Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assign user to the administrator role of the organization #274

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventClientException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.services.IdentityEventService;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
Expand All @@ -57,7 +61,9 @@
import org.wso2.carbon.identity.organization.management.application.model.MainApplicationDO;
import org.wso2.carbon.identity.organization.management.application.model.SharedApplication;
import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationDO;
import org.wso2.carbon.identity.organization.management.ext.Constants;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementClientException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
Expand Down Expand Up @@ -625,6 +631,32 @@ public void shareApplication(String ownerOrgId, String sharedOrgId, ServiceProvi
} finally {
PrivilegedCarbonContext.endTenantFlow();
}

/*
If the sharing main application is Console, Create the shared admin user in shared organization
and assign the admin role.
*/
if (mainApplication.getApplicationName().equals("Console")) {
fireOrganizationCreatorSharingEvent(sharedOrgId);
}
}

private void fireOrganizationCreatorSharingEvent(String organizationId) throws OrganizationManagementException {

Map<String, Object> eventProperties = new HashMap<>();
eventProperties.put(Constants.EVENT_PROP_ORGANIZATION_ID, organizationId);

IdentityEventService eventService = OrgApplicationMgtDataHolder.getInstance().getIdentityEventService();
try {
Event event = new Event("POST_SHARED_CONSOLE_APP", eventProperties);
eventService.handleEvent(event);
} catch (IdentityEventClientException e) {
throw new OrganizationManagementClientException(e.getMessage(), e.getMessage(), e.getErrorCode(), e);
} catch (IdentityEventException e) {
throw new OrganizationManagementServerException(
OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getMessage(),
OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getCode(), e);
}
}

private Optional<String> resolveSharedApp(String mainAppId, String ownerOrgId, String sharedOrgId)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.event</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
</dependency>
<!--Test Dependencies-->
<dependency>
<groupId>org.testng</groupId>
Expand Down Expand Up @@ -127,6 +131,8 @@
org.wso2.carbon.database.utils.jdbc.exceptions;version="${org.wso2.carbon.database.utils.version.range}",
org.wso2.carbon.identity.core;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.role.v2.mgt.core;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.role.v2.mgt.core.exception;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.organization.management.service; version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.service.util;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.service.exception;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@
package org.wso2.carbon.identity.organization.management.organization.user.sharing.internal;

import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
import org.wso2.carbon.user.core.service.RealmService;

/**
Expand All @@ -31,7 +31,7 @@ public class OrganizationUserSharingDataHolder {
private static final OrganizationUserSharingDataHolder instance = new OrganizationUserSharingDataHolder();
private RealmService realmService;
private OrganizationManager organizationManager;
private RoleManager roleManager;
private RoleManagementService roleManagementService;
private OrganizationUserSharingService organizationUserSharingService;

public static OrganizationUserSharingDataHolder getInstance() {
Expand Down Expand Up @@ -84,19 +84,19 @@ public void setRealmService(RealmService realmService) {
*
* @return Organization role manager service.
*/
public RoleManager getRoleManager() {
public RoleManagementService getRoleManagementService() {

return this.roleManager;
return roleManagementService;
}

/**
* Set the organization role manager service.
*
* @param roleManager Organization role manager service.
* @param roleManagementService Organization role manager service.
*/
public void setRoleManager(RoleManager roleManager) {
public void setRoleManagementService(RoleManagementService roleManagementService) {

this.roleManager = roleManager;
this.roleManagementService = roleManagementService;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharedUserOperationEventListener;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.listener.SharingOrganizationCreatorUserEventHandler;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
import org.wso2.carbon.user.core.listener.UserOperationEventListener;
import org.wso2.carbon.user.core.service.RealmService;

Expand Down Expand Up @@ -101,18 +101,18 @@ protected void unsetOrganizationManagementService(OrganizationManager organizati
}

@Reference(
name = "RoleManager",
service = RoleManager.class,
name = "RoleManagementService",
service = RoleManagementService.class,
cardinality = ReferenceCardinality.MANDATORY,
policy = ReferencePolicy.DYNAMIC,
unbind = "unsetRoleManagerService")
protected void setRoleManagerService(RoleManager roleManagerService) {
unbind = "unsetRoleManagementService")
protected void setRoleManagementService(RoleManagementService roleManagementService) {

OrganizationUserSharingDataHolder.getInstance().setRoleManager(roleManagerService);
OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(roleManagementService);
}

protected void unsetRoleManagerService(RoleManager roleManagerService) {
protected void unsetRoleManagementService(RoleManagementService roleManagementService) {

OrganizationUserSharingDataHolder.getInstance().setRoleManager(null);
OrganizationUserSharingDataHolder.getInstance().setRoleManagementService(null);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,21 @@
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.organization.management.ext.Constants;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingServiceImpl;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.internal.OrganizationUserSharingDataHolder;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.role.management.service.models.Role;
import org.wso2.carbon.identity.organization.management.role.management.service.models.User;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.model.Organization;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;

import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE;

/**
* The event handler for sharing the organization creator to the child organization.
*/
Expand All @@ -57,10 +51,9 @@ public void handleEvent(Event event) throws IdentityEventException {

String eventName = event.getEventName();

if (Constants.EVENT_POST_ADD_ORGANIZATION.equals(eventName)) {
if ("POST_SHARED_CONSOLE_APP".equals(eventName)) {
Map<String, Object> eventProperties = event.getEventProperties();
Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION);
String orgId = organization.getId();
String orgId = (String) eventProperties.get("ORGANIZATION_ID");

try {
String tenantDomain = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager()
Expand All @@ -76,58 +69,42 @@ public void handleEvent(Event event) throws IdentityEventException {
}
userSharingService.shareOrganizationUser(orgId, associatedUserId, associatedOrgId);
String userId = userSharingService.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId)
.getUserId();
Role organizationCreatorRole = buildOrgCreatorRole(userId);
Role administratorRole = buildAdministratorRole(userId);
getRoleManager().createRole(orgId, organizationCreatorRole);
getRoleManager().createRole(orgId, administratorRole);
.getUserId();
assignUserToAdminRole(userId, orgId, tenantDomain);
} catch (OrganizationManagementException e) {
throw new IdentityEventException("An error occurred while sharing the organization creator to the " +
"organization : " + orgId, e);
}
}
}

private Role buildOrgCreatorRole(String adminUUID) {

Role organizationCreatorRole = new Role();
organizationCreatorRole.setDisplayName(ORG_CREATOR_ROLE);
User orgCreator = new User(adminUUID);
organizationCreatorRole.setUsers(Collections.singletonList(orgCreator));
// Set permissions for org-creator role.
ArrayList<String> orgCreatorRolePermissions = new ArrayList<>();
// Adding mandatory permissions for the org-creator role.
orgCreatorRolePermissions.add(UserSharingConstants.ORG_MGT_PERMISSION);
orgCreatorRolePermissions.add(UserSharingConstants.ORG_ROLE_MGT_PERMISSION);
/*
Adding the bear minimum permission set that org creator should have to logged in to the console and view
user, groups, roles, SP, IDP sections.
*/
orgCreatorRolePermissions.addAll(UserSharingConstants.MINIMUM_PERMISSIONS_REQUIRED_FOR_ORG_CREATOR_VIEW);
// Add user create permission to organization creator to delegate permissions to other org users.
// This permission is assigned until https://github.com/wso2/product-is/issues/14439 is fixed
orgCreatorRolePermissions.add(UserSharingConstants.USER_MGT_CREATE_PERMISSION);
organizationCreatorRole.setPermissions(orgCreatorRolePermissions);
return organizationCreatorRole;
}

private Role buildAdministratorRole(String adminUUID) {

Role organizationAdministratorRole = new Role();
organizationAdministratorRole.setDisplayName(ORG_ADMINISTRATOR_ROLE);
User orgAdministrator = new User(adminUUID);
organizationAdministratorRole.setUsers(Collections.singletonList(orgAdministrator));
// Set permissions for org-administrator role.
ArrayList<String> orgAdministratorRolePermissions = new ArrayList<>();
// Setting all administrative permissions for the Administrator role
orgAdministratorRolePermissions.add(UserSharingConstants.ADMINISTRATOR_ROLE_PERMISSION);
organizationAdministratorRole.setPermissions(orgAdministratorRolePermissions);
return organizationAdministratorRole;
}
private void assignUserToAdminRole(String userId, String organizationId, String tenantDomain)
throws IdentityEventException {

private RoleManager getRoleManager() {
String adminRoleName;
try {
adminRoleName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
.getAdminRoleName();
adminRoleName = UserCoreUtil.removeDomainFromName(adminRoleName);
} catch (UserStoreException e) {
throw new IdentityEventException("An error occurred while retrieving the admin role ", e);
}

return OrganizationUserSharingDataHolder.getInstance().getRoleManager();
try {
String adminRoleId = OrganizationUserSharingDataHolder.getInstance().getRoleManagementService()
.getRoleIdByName(adminRoleName, RoleConstants.ORGANIZATION, organizationId, tenantDomain);
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
OrganizationUserSharingDataHolder.getInstance().getRoleManagementService()
.updateUserListOfRole(adminRoleId,
Collections.singletonList(userId), Collections.emptyList(), tenantDomain);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
} catch (IdentityRoleManagementException e) {
throw new IdentityEventException("An error occurred while assigning the user to the administrator role", e);
}
}

private OrganizationManager getOrganizationManager() {
Expand Down
7 changes: 6 additions & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,11 @@
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
Expand Down Expand Up @@ -510,7 +515,7 @@
<carbon.multitenancy.package.import.version.range>[4.7.0,5.0.0)
</carbon.multitenancy.package.import.version.range>

<carbon.identity.framework.version>5.25.433</carbon.identity.framework.version>
<carbon.identity.framework.version>5.25.446</carbon.identity.framework.version>
<carbon.identity.package.import.version.range>[5.20.0, 7.0.0)
</carbon.identity.package.import.version.range>

Expand Down