Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable role management in organization level #575

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.model.UserBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.util.RoleManagementUtils;
import org.wso2.carbon.identity.role.v2.mgt.core.util.UserIDResolver;
import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder;
import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants;
Expand Down Expand Up @@ -117,10 +118,6 @@ public RoleV2 createRole(RoleV2 role)
throws CharonException, ConflictException, NotImplementedException, BadRequestException {

try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role creation is not allowed for organizations.",
ResponseCodeConstants.INVALID_VALUE);
}
// Check if the role already exists.
if (roleManagementService.isExistingRole(role.getId(), tenantDomain)) {
String error = "Role with id: " + role.getId() + " already exists in the tenantDomain: "
Expand Down Expand Up @@ -313,8 +310,8 @@ private List<MultiValuedComplexType> convertPermissionsToMultiValuedComplexType(
public void deleteRole(String roleID) throws CharonException, NotFoundException, BadRequestException {

try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role deletion is not allowed for organizations.",
if (isSharedRole(roleID)) {
throw new BadRequestException("Shared role deletion is not allowed.",
ResponseCodeConstants.INVALID_VALUE);
}
roleManagementService.deleteRole(roleID, tenantDomain);
Expand Down Expand Up @@ -408,16 +405,16 @@ public RoleV2 patchRole(String roleId, Map<String, List<PatchOperation>> patchOp
}

if (CollectionUtils.isNotEmpty(displayNameOperations)) {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role name modification is not allowed for organizations.",
if (isSharedRole(roleId)) {
throw new BadRequestException("Role name modification is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
String newRoleName = (String) displayNameOperations.get(displayNameOperations.size() - 1).getValues();
updateRoleName(roleId, currentRoleName, newRoleName);
}
if (CollectionUtils.isNotEmpty(permissionOperations)) {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role's permission change is not allowed for organizations.",
if (isSharedRole(roleId)) {
throw new BadRequestException("Role permission modification is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
updatePermissions(roleId, permissionOperations);
Expand Down Expand Up @@ -697,8 +694,8 @@ private void doUpdateRoleName(RoleV2 oldRole, RoleV2 newRole)
if (!StringUtils.equals(oldRoleDisplayName, newRoleDisplayName)) {
// Update role name.
try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role name update is not allowed for organizations.",
if (isSharedRole(roleId)) {
throw new BadRequestException("Role name update is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
roleManagementService.updateRoleName(oldRole.getId(), newRoleDisplayName, tenantDomain);
Expand Down Expand Up @@ -821,8 +818,8 @@ private void doUpdatePermissions(RoleV2 oldRole, RoleV2 newRole) throws BadReque

// Update the role with added permissions and deleted permissions.
if (isNotEmpty(deletePermissionValuesList) || isNotEmpty(addedPermissionValuesList)) {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role's permission modification is not allowed for organizations.",
if (isSharedRole(oldRole.getId())) {
throw new BadRequestException("Role's permission modification is not allowed for shared roles.",
ResponseCodeConstants.INVALID_VALUE);
}
if (LOG.isDebugEnabled()) {
Expand Down Expand Up @@ -1420,4 +1417,13 @@ private IdpGroup convertToIdpGroup(IdPGroup idpGroup) {
convertedGroup.setGroupName(idpGroup.getIdpGroupName());
return convertedGroup;
}

private boolean isSharedRole(String roleId) throws CharonException {

try {
return RoleManagementUtils.isSharedRole(roleId, tenantDomain);
} catch (IdentityRoleManagementException e) {
throw new CharonException("Error while checking whether the role is a shared role.", e);
}
}
}
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,7 @@
<inbound.auth.oauth.version>6.5.3</inbound.auth.oauth.version>
<commons-collections.version>3.2.0.wso2v1</commons-collections.version>
<carbon.kernel.version>4.10.24</carbon.kernel.version>
<identity.framework.version>7.5.109</identity.framework.version>
<identity.framework.version>7.7.15</identity.framework.version>
<junit.version>4.13.1</junit.version>
<commons.lang.version>20030203.000129</commons.lang.version>
<identity.governance.version>1.8.12</identity.governance.version>
Expand Down
Loading