Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Administrator role for creator and restrict Administrator role modification and deletion #191

Merged
merged 9 commits into from
Feb 20, 2023
Merged

Add Administrator role for creator and restrict Administrator role modification and deletion #191

merged 9 commits into from
Feb 20, 2023

Conversation

RushanNanayakkara
Copy link
Contributor

@RushanNanayakkara RushanNanayakkara commented Feb 10, 2023
edited
Loading

Purpose

  1. Assign the organization creator to Administrator role as well which contains all permissions.
  2. Block role deletion and restrict updating the display_name and permissions of the Administrator role created at the creation of the sub organization.

Approach

  1. Create Administrator role for the organization at the time of creation along with org-creator role. The administrator role is then assigned to the creator in addition to the org-creator role.
  2. Update patch, put and delete processes to check if the Administrator role is being updated and if the conditions are met for restrictions. If so an exception is thrown.

@RushanNanayakkara RushanNanayakkara mentioned this pull request Feb 10, 2023
Closed
@RushanNanayakkara RushanNanayakkara changed the title Restrict Administrator role modifications and deletion Create and assign Administrator role on sub-org creation and restrict Administrator role modification and deletion Feb 14, 2023
@RushanNanayakkara RushanNanayakkara changed the title Create and assign Administrator role on sub-org creation and restrict Administrator role modification and deletion Add Administrator role for creator and restrict Administrator role modification and deletion Feb 14, 2023
@AnuradhaSK AnuradhaSK merged commit f2023d9 into wso2-extensions:main Feb 20, 2023
@RushanNanayakkara RushanNanayakkara mentioned this pull request Jun 6, 2023
Open
RushanNanayakkara
RushanNanayakkara commented Jun 6, 2023
View reviewed changes
...rg/wso2/carbon/identity/organization/management/role/management/service/RoleManagerImpl.java
// The org-creator role assigned during org creation, is not allowed for update / delete.
// The Administrator role permissions and display name are not allowed to be patched.
if (ORG_ADMINISTRATOR_ROLE.equalsIgnoreCase(role.getDisplayName())) {
return !patchOperations.stream().anyMatch(patchOperation ->
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This anyMatch function is replaced by noneMatch function in the following PR
#208

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@piyarathnalakmali piyarathnalakmali piyarathnalakmali left review comments

@AnuradhaSK AnuradhaSK AnuradhaSK approved these changes

@pulasthi7 pulasthi7 pulasthi7 left review comments

@sadilchamishka sadilchamishka sadilchamishka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@RushanNanayakkara @pulasthi7 @AnuradhaSK @sadilchamishka @piyarathnalakmali