Skip to content

Commit

Permalink
Assign the organization creator to the admin role of the organization
Browse files Browse the repository at this point in the history
  • Loading branch information
sadilchamishka committed Oct 27, 2023
1 parent a66334e commit 16ead77
Show file tree
Hide file tree
Showing 6 changed files with 91 additions and 72 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventClientException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.services.IdentityEventService;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
Expand All @@ -57,7 +61,9 @@
import org.wso2.carbon.identity.organization.management.application.model.MainApplicationDO;
import org.wso2.carbon.identity.organization.management.application.model.SharedApplication;
import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationDO;
import org.wso2.carbon.identity.organization.management.ext.Constants;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementClientException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
Expand Down Expand Up @@ -625,6 +631,32 @@ public void shareApplication(String ownerOrgId, String sharedOrgId, ServiceProvi
} finally {
PrivilegedCarbonContext.endTenantFlow();
}

/*
If the sharing main application is Console, Create the shared admin user in shared organization
and assign the admin role.
*/
if (mainApplication.getApplicationName().equals("Console")) {
fireOrganizationCreatorSharingEvent(sharedOrgId);
}
}

private void fireOrganizationCreatorSharingEvent(String organizationId) throws OrganizationManagementException {

Map<String, Object> eventProperties = new HashMap<>();
eventProperties.put(Constants.EVENT_PROP_ORGANIZATION_ID, organizationId);

IdentityEventService eventService = OrgApplicationMgtDataHolder.getInstance().getIdentityEventService();
try {
Event event = new Event("POST_SHARED_CONSOLE_APP", eventProperties);
eventService.handleEvent(event);
} catch (IdentityEventClientException e) {
throw new OrganizationManagementClientException(e.getMessage(), e.getMessage(), e.getErrorCode(), e);
} catch (IdentityEventException e) {
throw new OrganizationManagementServerException(
OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getMessage(),
OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getCode(), e);
}
}

private Optional<String> resolveSharedApp(String mainAppId, String ownerOrgId, String sharedOrgId)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.event</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
</dependency>
<!--Test Dependencies-->
<dependency>
<groupId>org.testng</groupId>
Expand Down Expand Up @@ -127,6 +131,8 @@
org.wso2.carbon.database.utils.jdbc.exceptions;version="${org.wso2.carbon.database.utils.version.range}",
org.wso2.carbon.identity.core;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.role.v2.mgt.core;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.role.v2.mgt.core.exception;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.organization.management.service; version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.service.util;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.service.exception;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.internal;

import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
import org.wso2.carbon.user.core.service.RealmService;

/**
Expand All @@ -31,7 +31,7 @@ public class OrganizationUserSharingDataHolder {
private static final OrganizationUserSharingDataHolder instance = new OrganizationUserSharingDataHolder();
private RealmService realmService;
private OrganizationManager organizationManager;
private RoleManager roleManager;
private RoleManagementService roleManagementService;
private OrganizationUserSharingService organizationUserSharingService;

public static OrganizationUserSharingDataHolder getInstance() {
Expand Down Expand Up @@ -84,19 +84,19 @@ public void setRealmService(RealmService realmService) {
*
* @return Organization role manager service.
*/
public RoleManager getRoleManager() {
public RoleManagementService getRoleManagementService() {

return this.roleManager;
return roleManagementService;
}

/**
* Set the organization role manager service.
*
* @param roleManager Organization role manager service.
* @param roleManagementService Organization role manager service.
*/
public void setRoleManager(RoleManager roleManager) {
public void setRoleManagementService(RoleManagementService roleManagementService) {

this.roleManager = roleManager;
this.roleManagementService = roleManagementService;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharedUserOperationEventListener;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharingOrganizationCreatorUserEventHandler;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
import org.wso2.carbon.user.core.listener.UserOperationEventListener;
import org.wso2.carbon.user.core.service.RealmService;

Expand Down Expand Up @@ -101,18 +101,18 @@ protected void unsetOrganizationManagementService(OrganizationManager organizati
}

@Reference(
name = "RoleManager",
service = RoleManager.class,
name = "RoleManagementService",
service = RoleManagementService.class,
cardinality = ReferenceCardinality.MANDATORY,
policy = ReferencePolicy.DYNAMIC,
unbind = "unsetRoleManagerService")
protected void setRoleManagerService(RoleManager roleManagerService) {
unbind = "unsetRoleManagementService")
protected void setRoleManagementService(RoleManagementService roleManagementService) {

OrganizationUserSharingDataHolder.getInstance().setRoleManager(roleManagerService);
OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(roleManagementService);
}

protected void unsetRoleManagerService(RoleManager roleManagerService) {
protected void unsetRoleManagementService(RoleManagementService roleManagementService) {

OrganizationUserSharingDataHolder.getInstance().setRoleManager(null);
OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(null);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,21 @@
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.organization.management.ext.Constants;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.role.management.service.models.Role;
import org.wso2.carbon.identity.organization.management.role.management.service.models.User;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.model.Organization;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;

import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE;

/**
* The event handler for sharing the organization creator to the child organization.
*/
Expand All @@ -57,10 +51,9 @@ public void handleEvent(Event event) throws IdentityEventException {

String eventName = event.getEventName();

if (Constants.EVENT_POST_ADD_ORGANIZATION.equals(eventName)) {
if ("POST_SHARED_CONSOLE_APP".equals(eventName)) {
Map<String, Object> eventProperties = event.getEventProperties();
Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION);
String orgId = organization.getId();
String orgId = (String) eventProperties.get("ORGANIZATION_ID");

try {
String tenantDomain = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager()
Expand All @@ -76,58 +69,41 @@ public void handleEvent(Event event) throws IdentityEventException {
}
userSharingService.shareOrganizationUser(orgId, associatedUserId, associatedOrgId);
String userId = userSharingService.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId)
.getUserId();
Role organizationCreatorRole = buildOrgCreatorRole(userId);
Role administratorRole = buildAdministratorRole(userId);
getRoleManager().createRole(orgId, organizationCreatorRole);
getRoleManager().createRole(orgId, administratorRole);
.getUserId();
assignUserToAdminRole(userId, orgId, tenantDomain);
} catch (OrganizationManagementException e) {
throw new IdentityEventException("An error occurred while sharing the organization creator to the " +
"organization : " + orgId, e);
}
}
}

private Role buildOrgCreatorRole(String adminUUID) {

Role organizationCreatorRole = new Role();
organizationCreatorRole.setDisplayName(ORG_CREATOR_ROLE);
User orgCreator = new User(adminUUID);
organizationCreatorRole.setUsers(Collections.singletonList(orgCreator));
// Set permissions for org-creator role.
ArrayList<String> orgCreatorRolePermissions = new ArrayList<>();
// Adding mandatory permissions for the org-creator role.
orgCreatorRolePermissions.add(UserSharingConstants.ORG_MGT_PERMISSION);
orgCreatorRolePermissions.add(UserSharingConstants.ORG_ROLE_MGT_PERMISSION);
/*
Adding the bear minimum permission set that org creator should have to logged in to the console and view
user, groups, roles, SP, IDP sections.
*/
orgCreatorRolePermissions.addAll(UserSharingConstants.MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW);
// Add user create permission to organization creator to delegate permissions to other org users.
// This permission is assigned until https://github.com/wso2/product-is/issues/14439 is fixed
orgCreatorRolePermissions.add(UserSharingConstants.USER_MGT_CREATE_PERMISSION);
organizationCreatorRole.setPermissions(orgCreatorRolePermissions);
return organizationCreatorRole;
}

private Role buildAdministratorRole(String adminUUID) {

Role organizationAdministratorRole = new Role();
organizationAdministratorRole.setDisplayName(ORG_ADMINISTRATOR_ROLE);
User orgAdministrator = new User(adminUUID);
organizationAdministratorRole.setUsers(Collections.singletonList(orgAdministrator));
// Set permissions for org-administrator role.
ArrayList<String> orgAdministratorRolePermissions = new ArrayList<>();
// Setting all administrative permissions for the Administrator role
orgAdministratorRolePermissions.add(UserSharingConstants.ADMINISTRATOR_ROLE_PERMISSION);
organizationAdministratorRole.setPermissions(orgAdministratorRolePermissions);
return organizationAdministratorRole;
}
private void assignUserToAdminRole(String userId, String organizationId, String tenantDomain)
throws IdentityEventException {

private RoleManager getRoleManager() {
String adminRoleName;
try {
adminRoleName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
.getAdminRoleName();
adminRoleName = UserCoreUtil.removeDomainFromName(adminRoleName);
} catch (UserStoreException e) {
throw new IdentityEventException("An error occurred while retrieving the admin role ", e);
}

return OrganizationUserSharingDataHolder.getInstance().getRoleManager();
try {
String adminRoleId = OrganizationUserSharingDataHolder.getInstance().getRoleManagementService()
.getRoleIdByName(adminRoleName, RoleConstants.ORGANIZATION, organizationId, tenantDomain);
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
OrganizationUserSharingDataHolder.getInstance().getRoleManagementService().updateUserListOfRole(adminRoleId,
Collections.singletonList(userId), Collections.emptyList(), tenantDomain);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
} catch (IdentityRoleManagementException e) {
throw new IdentityEventException("An error occurred while assigning the user to the administrator role", e);
}
}

private OrganizationManager getOrganizationManager() {
Expand Down
7 changes: 6 additions & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,11 @@
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
Expand Down Expand Up @@ -510,7 +515,7 @@
<carbon.multitenancy.package.import.version.range>[4.7.0,5.0.0)
</carbon.multitenancy.package.import.version.range>

<carbon.identity.framework.version>5.25.433</carbon.identity.framework.version>
<carbon.identity.framework.version>5.25.446</carbon.identity.framework.version>
<carbon.identity.package.import.version.range>[5.20.0, 7.0.0)
</carbon.identity.package.import.version.range>

Expand Down

0 comments on commit 16ead77

Please sign in to comment.