wso2-extensions · AnuradhaSK · Aug 19, 2022 · Aug 18, 2022 · Aug 19, 2022
diff --git a/...wso2/carbon/identity/organization/management/role/management/service/RoleManagerImpl.java b/...wso2/carbon/identity/organization/management/role/management/service/RoleManagerImpl.java
@@ -89,15 +89,13 @@ public Role createRole(String organizationId, Role role) throws OrganizationMana
         role.setId(generateUniqueID());
         validateOrganizationId(organizationId);
         validateRoleNameNotExist(organizationId, role.getDisplayName());
-        // skip user existence check atm, this user can be from any org. Fix this through
-        // https://github.com/wso2-extensions/identity-organization-management/issues/50
-
-//        if (CollectionUtils.isNotEmpty(role.getUsers())) {
-//            List<String> userIdList = role.getUsers().stream().map(User::getId).collect(Collectors.toList());
-//            if (CollectionUtils.isNotEmpty(userIdList)) {
-//                validateUsers(userIdList, getTenantId());
-//            }
-//        }
+
+        if (CollectionUtils.isNotEmpty(role.getUsers())) {
+            List<String> userIdList = role.getUsers().stream().map(User::getId).collect(Collectors.toList());
+            if (CollectionUtils.isNotEmpty(userIdList)) {
+                validateUsers(userIdList, organizationId);
+            }
+        }
         if (CollectionUtils.isNotEmpty(role.getGroups())) {
             List<String> groupIdList = role.getGroups().stream().map(Group::getGroupId).collect(Collectors.toList());
             if (CollectionUtils.isNotEmpty(groupIdList)) {
@@ -201,7 +199,7 @@ public Role patchRole(String organizationId, String roleId, List<PatchOperation>
             }
             if (CollectionUtils.isNotEmpty(patchOperation.getValues())) {
                 if (StringUtils.equalsIgnoreCase(patchPath, USERS)) {
-                    validateUsers(patchOperation.getValues(), getTenantId());
+                    validateUsers(patchOperation.getValues(), organizationId);
                 } else if (StringUtils.equalsIgnoreCase(patchPath, GROUPS)) {
                     validateGroups(patchOperation.getValues(), getTenantId());
                 } else if (StringUtils.equalsIgnoreCase(patchPath, DISPLAY_NAME)) {
@@ -226,7 +224,7 @@ public Role putRole(String organizationId, String roleId, Role role) throws Orga
         if (CollectionUtils.isNotEmpty(role.getUsers())) {
             List<String> userIdList = role.getUsers().stream().map(User::getId).collect(Collectors.toList());
             if (CollectionUtils.isNotEmpty(userIdList)) {
-                validateUsers(userIdList, getTenantId());
+                validateUsers(userIdList, organizationId);
             }
         }
         if (CollectionUtils.isNotEmpty(role.getGroups())) {
@@ -336,16 +334,16 @@ private void validateRoleNameNotExist(String organizationId, String roleName)
     /**
      * Check the passed user ID list is valid.
      *
-     * @param userIdList The user ID list.
-     * @param tenantId   The tenant ID.
+     * @param userIdList     The user ID list.
+     * @param organizationId The organization id where the user ID is about to resolve over ancestor organizations.
      * @throws OrganizationManagementException Throws an exception if a user ID is not valid.
      */
-    private void validateUsers(List<String> userIdList, int tenantId) throws OrganizationManagementException {
+    private void validateUsers(List<String> userIdList, String organizationId) throws OrganizationManagementException {
 
         for (String userId : userIdList) {
-            if (!roleManagementDAO.checkUserExists(userId, tenantId)) {
-                throw handleClientException(ERROR_CODE_INVALID_USER_ID, userId);
-            }
+            RoleManagementDataHolder.getInstance().getOrganizationUserResidentResolverService()
+                    .resolveResidentOrganization(userId, organizationId)
+                    .orElseThrow(() -> handleClientException(ERROR_CODE_INVALID_USER_ID, userId));
         }
     }
 

diff --git a/...arbon/identity/organization/management/role/management/service/constant/SQLConstants.java b/...arbon/identity/organization/management/role/management/service/constant/SQLConstants.java
@@ -118,10 +118,6 @@ public class SQLConstants {
             SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_TENANT_ID + "; AND UM_ACTION=:" +
             SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_ACTION + ";)";
 
-    public static final String CHECK_USER_EXISTS = "SELECT COUNT(1) FROM UM_USER WHERE UM_USER_ID=:" +
-            SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_USER_ID + "; AND UM_TENANT_ID=:" +
-            SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_UM_TENANT_ID + ";";
-
     public static final String ADD_PERMISSION_IF_NOT_EXISTS = "INSERT INTO UM_ORG_PERMISSION (UM_RESOURCE_ID, " +
             "UM_ACTION, UM_TENANT_ID) VALUES ";
 

diff --git a/...arbon/identity/organization/management/role/management/service/dao/RoleManagementDAO.java b/...arbon/identity/organization/management/role/management/service/dao/RoleManagementDAO.java
@@ -139,17 +139,6 @@ Role patchRole(String organizationId, String roleId, List<PatchOperation> patchO
     boolean checkRoleExists(String organizationId, String roleId, String roleName)
             throws OrganizationManagementServerException;
 
-    /**
-     * Check whether a user exists inside a tenant.
-     *
-     * @param userId   The ID of the user.
-     * @param tenantId The ID of the tenant.
-     * @return If there is a user then returns true, else false.
-     * @throws OrganizationManagementServerException The exception is thrown when an error occurs during checking the
-     *                                               user existence.
-     */
-    boolean checkUserExists(String userId, int tenantId) throws OrganizationManagementServerException;
-
     /**
      * Get the count of {@link Role}s of an organization with respect to the filter criteria.
      *

diff --git a/...n/identity/organization/management/role/management/service/dao/RoleManagementDAOImpl.java b/...n/identity/organization/management/role/management/service/dao/RoleManagementDAOImpl.java
@@ -90,7 +90,6 @@
 import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_PERMISSION_ROLE_MAPPING_EXISTS;
 import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_ROLE_EXISTS;
 import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_ROLE_NAME_EXISTS;
-import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_USER_EXISTS;
 import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.CHECK_USER_ROLE_MAPPING_EXISTS;
 import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.DELETE_GROUPS_FROM_ROLE;
 import static org.wso2.carbon.identity.organization.management.role.management.service.constant.SQLConstants.DELETE_GROUPS_FROM_ROLE_MAPPING;
@@ -164,7 +163,6 @@
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_ROLE_FROM_ORGANIZATION_ID_ROLE_ID;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_ROLE_FROM_ORGANIZATION_ID_ROLE_NAME;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_USERS_USING_ROLE_ID;
-import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_USER_VALIDITY;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_FILTER_FORMAT;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_PATCHING_ROLE;
@@ -569,23 +567,6 @@ public boolean checkRoleExists(String organizationId, String roleId, String role
         }
     }
 
-    @Override
-    public boolean checkUserExists(String userId, int tenantId) throws OrganizationManagementServerException {
-
-        NamedJdbcTemplate namedJdbcTemplate = getNewTemplate();
-        try {
-            int value = namedJdbcTemplate.fetchSingleRecord(CHECK_USER_EXISTS,
-                    (resultSet, rowNumber) -> resultSet.getInt(1),
-                    namedPreparedStatement -> {
-                        namedPreparedStatement.setString(DB_SCHEMA_COLUMN_NAME_UM_USER_ID, userId);
-                        namedPreparedStatement.setInt(DB_SCHEMA_COLUMN_NAME_UM_TENANT_ID, tenantId);
-                    });
-            return value > 0;
-        } catch (DataAccessException e) {
-            throw handleServerException(ERROR_CODE_GETTING_USER_VALIDITY, e, userId);
-        }
-    }
-
     @Override
     public int getTotalOrganizationRoles(String organizationId, List<ExpressionNode> expressionNodes,
                                          List<String> operators) throws OrganizationManagementServerException {

diff --git a/...ty/organization/management/role/management/service/internal/RoleManagementDataHolder.java b/...ty/organization/management/role/management/service/internal/RoleManagementDataHolder.java
@@ -19,6 +19,7 @@
 package org.wso2.carbon.identity.organization.management.role.management.service.internal;
 
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.organization.management.service.OrganizationUserResidentResolverService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 /**
@@ -28,6 +29,7 @@ public class RoleManagementDataHolder {
 
     private static final RoleManagementDataHolder ROLE_MANAGEMENT_DATA_HOLDER = new RoleManagementDataHolder();
     private OrganizationManager organizationManager;
+    private OrganizationUserResidentResolverService organizationUserResidentResolverService;
     private RealmService realmService;
 
     public static RoleManagementDataHolder getInstance() {
@@ -45,6 +47,17 @@ public void setOrganizationManager(OrganizationManager organizationManager) {
         this.organizationManager = organizationManager;
     }
 
+    public OrganizationUserResidentResolverService getOrganizationUserResidentResolverService() {
+
+        return organizationUserResidentResolverService;
+    }
+
+    public void setOrganizationUserResidentResolverService(
+            OrganizationUserResidentResolverService organizationUserResidentResolverService) {
+
+        this.organizationUserResidentResolverService = organizationUserResidentResolverService;
+    }
+
     public RealmService getRealmService() {
 
         return realmService;

diff --git a/...anization/management/role/management/service/internal/RoleManagementServiceComponent.java b/...anization/management/role/management/service/internal/RoleManagementServiceComponent.java
@@ -30,6 +30,7 @@
 import org.wso2.carbon.identity.organization.management.role.management.service.RoleManager;
 import org.wso2.carbon.identity.organization.management.role.management.service.RoleManagerImpl;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.organization.management.service.OrganizationUserResidentResolverService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 /**
@@ -102,4 +103,30 @@ protected void unsetOrganizationManager(OrganizationManager organizationManager)
         }
         RoleManagementDataHolder.getInstance().setOrganizationManager(null);
     }
+
+    @Reference(
+            name = "organization.user.resident.resolver.service",
+            service = OrganizationUserResidentResolverService.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetOrganizationUserResidentResolverService"
+    )
+    protected void setOrganizationUserResidentResolverService(
+            OrganizationUserResidentResolverService organizationUserResidentResolverService) {
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Setting the organization user resident resolver service.");
+        }
+        RoleManagementDataHolder.getInstance()
+                .setOrganizationUserResidentResolverService(organizationUserResidentResolverService);
+    }
+
+    protected void unsetOrganizationUserResidentResolverService(
+            OrganizationUserResidentResolverService organizationUserResidentResolverService) {
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Unset organization user resident resolver service.");
+        }
+        RoleManagementDataHolder.getInstance().setOrganizationUserResidentResolverService(null);
+    }
 }