Skip to content

Commit

Permalink
Merge pull request wso2-extensions#142 from sadilchamishka/user-org-v…
Browse files Browse the repository at this point in the history
…alidation

Validate users while role assignment
  • Loading branch information
AnuradhaSK authored Aug 19, 2022
2 parents a5f5c07 + 1a68a79 commit aba9816
Show file tree
Hide file tree
Showing 6 changed files with 55 additions and 51 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -94,15 +94,13 @@ public Role createRole(String organizationId, Role role) throws OrganizationMana
throw handleClientException(ERROR_CODE_SUPER_ORG_ROLE_CREATE, organizationId);
}
validateRoleNameNotExist(organizationId, role.getDisplayName());
// skip user existence check atm, this user can be from any org. Fix this through
// https://github.com/wso2-extensions/identity-organization-management/issues/50

// if (CollectionUtils.isNotEmpty(role.getUsers())) {
// List<String> userIdList = role.getUsers().stream().map(User::getId).collect(Collectors.toList());
// if (CollectionUtils.isNotEmpty(userIdList)) {
// validateUsers(userIdList, getTenantId());
// }
// }

if (CollectionUtils.isNotEmpty(role.getUsers())) {
List<String> userIdList = role.getUsers().stream().map(User::getId).collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(userIdList)) {
validateUsers(userIdList, organizationId);
}
}
if (CollectionUtils.isNotEmpty(role.getGroups())) {
List<String> groupIdList = role.getGroups().stream().map(Group::getGroupId).collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(groupIdList)) {
Expand Down Expand Up @@ -206,7 +204,7 @@ public Role patchRole(String organizationId, String roleId, List<PatchOperation>
}
if (CollectionUtils.isNotEmpty(patchOperation.getValues())) {
if (StringUtils.equalsIgnoreCase(patchPath, USERS)) {
validateUsers(patchOperation.getValues(), getTenantId());
validateUsers(patchOperation.getValues(), organizationId);
} else if (StringUtils.equalsIgnoreCase(patchPath, GROUPS)) {
validateGroups(patchOperation.getValues(), getTenantId());
} else if (StringUtils.equalsIgnoreCase(patchPath, DISPLAY_NAME)) {
Expand All @@ -231,7 +229,7 @@ public Role putRole(String organizationId, String roleId, Role role) throws Orga
if (CollectionUtils.isNotEmpty(role.getUsers())) {
List<String> userIdList = role.getUsers().stream().map(User::getId).collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(userIdList)) {
validateUsers(userIdList, getTenantId());
validateUsers(userIdList, organizationId);
}
}
if (CollectionUtils.isNotEmpty(role.getGroups())) {
Expand Down Expand Up @@ -341,16 +339,16 @@ private void validateRoleNameNotExist(String organizationId, String roleName)
/**
* Check the passed user ID list is valid.
*
* @param userIdList The user ID list.
* @param tenantId The tenant ID.
* @param userIdList The user ID list.
* @param organizationId The organization id where the user ID is about to resolve over ancestor organizations.
* @throws OrganizationManagementException Throws an exception if a user ID is not valid.
*/
private void validateUsers(List<String> userIdList, int tenantId) throws OrganizationManagementException {
private void validateUsers(List<String> userIdList, String organizationId) throws OrganizationManagementException {

for (String userId : userIdList) {
if (!roleManagementDAO.checkUserExists(userId, tenantId)) {
throw handleClientException(ERROR_CODE_INVALID_USER_ID, userId);
}
RoleManagementDataHolder.getInstance().getOrganizationUserResidentResolverService()
.resolveResidentOrganization(userId, organizationId)
.orElseThrow(() -> handleClientException(ERROR_CODE_INVALID_USER_ID, userId));
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -118,10 +118,6 @@ public class SQLConstants {
SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_TENANT_ID + "; AND UM_ACTION=:" +
SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_ACTION + ";)";

public static final String CHECK_USER_EXISTS = "SELECT COUNT(1) FROM UM_USER WHERE UM_USER_ID=:" +
SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_USER_ID + "; AND UM_TENANT_ID=:" +
SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_TENANT_ID + ";";

public static final String ADD_PERMISSION_IF_NOT_EXISTS = "INSERT INTO UM_ORG_PERMISSION (UM_RESOURCE_ID, " +
"UM_ACTION, UM_TENANT_ID) VALUES ";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -139,17 +139,6 @@ Role patchRole(String organizationId, String roleId, List<PatchOperation> patchO
boolean checkRoleExists(String organizationId, String roleId, String roleName)
throws OrganizationManagementServerException;

/**
* Check whether a user exists inside a tenant.
*
* @param userId The ID of the user.
* @param tenantId The ID of the tenant.
* @return If there is a user then returns true, else false.
* @throws OrganizationManagementServerException The exception is thrown when an error occurs during checking the
* user existence.
*/
boolean checkUserExists(String userId, int tenantId) throws OrganizationManagementServerException;

/**
* Get the count of {@link Role}s of an organization with respect to the filter criteria.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_PERMISSION_ROLE_MAPPING_EXISTS;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_ROLE_EXISTS;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_ROLE_NAME_EXISTS;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_USER_EXISTS;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_USER_ROLE_MAPPING_EXISTS;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.DELETE_GROUPS_FROM_ROLE;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.DELETE_GROUPS_FROM_ROLE_MAPPING;
Expand Down Expand Up @@ -164,7 +163,6 @@
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_ROLE_FROM_ORGANIZATION_ID_ROLE_ID;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_ROLE_FROM_ORGANIZATION_ID_ROLE_NAME;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_USERS_USING_ROLE_ID;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_USER_VALIDITY;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_FILTER_FORMAT;
import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_PATCHING_ROLE;
Expand Down Expand Up @@ -569,23 +567,6 @@ public boolean checkRoleExists(String organizationId, String roleId, String role
}
}

@Override
public boolean checkUserExists(String userId, int tenantId) throws OrganizationManagementServerException {

NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
try {
int value = namedJdbcTemplate.fetchSingleRecord(CHECK_USER_EXISTS,
(resultSet, rowNumber) -> resultSet.getInt(1),
namedPreparedStatement -> {
namedPreparedStatement.setString(DB_SCHEMA_COLUMN_NAME_UM_USER_ID, userId);
namedPreparedStatement.setInt(DB_SCHEMA_COLUMN_NAME_UM_TENANT_ID, tenantId);
});
return value > 0;
} catch (DataAccessException e) {
throw handleServerException(ERROR_CODE_GETTING_USER_VALIDITY, e, userId);
}
}

@Override
public int getTotalOrganizationRoles(String organizationId, List<ExpressionNode> expressionNodes,
List<String> operators) throws OrganizationManagementServerException {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package org.wso2.carbon.identity.organization.management.role.management.service.internal;

import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationUserResidentResolverService;
import org.wso2.carbon.user.core.service.RealmService;

/**
Expand All @@ -28,6 +29,7 @@ public class RoleManagementDataHolder {

private static final RoleManagementDataHolder ROLE_MANAGEMENT_DATA_HOLDER = new RoleManagementDataHolder();
private OrganizationManager organizationManager;
private OrganizationUserResidentResolverService organizationUserResidentResolverService;
private RealmService realmService;

public static RoleManagementDataHolder getInstance() {
Expand All @@ -45,6 +47,17 @@ public void setOrganizationManager(OrganizationManager organizationManager) {
this.organizationManager = organizationManager;
}

public OrganizationUserResidentResolverService getOrganizationUserResidentResolverService() {

return organizationUserResidentResolverService;
}

public void setOrganizationUserResidentResolverService(
OrganizationUserResidentResolverService organizationUserResidentResolverService) {

this.organizationUserResidentResolverService = organizationUserResidentResolverService;
}

public RealmService getRealmService() {

return realmService;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
import org.wso2.carbon.identity.organization.management.role.management.service.RoleManagerImpl;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.OrganizationUserResidentResolverService;
import org.wso2.carbon.user.core.service.RealmService;

/**
Expand Down Expand Up @@ -102,4 +103,30 @@ protected void unsetOrganizationManager(OrganizationManager organizationManager)
}
RoleManagementDataHolder.getInstance().setOrganizationManager(null);
}

@Reference(
name = "organization.user.resident.resolver.service",
service = OrganizationUserResidentResolverService.class,
cardinality = ReferenceCardinality.MANDATORY,
policy = ReferencePolicy.DYNAMIC,
unbind = "unsetOrganizationUserResidentResolverService"
)
protected void setOrganizationUserResidentResolverService(
OrganizationUserResidentResolverService organizationUserResidentResolverService) {

if (LOG.isDebugEnabled()) {
LOG.debug("Setting the organization user resident resolver service.");
}
RoleManagementDataHolder.getInstance()
.setOrganizationUserResidentResolverService(organizationUserResidentResolverService);
}

protected void unsetOrganizationUserResidentResolverService(
OrganizationUserResidentResolverService organizationUserResidentResolverService) {

if (LOG.isDebugEnabled()) {
LOG.debug("Unset organization user resident resolver service.");
}
RoleManagementDataHolder.getInstance().setOrganizationUserResidentResolverService(null);
}
}

0 comments on commit aba9816

Please sign in to comment.