diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java index 889359100..c58ab3472 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java @@ -33,6 +33,7 @@ import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; import org.wso2.carbon.identity.role.v2.mgt.core.model.AssociatedApplication; import org.wso2.carbon.identity.role.v2.mgt.core.model.GroupBasicInfo; +import org.wso2.carbon.identity.role.v2.mgt.core.model.IdpGroup; import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission; import org.wso2.carbon.identity.role.v2.mgt.core.model.Role; import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo; @@ -136,10 +137,16 @@ public RoleV2 createRole(RoleV2 role) LOG.debug("Creating role: " + role.getDisplayName() + " for organization."); } } + // TODO: separate the groups into idp groups and userstore groups, and pass them separately. RoleBasicInfo roleBasicInfo = roleManagementService.addRole(role.getDisplayName(), role.getUsers(), role.getGroups(), permissionList, audienceType, role.getAudienceValue(), tenantDomain); - + // Set added groups as idp groups list. + List idpGroupList = role.getGroups().stream() + .map(IdpGroup::new) + .collect(Collectors.toList()); + roleManagementService.updateIdpGroupListOfRole(roleBasicInfo.getId(), idpGroupList, new ArrayList<>(), + tenantDomain); RoleV2 createdRole = new RoleV2(); createdRole.setId(roleBasicInfo.getId()); String locationURI = SCIMCommonUtils.getSCIMRoleV2URL(roleBasicInfo.getId()); @@ -202,20 +209,34 @@ public RoleV2 getRole(String roleID, Map requiredAttributes) } } - // Set role's assigned groups. - List assignedGroups = role.getGroups(); - if (assignedGroups != null) { - for (GroupBasicInfo groupInfo : assignedGroups) { - groupInfo.getId(); - String groupLocationURI = SCIMCommonUtils.getSCIMGroupURL(groupInfo.getId()); + // Set role's assigned userstore groups. + List assignedUserstoreGroups = role.getGroups(); + if (assignedUserstoreGroups != null) { + for (GroupBasicInfo groupInfo : assignedUserstoreGroups) { + String groupId = groupInfo.getId(); + String groupLocationURI = SCIMCommonUtils.getSCIMGroupURL(groupId); Group group = new Group(); group.setDisplayName(groupInfo.getName()); - group.setId(groupInfo.getId()); + group.setId(groupId); group.setLocation(groupLocationURI); scimRole.setGroup(group); } } + // Set role's assigned idp groups. + List assignedIdpGroups = role.getIdpGroups(); + if (assignedIdpGroups != null) { + for (IdpGroup idpGroup : assignedIdpGroups) { + String idpGroupId = idpGroup.getGroupId(); + String idpGroupLocationURI = SCIMCommonUtils.getIdpGroupURL(idpGroup.getIdpId(), idpGroupId); + Group group = new Group(); + group.setDisplayName(idpGroup.getGroupName()); + group.setId(idpGroupId); + group.setLocation(idpGroupLocationURI); + scimRole.setGroup(group); + } + } + // Set associated applications. List associatedApps = convertAssociatedAppsToMultivaluedComplexType(role.getAssociatedApplications()); @@ -875,7 +896,7 @@ private void updateGroups(String roleId, List groupOperations) Set replaceGroupsIds = new HashSet<>(); List groupListOfRole = roleManagementService.getGroupListOfRole(roleId, tenantDomain); - + List idpGroupListOfRole = roleManagementService.getIdpGroupListOfRole(roleId, tenantDomain); for (PatchOperation groupOperation : groupOperations) { if (groupOperation.getValues() instanceof Map) { Map groupObject = (Map) groupOperation.getValues(); diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java index 24d5e3d86..060f4c8b1 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java @@ -153,6 +153,29 @@ public static String getApplicationRefURL(String id) { } } + public static String getIdpGroupURL(String idpId, String groupId) { + + String idpGroupURL; + String path = "/api/server/v1/identity-providers"; + try { + if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) { + idpGroupURL = ServiceURLBuilder.create().addPath(path).build() + .getAbsolutePublicURL(); + } else { + idpGroupURL = getURLIfTenantQualifiedURLDisabled(path); + } + return StringUtils.isNotBlank(idpId) && StringUtils.isNotBlank(groupId) ? + new StringBuilder().append(idpGroupURL).append(SCIMCommonConstants.URL_SEPERATOR).append(idpId) + .append(SCIMCommonConstants.URL_SEPERATOR).append(groupId).toString() : null; + } catch (URLBuilderException e) { + if (log.isDebugEnabled()) { + log.debug("Error occurred while building the identity provider's group endpoint with " + + "tenant/organization qualified URL.", e); + } + return null; + } + } + public static String getPermissionRefURL(String apiId, String permissionName) { String apiResourceURL;