From 61a457eb341b297adfa75a06584e363b91437405 Mon Sep 17 00:00:00 2001 From: AnuradhaSK Date: Sat, 21 Oct 2023 01:50:41 +0530 Subject: [PATCH] fix role deletion issue --- .../pom.xml | 1 + .../listener/SharedRoleMgtListener.java | 24 ++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/components/org.wso2.carbon.identity.organization.management.handler/pom.xml b/components/org.wso2.carbon.identity.organization.management.handler/pom.xml index c356f865b..636f8b6a6 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/pom.xml +++ b/components/org.wso2.carbon.identity.organization.management.handler/pom.xml @@ -138,6 +138,7 @@ org.wso2.carbon.identity.application.common.*; version="${carbon.identity.package.import.version.range}", org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.context;version="${carbon.kernel.package.import.version.range}", diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java index 143eddd66..74f40b538 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java @@ -23,6 +23,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.model.RoleV2; import org.wso2.carbon.identity.application.common.model.ServiceProvider; @@ -459,21 +460,28 @@ private void handleOrganizationAudiencedSharedRoleDeletion(List rolesLis List associatedApplicationsIds = getRoleManagementServiceV2().getAssociatedApplicationByRoleId(mainAppRoleId, mainApplicationTenantDomain); - if (associatedApplicationsIds == null) { - continue; - } String sharedRoleId = mainRoleToSharedRoleMappingsInSubOrg.get(mainAppRoleId); if (StringUtils.isBlank(sharedRoleId)) { // There is no role available in the shared org. May be due to role creation issue. continue; } /* - If the only associated application is the main app in this flow, delete the role in - the org. + If this private method is called from application update post listener, the role already removed + from the application. associatedApplicationsIds is empty means there are no any other applications. + + If this private method is called from application deletion post listener, + and if the only associated application is the main app in this flow, this condition is satisfied. + Hence, deleting the shared roles. */ - if (associatedApplicationsIds.size() == 1 && mainApplicationId.equals(associatedApplicationsIds.get(0))) { - // Delete the role in org. - getRoleManagementServiceV2().deleteRole(sharedRoleId, sharedAppTenantDomain); + if (CollectionUtils.isEmpty(associatedApplicationsIds) || (associatedApplicationsIds.size() == 1 && + mainApplicationId.equals(associatedApplicationsIds.get(0)))) { + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(sharedAppTenantDomain, true); + getRoleManagementServiceV2().deleteRole(sharedRoleId, sharedAppTenantDomain); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } } else if (associatedApplicationsIds.size() > 1) { boolean isRoleUsedByAnotherSharedApp = false; for (String associatedApplicationId : associatedApplicationsIds) {