Merge pull request #268 from AnuradhaSK/bug-fix

Implement listeners to resolve associated role details of shared app

components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java

@@ -21,6 +21,7 @@
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
 import org.wso2.carbon.identity.application.common.model.RoleV2;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
@@ -92,7 +93,7 @@ private void createSharedRolesOnApplicationSharing(Map<String, Object> eventProp
             String allowedAudienceForRoleAssociationInMainApp =
                     getApplicationMgtService().getAllowedAudienceForRoleAssociation(parentApplicationId,
                             mainAppTenantDomain);
-            switch (allowedAudienceForRoleAssociationInMainApp) {
+            switch (allowedAudienceForRoleAssociationInMainApp.toLowerCase()) {
                 case RoleConstants.APPLICATION:
                     // Create the roles, and add the relationship.
                     createSharedRolesWithAppAudience(parentApplicationId, mainAppTenantDomain, sharedApplicationId,
@@ -184,7 +185,7 @@ private void createSharedRolesOnNewRoleCreation(Map<String, Object> eventPropert
             if (OrganizationManagementUtil.isOrganization(roleTenantDomain)) {
                 return;
             }
-            switch (roleAudienceType) {
+            switch (roleAudienceType.toLowerCase()) {
                 case RoleConstants.APPLICATION:
                     /*
                      If the audienced application is a shared application, create the role in
@@ -201,14 +202,21 @@ private void createSharedRolesOnNewRoleCreation(Map<String, Object> eventPropert
                                 String sharedOrganizationId = sharedApplications.get(taskId).getOrganizationId();
                                 String shareAppTenantDomain =
                                         getOrganizationManager().resolveTenantDomain(sharedOrganizationId);
-                                RoleBasicInfo sharedRoleInfo =
+                                try {
+                                    PrivilegedCarbonContext.startTenantFlow();
+                                    PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                                            .setTenantDomain(shareAppTenantDomain, true);
+                                    RoleBasicInfo sharedRoleInfo =
                                         getRoleManagementServiceV2().addRole(mainRoleName, Collections.emptyList(),
                                                 Collections.emptyList(),
                                                 Collections.emptyList(), RoleConstants.APPLICATION, sharedApplicationId,
                                                 shareAppTenantDomain);
-                                // Add relationship between main role and shared role.
-                                getRoleManagementServiceV2().addMainRoleToSharedRoleRelationship(mainRoleUUID,
-                                        sharedRoleInfo.getId(), roleTenantDomain, shareAppTenantDomain);
+                                    // Add relationship between main role and shared role.
+                                    getRoleManagementServiceV2().addMainRoleToSharedRoleRelationship(mainRoleUUID,
+                                            sharedRoleInfo.getId(), roleTenantDomain, shareAppTenantDomain);
+                                } finally {
+                                    PrivilegedCarbonContext.endTenantFlow();
+                                }
                             } catch (IdentityRoleManagementException | OrganizationManagementException e) {
                                 LOG.error("Error occurred while creating shared role in organization with id: " +
                                         sharedApplications.get(taskId).getOrganizationId(), e);

components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java

@@ -25,6 +25,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.common.model.AssociatedRolesConfig;
 import org.wso2.carbon.identity.application.common.model.RoleV2;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
@@ -121,7 +122,7 @@ public boolean doPreUpdateApplication(ServiceProvider serviceProvider, String te
             if old and new audiences are equals, need to handle the role diff.
              */
             if (existingAllowedAudienceForRoleAssociation.equalsIgnoreCase(updatedAllowedAudienceForRoleAssociation)) {
-                switch (updatedAllowedAudienceForRoleAssociation) {
+                switch (updatedAllowedAudienceForRoleAssociation.toLowerCase()) {
                     case RoleConstants.APPLICATION:
                         List<RoleV2> addedApplicationAudienceRoles = updatedAssociatedRolesList.stream()
                                 .filter(updatedRole -> !existingAssociatedRolesList.contains(updatedRole))
@@ -521,4 +522,76 @@ private ServiceProvider getApplicationByName(String name, String tenantDomain)
 
         return applicationManagementService.getServiceProvider(name, tenantDomain);
     }
+
+    @Override
+    public boolean doPostGetAllowedAudienceForRoleAssociation(AssociatedRolesConfig allowedAudienceForRoleAssociation,
+                                                              String applicationUUID, String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+        try {
+            if (!OrganizationManagementUtil.isOrganization(tenantDomain)) {
+                return true;
+            }
+            // Resolve the allowed audience for associated roles of shared application from main application details.
+            String mainAppId = applicationManagementService.getMainAppId(applicationUUID);
+            int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId);
+            String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId);
+            String resolvedAllowedAudienceFromMainApp =
+                    applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain);
+            allowedAudienceForRoleAssociation.setAllowedAudience(resolvedAllowedAudienceFromMainApp);
+        } catch (OrganizationManagementException e) {
+            throw new IdentityApplicationManagementException(String.format(
+                    "Error while fetching the allowed audience for role association of application with: %s.",
+                    applicationUUID), e);
+        }
+        return true;
+    }
+
+    @Override
+    public boolean doPostGetAssociatedRolesOfApplication(List<RoleV2> associatedRolesOfApplication,
+                                                         String applicationUUID, String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+        try {
+            if (!OrganizationManagementUtil.isOrganization(tenantDomain)) {
+                return true;
+            }
+            // Resolve the associated roles of shared application from main application details.
+            String mainAppId = applicationManagementService.getMainAppId(applicationUUID);
+            int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId);
+            String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId);
+            List<RoleV2> resolvedAssociatedRolesFromMainApp =
+                    applicationManagementService.getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain);
+            List<String> mainAppRoleIds =
+                    resolvedAssociatedRolesFromMainApp.stream().map(RoleV2::getId).collect(Collectors.toList());
+            Map<String, String> mainRoleToSharedRoleMappingsInSubOrg =
+                    roleManagementService.getMainRoleToSharedRoleMappingsBySubOrg(mainAppRoleIds, tenantDomain);
+            List<RoleV2> associatedRolesOfSharedApplication = mainRoleToSharedRoleMappingsInSubOrg.entrySet().stream()
+                    .map(entry -> {
+                        String sharedRoleId = entry.getValue();
+                        String mainRoleId = entry.getKey();
+
+                        // Find the main role by ID and retrieve its name.
+                        String mainRoleName = resolvedAssociatedRolesFromMainApp.stream()
+                                .filter(role -> role.getId().equals(mainRoleId))
+                                .findFirst()
+                                .map(RoleV2::getName)
+                                .orElse(null);
+
+                        RoleV2 sharedRole = new RoleV2();
+                        sharedRole.setId(sharedRoleId);
+                        sharedRole.setName(mainRoleName);
+                        return sharedRole;
+                    })
+                    .collect(Collectors.toList());
+            associatedRolesOfApplication.clear();
+            associatedRolesOfApplication.addAll(associatedRolesOfSharedApplication);
+        } catch (OrganizationManagementException | IdentityRoleManagementException e) {
+            throw new IdentityApplicationManagementException(String.format(
+                    "Error while fetching the allowed audience for role association of application with: %s.",
+                    applicationUUID), e);
+        }
+        return true;
+
+    }
 }

pom.xml

@@ -503,7 +503,7 @@
         <carbon.multitenancy.package.import.version.range>[4.7.0,5.0.0)
         </carbon.multitenancy.package.import.version.range>
 
-        <carbon.identity.framework.version>5.25.426</carbon.identity.framework.version>
+        <carbon.identity.framework.version>5.25.433</carbon.identity.framework.version>
         <carbon.identity.package.import.version.range>[5.20.0, 7.0.0)
         </carbon.identity.package.import.version.range>