping of constants related to database table names.
      */

diff --git a/....v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java b/....v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java
@@ -98,6 +98,8 @@
 import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.H2;
 import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.INFORMIX;
 import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.INTERNAL_DOMAIN;
+import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.INTERNAL_ORG_SCOPE_PREFIX;
+import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.INTERNAL_SCOPE_PREFIX;
 import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.MARIADB;
 import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.MICROSOFT;
 import static org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants.MY_SQL;
@@ -1617,7 +1619,10 @@ private List<Permission> getPermissionsOfSharedRole(String roleId, String tenant
             if (StringUtils.isNotEmpty(mainRoleId) && mainTenantId != -1) {
                 String mainTenantDomain = IdentityTenantUtil.getTenantDomain(mainTenantId);
                 if (StringUtils.isNotEmpty(mainRoleId) && StringUtils.isNotEmpty(mainTenantDomain)) {
-                    return getPermissions(mainRoleId, mainTenantDomain);
+                    List<Permission> permissions = getPermissions(mainRoleId, mainTenantDomain);
+                    return permissions.stream()
+                            .filter(permission -> isValidSubOrgPermission(permission.getName()))
+                            .collect(Collectors.toList());
                 }
             }
         } catch (SQLException | IdentityRoleManagementException e) {
@@ -1628,6 +1633,23 @@ private List<Permission> getPermissionsOfSharedRole(String roleId, String tenant
         return null;
     }
 
+    /**
+     * Check permission is a valid sub organization permission.
+     *
+     * @param permission Permission.
+     * @return is valid sub organization permission.
+     */
+    private boolean isValidSubOrgPermission(String permission) {
+
+        if (permission.startsWith(INTERNAL_ORG_SCOPE_PREFIX)) {
+            return true;
+        } else if (permission.startsWith(INTERNAL_SCOPE_PREFIX)) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
     /**
      * Get permission of shared roles.
      *