From f83b1d5450a10a11c2f382d3b3d32efb3c4cfb87 Mon Sep 17 00:00:00 2001 From: Shan Chathusanda Jayathilaka Date: Sun, 1 Dec 2024 03:57:27 +0530 Subject: [PATCH] Improve sub org application deletion when accessing through tenant perspective --- .../listener/SharedRoleMgtListener.java | 102 +++++++++--------- 1 file changed, 52 insertions(+), 50 deletions(-) diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java index 5b852ef5d..6d0534df8 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java @@ -467,45 +467,51 @@ private void handleAddedApplicationAudienceRolesOnAppUpdate(List addedAp public boolean doPreDeleteApplication(String applicationName, String tenantDomain, String userName) throws IdentityApplicationManagementException { - try { - // If the deleting application is an application of tenant(i.e primary org) nothing to do here. - if (!OrganizationManagementUtil.isOrganization(tenantDomain)) { - return true; - } + if (StringUtils.isEmpty(PrivilegedCarbonContext.getThreadLocalCarbonContext() + .getApplicationResidentOrganizationId())) { + try { + // If the deleting application is an application of tenant(i.e primary org) nothing to do here. + if (!OrganizationManagementUtil.isOrganization(tenantDomain)) { + return true; + } - ServiceProvider sharedApplication = getApplicationByName(applicationName, tenantDomain); - if (sharedApplication == null) { - return false; - } - String sharedAppId = sharedApplication.getApplicationResourceId(); - String sharedAppOrgId = organizationManager.resolveOrganizationId(tenantDomain); - // Resolve the main application details. - String mainAppId = orgApplicationManager.getMainApplicationIdForGivenSharedApp(sharedAppId, sharedAppOrgId); - if (mainAppId == null) { - return false; - } - int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId); - String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId); + ServiceProvider sharedApplication = getApplicationByName(applicationName, tenantDomain); + if (sharedApplication == null) { + return false; + } + String sharedAppId = sharedApplication.getApplicationResourceId(); + String sharedAppOrgId = organizationManager.resolveOrganizationId(tenantDomain); + // Resolve the main application details. + String mainAppId = orgApplicationManager.getMainApplicationIdForGivenSharedApp(sharedAppId, + sharedAppOrgId); + if (mainAppId == null) { + return false; + } + int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId); + String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId); + + String allowedAudienceForRoleAssociationInMainApp = + applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, + mainAppTenantDomain); + boolean hasAppAudiencedRoles = + RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociationInMainApp); + if (hasAppAudiencedRoles) { + // Handle role deletion in application deletion post actions. + return true; + } - String allowedAudienceForRoleAssociationInMainApp = - applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain); - boolean hasAppAudiencedRoles = - RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociationInMainApp); - if (hasAppAudiencedRoles) { - // Handle role deletion in application deletion post actions. - return true; + // Handing organization audienced roles associated case. + List associatedRolesOfMainApplication = applicationManagementService + .getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain); + handleOrganizationAudiencedSharedRoleDeletion(associatedRolesOfMainApplication, mainAppId, + mainAppTenantDomain, sharedAppOrgId); + } catch (OrganizationManagementException | IdentityRoleManagementException e) { + throw new IdentityApplicationManagementException( + "Error while deleting organization roles associated to the app.", e); } - - // Handing organization audienced roles associated case. - List associatedRolesOfMainApplication = applicationManagementService - .getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain); - handleOrganizationAudiencedSharedRoleDeletion(associatedRolesOfMainApplication, mainAppId, - mainAppTenantDomain, sharedAppOrgId); - } catch (OrganizationManagementException | IdentityRoleManagementException e) { - throw new IdentityApplicationManagementException( - "Error while deleting organization roles associated to the app.", e); + return super.doPreDeleteApplication(applicationName, tenantDomain, userName); } - return super.doPreDeleteApplication(applicationName, tenantDomain, userName); + return true; } private void handleOrganizationAudiencedSharedRoleDeletion(List rolesList, String mainApplicationId, @@ -583,22 +589,18 @@ public boolean doPostGetAllowedAudienceForRoleAssociation(AssociatedRolesConfig String applicationUUID, String tenantDomain) throws IdentityApplicationManagementException { - try { - if (!OrganizationManagementUtil.isOrganization(tenantDomain)) { - return true; - } - // Resolve the allowed audience for associated roles of shared application from main application details. - String mainAppId = applicationManagementService.getMainAppId(applicationUUID); - int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId); - String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId); - String resolvedAllowedAudienceFromMainApp = - applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain); - allowedAudienceForRoleAssociation.setAllowedAudience(resolvedAllowedAudienceFromMainApp); - } catch (OrganizationManagementException e) { - throw new IdentityApplicationManagementException(String.format( - "Error while fetching the allowed audience for role association of application with: %s.", - applicationUUID), e); + String mainAppId = applicationManagementService.getMainAppId(applicationUUID); + // If the main application id is null, then this is the main application. We can skip this operation based on + // that. + if (StringUtils.isEmpty(mainAppId)) { + return true; } + // Resolve the allowed audience for associated roles of shared application from main application details. + int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId); + String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId); + String resolvedAllowedAudienceFromMainApp = + applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain); + allowedAudienceForRoleAssociation.setAllowedAudience(resolvedAllowedAudienceFromMainApp); return true; }