Skip to content

Commit

Permalink
Enable role management in organization level
Browse files Browse the repository at this point in the history
  • Loading branch information
ShanChathusanda93 committed Dec 2, 2024
1 parent 7571ccb commit 0c6e98d
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.model.UserBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.util.RoleManagementUtils;
import org.wso2.carbon.identity.role.v2.mgt.core.util.UserIDResolver;
import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder;
import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants;
Expand Down Expand Up @@ -117,10 +118,6 @@ public RoleV2 createRole(RoleV2 role)
throws CharonException, ConflictException, NotImplementedException, BadRequestException {

try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role creation is not allowed for organizations.",
ResponseCodeConstants.INVALID_VALUE);
}
// Check if the role already exists.
if (roleManagementService.isExistingRole(role.getId(), tenantDomain)) {
String error = "Role with id: " + role.getId() + " already exists in the tenantDomain: "
Expand Down Expand Up @@ -313,8 +310,8 @@ private List<MultiValuedComplexType> convertPermissionsToMultiValuedComplexType(
public void deleteRole(String roleID) throws CharonException, NotFoundException, BadRequestException {

try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role deletion is not allowed for organizations.",
if (isSharedRole(roleID)) {
throw new BadRequestException("Shared role deletion is not allowed.",
ResponseCodeConstants.INVALID_VALUE);
}
roleManagementService.deleteRole(roleID, tenantDomain);
Expand Down Expand Up @@ -408,16 +405,16 @@ public RoleV2 patchRole(String roleId, Map<String, List<PatchOperation>> patchOp
}

if (CollectionUtils.isNotEmpty(displayNameOperations)) {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role name modification is not allowed for organizations.",
if (isSharedRole(roleId)) {
throw new BadRequestException("Role name modification is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
String newRoleName = (String) displayNameOperations.get(displayNameOperations.size() - 1).getValues();
updateRoleName(roleId, currentRoleName, newRoleName);
}
if (CollectionUtils.isNotEmpty(permissionOperations)) {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role's permission change is not allowed for organizations.",
if (isSharedRole(roleId)) {
throw new BadRequestException("Role permission modification is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
updatePermissions(roleId, permissionOperations);
Expand Down Expand Up @@ -697,8 +694,8 @@ private void doUpdateRoleName(RoleV2 oldRole, RoleV2 newRole)
if (!StringUtils.equals(oldRoleDisplayName, newRoleDisplayName)) {
// Update role name.
try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role name update is not allowed for organizations.",
if (isSharedRole(roleId)) {
throw new BadRequestException("Role name update is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
roleManagementService.updateRoleName(oldRole.getId(), newRoleDisplayName, tenantDomain);
Expand Down Expand Up @@ -821,8 +818,8 @@ private void doUpdatePermissions(RoleV2 oldRole, RoleV2 newRole) throws BadReque

// Update the role with added permissions and deleted permissions.
if (isNotEmpty(deletePermissionValuesList) || isNotEmpty(addedPermissionValuesList)) {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role's permission modification is not allowed for organizations.",
if (isSharedRole(oldRole.getId())) {
throw new BadRequestException("Role's permission modification is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
if (LOG.isDebugEnabled()) {
Expand Down Expand Up @@ -1420,4 +1417,13 @@ private IdpGroup convertToIdpGroup(IdPGroup idpGroup) {
convertedGroup.setGroupName(idpGroup.getIdpGroupName());
return convertedGroup;
}

private boolean isSharedRole(String roleId) throws CharonException {

try {
return RoleManagementUtils.isSharedRole(roleId, tenantDomain);
} catch (IdentityRoleManagementException e) {
throw new CharonException("Error while checking whether the role is a shared role.", e);
}
}
}
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,7 @@
<inbound.auth.oauth.version>6.5.3</inbound.auth.oauth.version>
<commons-collections.version>3.2.0.wso2v1</commons-collections.version>
<carbon.kernel.version>4.10.24</carbon.kernel.version>
<identity.framework.version>7.5.109</identity.framework.version>
<identity.framework.version>7.7.15</identity.framework.version>
<junit.version>4.13.1</junit.version>
<commons.lang.version>20030203.000129</commons.lang.version>
<identity.governance.version>1.8.12</identity.governance.version>
Expand Down

0 comments on commit 0c6e98d

Please sign in to comment.