Skip to content

Commit

Permalink
Block role creation for sub orgs.
Browse files Browse the repository at this point in the history
  • Loading branch information
PasinduYeshan committed Oct 19, 2023
1 parent 628a4c7 commit ebc8f46
Showing 1 changed file with 16 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,13 @@

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
import org.wso2.carbon.identity.role.mgt.core.GroupBasicInfo;
import org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo;
Expand Down Expand Up @@ -99,6 +100,11 @@ public Role createRole(Role role) throws CharonException, ConflictException, Bad
log.debug("Creating role: " + role.getDisplayName());
}
try {
if (!isRoleModificationAllowedForTenant(tenantDomain)) {
throw new BadRequestException("Role creation is not allowed for organizations.",
ResponseCodeConstants.INVALID_VALUE);
}

// Check if the role already exists.
if (roleManagementService.isExistingRole(role.getId(), tenantDomain)) {
String error = "Role with name: " + role.getDisplayName() + " already exists in the tenantDomain: "
Expand Down Expand Up @@ -951,4 +957,13 @@ private boolean isUsersAttributeRequired(Map<String, Boolean> requiredAttributes
}
return false;
}

private boolean isRoleModificationAllowedForTenant(String tenantDomain) throws CharonException {

try {
return !OrganizationManagementUtil.isOrganization(tenantDomain);
} catch (OrganizationManagementException e) {
throw new CharonException("Error while checking whether the tenant is an organization.", e);
}
}
}

0 comments on commit ebc8f46

Please sign in to comment.