Merge pull request wso2-extensions#125 from sadilchamishka/restrict-s…

…uper-org-resource-update Restrict super organization level role management
vinumaddumage · Aug 18, 2022 · 67fd134 · 67fd134
2 parents 445a8de + ece8a25
commit 67fd134
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/...wso2/carbon/identity/organization/management/role/management/service/RoleManagerImpl.java b/...wso2/carbon/identity/organization/management/role/management/service/RoleManagerImpl.java
@@ -70,7 +70,9 @@
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_DISPLAY_NAME_NULL;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_IS_UNMODIFIABLE;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_LIST_INVALID_CURSOR;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_SUPER_ORG_ROLE_CREATE;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.PATCH_OP_REMOVE;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.SUPER_ORG_ID;
 import static org.wso2.carbon.identity.organization.management.service.util.Utils.generateUniqueID;
 import static org.wso2.carbon.identity.organization.management.service.util.Utils.getTenantId;
 import static org.wso2.carbon.identity.organization.management.service.util.Utils.handleClientException;
@@ -88,6 +90,9 @@ public Role createRole(String organizationId, Role role) throws OrganizationMana
 
         role.setId(generateUniqueID());
         validateOrganizationId(organizationId);
+        if (StringUtils.equals(SUPER_ORG_ID, organizationId)) {
+            throw handleClientException(ERROR_CODE_SUPER_ORG_ROLE_CREATE, organizationId);
+        }
         validateRoleNameNotExist(organizationId, role.getDisplayName());
         // skip user existence check atm, this user can be from any org. Fix this through
         // https://github.com/wso2-extensions/identity-organization-management/issues/50

diff --git a/...on/identity/organization/management/service/constant/OrganizationManagementConstants.java b/...on/identity/organization/management/service/constant/OrganizationManagementConstants.java
@@ -236,6 +236,8 @@ public enum ErrorMessages {
                         "organization."),
         ERROR_CODE_USER_ROOT_ORGANIZATION_NOT_FOUND("60058", "Unable to retrieve the root organization.",
                 "A root organization is not found for the authenticated user with ID: %s."),
+        ERROR_CODE_SUPER_ORG_ROLE_CREATE("60059", "Organization roles can't be created in Super organization.",
+                "Organization %s can't manage organization roles."),
 
         // Server errors.
         ERROR_CODE_UNEXPECTED("65001", "Unexpected processing error",