Merge pull request #274 from sadilchamishka/assign-org-creator-to-rol…

…e-v2

Assign user to the administrator role of the organization

components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java

@@ -47,6 +47,10 @@
 import org.wso2.carbon.identity.core.URLBuilderException;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.event.IdentityEventClientException;
+import org.wso2.carbon.identity.event.IdentityEventException;
+import org.wso2.carbon.identity.event.event.Event;
+import org.wso2.carbon.identity.event.services.IdentityEventService;
 import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
 import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
 import org.wso2.carbon.identity.oauth.common.OAuthConstants;
@@ -57,7 +61,9 @@
 import org.wso2.carbon.identity.organization.management.application.model.MainApplicationDO;
 import org.wso2.carbon.identity.organization.management.application.model.SharedApplication;
 import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationDO;
+import org.wso2.carbon.identity.organization.management.ext.Constants;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementClientException;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
@@ -625,6 +631,32 @@ public void shareApplication(String ownerOrgId, String sharedOrgId, ServiceProvi
         } finally {
             PrivilegedCarbonContext.endTenantFlow();
         }
+
+        /*
+            If the sharing main application is Console, Create the shared admin user in shared organization
+            and assign the admin role.
+        */
+        if (mainApplication.getApplicationName().equals("Console")) {
+            fireOrganizationCreatorSharingEvent(sharedOrgId);
+        }
+    }
+
+    private void fireOrganizationCreatorSharingEvent(String organizationId) throws OrganizationManagementException {
+
+        Map<String, Object> eventProperties = new HashMap<>();
+        eventProperties.put(Constants.EVENT_PROP_ORGANIZATION_ID, organizationId);
+
+        IdentityEventService eventService = OrgApplicationMgtDataHolder.getInstance().getIdentityEventService();
+        try {
+            Event event = new Event("POST_SHARED_CONSOLE_APP", eventProperties);
+            eventService.handleEvent(event);
+        } catch (IdentityEventClientException e) {
+            throw new OrganizationManagementClientException(e.getMessage(), e.getMessage(), e.getErrorCode(), e);
+        } catch (IdentityEventException e) {
+            throw new OrganizationManagementServerException(
+                    OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getMessage(),
+                    OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getCode(), e);
+        }
     }
 
     private Optional<String> resolveSharedApp(String mainAppId, String ownerOrgId, String sharedOrgId)

components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml

@@ -68,6 +68,10 @@
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.event</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
+        </dependency>
         <!--Test Dependencies-->
         <dependency>
             <groupId>org.testng</groupId>
@@ -127,6 +131,8 @@
                             org.wso2.carbon.database.utils.jdbc.exceptions;version="${org.wso2.carbon.database.utils.version.range}",
                             org.wso2.carbon.identity.core;version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.role.v2.mgt.core;version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.role.v2.mgt.core.exception;version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.organization.management.service; version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
                             org.wso2.carbon.identity.organization.management.service.util;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
                             org.wso2.carbon.identity.organization.management.service.exception;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",

components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java

@@ -19,8 +19,8 @@
 package org.wso2.carbon.identity.organization.management.organization.user.sharing.internal;
 
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
-import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 /**
@@ -31,7 +31,7 @@ public class OrganizationUserSharingDataHolder {
     private static final OrganizationUserSharingDataHolder instance = new OrganizationUserSharingDataHolder();
     private RealmService realmService;
     private OrganizationManager organizationManager;
-    private RoleManager roleManager;
+    private RoleManagementService roleManagementService;
     private OrganizationUserSharingService organizationUserSharingService;
 
     public static OrganizationUserSharingDataHolder getInstance() {
@@ -84,19 +84,19 @@ public void setRealmService(RealmService realmService) {
      *
      * @return Organization role manager service.
      */
-    public RoleManager getRoleManager() {
+    public RoleManagementService getRoleManagementService() {
 
-        return this.roleManager;
+        return roleManagementService;
     }
 
     /**
      * Set the organization role manager service.
      *
-     * @param roleManager Organization role manager service.
+     * @param roleManagementService Organization role manager service.
      */
-    public void setRoleManager(RoleManager roleManager) {
+    public void setRoleManagementService(RoleManagementService roleManagementService) {
 
-        this.roleManager = roleManager;
+        this.roleManagementService = roleManagementService;
     }
 
     /**

components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java

@@ -32,8 +32,8 @@
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharedUserOperationEventListener;
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharingOrganizationCreatorUserEventHandler;
-import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.user.core.listener.UserOperationEventListener;
 import org.wso2.carbon.user.core.service.RealmService;
 
@@ -101,18 +101,18 @@ protected void unsetOrganizationManagementService(OrganizationManager organizati
     }
 
     @Reference(
-            name = "RoleManager",
-            service = RoleManager.class,
+            name = "RoleManagementService",
+            service = RoleManagementService.class,
             cardinality = ReferenceCardinality.MANDATORY,
             policy = ReferencePolicy.DYNAMIC,
-            unbind = "unsetRoleManagerService")
-    protected void setRoleManagerService(RoleManager roleManagerService) {
+            unbind = "unsetRoleManagementService")
+    protected void setRoleManagementService(RoleManagementService roleManagementService) {
 
-        OrganizationUserSharingDataHolder.getInstance().setRoleManager(roleManagerService);
+        OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(roleManagementService);
     }
 
-    protected void unsetRoleManagerService(RoleManager roleManagerService) {
+    protected void unsetRoleManagementService(RoleManagementService roleManagementService) {
 
-        OrganizationUserSharingDataHolder.getInstance().setRoleManager(null);
+        OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(null);
     }
 }

components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java

@@ -24,27 +24,21 @@
 import org.wso2.carbon.identity.event.IdentityEventException;
 import org.wso2.carbon.identity.event.event.Event;
 import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
-import org.wso2.carbon.identity.organization.management.ext.Constants;
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
-import org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants;
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder;
-import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
-import org.wso2.carbon.identity.organization.management.role.management.service.models.Role;
-import org.wso2.carbon.identity.organization.management.role.management.service.models.User;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
-import org.wso2.carbon.identity.organization.management.service.model.Organization;
 import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
 import org.wso2.carbon.identity.organization.management.service.util.Utils;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
+import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.core.util.UserCoreUtil;
 
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Map;
 
-import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE;
-import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE;
-
 /**
  * The event handler for sharing the organization creator to the child organization.
  */
@@ -57,10 +51,9 @@ public void handleEvent(Event event) throws IdentityEventException {
 
         String eventName = event.getEventName();
 
-        if (Constants.EVENT_POST_ADD_ORGANIZATION.equals(eventName)) {
+        if ("POST_SHARED_CONSOLE_APP".equals(eventName)) {
             Map<String, Object> eventProperties = event.getEventProperties();
-            Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION);
-            String orgId = organization.getId();
+            String orgId = (String) eventProperties.get("ORGANIZATION_ID");
 
             try {
                 String tenantDomain = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager()
@@ -76,58 +69,42 @@ public void handleEvent(Event event) throws IdentityEventException {
                 }
                 userSharingService.shareOrganizationUser(orgId, associatedUserId, associatedOrgId);
                 String userId = userSharingService.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId)
-                                .getUserId();
-                Role organizationCreatorRole = buildOrgCreatorRole(userId);
-                Role administratorRole = buildAdministratorRole(userId);
-                getRoleManager().createRole(orgId, organizationCreatorRole);
-                getRoleManager().createRole(orgId, administratorRole);
+                        .getUserId();
+                assignUserToAdminRole(userId, orgId, tenantDomain);
             } catch (OrganizationManagementException e) {
                 throw new IdentityEventException("An error occurred while sharing the organization creator to the " +
                         "organization : " + orgId, e);
             }
         }
     }
 
-    private Role buildOrgCreatorRole(String adminUUID) {
-
-        Role organizationCreatorRole = new Role();
-        organizationCreatorRole.setDisplayName(ORG_CREATOR_ROLE);
-        User orgCreator = new User(adminUUID);
-        organizationCreatorRole.setUsers(Collections.singletonList(orgCreator));
-        // Set permissions for org-creator role.
-        ArrayList<String> orgCreatorRolePermissions = new ArrayList<>();
-        // Adding mandatory permissions for the org-creator role.
-        orgCreatorRolePermissions.add(UserSharingConstants.ORG_MGT_PERMISSION);
-        orgCreatorRolePermissions.add(UserSharingConstants.ORG_ROLE_MGT_PERMISSION);
-        /*
-        Adding the bear minimum permission set that org creator should have to logged in to the console and view
-        user, groups, roles, SP, IDP sections.
-         */
-        orgCreatorRolePermissions.addAll(UserSharingConstants.MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW);
-        // Add user create permission to organization creator to delegate permissions to other org users.
-        // This permission is assigned until https://github.com/wso2/product-is/issues/14439 is fixed
-        orgCreatorRolePermissions.add(UserSharingConstants.USER_MGT_CREATE_PERMISSION);
-        organizationCreatorRole.setPermissions(orgCreatorRolePermissions);
-        return organizationCreatorRole;
-    }
-
-    private Role buildAdministratorRole(String adminUUID) {
-
-        Role organizationAdministratorRole = new Role();
-        organizationAdministratorRole.setDisplayName(ORG_ADMINISTRATOR_ROLE);
-        User orgAdministrator = new User(adminUUID);
-        organizationAdministratorRole.setUsers(Collections.singletonList(orgAdministrator));
-        // Set permissions for org-administrator role.
-        ArrayList<String> orgAdministratorRolePermissions = new ArrayList<>();
-        // Setting all administrative permissions for the Administrator role
-        orgAdministratorRolePermissions.add(UserSharingConstants.ADMINISTRATOR_ROLE_PERMISSION);
-        organizationAdministratorRole.setPermissions(orgAdministratorRolePermissions);
-        return organizationAdministratorRole;
-    }
+    private void assignUserToAdminRole(String userId, String organizationId, String tenantDomain)
+            throws IdentityEventException {
 
-    private RoleManager getRoleManager() {
+        String adminRoleName;
+        try {
+            adminRoleName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
+                    .getAdminRoleName();
+            adminRoleName = UserCoreUtil.removeDomainFromName(adminRoleName);
+        } catch (UserStoreException e) {
+            throw new IdentityEventException("An error occurred while retrieving the admin role ", e);
+        }
 
-        return OrganizationUserSharingDataHolder.getInstance().getRoleManager();
+        try {
+            String adminRoleId = OrganizationUserSharingDataHolder.getInstance().getRoleManagementService()
+                    .getRoleIdByName(adminRoleName, RoleConstants.ORGANIZATION, organizationId, tenantDomain);
+            try {
+                PrivilegedCarbonContext.startTenantFlow();
+                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
+                OrganizationUserSharingDataHolder.getInstance().getRoleManagementService()
+                        .updateUserListOfRole(adminRoleId,
+                        Collections.singletonList(userId), Collections.emptyList(), tenantDomain);
+            } finally {
+                PrivilegedCarbonContext.endTenantFlow();
+            }
+        } catch (IdentityRoleManagementException e) {
+            throw new IdentityEventException("An error occurred while assigning the user to the administrator role", e);
+        }
     }
 
     private OrganizationManager getOrganizationManager() {

pom.xml

@@ -227,6 +227,11 @@
                 <artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
                 <version>${carbon.identity.framework.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity.framework</groupId>
+                <artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
+                <version>${carbon.identity.framework.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
                 <artifactId>org.wso2.carbon.identity.oauth</artifactId>
@@ -510,7 +515,7 @@
         <carbon.multitenancy.package.import.version.range>[4.7.0,5.0.0)
         </carbon.multitenancy.package.import.version.range>
 
-        <carbon.identity.framework.version>5.25.433</carbon.identity.framework.version>
+        <carbon.identity.framework.version>5.25.446</carbon.identity.framework.version>
         <carbon.identity.package.import.version.range>[5.20.0, 7.0.0)
         </carbon.identity.package.import.version.range>