diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml
index 0dc87e81a..dcb00514f 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.organization.management
identity-organization-management
- 1.3.76-SNAPSHOT
+ 1.3.89-SNAPSHOT
../../pom.xml
@@ -48,6 +48,10 @@
org.wso2.carbon.identity.organization.management
org.wso2.carbon.identity.organization.management.ext
+
+ org.wso2.carbon.identity.organization.management
+ org.wso2.carbon.identity.organization.management.role.management.service
+
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.core
@@ -119,6 +123,8 @@
org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}",
org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",
org.wso2.carbon.context;version="${carbon.kernel.package.import.version.range}",
+ org.wso2.carbon.database.utils.jdbc;version="${org.wso2.carbon.database.utils.version.range}",
+ org.wso2.carbon.database.utils.jdbc.exceptions;version="${org.wso2.carbon.database.utils.version.range}",
org.wso2.carbon.identity.core;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.organization.management.service; version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
@@ -126,6 +132,8 @@
org.wso2.carbon.identity.organization.management.service.exception;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.service.model; version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.service.constant;version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
+ org.wso2.carbon.identity.organization.management.role.management.service;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
+ org.wso2.carbon.identity.organization.management.role.management.service.models;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.user.api;version="${carbon.user.api.imp.pkg.version.range}",
org.wso2.carbon.user.core;version="${carbon.kernel.package.import.version.range}",
org.wso2.carbon.user.core.common;version="${carbon.kernel.package.import.version.range}",
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingService.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingService.java
index 53c692fca..66558fe80 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingService.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingService.java
@@ -18,7 +18,7 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing;
-import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.SharedUserAssociation;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.UserAssociation;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
/**
@@ -27,57 +27,55 @@
public interface OrganizationUserSharingService {
/**
- * Creates the association between the shared user and the actual user in the shared organization.
+ * Creates the association between the shared user and the actual user in the organization.
*
- * @param realUserId Actual user ID of the user in the parent organization.
- * @param userResidentOrgId The organization ID where the user's identity is managed.
- * @param sharedOrgId Organization ID of the user shared organization.
+ * @param orgId Organization ID of the user is shared.
+ * @param associatedUserId Actual user who is associated for a shared user.
+ * @param associatedOrgId The organization ID associated user.
* @throws OrganizationManagementException If an error occurs while creating the organization user association.
*/
- void shareOrganizationUser(String realUserId, String userResidentOrgId, String sharedOrgId)
+ void shareOrganizationUser(String orgId, String associatedUserId, String associatedOrgId)
throws OrganizationManagementException;
/**
* UnShare all the shared users for the given user.
*
- * @param realUserId The ID of the user.
- * @param userResidentOrgId The ID of the organization where the user is managed.
- * @return True if the organization user associations are deleted successfully.
- * @throws OrganizationManagementException If an error occurs while deleting the organization user associations.
+ * @param associatedUserId The ID of the associated user.
+ * @param associatedOrgId The ID of the organization where the user is managed.
+ * @return True if the user associations are deleted successfully.
+ * @throws OrganizationManagementException If an error occurs while deleting the user associations.
*/
- boolean unShareOrganizationUsers(String realUserId, String userResidentOrgId)
+ boolean unShareOrganizationUsers(String associatedUserId, String associatedOrgId)
throws OrganizationManagementException;
/**
* Delete the organization user association of the shared user.
*
- * @param sharedUserId The ID of the shared user.
- * @param userResidentOrgId The ID of organization where the user's identity is managed.
+ * @param userId The ID of the user.
+ * @param associatedOrgId The ID of organization where the user's identity is managed.
* @return True if the organization user association is deleted successfully.
* @throws OrganizationManagementException If an error occurs while deleting the organization user association.
*/
- boolean deleteOrganizationUserAssociationOfSharedUser(String sharedUserId, String userResidentOrgId)
- throws OrganizationManagementException;
+ boolean deleteUserAssociation(String userId, String associatedOrgId) throws OrganizationManagementException;
/**
- * Get the shared user association of the user.
+ * Get the user association of the associated user in a given organization.
*
- * @param realUserId The actual ID of the user.
- * @param sharedOrganizationId The organization ID of the user.
- * @return The shared user association of the user.
- * @throws OrganizationManagementException If an error occurs while retrieving the shared user association.
+ * @param associatedUserId The ID of the user who is associated to the organization.
+ * @param orgId The organization ID of the user.
+ * @return The user association of the associated user within a given organization.
+ * @throws OrganizationManagementException If an error occurs while retrieving the user association.
*/
- SharedUserAssociation getSharedUserAssociationOfUser(String realUserId, String sharedOrganizationId)
+ UserAssociation getUserAssociationOfAssociatedUserByOrgId(String associatedUserId, String orgId)
throws OrganizationManagementException;
/**
- * Get the shared user association of a shared user.
+ * Get the user association of a user.
*
- * @param sharedUserId The user ID of the shared user.
- * @param sharedOrganizationId The organization ID of the user.
- * @return The shared user association of the shared user.
- * @throws OrganizationManagementException If an error occurs while retrieving the shared user association.
+ * @param userId The ID of user.
+ * @param orgId The organization ID of the user.
+ * @return The user association of the user.
+ * @throws OrganizationManagementException If an error occurs while retrieving the user association.
*/
- SharedUserAssociation getSharedUserAssociationOfSharedUser(String sharedUserId, String sharedOrganizationId)
- throws OrganizationManagementException;
+ UserAssociation getUserAssociation(String userId, String orgId) throws OrganizationManagementException;
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingServiceImpl.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingServiceImpl.java
index 40fcaf713..7a2dfb71c 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingServiceImpl.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/OrganizationUserSharingServiceImpl.java
@@ -22,7 +22,7 @@
import org.wso2.carbon.identity.organization.management.organization.user.sharing.dao.OrganizationUserSharingDAO;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.dao.OrganizationUserSharingDAOImpl;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder;
-import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.SharedUserAssociation;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.UserAssociation;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.user.api.UserRealm;
@@ -50,76 +50,71 @@ public class OrganizationUserSharingServiceImpl implements OrganizationUserShari
private final OrganizationUserSharingDAO organizationUserSharingDAO = new OrganizationUserSharingDAOImpl();
@Override
- public void shareOrganizationUser(String realUserId, String userResidentOrgId, String sharedOrgId)
+ public void shareOrganizationUser(String orgId, String associatedUserId, String associatedOrgId)
throws OrganizationManagementException {
try {
- int userResidentTenantId =
- IdentityTenantUtil.getTenantId(getOrganizationManager().resolveTenantDomain(userResidentOrgId));
- AbstractUserStoreManager userStoreManager = getAbstractUserStoreManager(userResidentTenantId);
- String userName = userStoreManager.getUser(realUserId, null).getUsername();
+ int associatedUserTenantId =
+ IdentityTenantUtil.getTenantId(getOrganizationManager().resolveTenantDomain(associatedOrgId));
+ AbstractUserStoreManager userStoreManager = getAbstractUserStoreManager(associatedUserTenantId);
+ String userName = userStoreManager.getUser(associatedUserId, null).getUsername();
HashMap userClaims = new HashMap<>();
- userClaims.put(CLAIM_MANAGED_ORGANIZATION, userResidentOrgId);
+ userClaims.put(CLAIM_MANAGED_ORGANIZATION, associatedOrgId);
userClaims.put(ID_CLAIM_READ_ONLY, "true");
UserCoreUtil.setSkipPasswordPatternValidationThreadLocal(true);
- int sharedOrgTenantId =
- IdentityTenantUtil.getTenantId(getOrganizationManager().resolveTenantDomain(sharedOrgId));
- userStoreManager = getAbstractUserStoreManager(sharedOrgTenantId);
-
- userName = "sub-" + userName;
+ int tenantId = IdentityTenantUtil.getTenantId(getOrganizationManager().resolveTenantDomain(orgId));
+ userStoreManager = getAbstractUserStoreManager(tenantId);
userStoreManager.addUser(userName, generatePassword(), null, userClaims, DEFAULT_PROFILE);
- String sharedUserId = userStoreManager.getUserIDFromUserName(userName);
- organizationUserSharingDAO.createOrganizationUserAssociation(realUserId, userResidentOrgId, sharedUserId,
- sharedOrgId);
+ String userId = userStoreManager.getUserIDFromUserName(userName);
+ organizationUserSharingDAO.createOrganizationUserAssociation(userId, orgId, associatedUserId,
+ associatedOrgId);
} catch (UserStoreException e) {
- throw handleServerException(ERROR_CODE_ERROR_CREATE_SHARED_USER, e, sharedOrgId);
+ throw handleServerException(ERROR_CODE_ERROR_CREATE_SHARED_USER, e, orgId);
}
}
@Override
- public boolean unShareOrganizationUsers(String realUserId, String userResidentOrgId)
+ public boolean unShareOrganizationUsers(String associatedUserId, String associatedOrgId)
throws OrganizationManagementException {
- List sharedUserAssociationList =
- organizationUserSharingDAO.getOrganizationUserAssociationsOfUser(realUserId, userResidentOrgId);
+ List userAssociationList =
+ organizationUserSharingDAO.getUserAssociationsOfAssociatedUser(associatedUserId, associatedOrgId);
// Removing the shared users from the shared organizations.
- for (SharedUserAssociation sharedUserAssociation : sharedUserAssociationList) {
- String sharedOrganizationId = sharedUserAssociation.getSharedOrganizationId();
- String tenantDomain = getOrganizationManager().resolveTenantDomain(sharedOrganizationId);
+ for (UserAssociation userAssociation : userAssociationList) {
+ String organizationId = userAssociation.getOrganizationId();
+ String tenantDomain = getOrganizationManager().resolveTenantDomain(organizationId);
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
try {
AbstractUserStoreManager sharedOrgUserStoreManager = getAbstractUserStoreManager(tenantId);
- sharedOrgUserStoreManager.deleteUserWithID(sharedUserAssociation.getSharedUserId());
+ sharedOrgUserStoreManager.deleteUserWithID(userAssociation.getUserId());
} catch (UserStoreException e) {
throw handleServerException(ERROR_CODE_ERROR_DELETE_SHARED_USER, e,
- sharedUserAssociation.getSharedUserId(), sharedOrganizationId);
+ userAssociation.getUserId(), organizationId);
}
}
return true;
}
@Override
- public boolean deleteOrganizationUserAssociationOfSharedUser(String sharedUserId, String userResidentOrgId)
- throws OrganizationManagementException {
+ public boolean deleteUserAssociation(String userId, String associatedOrgId) throws OrganizationManagementException {
- return organizationUserSharingDAO.deleteOrganizationUserAssociationOfSharedUser(sharedUserId,
- userResidentOrgId);
+ return organizationUserSharingDAO.deleteUserAssociationOfUserByAssociatedOrg(userId, associatedOrgId);
}
@Override
- public SharedUserAssociation getSharedUserAssociationOfUser(String realUserId, String sharedOrganizationId)
+ public UserAssociation getUserAssociationOfAssociatedUserByOrgId(String associatedUserId, String orgId)
throws OrganizationManagementException {
- return organizationUserSharingDAO.getOrganizationUserAssociation(realUserId, sharedOrganizationId);
+ return organizationUserSharingDAO.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId);
}
@Override
- public SharedUserAssociation getSharedUserAssociationOfSharedUser(String sharedUserId, String sharedOrganizationId)
+ public UserAssociation getUserAssociation(String sharedUserId, String sharedOrganizationId)
throws OrganizationManagementException {
- return organizationUserSharingDAO.getSharedUserAssociationOfSharedUser(sharedUserId, sharedOrganizationId);
+ return organizationUserSharingDAO.getUserAssociation(sharedUserId, sharedOrganizationId);
}
private AbstractUserStoreManager getAbstractUserStoreManager(int tenantId) throws UserStoreException {
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/SQLConstants.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/SQLConstants.java
index f29d5c221..539bd15f1 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/SQLConstants.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/SQLConstants.java
@@ -23,28 +23,31 @@
*/
public class SQLConstants {
- public static final String CREATE_ORGANIZATION_USER_ASSOCIATION = "INSERT INTO IDN_ORG_USER_ASSOCIATION(" +
- "SHARED_USER_ID, SUB_ORG_ID, REAL_USER_ID, USER_RESIDENT_ORG_ID) VALUES(?, ?, ?, ?)";
+ public static final String CREATE_ORGANIZATION_USER_ASSOCIATION = "INSERT INTO UM_ORG_USER_ASSOCIATION(" +
+ "UM_USER_ID, UM_ORG_ID, UM_ASSOCIATED_USER_ID, UM_ASSOCIATED_ORG_ID) VALUES(?, ?, ?, ?)";
public static final String DELETE_ORGANIZATION_USER_ASSOCIATION_FOR_SHARED_USER = "DELETE FROM " +
- "IDN_ORG_USER_ASSOCIATION WHERE SHARED_USER_ID = ? AND USER_RESIDENT_ORG_ID = ?";
- public static final String DELETE_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER = "DELETE FROM " +
- "IDN_ORG_USER_ASSOCIATION WHERE REAL_USER_ID = ? AND USER_RESIDENT_ORG_ID = ?";
- public static final String GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER = "SELECT SHARED_USER_ID, SUB_ORG_ID " +
- "FROM IDN_ORG_USER_ASSOCIATION WHERE REAL_USER_ID = ? AND USER_RESIDENT_ORG_ID = ?";
- public static final String GET_ORGANIZATION_USER_ASSOCIATION_FOR_USER_AT_SHARED_ORG = "SELECT SHARED_USER_ID, " +
- "SUB_ORG_ID FROM IDN_ORG_USER_ASSOCIATION WHERE REAL_USER_ID = ? AND SUB_ORG_ID = ?";
+ "UM_ORG_USER_ASSOCIATION WHERE UM_USER_ID = ? AND UM_ASSOCIATED_ORG_ID = ?";
+ public static final String DELETE_ORGANIZATION_USER_ASSOCIATIONS_FOR_ROOT_USER = "DELETE FROM " +
+ "UM_ORG_USER_ASSOCIATION WHERE UM_ASSOCIATED_USER_ID = ? AND UM_ASSOCIATED_ORG_ID = ?";
+ public static final String GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER = "SELECT UM_USER_ID, UM_ORG_ID, " +
+ "UM_ASSOCIATED_USER_ID, UM_ASSOCIATED_ORG_ID " +
+ "FROM UM_ORG_USER_ASSOCIATION WHERE UM_ASSOCIATED_USER_ID = ? AND UM_ASSOCIATED_ORG_ID = ?";
+ public static final String GET_ORGANIZATION_USER_ASSOCIATION_FOR_ROOT_USER_IN_ORG = "SELECT UM_USER_ID, " +
+ "UM_ORG_ID, UM_ASSOCIATED_USER_ID, UM_ASSOCIATED_ORG_ID FROM UM_ORG_USER_ASSOCIATION " +
+ "WHERE UM_ASSOCIATED_USER_ID = ? AND UM_ORG_ID = ?";
- public static final String GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_SHARED_USER = "SELECT REAL_USER_ID, " +
- "USER_RESIDENT_ORG_ID FROM IDN_ORG_USER_ASSOCIATION WHERE SHARED_USER_ID = ? AND SUB_ORG_ID = ?";
+ public static final String GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_SHARED_USER = "SELECT UM_USER_ID, UM_ORG_ID, " +
+ "UM_ASSOCIATED_USER_ID, UM_ASSOCIATED_ORG_ID FROM UM_ORG_USER_ASSOCIATION " +
+ "WHERE UM_USER_ID = ? AND UM_ORG_ID = ?";
/**
* SQL placeholders related to organization user sharing SQL operations.
*/
public static final class SQLPlaceholders {
- public static final String COLUMN_NAME_SHARED_USER_ID = "SHARED_USER_ID";
- public static final String COLUMN_NAME_SUB_ORG_ID = "SUB_ORG_ID";
- public static final String COLUMN_NAME_REAL_USER_ID = "REAL_USER_ID";
- public static final String COLUMN_NAME_USER_RESIDENT_ORG_ID = "USER_RESIDENT_ORG_ID";
+ public static final String COLUMN_NAME_USER_ID = "UM_USER_ID";
+ public static final String COLUMN_NAME_ORG_ID = "UM_ORG_ID";
+ public static final String COLUMN_NAME_ASSOCIATED_USER_ID = "UM_ASSOCIATED_USER_ID";
+ public static final String COLUMN_NAME_ASSOCIATED_ORG_ID = "UM_ASSOCIATED_ORG_ID";
}
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/UserSharingConstants.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/UserSharingConstants.java
index 9ab79474b..6215c3e12 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/UserSharingConstants.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/constant/UserSharingConstants.java
@@ -18,6 +18,10 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.constant;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
/**
* Constants for organization user sharing.
*/
@@ -26,4 +30,34 @@ public class UserSharingConstants {
public static final String DEFAULT_PROFILE = "default";
public static final String CLAIM_MANAGED_ORGANIZATION = "http://wso2.org/claims/identity/managedOrg";
public static final String ID_CLAIM_READ_ONLY = "http://wso2.org/claims/identity/isReadOnlyUser";
+
+ public static final String ORG_MGT_PERMISSION = "/permission/admin/manage/identity/organizationmgt";
+ public static final String ORG_ROLE_MGT_PERMISSION = "/permission/admin/manage/identity/rolemgt";
+ public static final String SESSION_MGT_VIEW_PERMISSION =
+ "/permission/admin/manage/identity/authentication/session/view";
+ public static final String GROUP_MGT_VIEW_PERMISSION = "/permission/admin/manage/identity/groupmgt/view";
+ public static final String GOVERNANCE_VIEW_PERMISSION = "/permission/admin/manage/identity/governance/view";
+ public static final String USER_STORE_CONFIG_VIEW_PERMISSION =
+ "/permission/admin/manage/identity/userstore/config/view";
+ public static final String USER_MGT_VIEW_PERMISSION = "/permission/admin/manage/identity/usermgt/view";
+ public static final String USER_MGT_LIST_PERMISSION = "/permission/admin/manage/identity/usermgt/list";
+ public static final String APPLICATION_MGT_VIEW_PERMISSION =
+ "/permission/admin/manage/identity/applicationmgt/view";
+ public static final String CORS_CONFIG_MGT_VIEW_PERMISSION = "/permission/admin/manage/identity/cors/origins/view";
+ public static final String IDP_MGT_VIEW_PERMISSION = "/permission/admin/manage/identity/idpmgt/view";
+ public static final String CLAIM_META_DATA_MGT_VIEW_PERMISSION =
+ "/permission/admin/manage/identity/claimmgt/metadata/view";
+ public static final String USER_MGT_CREATE_PERMISSION = "/permission/admin/manage/identity/usermgt/create";
+ public static final String ADMINISTRATOR_ROLE_PERMISSION = "/permission";
+
+ /*
+ Minimum permissions required for org creator to logged in to the console and view user, groups, roles, SP,
+ IDP sections.
+ */
+ public static final List MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW =
+ Collections.unmodifiableList(Arrays
+ .asList(SESSION_MGT_VIEW_PERMISSION, GROUP_MGT_VIEW_PERMISSION, GOVERNANCE_VIEW_PERMISSION,
+ USER_STORE_CONFIG_VIEW_PERMISSION, USER_MGT_VIEW_PERMISSION, USER_MGT_LIST_PERMISSION,
+ APPLICATION_MGT_VIEW_PERMISSION, CORS_CONFIG_MGT_VIEW_PERMISSION, IDP_MGT_VIEW_PERMISSION,
+ CLAIM_META_DATA_MGT_VIEW_PERMISSION));
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAO.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAO.java
index ee6fcd595..027a260e6 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAO.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAO.java
@@ -18,7 +18,7 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.dao;
-import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.SharedUserAssociation;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.UserAssociation;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
import java.util.List;
@@ -31,71 +31,68 @@ public interface OrganizationUserSharingDAO {
/**
* Creates the association between the shared user and the actual user in the shared organization.
*
- * @param realUserId Actual user ID of the user in the parent organization.
- * @param userOrganizationId The organization ID where the user's identity is managed.
- * @param sharedUserId ID of the user which is created in the shared organization.
- * @param sharedOrgId Organization ID of the user shared organization.
+ * @param userId ID of the user who gets created in the organization.
+ * @param orgId Organization ID of the user shared organization.
+ * @param associatedUserId Actual user ID of the associated user.
+ * @param associatedOrgId The organization ID where the associated user is managed.
* @throws OrganizationManagementServerException If an error occurs while creating the organization user
* association.
*/
- void createOrganizationUserAssociation(String realUserId, String userOrganizationId, String sharedUserId,
- String sharedOrgId) throws OrganizationManagementServerException;
+ void createOrganizationUserAssociation(String userId, String orgId, String associatedUserId, String associatedOrgId)
+ throws OrganizationManagementServerException;
/**
* Delete the organization user association for a shared user in a shared organization.
*
- * @param sharedUserId The shared user ID of the user shared with an organization.
- * @param userOrganizationId The organization ID where the user's identity is managed.
- * @return True if the organization user association is deleted successfully.
- * @throws OrganizationManagementServerException If an error occurs while deleting the organization user
- * association.
+ * @param userId The ID of the user.
+ * @param associatedOrgId The organization ID where the associated user's identity is managed.
+ * @return True if the user association is deleted successfully.
+ * @throws OrganizationManagementServerException If an error occurs while deleting the user association.
*/
- boolean deleteOrganizationUserAssociationOfSharedUser(String sharedUserId, String userOrganizationId)
+ boolean deleteUserAssociationOfUserByAssociatedOrg(String userId, String associatedOrgId)
throws OrganizationManagementServerException;
/**
* Delete all the organization user associations for a given user.
*
- * @param realUserId Actual user ID of the user.
- * @param userOrganizationId The organization ID where the user's identity is managed.
- * @return True if all the organization user associations are deleted successfully.
- * @throws OrganizationManagementServerException If an error occurs while deleting the organization user
- * associations.
+ * @param associatedUserId Actual user ID of the user.
+ * @param associatedOrgId The organization ID where the user's identity is managed.
+ * @return True if all the user associations are deleted successfully.
+ * @throws OrganizationManagementServerException If an error occurs while deleting the user associations.
*/
- boolean deleteOrganizationUserAssociations(String realUserId, String userOrganizationId)
+ boolean deleteUserAssociationsOfAssociatedUser(String associatedUserId, String associatedOrgId)
throws OrganizationManagementServerException;
/**
- * Get all the organization user associations for a given user.
+ * Get all the user associations for a given user.
*
- * @param realUserId Actual user ID of the user.
- * @param userOrganizationId The organization ID where is the user is managed.
- * @return the list of {@link SharedUserAssociation}s.
- * @throws OrganizationManagementServerException If an error occurs while fetching organization user associations.
+ * @param associatedUserId Actual user ID of the user.
+ * @param associatedOrgId The organization ID where is the user is managed.
+ * @return the list of {@link UserAssociation}s.
+ * @throws OrganizationManagementServerException If an error occurs while fetching user associations.
*/
- List getOrganizationUserAssociationsOfUser(String realUserId, String userOrganizationId)
+ List getUserAssociationsOfAssociatedUser(String associatedUserId, String associatedOrgId)
throws OrganizationManagementServerException;
/**
* Get the organization user association of a given user in a given organization.
*
- * @param realUserId Actual user ID of the user.
- * @param sharedOrgId Organization ID where the user is shared.
+ * @param associatedUserId ID of the associated user.
+ * @param orgId Organization ID where the user is shared.
* @return The organization users association details.
- * @throws OrganizationManagementServerException If an error occurs while retrieving the organization user
- * association.
+ * @throws OrganizationManagementServerException If an error occurs while retrieving the user association.
*/
- SharedUserAssociation getOrganizationUserAssociation(String realUserId, String sharedOrgId)
+ UserAssociation getUserAssociationOfAssociatedUserByOrgId(String associatedUserId, String orgId)
throws OrganizationManagementServerException;
/**
* Get the shared user association of a shared user.
*
- * @param sharedUserId The user ID of the shared user.
- * @param sharedOrganizationId The organization ID of the user.
- * @return The shared user association of the shared user.
- * @throws OrganizationManagementServerException If an error occurs while retrieving the shared user association.
+ * @param userId The user ID of the shared user.
+ * @param organizationId The organization ID of the user.
+ * @return The user association of the user.
+ * @throws OrganizationManagementServerException If an error occurs while retrieving the user association.
*/
- SharedUserAssociation getSharedUserAssociationOfSharedUser(String sharedUserId, String sharedOrganizationId)
+ UserAssociation getUserAssociation(String userId, String organizationId)
throws OrganizationManagementServerException;
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAOImpl.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAOImpl.java
index 571bf6761..f1df097da 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAOImpl.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/dao/OrganizationUserSharingDAOImpl.java
@@ -18,161 +18,166 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.dao;
-import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
-import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.SharedUserAssociation;
+import org.wso2.carbon.database.utils.jdbc.NamedJdbcTemplate;
+import org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException;
+import org.wso2.carbon.database.utils.jdbc.exceptions.TransactionException;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.UserAssociation;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.ArrayList;
import java.util.List;
import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.CREATE_ORGANIZATION_USER_ASSOCIATION;
-import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.DELETE_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.DELETE_ORGANIZATION_USER_ASSOCIATIONS_FOR_ROOT_USER;
import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.DELETE_ORGANIZATION_USER_ASSOCIATION_FOR_SHARED_USER;
import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_SHARED_USER;
import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER;
-import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.GET_ORGANIZATION_USER_ASSOCIATION_FOR_USER_AT_SHARED_ORG;
-import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_REAL_USER_ID;
-import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_SHARED_USER_ID;
-import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_SUB_ORG_ID;
-import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_USER_RESIDENT_ORG_ID;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.GET_ORGANIZATION_USER_ASSOCIATION_FOR_ROOT_USER_IN_ORG;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_ASSOCIATED_ORG_ID;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_ASSOCIATED_USER_ID;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_ORG_ID;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.SQLConstants.SQLPlaceholders.COLUMN_NAME_USER_ID;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_CREATE_ORGANIZATION_USER_ASSOCIATION;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_DELETE_ORGANIZATION_USER_ASSOCIATIONS;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_DELETE_ORGANIZATION_USER_ASSOCIATION_FOR_SHARED_USER;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_GET_ORGANIZATION_USER_ASSOCIATIONS;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_GET_ORGANIZATION_USER_ASSOCIATION_FOR_USER_AT_SHARED_ORG;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_GET_ORGANIZATION_USER_ASSOCIATION_OF_SHARED_USER;
+import static org.wso2.carbon.identity.organization.management.service.util.Utils.getNewTemplate;
import static org.wso2.carbon.identity.organization.management.service.util.Utils.handleServerException;
/**
- * DAO implementation for organization user sharing.
+ * DAO implementation for managing organization user associations.
*/
public class OrganizationUserSharingDAOImpl implements OrganizationUserSharingDAO {
@Override
- public void createOrganizationUserAssociation(String realUserId, String residentOrgId, String sharedUserId,
- String sharedOrgId) throws OrganizationManagementServerException {
-
- try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
- PreparedStatement createOrgAssocPrepStat = connection.prepareStatement(
- CREATE_ORGANIZATION_USER_ASSOCIATION)) {
- createOrgAssocPrepStat.setString(1, sharedUserId);
- createOrgAssocPrepStat.setString(2, sharedOrgId);
- createOrgAssocPrepStat.setString(3, realUserId);
- createOrgAssocPrepStat.setString(4, residentOrgId);
- createOrgAssocPrepStat.executeUpdate();
- } catch (SQLException e) {
- throw handleServerException(ERROR_CODE_ERROR_CREATE_ORGANIZATION_USER_ASSOCIATION, e, sharedUserId);
+ public void createOrganizationUserAssociation(String userId, String orgId, String associatedUserId,
+ String associatedOrgId) throws OrganizationManagementServerException {
+
+ NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
+ try {
+ namedJdbcTemplate.withTransaction(template -> {
+ template.executeInsert(CREATE_ORGANIZATION_USER_ASSOCIATION, namedPreparedStatement -> {
+ namedPreparedStatement.setString(1, userId);
+ namedPreparedStatement.setString(2, orgId);
+ namedPreparedStatement.setString(3, associatedUserId);
+ namedPreparedStatement.setString(4, associatedOrgId);
+ }, null, false);
+ return null;
+ });
+ } catch (TransactionException e) {
+ throw handleServerException(ERROR_CODE_ERROR_CREATE_ORGANIZATION_USER_ASSOCIATION, e, associatedUserId);
}
}
- @Override
- public boolean deleteOrganizationUserAssociationOfSharedUser(String sharedUserId, String userOrganizationId)
+ public boolean deleteUserAssociationOfUserByAssociatedOrg(String userId, String associatedOrgId)
throws OrganizationManagementServerException {
- try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
- PreparedStatement userOrgDeletePrepStat =
- connection.prepareStatement(DELETE_ORGANIZATION_USER_ASSOCIATION_FOR_SHARED_USER)) {
- userOrgDeletePrepStat.setString(1, sharedUserId);
- userOrgDeletePrepStat.setString(2, userOrganizationId);
- userOrgDeletePrepStat.executeUpdate();
+ NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
+ try {
+ namedJdbcTemplate.executeUpdate(DELETE_ORGANIZATION_USER_ASSOCIATION_FOR_SHARED_USER,
+ namedPreparedStatement -> {
+ namedPreparedStatement.setString(1, userId);
+ namedPreparedStatement.setString(2, associatedOrgId);
+ });
return true;
- } catch (SQLException e) {
+ } catch (DataAccessException e) {
throw handleServerException(ERROR_CODE_ERROR_DELETE_ORGANIZATION_USER_ASSOCIATION_FOR_SHARED_USER, e,
- sharedUserId);
+ userId);
}
}
@Override
- public boolean deleteOrganizationUserAssociations(String realUserId, String organizationId)
+ public boolean deleteUserAssociationsOfAssociatedUser(String associatedUserId, String associatedOrgId)
throws OrganizationManagementServerException {
- try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
- PreparedStatement userOrgDeletePrepStat =
- connection.prepareStatement(DELETE_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER)) {
- userOrgDeletePrepStat.setString(1, realUserId);
- userOrgDeletePrepStat.setString(2, organizationId);
- userOrgDeletePrepStat.executeUpdate();
+ NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
+ try {
+ namedJdbcTemplate.executeUpdate(DELETE_ORGANIZATION_USER_ASSOCIATIONS_FOR_ROOT_USER,
+ namedPreparedStatement -> {
+ namedPreparedStatement.setString(1, associatedUserId);
+ namedPreparedStatement.setString(2, associatedOrgId);
+ });
return true;
- } catch (SQLException e) {
+ } catch (DataAccessException e) {
throw handleServerException(ERROR_CODE_ERROR_DELETE_ORGANIZATION_USER_ASSOCIATIONS, e);
}
}
@Override
- public List getOrganizationUserAssociationsOfUser(String realUserId,
- String userOrganizationId)
+ public List getUserAssociationsOfAssociatedUser(String associatedUserId, String associatedOrgId)
throws OrganizationManagementServerException {
- try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
- PreparedStatement getUserSharedOrgsPrepStat =
- connection.prepareStatement(GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER)) {
- getUserSharedOrgsPrepStat.setString(1, realUserId);
- getUserSharedOrgsPrepStat.setString(2, userOrganizationId);
- List sharedUserAssociationList = new ArrayList<>();
- try (ResultSet resultSet = getUserSharedOrgsPrepStat.executeQuery()) {
- while (resultSet.next()) {
- SharedUserAssociation sharedUserAssociation = new SharedUserAssociation();
- sharedUserAssociation.setSharedUserId(resultSet.getString(COLUMN_NAME_SHARED_USER_ID));
- sharedUserAssociation.setSharedOrganizationId(resultSet.getString(COLUMN_NAME_SUB_ORG_ID));
- sharedUserAssociationList.add(sharedUserAssociation);
- }
- }
- return sharedUserAssociationList;
- } catch (SQLException e) {
+ NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
+ try {
+ return namedJdbcTemplate.executeQuery(GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_USER,
+ (resultSet, rowNumber) -> {
+ UserAssociation userAssociation = new UserAssociation();
+ userAssociation.setUserId(resultSet.getString(COLUMN_NAME_USER_ID));
+ userAssociation.setOrganizationId(resultSet.getString(COLUMN_NAME_ORG_ID));
+ userAssociation.setAssociatedUserId(resultSet.getString(COLUMN_NAME_ASSOCIATED_USER_ID));
+ userAssociation.setUserResidentOrganizationId(
+ resultSet.getString(COLUMN_NAME_ASSOCIATED_ORG_ID));
+ return userAssociation;
+ },
+ namedPreparedStatement -> {
+ namedPreparedStatement.setString(1, associatedUserId);
+ namedPreparedStatement.setString(2, associatedOrgId);
+ });
+ } catch (DataAccessException e) {
throw handleServerException(ERROR_CODE_ERROR_GET_ORGANIZATION_USER_ASSOCIATIONS, e);
}
}
@Override
- public SharedUserAssociation getOrganizationUserAssociation(String realUserId, String sharedOrgId)
+ public UserAssociation getUserAssociationOfAssociatedUserByOrgId(String associatedUserId, String orgId)
throws OrganizationManagementServerException {
- try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
- PreparedStatement getUserSharedOrgPrepStat =
- connection.prepareStatement(GET_ORGANIZATION_USER_ASSOCIATION_FOR_USER_AT_SHARED_ORG)) {
- getUserSharedOrgPrepStat.setString(1, realUserId);
- getUserSharedOrgPrepStat.setString(2, sharedOrgId);
- try (ResultSet resultSet = getUserSharedOrgPrepStat.executeQuery()) {
- if (resultSet.next()) {
- SharedUserAssociation sharedUserAssociation = new SharedUserAssociation();
- sharedUserAssociation.setSharedUserId(resultSet.getString(COLUMN_NAME_SHARED_USER_ID));
- sharedUserAssociation.setSharedOrganizationId(resultSet.getString(COLUMN_NAME_SUB_ORG_ID));
- return sharedUserAssociation;
- }
- return null;
- }
- } catch (SQLException e) {
+ NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
+ try {
+ return namedJdbcTemplate.fetchSingleRecord(GET_ORGANIZATION_USER_ASSOCIATION_FOR_ROOT_USER_IN_ORG,
+ (resultSet, rowNumber) -> {
+ UserAssociation userAssociation = new UserAssociation();
+ userAssociation.setUserId(resultSet.getString(COLUMN_NAME_USER_ID));
+ userAssociation.setOrganizationId(resultSet.getString(COLUMN_NAME_ORG_ID));
+ userAssociation.setAssociatedUserId(resultSet.getString(COLUMN_NAME_ASSOCIATED_USER_ID));
+ userAssociation.setUserResidentOrganizationId(
+ resultSet.getString(COLUMN_NAME_ASSOCIATED_ORG_ID));
+ return userAssociation;
+ },
+ namedPreparedStatement -> {
+ namedPreparedStatement.setString(1, associatedUserId);
+ namedPreparedStatement.setString(2, orgId);
+ });
+ } catch (DataAccessException e) {
throw handleServerException(ERROR_CODE_ERROR_GET_ORGANIZATION_USER_ASSOCIATION_FOR_USER_AT_SHARED_ORG, e,
- sharedOrgId);
+ orgId);
}
}
@Override
- public SharedUserAssociation getSharedUserAssociationOfSharedUser(String sharedUserId, String sharedOrganizationId)
+ public UserAssociation getUserAssociation(String userId, String organizationId)
throws OrganizationManagementServerException {
- try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
- PreparedStatement getUserSharedOrgPrepStat =
- connection.prepareStatement(GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_SHARED_USER)) {
- getUserSharedOrgPrepStat.setString(1, sharedUserId);
- getUserSharedOrgPrepStat.setString(2, sharedOrganizationId);
- try (ResultSet resultSet = getUserSharedOrgPrepStat.executeQuery()) {
- if (resultSet.next()) {
- SharedUserAssociation sharedUserAssociation = new SharedUserAssociation();
- sharedUserAssociation.setRealUserId(resultSet.getString(COLUMN_NAME_REAL_USER_ID));
- sharedUserAssociation.setUserResidentOrganizationId(
- resultSet.getString(COLUMN_NAME_USER_RESIDENT_ORG_ID));
- return sharedUserAssociation;
- }
- return null;
- }
- } catch (SQLException e) {
+ NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
+ try {
+ return namedJdbcTemplate.fetchSingleRecord(GET_ORGANIZATION_USER_ASSOCIATIONS_FOR_SHARED_USER,
+ (resultSet, rowNumber) -> {
+ UserAssociation userAssociation = new UserAssociation();
+ userAssociation.setUserId(resultSet.getString(COLUMN_NAME_USER_ID));
+ userAssociation.setOrganizationId(resultSet.getString(COLUMN_NAME_ORG_ID));
+ userAssociation.setAssociatedUserId(resultSet.getString(COLUMN_NAME_ASSOCIATED_USER_ID));
+ userAssociation.setUserResidentOrganizationId(
+ resultSet.getString(COLUMN_NAME_ASSOCIATED_ORG_ID));
+ return userAssociation;
+ },
+ namedPreparedStatement -> {
+ namedPreparedStatement.setString(1, userId);
+ namedPreparedStatement.setString(2, organizationId);
+ });
+ } catch (DataAccessException e) {
throw handleServerException(ERROR_CODE_ERROR_GET_ORGANIZATION_USER_ASSOCIATION_OF_SHARED_USER, e,
- sharedUserId, sharedOrganizationId);
+ userId, organizationId);
}
}
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java
index 90dea1d30..73502d022 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java
@@ -18,6 +18,7 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.internal;
+import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.user.core.service.RealmService;
@@ -29,6 +30,7 @@ public class OrganizationUserSharingDataHolder {
private static final OrganizationUserSharingDataHolder instance = new OrganizationUserSharingDataHolder();
private RealmService realmService;
private OrganizationManager organizationManager;
+ private RoleManager roleManager;
public static OrganizationUserSharingDataHolder getInstance() {
@@ -54,4 +56,24 @@ public void setRealmService(RealmService realmService) {
this.realmService = realmService;
}
+
+ /**
+ * Get the organization role manager service.
+ *
+ * @return Organization role manager service.
+ */
+ public RoleManager getRoleManager() {
+
+ return this.roleManager;
+ }
+
+ /**
+ * Set the organization role manager service.
+ *
+ * @param roleManager Organization role manager service.
+ */
+ public void setRoleManager(RoleManager roleManager) {
+
+ this.roleManager = roleManager;
+ }
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java
index ac5dda9f8..68faba500 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java
@@ -32,6 +32,7 @@
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharedUserOperationEventListener;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharingOrganizationCreatorUserEventHandler;
+import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.user.core.listener.UserOperationEventListener;
import org.wso2.carbon.user.core.service.RealmService;
@@ -96,4 +97,20 @@ protected void unsetOrganizationManagementService(OrganizationManager organizati
OrganizationUserSharingDataHolder.getInstance().setOrganizationManager(null);
LOG.debug("Unset Organization Management Service");
}
+
+ @Reference(
+ name = "RoleManager",
+ service = RoleManager.class,
+ cardinality = ReferenceCardinality.MANDATORY,
+ policy = ReferencePolicy.DYNAMIC,
+ unbind = "unsetRoleManagerService")
+ protected void setRoleManagerService(RoleManager roleManagerService) {
+
+ OrganizationUserSharingDataHolder.getInstance().setRoleManager(roleManagerService);
+ }
+
+ protected void unsetRoleManagerService(RoleManager roleManagerService) {
+
+ OrganizationUserSharingDataHolder.getInstance().setRoleManager(null);
+ }
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharedUserOperationEventListener.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharedUserOperationEventListener.java
index bd80d07c4..35882d83e 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharedUserOperationEventListener.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharedUserOperationEventListener.java
@@ -21,6 +21,8 @@
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.util.OrganizationSharedUserUtil;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.user.core.UserStoreClientException;
import org.wso2.carbon.user.core.UserStoreException;
@@ -31,8 +33,8 @@
import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants.CLAIM_MANAGED_ORGANIZATION;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_MANAGED_ORGANIZATION_CLAIM_UPDATE_NOT_ALLOWED;
-import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.SUPER_ORG_ID;
import static org.wso2.carbon.identity.organization.management.service.util.Utils.getOrganizationId;
+import static org.wso2.carbon.identity.organization.management.service.util.Utils.getTenantDomain;
/**
* User operation event listener for shared user management.
@@ -55,18 +57,21 @@ public boolean doPreDeleteUserWithID(String userID, UserStoreManager userStoreMa
return true;
}
try {
- String userManagedOrganizationClaim =
- getUserManagedOrganizationClaim((AbstractUserStoreManager) userStoreManager, userID);
- if (userManagedOrganizationClaim == null) {
- String organizationId = getOrganizationId();
- if (organizationId == null) {
- organizationId = SUPER_ORG_ID;
- }
- return organizationUserSharingService.unShareOrganizationUsers(userID, organizationId);
+ // The organization where the user identity is managed. Clear all the associations of the user.
+ String associatedOrgId = OrganizationSharedUserUtil
+ .getUserManagedOrganizationClaim((AbstractUserStoreManager) userStoreManager, userID);
+ if (associatedOrgId != null) {
+ // User is associated only for shared users. Hence, delete the user association.
+ return organizationUserSharingService.deleteUserAssociation(userID, associatedOrgId);
}
- // Delete the organization user association of the shared user by shared user ID.
- return organizationUserSharingService.deleteOrganizationUserAssociationOfSharedUser(userID,
- userManagedOrganizationClaim);
+
+ String orgId = getOrganizationId();
+ if (orgId == null) {
+ orgId = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager()
+ .resolveOrganizationId(getTenantDomain());
+ }
+ // Delete all the user associations of the user.
+ return organizationUserSharingService.unShareOrganizationUsers(userID, orgId);
} catch (OrganizationManagementException e) {
throw new UserStoreException(e.getMessage(), e.getErrorCode(), e);
}
@@ -103,13 +108,4 @@ public boolean doPreSetUserClaimValueWithID(String userID, String claimURI, Stri
}
return true;
}
-
- private String getUserManagedOrganizationClaim(AbstractUserStoreManager userStoreManager, String userId)
- throws UserStoreException {
-
- String userDomain = userStoreManager.getUser(userId, null).getUserStoreDomain();
- Map claimsMap = userStoreManager
- .getUserClaimValuesWithID(userId, new String[]{CLAIM_MANAGED_ORGANIZATION}, userDomain);
- return claimsMap.get(CLAIM_MANAGED_ORGANIZATION);
- }
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java
index f1ebb27b9..c17630518 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java
@@ -25,12 +25,20 @@
import org.wso2.carbon.identity.organization.management.ext.Constants;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder;
+import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
+import org.wso2.carbon.identity.organization.management.role.management.service.models.Role;
+import org.wso2.carbon.identity.organization.management.role.management.service.models.User;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.model.Organization;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.Map;
+import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE;
+import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.SUPER_ORG_ID;
import static org.wso2.carbon.identity.organization.management.service.util.Utils.isSubOrganization;
@@ -49,22 +57,71 @@ public void handleEvent(Event event) throws IdentityEventException {
if (Constants.EVENT_POST_ADD_ORGANIZATION.equals(eventName)) {
Map eventProperties = event.getEventProperties();
Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION);
- String organizationId = organization.getId();
+ String orgId = organization.getId();
try {
int organizationDepth = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager()
- .getOrganizationDepthInHierarchy(organizationId);
+ .getOrganizationDepthInHierarchy(orgId);
if (!isSubOrganization(organizationDepth)) {
return;
}
- String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
- // #TODO the SUPER_ORG_ID should be replaced by userResidentOrganization claim in the carbon context.
- userSharingService.shareOrganizationUser(userId, SUPER_ORG_ID, organizationId);
+ String associatedUserId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
+ // #TODO associatedUserOrgId should be retrieved from the carbon context. As of now, set SUPER_ORG_ID.
+ // Feature won't work for b2b enabled tenant.
+ userSharingService.shareOrganizationUser(orgId, associatedUserId, SUPER_ORG_ID);
+ String userId = userSharingService.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId)
+ .getUserId();
+ Role organizationCreatorRole = buildOrgCreatorRole(userId);
+ Role administratorRole = buildAdministratorRole(userId);
+ getRoleManager().createRole(orgId, organizationCreatorRole);
+ getRoleManager().createRole(orgId, administratorRole);
} catch (OrganizationManagementException e) {
throw new IdentityEventException("An error occurred while sharing the organization creator to the " +
- "organization : " + organizationId, e);
+ "organization : " + orgId, e);
}
}
}
+
+ private Role buildOrgCreatorRole(String adminUUID) {
+
+ Role organizationCreatorRole = new Role();
+ organizationCreatorRole.setDisplayName(ORG_CREATOR_ROLE);
+ User orgCreator = new User(adminUUID);
+ organizationCreatorRole.setUsers(Collections.singletonList(orgCreator));
+ // Set permissions for org-creator role.
+ ArrayList orgCreatorRolePermissions = new ArrayList<>();
+ // Adding mandatory permissions for the org-creator role.
+ orgCreatorRolePermissions.add(UserSharingConstants.ORG_MGT_PERMISSION);
+ orgCreatorRolePermissions.add(UserSharingConstants.ORG_ROLE_MGT_PERMISSION);
+ /*
+ Adding the bear minimum permission set that org creator should have to logged in to the console and view
+ user, groups, roles, SP, IDP sections.
+ */
+ orgCreatorRolePermissions.addAll(UserSharingConstants.MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW);
+ // Add user create permission to organization creator to delegate permissions to other org users.
+ // This permission is assigned until https://github.com/wso2/product-is/issues/14439 is fixed
+ orgCreatorRolePermissions.add(UserSharingConstants.USER_MGT_CREATE_PERMISSION);
+ organizationCreatorRole.setPermissions(orgCreatorRolePermissions);
+ return organizationCreatorRole;
+ }
+
+ private Role buildAdministratorRole(String adminUUID) {
+
+ Role organizationAdministratorRole = new Role();
+ organizationAdministratorRole.setDisplayName(ORG_ADMINISTRATOR_ROLE);
+ User orgAdministrator = new User(adminUUID);
+ organizationAdministratorRole.setUsers(Collections.singletonList(orgAdministrator));
+ // Set permissions for org-administrator role.
+ ArrayList orgAdministratorRolePermissions = new ArrayList<>();
+ // Setting all administrative permissions for the Administrator role
+ orgAdministratorRolePermissions.add(UserSharingConstants.ADMINISTRATOR_ROLE_PERMISSION);
+ organizationAdministratorRole.setPermissions(orgAdministratorRolePermissions);
+ return organizationAdministratorRole;
+ }
+
+ private RoleManager getRoleManager() {
+
+ return OrganizationUserSharingDataHolder.getInstance().getRoleManager();
+ }
}
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/models/SharedUserAssociation.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/models/UserAssociation.java
similarity index 60%
rename from components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/models/SharedUserAssociation.java
rename to components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/models/UserAssociation.java
index 20e24d06b..6572fb95d 100644
--- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/models/SharedUserAssociation.java
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/models/UserAssociation.java
@@ -19,43 +19,43 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.models;
/**
- * Model class to represent the shared user association.
+ * Model class to represent the user associations created for the shared users.
*/
-public class SharedUserAssociation {
+public class UserAssociation {
- private String sharedUserId;
- private String sharedOrganizationId;
- private String realUserId;
+ private String userId;
+ private String organizationId;
+ private String associatedUserId;
private String userResidentOrganizationId;
- public String getSharedUserId() {
+ public String getUserId() {
- return sharedUserId;
+ return userId;
}
- public void setSharedUserId(String sharedUserId) {
+ public void setUserId(String userId) {
- this.sharedUserId = sharedUserId;
+ this.userId = userId;
}
- public String getSharedOrganizationId() {
+ public String getOrganizationId() {
- return sharedOrganizationId;
+ return organizationId;
}
- public void setSharedOrganizationId(String sharedOrganizationId) {
+ public void setOrganizationId(String organizationId) {
- this.sharedOrganizationId = sharedOrganizationId;
+ this.organizationId = organizationId;
}
- public String getRealUserId() {
+ public String getAssociatedUserId() {
- return realUserId;
+ return associatedUserId;
}
- public void setRealUserId(String realUserId) {
+ public void setAssociatedUserId(String associatedUserId) {
- this.realUserId = realUserId;
+ this.associatedUserId = associatedUserId;
}
public String getUserResidentOrganizationId() {
diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/util/OrganizationSharedUserUtil.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/util/OrganizationSharedUserUtil.java
new file mode 100644
index 000000000..bf9750b6d
--- /dev/null
+++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/util/OrganizationSharedUserUtil.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.organization.management.organization.user.sharing.util;
+
+import org.wso2.carbon.user.core.UserStoreException;
+import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
+
+import java.util.Map;
+
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants.CLAIM_MANAGED_ORGANIZATION;
+
+/**
+ * Utility class for organization shared user management.
+ */
+public class OrganizationSharedUserUtil {
+
+ public static String getUserManagedOrganizationClaim(AbstractUserStoreManager userStoreManager, String userId)
+ throws UserStoreException {
+
+ String userDomain = userStoreManager.getUser(userId, null).getUserStoreDomain();
+ Map claimsMap = userStoreManager
+ .getUserClaimValuesWithID(userId, new String[]{CLAIM_MANAGED_ORGANIZATION}, userDomain);
+ return claimsMap.get(CLAIM_MANAGED_ORGANIZATION);
+ }
+
+}
diff --git a/components/org.wso2.carbon.identity.organization.management.role.management.service/src/main/java/org/wso2/carbon/identity/organization/management/role/management/service/dao/RoleManagementDAOImpl.java b/components/org.wso2.carbon.identity.organization.management.role.management.service/src/main/java/org/wso2/carbon/identity/organization/management/role/management/service/dao/RoleManagementDAOImpl.java
index 8af9d2d6d..0ea053f74 100644
--- a/components/org.wso2.carbon.identity.organization.management.role.management.service/src/main/java/org/wso2/carbon/identity/organization/management/role/management/service/dao/RoleManagementDAOImpl.java
+++ b/components/org.wso2.carbon.identity.organization.management.role.management.service/src/main/java/org/wso2/carbon/identity/organization/management/role/management/service/dao/RoleManagementDAOImpl.java
@@ -28,6 +28,7 @@
import org.wso2.carbon.identity.core.model.ExpressionNode;
import org.wso2.carbon.identity.core.model.FilterTreeBuilder;
import org.wso2.carbon.identity.core.model.Node;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.FilterOperator;
import org.wso2.carbon.identity.organization.management.role.management.service.internal.RoleManagementDataHolder;
import org.wso2.carbon.identity.organization.management.role.management.service.models.FilterQueryBuilder;
@@ -430,8 +431,8 @@ public List getUserOrganizationPermissions(String userId, String organiz
// Get the roles assigned to user via groups.
try {
- AbstractUserStoreManager userStoreManager =
- getUserStoreManager(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+ int tenantId = IdentityTenantUtil.getTenantId(getOrganizationManager().resolveTenantDomain(organizationId));
+ AbstractUserStoreManager userStoreManager = getUserStoreManager(tenantId);
boolean isUserExists = userStoreManager.isExistingUserWithID(userId);
if (!isUserExists) {
@@ -456,6 +457,8 @@ public List getUserOrganizationPermissions(String userId, String organiz
} catch (UserStoreException | DataAccessException e) {
throw handleServerException(ERROR_CODE_ERROR_RETRIEVING_ORGANIZATION_PERMISSIONS, e, organizationId,
userId);
+ } catch (OrganizationManagementException e) {
+ throw new RuntimeException(e);
}
return permissions;
diff --git a/components/org.wso2.carbon.identity.organization.management.tenant.association/pom.xml b/components/org.wso2.carbon.identity.organization.management.tenant.association/pom.xml
index d99a21af3..a817a87c2 100644
--- a/components/org.wso2.carbon.identity.organization.management.tenant.association/pom.xml
+++ b/components/org.wso2.carbon.identity.organization.management.tenant.association/pom.xml
@@ -43,10 +43,6 @@
org.wso2.carbon.identity.organization.management
org.wso2.carbon.identity.organization.management.role.management.service
-
- org.wso2.carbon.identity.organization.management.core
- org.wso2.carbon.identity.organization.management.service
-
diff --git a/components/org.wso2.carbon.identity.organization.management.tenant.association/src/main/java/org/wso2/carbon/identity/organization/management/tenant/association/listeners/TenantAssociationManagementListener.java b/components/org.wso2.carbon.identity.organization.management.tenant.association/src/main/java/org/wso2/carbon/identity/organization/management/tenant/association/listeners/TenantAssociationManagementListener.java
index e9b8465f8..f6c4ea211 100644
--- a/components/org.wso2.carbon.identity.organization.management.tenant.association/src/main/java/org/wso2/carbon/identity/organization/management/tenant/association/listeners/TenantAssociationManagementListener.java
+++ b/components/org.wso2.carbon.identity.organization.management.tenant.association/src/main/java/org/wso2/carbon/identity/organization/management/tenant/association/listeners/TenantAssociationManagementListener.java
@@ -22,28 +22,19 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.AbstractIdentityTenantMgtListener;
-import org.wso2.carbon.identity.organization.management.role.management.service.models.Role;
-import org.wso2.carbon.identity.organization.management.role.management.service.models.User;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
+import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
import org.wso2.carbon.identity.organization.management.service.model.Organization;
-import org.wso2.carbon.identity.organization.management.service.util.Utils;
-import org.wso2.carbon.identity.organization.management.tenant.association.Constants;
import org.wso2.carbon.identity.organization.management.tenant.association.internal.TenantAssociationDataHolder;
import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
-import java.util.ArrayList;
-import java.util.Collections;
import java.util.UUID;
-import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE;
-import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE;
-import static org.wso2.carbon.identity.organization.management.tenant.association.Constants.MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW;
-
/**
* This class contains the implementation of the tenant management listener. This listener will be used to add tenant
* associations between the tenant creator and tenant, during the tenant creation flow.
@@ -83,75 +74,15 @@ public void onTenantCreate(TenantInfoBean tenantInfo) {
organization.setStatus(OrganizationManagementConstants.OrganizationStatus.ACTIVE.name());
organization.setType(OrganizationManagementConstants.OrganizationTypes.TENANT.name());
getOrganizationManager().addRootOrganization(tenant.getId(), organization);
- return;
- }
- // If the organization uses carbon roles, this organization association is not required.
- if (!Utils.useOrganizationRolesForValidation(organizationID)) {
- return;
- }
- String adminUUID = tenant.getAdminUserId();
- if (StringUtils.isBlank(adminUUID)) {
- // If realms were not migrated after https://github.com/wso2/product-is/issues/14001.
- adminUUID = realmService.getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
}
- String tenantUuid = tenant.getTenantUniqueID();
- if (StringUtils.isBlank(tenantUuid)) {
- LOG.error("Tenant UUID was not found for tenant: " + tenantId + ". Therefore, tenant association " +
- "will not be set.");
- return;
- }
- if (StringUtils.isBlank(adminUUID)) {
- LOG.error(
- "User UUID is empty. Therefore, tenant association will not be set with tenant: " + tenantUuid);
- return;
- }
- Role organizationCreatorRole = buildOrgCreatorRole(adminUUID);
- Role administratorRole = buildAdministratorRole(adminUUID);
- TenantAssociationDataHolder.getRoleManager().createRole(organizationID, organizationCreatorRole);
- TenantAssociationDataHolder.getRoleManager().createRole(organizationID, administratorRole);
- } catch (UserStoreException | OrganizationManagementException e) {
+ } catch (UserStoreException | OrganizationManagementServerException e) {
String error = "Error occurred while adding user-tenant association for the tenant id: " + tenantId;
LOG.error(error, e);
+ } catch (OrganizationManagementException e) {
+ throw new RuntimeException(e);
}
}
- private Role buildOrgCreatorRole(String adminUUID) {
-
- Role organizationCreatorRole = new Role();
- organizationCreatorRole.setDisplayName(ORG_CREATOR_ROLE);
- User orgCreator = new User(adminUUID);
- organizationCreatorRole.setUsers(Collections.singletonList(orgCreator));
- // Set permissions for org-creator role.
- ArrayList orgCreatorRolePermissions = new ArrayList<>();
- // Adding mandatory permissions for the org-creator role.
- orgCreatorRolePermissions.add(Constants.ORG_MGT_PERMISSION);
- orgCreatorRolePermissions.add(Constants.ORG_ROLE_MGT_PERMISSION);
- /*
- Adding the bear minimum permission set that org creator should have to logged in to the console and view
- user, groups, roles, SP, IDP sections.
- */
- orgCreatorRolePermissions.addAll(MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW);
- // Add user create permission to organization creator to delegate permissions to other org users.
- // This permission is assigned until https://github.com/wso2/product-is/issues/14439 is fixed
- orgCreatorRolePermissions.add(Constants.USER_MGT_CREATE_PERMISSION);
- organizationCreatorRole.setPermissions(orgCreatorRolePermissions);
- return organizationCreatorRole;
- }
-
- private Role buildAdministratorRole(String adminUUID) {
-
- Role organizationAdministratorRole = new Role();
- organizationAdministratorRole.setDisplayName(ORG_ADMINISTRATOR_ROLE);
- User orgAdministrator = new User(adminUUID);
- organizationAdministratorRole.setUsers(Collections.singletonList(orgAdministrator));
- // Set permissions for org-administrator role.
- ArrayList orgAdministratorRolePermissions = new ArrayList<>();
- // Setting all administrative permissions for the Administrator role
- orgAdministratorRolePermissions.add(Constants.ADMINISTRATOR_ROLE_PERMISSION);
- organizationAdministratorRole.setPermissions(orgAdministratorRolePermissions);
- return organizationAdministratorRole;
- }
-
private OrganizationManager getOrganizationManager() {
return TenantAssociationDataHolder.getOrganizationManager();
diff --git a/components/org.wso2.carbon.identity.organization.user.invitation.management/pom.xml b/components/org.wso2.carbon.identity.organization.user.invitation.management/pom.xml
index c4f09b579..1a7776f8a 100644
--- a/components/org.wso2.carbon.identity.organization.user.invitation.management/pom.xml
+++ b/components/org.wso2.carbon.identity.organization.user.invitation.management/pom.xml
@@ -139,7 +139,8 @@
org.wso2.carbon.user.core.util;version="${carbon.kernel.package.import.version.range}",
org.wso2.carbon.identity.organization.management.organization.user.sharing;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.organization.user.sharing.constant;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
- org.wso2.carbon.identity.organization.management.organization.user.sharing.models;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}"
+ org.wso2.carbon.identity.organization.management.organization.user.sharing.models;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
+ org.wso2.carbon.identity.organization.management.organization.user.sharing.util;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}"
diff --git a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java
index 535265a2c..bf2a81eff 100644
--- a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java
+++ b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java
@@ -29,7 +29,7 @@
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
-import org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants;
+import org.wso2.carbon.identity.organization.management.organization.user.sharing.util.OrganizationSharedUserUtil;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
@@ -54,7 +54,6 @@
import java.util.Date;
import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import java.util.UUID;
import static org.wso2.carbon.identity.organization.user.invitation.management.constant.UserInvitationMgtConstants.CLAIM_EMAIL_ADDRESS;
@@ -185,9 +184,9 @@ public boolean acceptInvitation(String confirmationCode) throws UserInvitationMg
invitation.getUsername(), invitedOrganizationId));
}
- String realUserId = getRealUserId(invitation);
- getOrganizationUserSharingService().shareOrganizationUser(realUserId,
- invitation.getUserOrganizationId(), invitedOrganizationId);
+ String userId = getRealUserId(invitation);
+ getOrganizationUserSharingService().shareOrganizationUser(invitedOrganizationId, userId,
+ invitation.getUserOrganizationId());
// Trigger event to add the role assignments if any available in the invitation.
if (ArrayUtils.isNotEmpty(invitation.getRoleAssignments())) {
// Get the available group name for the group in the invited organization.
@@ -361,12 +360,12 @@ private String getRealUserId(Invitation invitation) throws UserInvitationMgtServ
int userTenantId = IdentityTenantUtil.getTenantId(userTenantDomain);
AbstractUserStoreManager userStoreManager = getAbstractUserStoreManager(userTenantId);
String userId = userStoreManager.getUserIDFromUserName(userName);
- String userManagedOrganizationClaim = getUserManagedOrganizationClaim(userStoreManager, userId);
+ String userManagedOrganizationClaim = OrganizationSharedUserUtil
+ .getUserManagedOrganizationClaim(userStoreManager, userId);
if (userManagedOrganizationClaim != null) {
- String sharedOrganizationId = invitation.getUserOrganizationId();
+ String orgId = invitation.getUserOrganizationId();
invitation.setUserOrganizationId(userManagedOrganizationClaim);
- return getOrganizationUserSharingService().getSharedUserAssociationOfSharedUser(userId,
- sharedOrganizationId).getRealUserId();
+ return getOrganizationUserSharingService().getUserAssociation(userId, orgId).getAssociatedUserId();
}
return userId;
} catch (UserStoreException e) {
@@ -456,16 +455,6 @@ private void triggerRoleAssignmentEvent(String orgId, String groupName,
}
}
- private String getUserManagedOrganizationClaim(AbstractUserStoreManager userStoreManager, String userId)
- throws org.wso2.carbon.user.core.UserStoreException {
-
- String userDomain = userStoreManager.getUser(userId, null).getUserStoreDomain();
- Map claimsMap = userStoreManager
- .getUserClaimValuesWithID(userId, new String[]{UserSharingConstants.CLAIM_MANAGED_ORGANIZATION},
- userDomain);
- return claimsMap.get(UserSharingConstants.CLAIM_MANAGED_ORGANIZATION);
- }
-
private OrganizationUserSharingService getOrganizationUserSharingService() {
return UserInvitationMgtDataHolder.getInstance().getOrganizationUserSharingService();