Add application role mgt APIs

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml

@@ -81,5 +81,10 @@
             <artifactId>org.wso2.carbon.identity.auth.attribute.handler</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.application.role.mgt</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 </project>

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java

@@ -36,6 +36,7 @@ private ApplicationManagementConstants() {
 
     private static final String APPLICATION_MANAGEMENT_PREFIX = "APP-";
     public static final String APPLICATION_MANAGEMENT_PATH_COMPONENT = "/applications";
+    public static final String ROLES_PATH_COMPONENT = "/roles";
     public static final String APPLICATION_TEMPLATE_MANAGEMENT_PATH_COMPONENT = "/templates";
     public static final String INBOUND_PROTOCOLS_PATH_COMPONENT = "/inbound-protocols";
     public static final String INBOUND_PROTOCOL_OAUTH2_PATH_COMPONENT = "/oidc";

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementServiceHolder.java

@@ -16,6 +16,7 @@
 package org.wso2.carbon.identity.api.server.application.management.common;
 
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
 import org.wso2.carbon.identity.cors.mgt.core.CORSManagementService;
 import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
 import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
@@ -37,6 +38,7 @@ public class ApplicationManagementServiceHolder {
     private static TemplateManager templateManager;
     private static CORSManagementService corsManagementService;
     private static RealmService realmService;
+    private static ApplicationRoleManager applicationRoleManagerService;
 
     public static ApplicationManagementService getApplicationManagementService() {
 
@@ -127,4 +129,24 @@ public static void setRealmService(RealmService realmService) {
 
         ApplicationManagementServiceHolder.realmService = realmService;
     }
+
+    /**
+     * Get ApplicationRoleManager.
+     *
+     * @return ApplicationRoleManager.
+     */
+    public static ApplicationRoleManager getApplicationRoleManagerService() {
+
+        return applicationRoleManagerService;
+    }
+
+    /**
+     * Set ApplicationRoleManager.
+     *
+     * @param applicationRoleManagerService ApplicationRoleManager.
+     */
+    public static void setApplicationRoleManagerService(ApplicationRoleManager applicationRoleManagerService) {
+
+        ApplicationManagementServiceHolder.applicationRoleManagerService = applicationRoleManagerService;
+    }
 }

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/factory/ApplicationRoleMgtOSGiServiceFactory.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.common.factory;
+
+import org.springframework.beans.factory.config.AbstractFactoryBean;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
+/**
+ * Factory Beans serves as a factory for creating other beans within the IOC container. This factory bean is used to
+ * instantiate the Application role Manager type of object inside the container.
+ */
+public class ApplicationRoleMgtOSGiServiceFactory extends AbstractFactoryBean<ApplicationRoleManager> {
+
+    private static ApplicationRoleManager applicationRoleMgtService;
+
+    @Override
+    public Class<?> getObjectType() {
+
+        return Object.class;
+    }
+
+    @Override
+    protected ApplicationRoleManager createInstance() throws Exception {
+
+        if (applicationRoleMgtService == null) {
+            ApplicationRoleManager taskOperationService = (ApplicationRoleManager) PrivilegedCarbonContext.
+                    getThreadLocalCarbonContext().getOSGiService(ApplicationRoleManager.class, null);
+
+            if (taskOperationService == null) {
+                throw new Exception("Unable to retrieve application role management service.");
+            }
+            applicationRoleMgtService = taskOperationService;
+        }
+        return applicationRoleMgtService;
+    }
+}

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml

@@ -148,6 +148,11 @@
             <artifactId>org.wso2.carbon.identity.auth.attribute.handler</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.application.role.mgt</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-rs-extension-search</artifactId>

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApi.java

@@ -42,9 +42,13 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.InboundProtocolListItem;
 import org.wso2.carbon.identity.api.server.application.management.v1.OIDCMetaData;
 import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.PaginatedAppRoleResponse;
 import org.wso2.carbon.identity.api.server.application.management.v1.PassiveStsConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.ResidentApplication;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleCreationModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RolePatchModel;
 import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
 import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
 import org.wso2.carbon.identity.api.server.application.management.v1.SAMLMetaData;
@@ -92,6 +96,30 @@ public Response changeApplicationOwner(@ApiParam(value = "ID of the application.
         return delegate.changeApplicationOwner(applicationId,  applicationOwner );
     }
 
+    @Valid
+    @POST
+    @Path("/{applicationId}/roles")
+    @Consumes({ "application/json" })
+    @Produces({ "application/json" })
+    @ApiOperation(value = "Create an application role with collected permissions ", notes = "Create a new application role with or without permissions <br> <b>Permission required:</b> <br>     * /permission/admin/manage/identity/applicationmgt/update <br> <b>Scope required:</b> <br>     * internal_application_mgt_update ", response = Role.class, authorizations = {
+        @Authorization(value = "BasicAuth"),
+        @Authorization(value = "OAuth2", scopes = {
+
+        })
+    }, tags={ "Application Roles", })
+    @ApiResponses(value = { 
+        @ApiResponse(code = 201, message = "Successfully created.", response = Role.class),
+        @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+        @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+        @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+        @ApiResponse(code = 409, message = "Conflict", response = Error.class),
+        @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+    })
+    public Response createAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role name and Permissions to add to the role" ) @Valid RoleCreationModel roleCreationModel) {
+
+        return delegate.createAppRole(applicationId,  roleCreationModel );
+    }
+
     @Valid
     @POST
 
@@ -142,6 +170,29 @@ public Response createApplicationTemplate(@ApiParam(value = "This represents the
         return delegate.createApplicationTemplate(applicationTemplateModel );
     }
 
+    @Valid
+    @DELETE
+    @Path("/{applicationId}/roles/{roleId}")
+
+    @Produces({ "application/json" })
+    @ApiOperation(value = "Delete an application role ", notes = "Delete a role <br> <b>Permission required:</b> <br>     * /permission/admin/manage/identity/applicationmgt/update <br> <b>Scope required:</b> <br>     * internal_application_mgt_update ", response = Void.class, authorizations = {
+        @Authorization(value = "BasicAuth"),
+        @Authorization(value = "OAuth2", scopes = {
+
+        })
+    }, tags={ "Application Roles", })
+    @ApiResponses(value = { 
+        @ApiResponse(code = 204, message = "Delete Success", response = Void.class),
+        @ApiResponse(code = 400, message = "", response = Void.class),
+        @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+        @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+        @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+    })
+    public Response deleteAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId) {
+
+        return delegate.deleteAppRole(applicationId,  roleId );
+    }
+
     @Valid
     @DELETE
     @Path("/{applicationId}")
@@ -381,6 +432,29 @@ public Response getAdaptiveAuthTemplates() {
         return delegate.getAdaptiveAuthTemplates();
     }
 
+    @Valid
+    @GET
+    @Path("/{applicationId}/roles")
+
+    @Produces({ "application/json" })
+    @ApiOperation(value = "Get all roles of the application ", notes = "Get all roles of the application <br> <b>Permission required:</b> <br>     * /permission/admin/manage/identity/applicationmgt/view <br> <b>Scope required:</b> <br>     * internal_application_mgt_view ", response = PaginatedAppRoleResponse.class, authorizations = {
+        @Authorization(value = "BasicAuth"),
+        @Authorization(value = "OAuth2", scopes = {
+
+        })
+    }, tags={ "Application Roles", })
+    @ApiResponses(value = { 
+        @ApiResponse(code = 200, message = "OK", response = PaginatedAppRoleResponse.class),
+        @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+        @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+        @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+        @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+    })
+    public Response getAllAppRoles(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId,     @Valid@ApiParam(value = "Previous Cursor")  @QueryParam("before") String before,     @Valid@ApiParam(value = "Next Cursor")  @QueryParam("after") String after) {
+
+        return delegate.getAllAppRoles(applicationId,  before,  after );
+    }
+
     @Valid
     @GET
     @Path("/templates")
@@ -434,6 +508,30 @@ public Response getAllApplications(    @Valid @Min(1)@ApiParam(value = "Maximum
         return delegate.getAllApplications(limit,  offset,  filter,  sortOrder,  sortBy,  attributes );
     }
 
+    @Valid
+    @GET
+    @Path("/{applicationId}/roles/{roleId}")
+
+    @Produces({ "application/json" })
+    @ApiOperation(value = "Get role and associated permissions ", notes = "Get a role of the application and its associated permissions<br> <b>Permission required:</b> <br>     * /permission/admin/manage/identity/applicationmgt/update <br> <b>Scope required:</b> <br>     * internal_application_mgt_update ", response = Role.class, authorizations = {
+        @Authorization(value = "BasicAuth"),
+        @Authorization(value = "OAuth2", scopes = {
+
+        })
+    }, tags={ "Application Roles", })
+    @ApiResponses(value = { 
+        @ApiResponse(code = 200, message = "OK", response = Role.class),
+        @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+        @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+        @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+        @ApiResponse(code = 404, message = "Not Found", response = Error.class),
+        @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+    })
+    public Response getAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId) {
+
+        return delegate.getAppRole(applicationId,  roleId );
+    }
+
     @Valid
     @GET
     @Path("/{applicationId}")
@@ -838,6 +936,29 @@ public Response importApplicationForUpdate(@Multipart(value = "file", required =
         return delegate.importApplicationForUpdate(fileInputStream, fileDetail );
     }
 
+    @Valid
+    @PATCH
+    @Path("/{applicationId}/roles/{roleId}")
+    @Consumes({ "application/json" })
+    @Produces({ "application/json" })
+    @ApiOperation(value = "Update an application role ", notes = "Update role name and permissions <br> <b>Permission required:</b> <br>     * /permission/admin/manage/identity/applicationmgt/update <br> <b>Scope required:</b> <br>     * internal_application_mgt_update ", response = Role.class, authorizations = {
+        @Authorization(value = "BasicAuth"),
+        @Authorization(value = "OAuth2", scopes = {
+
+        })
+    }, tags={ "Application Roles", })
+    @ApiResponses(value = { 
+        @ApiResponse(code = 200, message = "OK", response = Role.class),
+        @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+        @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+        @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+        @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+    })
+    public Response patchAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId, @ApiParam(value = "" ) @Valid RolePatchModel rolePatchModel) {
+
+        return delegate.patchAppRole(applicationId,  roleId,  rolePatchModel );
+    }
+
     @Valid
     @PATCH
     @Path("/{applicationId}")

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApiService.java

@@ -42,25 +42,34 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.InboundProtocolListItem;
 import org.wso2.carbon.identity.api.server.application.management.v1.OIDCMetaData;
 import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.PaginatedAppRoleResponse;
 import org.wso2.carbon.identity.api.server.application.management.v1.PassiveStsConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.ResidentApplication;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleCreationModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RolePatchModel;
 import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
 import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
 import org.wso2.carbon.identity.api.server.application.management.v1.SAMLMetaData;
 import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustMetaData;
+import org.wso2.carbon.identity.application.role.mgt.exceptions.ApplicationRoleManagementException;
+
 import javax.ws.rs.core.Response;
 
 
 public interface ApplicationsApiService {
 
       public Response changeApplicationOwner(String applicationId, ApplicationOwner applicationOwner);
 
+      public Response createAppRole(String applicationId, RoleCreationModel roleCreationModel);
       public Response createApplication(ApplicationModel applicationModel, String template);
 
       public Response createApplicationTemplate(ApplicationTemplateModel applicationTemplateModel);
 
+      public Response deleteAppRole(String applicationId, String roleId);
+
       public Response deleteApplication(String applicationId);
 
       public Response deleteApplicationTemplate(String templateId);
@@ -81,10 +90,12 @@ public interface ApplicationsApiService {
 
       public Response getAdaptiveAuthTemplates();
 
-      public Response getAllApplicationTemplates(Integer limit, Integer offset, SearchContext searchContext);
-
+      public Response getAllAppRoles(String applicationId, String before, String after)
+;      public Response getAllApplicationTemplates(Integer limit, Integer offset, SearchContext searchContext);
       public Response getAllApplications(Integer limit, Integer offset, String filter, String sortOrder, String sortBy, String attributes);
 
+      public Response getAppRole(String applicationId, String roleId);
+
       public Response getApplication(String applicationId);
 
       public Response getApplicationTemplate(String templateId);
@@ -119,6 +130,8 @@ public interface ApplicationsApiService {
 
       public Response importApplicationForUpdate(InputStream fileInputStream, Attachment fileDetail);
 
+      public Response patchAppRole(String applicationId, String roleId, RolePatchModel rolePatchModel);
+
       public Response patchApplication(String applicationId, ApplicationPatchModel applicationPatchModel);
 
       public Response regenerateOAuthClientSecret(String applicationId);