From c9c44aa340192e02bed0b71205c774ce89c48c42 Mon Sep 17 00:00:00 2001 From: Thilina Shashimal Senarath Date: Sat, 18 Nov 2023 10:40:46 +0530 Subject: [PATCH] Fix group's list of roles (v2) --- .../scim2/common/impl/SCIMUserManager.java | 70 ++++++++++--------- 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index e0cb32dad..30ea1d7e3 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -4471,51 +4471,53 @@ private void setGroupRoles(Group group) throws org.wso2.carbon.user.core.UserSto String groupName = group.getDisplayName(); Map groupMetaAttributesCache = new HashMap<>(); - List rolesOfGroup = carbonUM.getHybridRoleListOfGroup(UserCoreUtil.removeDomainFromName(groupName), - UserCoreUtil.extractDomainFromName(groupName)); - - // Add roles of group. - for (String roleName : rolesOfGroup) { - if (CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equalsIgnoreCase(roleName)) { - // Carbon specific roles do not possess SCIM info, hence skipping them. - continue; - } + if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) { + List rolesOfGroup = carbonUM.getHybridRoleListOfGroup(UserCoreUtil.removeDomainFromName(groupName), + UserCoreUtil.extractDomainFromName(groupName)); + // Add roles of group. + for (String roleName : rolesOfGroup) { + if (CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equalsIgnoreCase(roleName)) { + // Carbon specific roles do not possess SCIM info, hence skipping them. + continue; + } - Group groupObject = groupMetaAttributesCache.get(roleName); - if (groupObject == null && !groupMetaAttributesCache.containsKey(roleName)) { - /* - * Here getGroupOnlyWithMetaAttributes used to get role names. Group attributes will be retrieved - * from the userstore. - */ - groupObject = getGroupOnlyWithMetaAttributes(roleName); - groupMetaAttributesCache.put(roleName, groupObject); - } + Group groupObject = groupMetaAttributesCache.get(roleName); + if (groupObject == null && !groupMetaAttributesCache.containsKey(roleName)) { + /* + * Here getGroupOnlyWithMetaAttributes used to get role names. Group attributes will be retrieved + * from the userstore. + */ + groupObject = getGroupOnlyWithMetaAttributes(roleName); + groupMetaAttributesCache.put(roleName, groupObject); + } - if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) { Role role = new Role(); role.setDisplayName(removeInternalDomain(groupObject.getDisplayName())); role.setId(groupObject.getId()); String location = SCIMCommonUtils.getSCIMRoleURL(groupObject.getId()); role.setLocation(location); group.setRole(role); - } else { - RoleV2 role = new RoleV2(); - role.setDisplayName(removeInternalDomain(groupObject.getDisplayName())); - role.setId(groupObject.getId()); - String location = SCIMCommonUtils.getSCIMRoleV2URL(groupObject.getId()); - role.setLocation(location); - try { - RoleBasicInfo roleBasicInfo = SCIMCommonComponentHolder.getRoleManagementServiceV2() - .getRoleBasicInfoById(groupObject.getId(), tenantDomain); + } + } else { + try { + List groups = new ArrayList<>(); + groups.add(group.getId()); + List roles = SCIMCommonComponentHolder.getRoleManagementServiceV2() + .getRoleListOfGroups(groups, tenantDomain); + for (RoleBasicInfo roleBasicInfo : roles) { + RoleV2 role = new RoleV2(); + role.setDisplayName(roleBasicInfo.getName()); + role.setId(roleBasicInfo.getId()); + String location = SCIMCommonUtils.getSCIMRoleV2URL(roleBasicInfo.getId()); + role.setLocation(location); role.setAudience(roleBasicInfo.getAudienceId(), roleBasicInfo.getAudienceName(), roleBasicInfo.getAudience()); - } catch (IdentityRoleManagementException e) { - if (log.isDebugEnabled()) { - log.debug("Failed to resolve the audience for role id: " + groupObject.getId(), e); - } - return; + group.setRoleV2(role); + } + } catch (IdentityRoleManagementException e) { + if (log.isDebugEnabled()) { + log.debug("Failed to retrieve roles for group : " + group.getId(), e); } - group.setRoleV2(role); } } }