diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java index 70e2cb0e8..f790ff1ac 100644 --- a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java +++ b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java @@ -47,6 +47,10 @@ import org.wso2.carbon.identity.core.URLBuilderException; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; +import org.wso2.carbon.identity.event.IdentityEventClientException; +import org.wso2.carbon.identity.event.IdentityEventException; +import org.wso2.carbon.identity.event.event.Event; +import org.wso2.carbon.identity.event.services.IdentityEventService; import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException; import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl; import org.wso2.carbon.identity.oauth.common.OAuthConstants; @@ -57,7 +61,9 @@ import org.wso2.carbon.identity.organization.management.application.model.MainApplicationDO; import org.wso2.carbon.identity.organization.management.application.model.SharedApplication; import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationDO; +import org.wso2.carbon.identity.organization.management.ext.Constants; import org.wso2.carbon.identity.organization.management.service.OrganizationManager; +import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementClientException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException; @@ -625,6 +631,32 @@ public void shareApplication(String ownerOrgId, String sharedOrgId, ServiceProvi } finally { PrivilegedCarbonContext.endTenantFlow(); } + + /* + If the sharing main application is Console, Create the shared admin user in shared organization + and assign the admin role. + */ + if (mainApplication.getApplicationName().equals("Console")) { + fireOrganizationCreatorSharingEvent(sharedOrgId); + } + } + + private void fireOrganizationCreatorSharingEvent(String organizationId) throws OrganizationManagementException { + + Map eventProperties = new HashMap<>(); + eventProperties.put(Constants.EVENT_PROP_ORGANIZATION_ID, organizationId); + + IdentityEventService eventService = OrgApplicationMgtDataHolder.getInstance().getIdentityEventService(); + try { + Event event = new Event("POST_SHARED_CONSOLE_APP", eventProperties); + eventService.handleEvent(event); + } catch (IdentityEventClientException e) { + throw new OrganizationManagementClientException(e.getMessage(), e.getMessage(), e.getErrorCode(), e); + } catch (IdentityEventException e) { + throw new OrganizationManagementServerException( + OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getMessage(), + OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getCode(), e); + } } private Optional resolveSharedApp(String mainAppId, String ownerOrgId, String sharedOrgId) diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml index a14c157c1..d57e6a3c6 100644 --- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml +++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml @@ -68,6 +68,10 @@ org.wso2.carbon.identity.framework org.wso2.carbon.identity.event + + org.wso2.carbon.identity.framework + org.wso2.carbon.identity.role.v2.mgt.core + org.testng @@ -127,6 +131,8 @@ org.wso2.carbon.database.utils.jdbc.exceptions;version="${org.wso2.carbon.database.utils.version.range}", org.wso2.carbon.identity.core;version="${carbon.identity.package.import.version.range}", org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.role.v2.mgt.core;version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.role.v2.mgt.core.exception;version="${carbon.identity.package.import.version.range}", org.wso2.carbon.identity.organization.management.service; version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}", org.wso2.carbon.identity.organization.management.service.util;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}", org.wso2.carbon.identity.organization.management.service.exception;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}", diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java index e728b95b1..1242179f3 100644 --- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java +++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingDataHolder.java @@ -19,8 +19,8 @@ package org.wso2.carbon.identity.organization.management.organization.user.sharing.internal; import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService; -import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager; import org.wso2.carbon.identity.organization.management.service.OrganizationManager; +import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; import org.wso2.carbon.user.core.service.RealmService; /** @@ -31,7 +31,7 @@ public class OrganizationUserSharingDataHolder { private static final OrganizationUserSharingDataHolder instance = new OrganizationUserSharingDataHolder(); private RealmService realmService; private OrganizationManager organizationManager; - private RoleManager roleManager; + private RoleManagementService roleManagementService; private OrganizationUserSharingService organizationUserSharingService; public static OrganizationUserSharingDataHolder getInstance() { @@ -84,19 +84,19 @@ public void setRealmService(RealmService realmService) { * * @return Organization role manager service. */ - public RoleManager getRoleManager() { + public RoleManagementService getRoleManagementService() { - return this.roleManager; + return roleManagementService; } /** * Set the organization role manager service. * - * @param roleManager Organization role manager service. + * @param roleManagementService Organization role manager service. */ - public void setRoleManager(RoleManager roleManager) { + public void setRoleManagementService(RoleManagementService roleManagementService) { - this.roleManager = roleManager; + this.roleManagementService = roleManagementService; } /** diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java index 281985bdb..51eb0f79f 100644 --- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java +++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/internal/OrganizationUserSharingServiceComponent.java @@ -32,8 +32,8 @@ import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl; import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharedUserOperationEventListener; import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharingOrganizationCreatorUserEventHandler; -import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager; import org.wso2.carbon.identity.organization.management.service.OrganizationManager; +import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; import org.wso2.carbon.user.core.listener.UserOperationEventListener; import org.wso2.carbon.user.core.service.RealmService; @@ -101,18 +101,18 @@ protected void unsetOrganizationManagementService(OrganizationManager organizati } @Reference( - name = "RoleManager", - service = RoleManager.class, + name = "RoleManagementService", + service = RoleManagementService.class, cardinality = ReferenceCardinality.MANDATORY, policy = ReferencePolicy.DYNAMIC, - unbind = "unsetRoleManagerService") - protected void setRoleManagerService(RoleManager roleManagerService) { + unbind = "unsetRoleManagementService") + protected void setRoleManagementService(RoleManagementService roleManagementService) { - OrganizationUserSharingDataHolder.getInstance().setRoleManager(roleManagerService); + OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(roleManagementService); } - protected void unsetRoleManagerService(RoleManager roleManagerService) { + protected void unsetRoleManagementService(RoleManagementService roleManagementService) { - OrganizationUserSharingDataHolder.getInstance().setRoleManager(null); + OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(null); } } diff --git a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java index 2e97060d3..825f9f82e 100644 --- a/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java +++ b/components/org.wso2.carbon.identity.organization.management.organization.user.sharing/src/main/java/org/wso2/carbon/identity/organization/management/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java @@ -24,27 +24,21 @@ import org.wso2.carbon.identity.event.IdentityEventException; import org.wso2.carbon.identity.event.event.Event; import org.wso2.carbon.identity.event.handler.AbstractEventHandler; -import org.wso2.carbon.identity.organization.management.ext.Constants; import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService; import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl; -import org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants; import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder; -import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager; -import org.wso2.carbon.identity.organization.management.role.management.service.models.Role; -import org.wso2.carbon.identity.organization.management.role.management.service.models.User; import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; -import org.wso2.carbon.identity.organization.management.service.model.Organization; import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; import org.wso2.carbon.identity.organization.management.service.util.Utils; +import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants; +import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.core.util.UserCoreUtil; -import java.util.ArrayList; import java.util.Collections; import java.util.Map; -import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE; -import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE; - /** * The event handler for sharing the organization creator to the child organization. */ @@ -57,10 +51,9 @@ public void handleEvent(Event event) throws IdentityEventException { String eventName = event.getEventName(); - if (Constants.EVENT_POST_ADD_ORGANIZATION.equals(eventName)) { + if ("POST_SHARED_CONSOLE_APP".equals(eventName)) { Map eventProperties = event.getEventProperties(); - Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION); - String orgId = organization.getId(); + String orgId = (String) eventProperties.get("ORGANIZATION_ID"); try { String tenantDomain = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager() @@ -76,11 +69,8 @@ public void handleEvent(Event event) throws IdentityEventException { } userSharingService.shareOrganizationUser(orgId, associatedUserId, associatedOrgId); String userId = userSharingService.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId) - .getUserId(); - Role organizationCreatorRole = buildOrgCreatorRole(userId); - Role administratorRole = buildAdministratorRole(userId); - getRoleManager().createRole(orgId, organizationCreatorRole); - getRoleManager().createRole(orgId, administratorRole); + .getUserId(); + assignUserToAdminRole(userId, orgId, tenantDomain); } catch (OrganizationManagementException e) { throw new IdentityEventException("An error occurred while sharing the organization creator to the " + "organization : " + orgId, e); @@ -88,46 +78,33 @@ public void handleEvent(Event event) throws IdentityEventException { } } - private Role buildOrgCreatorRole(String adminUUID) { - - Role organizationCreatorRole = new Role(); - organizationCreatorRole.setDisplayName(ORG_CREATOR_ROLE); - User orgCreator = new User(adminUUID); - organizationCreatorRole.setUsers(Collections.singletonList(orgCreator)); - // Set permissions for org-creator role. - ArrayList orgCreatorRolePermissions = new ArrayList<>(); - // Adding mandatory permissions for the org-creator role. - orgCreatorRolePermissions.add(UserSharingConstants.ORG_MGT_PERMISSION); - orgCreatorRolePermissions.add(UserSharingConstants.ORG_ROLE_MGT_PERMISSION); - /* - Adding the bear minimum permission set that org creator should have to logged in to the console and view - user, groups, roles, SP, IDP sections. - */ - orgCreatorRolePermissions.addAll(UserSharingConstants.MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW); - // Add user create permission to organization creator to delegate permissions to other org users. - // This permission is assigned until https://github.com/wso2/product-is/issues/14439 is fixed - orgCreatorRolePermissions.add(UserSharingConstants.USER_MGT_CREATE_PERMISSION); - organizationCreatorRole.setPermissions(orgCreatorRolePermissions); - return organizationCreatorRole; - } - - private Role buildAdministratorRole(String adminUUID) { - - Role organizationAdministratorRole = new Role(); - organizationAdministratorRole.setDisplayName(ORG_ADMINISTRATOR_ROLE); - User orgAdministrator = new User(adminUUID); - organizationAdministratorRole.setUsers(Collections.singletonList(orgAdministrator)); - // Set permissions for org-administrator role. - ArrayList orgAdministratorRolePermissions = new ArrayList<>(); - // Setting all administrative permissions for the Administrator role - orgAdministratorRolePermissions.add(UserSharingConstants.ADMINISTRATOR_ROLE_PERMISSION); - organizationAdministratorRole.setPermissions(orgAdministratorRolePermissions); - return organizationAdministratorRole; - } + private void assignUserToAdminRole(String userId, String organizationId, String tenantDomain) + throws IdentityEventException { - private RoleManager getRoleManager() { + String adminRoleName; + try { + adminRoleName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() + .getAdminRoleName(); + adminRoleName = UserCoreUtil.removeDomainFromName(adminRoleName); + } catch (UserStoreException e) { + throw new IdentityEventException("An error occurred while retrieving the admin role ", e); + } - return OrganizationUserSharingDataHolder.getInstance().getRoleManager(); + try { + String adminRoleId = OrganizationUserSharingDataHolder.getInstance().getRoleManagementService() + .getRoleIdByName(adminRoleName, RoleConstants.ORGANIZATION, organizationId, tenantDomain); + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); + OrganizationUserSharingDataHolder.getInstance().getRoleManagementService() + .updateUserListOfRole(adminRoleId, + Collections.singletonList(userId), Collections.emptyList(), tenantDomain); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } catch (IdentityRoleManagementException e) { + throw new IdentityEventException("An error occurred while assigning the user to the administrator role", e); + } } private OrganizationManager getOrganizationManager() { diff --git a/pom.xml b/pom.xml index 30f219297..e5cf54f67 100644 --- a/pom.xml +++ b/pom.xml @@ -227,6 +227,11 @@ org.wso2.carbon.identity.application.authentication.framework ${carbon.identity.framework.version} + + org.wso2.carbon.identity.framework + org.wso2.carbon.identity.role.v2.mgt.core + ${carbon.identity.framework.version} + org.wso2.carbon.identity.inbound.auth.oauth2 org.wso2.carbon.identity.oauth @@ -510,7 +515,7 @@ [4.7.0,5.0.0) - 5.25.433 + 5.25.446 [5.20.0, 7.0.0)