Skip to content

Commit

Permalink
Improve role management with shared role check
Browse files Browse the repository at this point in the history
  • Loading branch information
@ShanChathusanda93
ShanChathusanda93 committed Oct 10, 2024
1 parent 167aed3 commit 83d38a5
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 10 deletions.
13 changes: 13 additions & 0 deletions ...role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,4 +473,17 @@ default List<RoleDTO> getSharedHybridRoles(String roleId, int tenantId) throws I

return null;
}

/**
* Check whether the given role is a shared role in the given tenant.
*
* @param roleId The role ID of the tenant.
* @param tenantDomain The tenant domain.
* @return True if the role is a shared role.
* @throws IdentityRoleManagementException If an error occurs while checking the shared role.
*/
default boolean isSharedRole(String roleId, String tenantDomain) throws IdentityRoleManagementException {

return false;
}
}
13 changes: 3 additions & 10 deletions ....v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -520,7 +520,7 @@ public RoleBasicInfo getRoleBasicInfoById(String roleId, String tenantDomain)
public List<Permission> getPermissionListOfRole(String roleId, String tenantDomain)
throws IdentityRoleManagementException {

if (isOrganization(tenantDomain)) {
if (isOrganization(tenantDomain) && isSharedRole(roleId, tenantDomain)) {
return getPermissionsOfSharedRole(roleId, tenantDomain);
} else {
return getPermissions(roleId, tenantDomain);
Expand Down Expand Up @@ -1550,15 +1550,8 @@ private void addRoleInfo(String roleId, String roleName, List<Permission> permis
}
}

/**
* Check role is a shared role.
*
* @param roleId Role ID.
* @param tenantDomain Tenant Domain.
* @return is Shared role.
* @throws IdentityRoleManagementException IdentityRoleManagementException.
*/
private boolean isSharedRole(String roleId, String tenantDomain)
@Override
public boolean isSharedRole(String roleId, String tenantDomain)
throws IdentityRoleManagementException {

int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
Expand Down
13 changes: 13 additions & 0 deletions ...ore/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/util/RoleManagementUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,17 @@ public static int resolveAudienceRefId(String audience, String audienceId) throw

return roleDAO.getRoleAudienceRefId(audience, audienceId);
}

/**
* Checks whether the given role is a shared role in the given tenant domain.
*
* @param roleId The role ID.
* @param tenantDomain The tenant domain.
* @return Whether the role is a shared role or not.
* @throws IdentityRoleManagementException If an error occurs while checking the shared role.
*/
public static boolean isSharedRole(String roleId, String tenantDomain) throws IdentityRoleManagementException {

return roleDAO.isSharedRole(roleId, tenantDomain);
}
}
10 changes: 10 additions & 0 deletions ...wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,16 @@
</Scopes>
</APIResource>
{% endfor %}
<APIResource name="SCIM2 Roles API"
identifier="/o/scim2/Roles" requiresAuthorization="true"
description="API representation of the SCIM2 Roles API" type="ORGANIZATION">
<Scopes>
<Scope displayName="Create Roles" name="internal_org_role_mgt_create"
description = "Create new roles in the organization"/>
<Scope displayName="Delete Roles" name="internal_org_role_mgt_delete"
description = "Delete roles in the organization"/>
</Scopes>
</APIResource>
<APIResource name="Admin Advisory Management API"
identifier="/api/server/v1/admin-advisory-management/banner" requiresAuthorization="true"
description="API representation of the Admin Advisory Management API" type="SYSTEM">
Expand Down
7 changes: 7 additions & 0 deletions .../org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,9 @@
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
<Scopes>internal_org_role_mgt_view</Scopes>
</Resource>
<Resource context="(.*)/o/scim2/v2/Roles(.*)" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions>
<Scopes>internal_org_role_mgt_create</Scopes>
<Resource context="(.*)/o/scim2/v2/Roles(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
<Scopes>internal_org_role_mgt_view</Scopes>
Expand All @@ -330,6 +333,10 @@
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
<Scopes>internal_org_role_mgt_update</Scopes>
</Resource>
<Resource context="(.*)/o/scim2/v2/Roles/(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions>
<Scopes>internal_org_role_mgt_delete</Scopes>
</Resource>

<!-- SCIM2 Users API -->
<Resource context="(.*)/scim2/Users/.search" secured="true" http-method="POST">
Expand Down

0 comments on commit 83d38a5

Please sign in to comment.