Improve sub org application deletion when accessing through tenant pe…

…rspective
wso2-extensions · Dec 3, 2024 · f83b1d5 · f83b1d5
1 parent 3833c81
commit f83b1d5
Showing 1 changed file with 52 additions and 50 deletions.
diff --git a/.../wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java b/.../wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java
@@ -467,45 +467,51 @@ private void handleAddedApplicationAudienceRolesOnAppUpdate(List<RoleV2> addedAp
     public boolean doPreDeleteApplication(String applicationName, String tenantDomain, String userName)
             throws IdentityApplicationManagementException {
 
-        try {
-            // If the deleting application is an application of tenant(i.e primary org) nothing to do here.
-            if (!OrganizationManagementUtil.isOrganization(tenantDomain)) {
-                return true;
-            }
+        if (StringUtils.isEmpty(PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                .getApplicationResidentOrganizationId())) {
+            try {
+                // If the deleting application is an application of tenant(i.e primary org) nothing to do here.
+                if (!OrganizationManagementUtil.isOrganization(tenantDomain)) {
+                    return true;
+                }
 
-            ServiceProvider sharedApplication = getApplicationByName(applicationName, tenantDomain);
-            if (sharedApplication == null) {
-                return false;
-            }
-            String sharedAppId = sharedApplication.getApplicationResourceId();
-            String sharedAppOrgId = organizationManager.resolveOrganizationId(tenantDomain);
-            // Resolve the main application details.
-            String mainAppId = orgApplicationManager.getMainApplicationIdForGivenSharedApp(sharedAppId, sharedAppOrgId);
-            if (mainAppId == null) {
-                return false;
-            }
-            int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId);
-            String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId);
+                ServiceProvider sharedApplication = getApplicationByName(applicationName, tenantDomain);
+                if (sharedApplication == null) {
+                    return false;
+                }
+                String sharedAppId = sharedApplication.getApplicationResourceId();
+                String sharedAppOrgId = organizationManager.resolveOrganizationId(tenantDomain);
+                // Resolve the main application details.
+                String mainAppId = orgApplicationManager.getMainApplicationIdForGivenSharedApp(sharedAppId,
+                        sharedAppOrgId);
+                if (mainAppId == null) {
+                    return false;
+                }
+                int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId);
+                String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId);
+
+                String allowedAudienceForRoleAssociationInMainApp =
+                        applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId,
+                                mainAppTenantDomain);
+                boolean hasAppAudiencedRoles =
+                        RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociationInMainApp);
+                if (hasAppAudiencedRoles) {
+                    // Handle role deletion in application deletion post actions.
+                    return true;
+                }
 
-            String allowedAudienceForRoleAssociationInMainApp =
-                    applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain);
-            boolean hasAppAudiencedRoles =
-                    RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociationInMainApp);
-            if (hasAppAudiencedRoles) {
-                // Handle role deletion in application deletion post actions.
-                return true;
+                // Handing organization audienced roles associated case.
+                List<RoleV2> associatedRolesOfMainApplication = applicationManagementService
+                        .getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain);
+                handleOrganizationAudiencedSharedRoleDeletion(associatedRolesOfMainApplication, mainAppId,
+                        mainAppTenantDomain, sharedAppOrgId);
+            } catch (OrganizationManagementException | IdentityRoleManagementException e) {
+                throw new IdentityApplicationManagementException(
+                        "Error while deleting organization roles associated to the app.", e);
             }
-
-            // Handing organization audienced roles associated case.
-            List<RoleV2> associatedRolesOfMainApplication = applicationManagementService
-                    .getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain);
-            handleOrganizationAudiencedSharedRoleDeletion(associatedRolesOfMainApplication, mainAppId,
-                    mainAppTenantDomain, sharedAppOrgId);
-        } catch (OrganizationManagementException | IdentityRoleManagementException e) {
-            throw new IdentityApplicationManagementException(
-                    "Error while deleting organization roles associated to the app.", e);
+            return super.doPreDeleteApplication(applicationName, tenantDomain, userName);
         }
-        return super.doPreDeleteApplication(applicationName, tenantDomain, userName);
+        return true;
     }
 
     private void handleOrganizationAudiencedSharedRoleDeletion(List<RoleV2> rolesList, String mainApplicationId,
@@ -583,22 +589,18 @@ public boolean doPostGetAllowedAudienceForRoleAssociation(AssociatedRolesConfig
                                                               String applicationUUID, String tenantDomain)
             throws IdentityApplicationManagementException {
 
-        try {
-            if (!OrganizationManagementUtil.isOrganization(tenantDomain)) {
-                return true;
-            }
-            // Resolve the allowed audience for associated roles of shared application from main application details.
-            String mainAppId = applicationManagementService.getMainAppId(applicationUUID);
-            int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId);
-            String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId);
-            String resolvedAllowedAudienceFromMainApp =
-                    applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain);
-            allowedAudienceForRoleAssociation.setAllowedAudience(resolvedAllowedAudienceFromMainApp);
-        } catch (OrganizationManagementException e) {
-            throw new IdentityApplicationManagementException(String.format(
-                    "Error while fetching the allowed audience for role association of application with: %s.",
-                    applicationUUID), e);
+        String mainAppId = applicationManagementService.getMainAppId(applicationUUID);
+        // If the main application id is null, then this is the main application. We can skip this operation based on
+        // that.
+        if (StringUtils.isEmpty(mainAppId)) {
+            return true;
         }
+        // Resolve the allowed audience for associated roles of shared application from main application details.
+        int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId);
+        String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId);
+        String resolvedAllowedAudienceFromMainApp =
+                applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain);
+        allowedAudienceForRoleAssociation.setAllowedAudience(resolvedAllowedAudienceFromMainApp);
         return true;
     }