Merge pull request #497 from shashimalcse/fix-admin-role-attributes

Fix admin role mandatory attribute update
wso2-extensions · Oct 26, 2023 · 8428586 · 8428586
2 parents 71c069f + e5dad25
commit 8428586
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 2 deletions.
diff --git a/...m2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java b/...m2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java
@@ -18,11 +18,18 @@
 
 package org.wso2.carbon.identity.scim2.common.group;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
+import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
 import org.wso2.carbon.identity.scim2.common.DAO.GroupDAO;
 import org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException;
+import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder;
 import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils;
+import org.wso2.carbon.user.core.util.UserCoreUtil;
 import org.wso2.charon3.core.exceptions.BadRequestException;
 import org.wso2.charon3.core.exceptions.CharonException;
 import org.wso2.charon3.core.objects.Group;
@@ -76,6 +83,59 @@ public void addMandatoryAttributes(String groupName)
         groupDAO.addSCIMGroupAttributes(tenantId, groupName, attributes);
     }
 
+    /**
+     * Add admin role attributes.
+     *
+     * @param roleName Role name.
+     * @throws IdentitySCIMException if any error occurs while adding admin role attributes.
+     */
+    public void addAdminRoleMandatoryAttributes(String roleName) throws IdentitySCIMException {
+
+        Map<String, String> attributes = new HashMap<>();
+        String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);
+        String id;
+        try {
+            id = SCIMCommonComponentHolder.getRoleManagementServiceV2().getRoleIdByName(
+                    UserCoreUtil.removeDomainFromName(roleName), RoleConstants.ORGANIZATION,
+                    getOrganizationId(tenantDomain), tenantDomain);
+        } catch (IdentityRoleManagementException e) {
+            throw new IdentitySCIMException("Error while resolving admin role id", e);
+        }
+        if (StringUtils.isBlank(id)) {
+            id = UUID.randomUUID().toString();
+        }
+        attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, id);
+
+        String createdDate = AttributeUtil.formatDateTime(Instant.now());
+        attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, createdDate);
+
+        attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, createdDate);
+        attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, SCIMCommonUtils.getSCIMGroupURL(id));
+        GroupDAO groupDAO = new GroupDAO();
+        groupDAO.addSCIMGroupAttributes(tenantId, roleName, attributes);
+    }
+
+    /**
+     * Get the organization id of the tenant.
+     *
+     * @param tenantDomain Tenant domain.
+     * @return Organization id.
+     * @throws IdentitySCIMException if any error occurs while resolving organization id.
+     */
+    private String getOrganizationId(String tenantDomain) throws IdentitySCIMException {
+
+        String orgId;
+        try {
+            orgId = SCIMCommonComponentHolder.getOrganizationManager().resolveOrganizationId(tenantDomain);
+        } catch (OrganizationManagementException e) {
+            throw new IdentitySCIMException("Error while resolving org id of tenant : " + tenantDomain, e);
+        }
+        if (StringUtils.isBlank(orgId)) {
+            throw new IdentitySCIMException("Organization id not found for tenant : " + tenantDomain);
+        }
+        return orgId;
+    }
+
     /**
      * Retrieve the group attributes by group name
      *

diff --git a/...mon/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java b/...mon/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java
@@ -32,6 +32,7 @@
 import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.role.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
 import org.wso2.carbon.identity.scim2.common.handlers.SCIMClaimOperationEventHandler;
@@ -315,6 +316,21 @@ protected void unsetScimUserStoreErrorResolver(SCIMUserStoreErrorResolver scimUs
         SCIMCommonComponentHolder.removeScimUserStoreErrorResolver(scimUserStoreErrorResolver);
     }
 
+    @Reference(name = "identity.organization.management.component",
+            service = OrganizationManager.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetOrganizationManager")
+    protected void setOrganizationManager(OrganizationManager organizationManager) {
+
+        SCIMCommonComponentHolder.setOrganizationManager(organizationManager);
+    }
+
+    protected void unsetOrganizationManager(OrganizationManager organizationManager) {
+
+        SCIMCommonComponentHolder.setOrganizationManager(null);
+    }
+
     @Deactivate
     protected void deactivate(ComponentContext context) {
 

diff --git a/...c/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java b/...c/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java
@@ -19,6 +19,7 @@
 package org.wso2.carbon.identity.scim2.common.internal;
 
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
 import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.user.mgt.RolePermissionManagementService;
@@ -39,6 +40,7 @@ public class SCIMCommonComponentHolder {
     private static RolePermissionManagementService rolePermissionManagementService;
     private static RoleManagementService roleManagementService;
     private static org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService roleManagementServiceV2;
+    private static OrganizationManager organizationManager;
     private static final List<SCIMUserStoreErrorResolver> scimUserStoreErrorResolvers = new ArrayList<>();
 
     /**
@@ -142,6 +144,27 @@ public static org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService ge
         return roleManagementServiceV2;
     }
 
+
+    /**
+     * Get {@link OrganizationManager}.
+     *
+     * @return organization manager instance {@link OrganizationManager}.
+     */
+    public static OrganizationManager getOrganizationManager() {
+
+        return organizationManager;
+    }
+
+    /**
+     * Set {@link OrganizationManager}.
+     *
+     * @param organizationManager Instance of {@link OrganizationManager}.
+     */
+    public static void setOrganizationManager(OrganizationManager organizationManager) {
+
+        SCIMCommonComponentHolder.organizationManager = organizationManager;
+    }
+
     public static List<SCIMUserStoreErrorResolver> getScimUserStoreErrorResolverList() {
 
         return scimUserStoreErrorResolvers;

diff --git a/....common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtil.java b/....common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtil.java
@@ -134,7 +134,7 @@ public static void updateAdminGroup(int tenantId) {
                             log.debug(
                                     "Group does not exist, setting scim attribute group value: " + roleNameWithDomain);
                         }
-                        scimGroupHandler.addMandatoryAttributes(roleNameWithDomain);
+                        scimGroupHandler.addAdminRoleMandatoryAttributes(roleNameWithDomain);
                     }
 
                     // Adding the SCIM attributes for admin group

diff --git a/...mon/src/test/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtilTest.java b/...mon/src/test/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtilTest.java
@@ -152,7 +152,7 @@ public void testUpdateAdminGroup(String domainName) throws Exception {
 
         ArgumentCaptor<String> argument = ArgumentCaptor.forClass(String.class);
         adminAttributeUtil.updateAdminGroup(1);
-        verify(scimGroupHandler).addMandatoryAttributes(argument.capture());
+        verify(scimGroupHandler).addAdminRoleMandatoryAttributes(argument.capture());
 
         assertEquals(argument.getValue(), roleNameWithDomain);
     }