Skip to content

Commit

Permalink
fix comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnuradhaSK
AnuradhaSK committed Oct 17, 2023
1 parent 6d6ce49 commit ff5ad09
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 28 deletions.
7 changes: 6 additions & 1 deletion components/org.wso2.carbon.identity.organization.management.handler/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,12 @@
org.wso2.carbon.identity.recovery.*; version="${identity.governance.imp.pkg.version.range}",
org.wso2.carbon.identity.governance; version="${identity.governance.imp.pkg.version.range}",
org.wso2.carbon.identity.role.v2.mgt.core.*; version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.organization.management.application.*; version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.application.*;
version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.application.mgt.*;
version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.application.common.*;
version="${carbon.identity.package.import.version.range}",
</Import-Package>
</instructions>
</configuration>
Expand Down
87 changes: 61 additions & 26 deletions ...n/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
import org.wso2.carbon.identity.organization.management.service.model.BasicOrganization;
import org.wso2.carbon.identity.organization.management.service.model.Organization;
import org.wso2.carbon.identity.organization.management.service.model.ParentOrganizationDO;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
import org.wso2.carbon.identity.role.v2.mgt.core.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
Expand All @@ -44,13 +44,17 @@
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

/**
* Event handler to manage shared roles in sub-organizations.
*/
public class SharedRoleMgtHandler extends AbstractEventHandler {

private static final Log LOG = LogFactory.getLog(SharedRoleMgtHandler.class);
private final ExecutorService executorService = Executors.newFixedThreadPool(5);

@Override
public void handleEvent(Event event) throws IdentityEventException {
Expand All @@ -60,28 +64,33 @@ public void handleEvent(Event event) throws IdentityEventException {
switch (eventName) {
case OrgApplicationMgtConstants.EVENT_POST_SHARE_APPLICATION:
/*
If the main application use application audienced roles, create the role for sub org space,
and add the relationship.
If the main application use application audienced roles, create the role for shared app's org space,
and add the relationship. If the main application use organization audienced roles, create the role in
shared app's org space, and add the relationship if already not exists.
*/
createSubOrgRolesOnAppSharing(eventProperties);
createOrganizationRolesOnAppSharing(eventProperties);
break;
case IdentityEventConstants.Event.POST_ADD_ROLE_V2_EVENT:
createSubOrgRolesOnNewRoleCreation(eventProperties);
createOrganizationRolesOnNewRoleCreation(eventProperties);
break;
case Constants.EVENT_POST_ADD_ORGANIZATION:
/*
If the org is a sub organization and if primary org has roles with organization audience,
If the created org's primary business org has roles with organization audience,
create them in the sub org as well.
*/
createSubOrgRolesOnNewOrgCreation(eventProperties);
// TODO: This might not required with new approach of handling org audience roles
createOrganizationRolesOnNewOrgCreation(eventProperties);
break;
default:
LOG.debug("Unsupported event: " + eventName);
if (LOG.isDebugEnabled()) {
LOG.debug("Unsupported event: " + eventName);
}
break;
}
}

private void createSubOrgRolesOnNewOrgCreation(Map<String, Object> eventProperties) throws IdentityEventException {
private void createOrganizationRolesOnNewOrgCreation(Map<String, Object> eventProperties)
throws IdentityEventException {

try {
Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION);
Expand Down Expand Up @@ -115,7 +124,8 @@ private void createSubOrgRolesOnNewOrgCreation(Map<String, Object> eventProperti
}
}

private void createSubOrgRolesOnNewRoleCreation(Map<String, Object> eventProperties) throws IdentityEventException {
private void createOrganizationRolesOnNewRoleCreation(Map<String, Object> eventProperties)
throws IdentityEventException {

try {
String mainRoleUUID = (String) eventProperties.get(IdentityEventConstants.EventProperty.ROLE_ID);
Expand All @@ -124,30 +134,53 @@ private void createSubOrgRolesOnNewRoleCreation(Map<String, Object> eventPropert
String roleAudienceType = (String) eventProperties.get(IdentityEventConstants.EventProperty.AUDIENCE);
String roleAudienceId = (String) eventProperties.get(IdentityEventConstants.EventProperty.AUDIENCE_ID);
String roleOrgId = getOrganizationManager().resolveOrganizationId(roleTenantDomain);
if (Utils.isOrganization(roleTenantDomain)) {
if (OrganizationManagementUtil.isOrganization(roleTenantDomain)) {
return;
}
switch (roleAudienceType) {
case RoleConstants.APPLICATION:
// If the audienced application is a shared application, create the role in the shared apps.
/*
If the audienced application is a shared application, create the role in
the shared apps' org space.
*/
List<SharedApplication> sharedApplications =
getOrgApplicationManager().getSharedApplications(roleOrgId, roleAudienceId);
for (SharedApplication sharedApplication : sharedApplications) {
String sharedApplicationId = sharedApplication.getSharedApplicationId();
String sharedOrganizationId = sharedApplication.getOrganizationId();
String shareAppTenantDomain =
getOrganizationManager().resolveTenantDomain(sharedOrganizationId);
RoleBasicInfo sharedRoleInfo =
getRoleManagementServiceV2().addRole(mainRoleName, Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList(), RoleConstants.APPLICATION, sharedApplicationId,
shareAppTenantDomain);
// Add relationship between main role and shared role.
getRoleManagementServiceV2().addMainRoleToSharedRoleRelationship(mainRoleUUID,
sharedRoleInfo.getId(), roleTenantDomain, shareAppTenantDomain);
int noOfSharedApps = sharedApplications.size();
CompletableFuture<Void>[] creations = new CompletableFuture[noOfSharedApps];
for (int i = 0; i < noOfSharedApps; i++) {
final int taskId = i;
CompletableFuture<Void> sharedRoleCreation = CompletableFuture.runAsync(() -> {
try {
String sharedApplicationId = sharedApplications.get(taskId).getSharedApplicationId();
String sharedOrganizationId = sharedApplications.get(taskId).getOrganizationId();
String shareAppTenantDomain =
getOrganizationManager().resolveTenantDomain(sharedOrganizationId);
RoleBasicInfo sharedRoleInfo =
getRoleManagementServiceV2().addRole(mainRoleName, Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList(), RoleConstants.APPLICATION, sharedApplicationId,
shareAppTenantDomain);
// Add relationship between main role and shared role.
getRoleManagementServiceV2().addMainRoleToSharedRoleRelationship(mainRoleUUID,
sharedRoleInfo.getId(), roleTenantDomain, shareAppTenantDomain);
} catch (IdentityRoleManagementException | OrganizationManagementException e) {
LOG.error("Error occurred while creating shared role in organization with id: " +
sharedApplications.get(taskId).getOrganizationId(), e);
}
}, executorService);
creations[taskId] = sharedRoleCreation;
}
CompletableFuture<Void> allOfCreations = CompletableFuture.allOf(creations);
allOfCreations.join();
break;
case RoleConstants.ORGANIZATION:
/*
TODO: Need to create organization roles in suborgs only if the role is
attahced to at least on shared role
on new org role creation, this role can't be associated to an app.
therefore this logic can be removed
*/
// If the audienced organization is a shared organization, create the role in the shared orgs.
List<BasicOrganization> childOrganizations =
getOrganizationManager().getChildOrganizations(roleOrgId, true);
Expand Down Expand Up @@ -175,7 +208,8 @@ private void createSubOrgRolesOnNewRoleCreation(Map<String, Object> eventPropert
}
}

private void createSubOrgRolesOnAppSharing(Map<String, Object> eventProperties) throws IdentityEventException {
private void createOrganizationRolesOnAppSharing(Map<String, Object> eventProperties)
throws IdentityEventException {

String parentOrganizationId =
(String) eventProperties.get(OrgApplicationMgtConstants.EVENT_PROP_PARENT_ORGANIZATION_ID);
Expand All @@ -193,6 +227,7 @@ private void createSubOrgRolesOnAppSharing(Map<String, Object> eventProperties)
boolean hasAppAudiencedRoles =
RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociation);
if (!hasAppAudiencedRoles) {
// TODO: handle organization audience role creation if they doesn't exist in sub org.
return;
}
// Create the role if not exists, and add the relationship.
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -495,7 +495,7 @@
<org.wso2.identity.organization.mgt.imp.pkg.version.range>[1.0.0,2.0.0)
</org.wso2.identity.organization.mgt.imp.pkg.version.range>

<identity.organization.management.core.version>1.0.69</identity.organization.management.core.version>
<identity.organization.management.core.version>1.0.70</identity.organization.management.core.version>
<org.wso2.identity.organization.mgt.core.imp.pkg.version.range>[1.0.0,2.0.0)
</org.wso2.identity.organization.mgt.core.imp.pkg.version.range>

Expand Down

0 comments on commit ff5ad09

Please sign in to comment.