diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml
index ef8579295e..d5a711cbb4 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml
@@ -81,5 +81,10 @@
org.wso2.carbon.identity.auth.attribute.handler
provided
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.application.role.mgt
+ provided
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java
index 5de79a136f..0b051edb7d 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java
@@ -42,6 +42,7 @@ private ApplicationManagementConstants() {
public static final String INBOUND_PROTOCOL_SAML_PATH_COMPONENT = "/saml";
public static final String INBOUND_PROTOCOL_PASSIVE_STS_PATH_COMPONENT = "/passive-sts";
public static final String INBOUND_PROTOCOL_WS_TRUST_PATH_COMPONENT = "/ws-trust";
+ public static final String ROLES_PATH_COMPONENT = "/roles";
private static final Map OAUTH_GRANT_TYPE_NAMES = new LinkedHashMap<>();
public static final String DEFAULT_NAME_ID_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
@@ -52,6 +53,15 @@ private ApplicationManagementConstants() {
public static final String CLIENT_ID = "clientId";
public static final String ISSUER = "issuer";
+ public static final String URL_SEPERATOR = "/";
+ public static final String TENANT_URL_SEPERATOR = "/t/";
+ public static final String SCIM2_ENDPOINT = "/scim2";
+
+ public static final String USERS = "/Users";
+ public static final String GROUPS = "/Groups";
+
+ public static final String LOCAL_IDP = "LOCAL";
+
public static final String NON_EXISTING_USER_CODE = "30007 - ";
/**
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementServiceHolder.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementServiceHolder.java
index 16628ebaeb..8b851255c0 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementServiceHolder.java
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementServiceHolder.java
@@ -16,6 +16,7 @@
package org.wso2.carbon.identity.api.server.application.management.common;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
import org.wso2.carbon.identity.cors.mgt.core.CORSManagementService;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
@@ -37,6 +38,7 @@ public class ApplicationManagementServiceHolder {
private static TemplateManager templateManager;
private static CORSManagementService corsManagementService;
private static RealmService realmService;
+ private static ApplicationRoleManager applicationRoleManagerService;
public static ApplicationManagementService getApplicationManagementService() {
@@ -127,4 +129,24 @@ public static void setRealmService(RealmService realmService) {
ApplicationManagementServiceHolder.realmService = realmService;
}
+
+ /**
+ * Get ApplicationRoleManager.
+ *
+ * @return ApplicationRoleManager.
+ */
+ public static ApplicationRoleManager getApplicationRoleManagerService() {
+
+ return applicationRoleManagerService;
+ }
+
+ /**
+ * Set ApplicationRoleManager.
+ *
+ * @param applicationRoleManagerService ApplicationRoleManager.
+ */
+ public static void setApplicationRoleManagerService(ApplicationRoleManager applicationRoleManagerService) {
+
+ ApplicationManagementServiceHolder.applicationRoleManagerService = applicationRoleManagerService;
+ }
}
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/factory/ApplicationRoleMgtOSGiServiceFactory.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/factory/ApplicationRoleMgtOSGiServiceFactory.java
new file mode 100644
index 0000000000..e7b8f9f562
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/factory/ApplicationRoleMgtOSGiServiceFactory.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.common.factory;
+
+import org.springframework.beans.factory.config.AbstractFactoryBean;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
+/**
+ * Factory Beans serves as a factory for creating other beans within the IOC container. This factory bean is used to
+ * instantiate the Application role Manager type of object inside the container.
+ */
+public class ApplicationRoleMgtOSGiServiceFactory extends AbstractFactoryBean {
+
+ private static ApplicationRoleManager applicationRoleMgtService;
+
+ @Override
+ public Class getObjectType() {
+
+ return Object.class;
+ }
+
+ @Override
+ protected ApplicationRoleManager createInstance() throws Exception {
+
+ if (applicationRoleMgtService == null) {
+ ApplicationRoleManager taskOperationService = (ApplicationRoleManager) PrivilegedCarbonContext.
+ getThreadLocalCarbonContext().getOSGiService(ApplicationRoleManager.class, null);
+
+ if (taskOperationService == null) {
+ throw new Exception("Unable to retrieve application role management service.");
+ }
+ applicationRoleMgtService = taskOperationService;
+ }
+ return applicationRoleMgtService;
+ }
+}
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml
index 4338069c41..1b74124c2d 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml
@@ -153,6 +153,11 @@
cxf-rt-rs-extension-search
provided
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.application.role.mgt
+ provided
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApi.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApi.java
index 0cf8a91191..34acb5aea4 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApi.java
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApi.java
@@ -39,15 +39,23 @@
import org.wso2.carbon.identity.api.server.application.management.v1.CustomInboundProtocolMetaData;
import org.wso2.carbon.identity.api.server.application.management.v1.Error;
import java.io.File;
+import org.wso2.carbon.identity.api.server.application.management.v1.GroupsAssignedRoleResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.InboundProtocolListItem;
import org.wso2.carbon.identity.api.server.application.management.v1.OIDCMetaData;
import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.PaginatedAppRoleResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.PassiveStsConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ResidentApplication;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleCreationModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RolePatchModel;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
import org.wso2.carbon.identity.api.server.application.management.v1.SAMLMetaData;
+import org.wso2.carbon.identity.api.server.application.management.v1.UsersAssignedRoleResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustMetaData;
import org.wso2.carbon.identity.api.server.application.management.v1.ApplicationsApiService;
@@ -92,6 +100,30 @@ public Response changeApplicationOwner(@ApiParam(value = "ID of the application.
return delegate.changeApplicationOwner(applicationId, applicationOwner );
}
+ @Valid
+ @POST
+ @Path("/{applicationId}/roles")
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Create an application role with collected permissions ", notes = "Create a new application role with or without permissions
Permission required:
* /permission/admin/manage/identity/applicationmgt/update
Scope required:
* internal_application_mgt_update ", response = Role.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 201, message = "Successfully created.", response = Role.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 409, message = "Conflict", response = Error.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response createAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role name and Permissions to add to the role" ) @Valid RoleCreationModel roleCreationModel) {
+
+ return delegate.createAppRole(applicationId, roleCreationModel );
+ }
+
@Valid
@POST
@@ -142,6 +174,29 @@ public Response createApplicationTemplate(@ApiParam(value = "This represents the
return delegate.createApplicationTemplate(applicationTemplateModel );
}
+ @Valid
+ @DELETE
+ @Path("/{applicationId}/roles/{roleId}")
+
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Delete an application role ", notes = "Delete a role
Permission required:
* /permission/admin/manage/identity/applicationmgt/update
Scope required:
* internal_application_mgt_update ", response = Void.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 204, message = "Delete Success", response = Void.class),
+ @ApiResponse(code = 400, message = "", response = Void.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response deleteAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId) {
+
+ return delegate.deleteAppRole(applicationId, roleId );
+ }
+
@Valid
@DELETE
@Path("/{applicationId}")
@@ -381,6 +436,29 @@ public Response getAdaptiveAuthTemplates() {
return delegate.getAdaptiveAuthTemplates();
}
+ @Valid
+ @GET
+ @Path("/{applicationId}/roles")
+
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Get all roles of the application ", notes = "Get all roles of the application
Permission required:
* /permission/admin/manage/identity/applicationmgt/view
Scope required:
* internal_application_mgt_view ", response = PaginatedAppRoleResponse.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = PaginatedAppRoleResponse.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response getAllAppRoles(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @Valid@ApiParam(value = "Previous Cursor") @QueryParam("before") String before, @Valid@ApiParam(value = "Next Cursor") @QueryParam("after") String after) {
+
+ return delegate.getAllAppRoles(applicationId, before, after );
+ }
+
@Valid
@GET
@Path("/templates")
@@ -434,6 +512,78 @@ public Response getAllApplications( @Valid @Min(1)@ApiParam(value = "Maximum
return delegate.getAllApplications(limit, offset, filter, sortOrder, sortBy, attributes );
}
+ @Valid
+ @GET
+ @Path("/{applicationId}/roles/{roleId}")
+
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Get role and associated permissions ", notes = "Get a role of the application and its associated permissions
Permission required:
* /permission/admin/manage/identity/applicationmgt/update
Scope required:
* internal_application_mgt_update ", response = Role.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = Role.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 404, message = "Not Found", response = Error.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response getAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId) {
+
+ return delegate.getAppRole(applicationId, roleId );
+ }
+
+ @Valid
+ @GET
+ @Path("/{applicationId}/roles/{roleId}/assigned-groups")
+
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Get role and assigned groups ", notes = "Get a role of the application and its assigned groups
Permission required:
* /permission/admin/manage/identity/rolemgt/view
Scope required:
* internal_role_mgt_view ", response = GroupsAssignedRoleResponse.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = GroupsAssignedRoleResponse.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 404, message = "Not Found", response = Error.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response getAppRoleGroups(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId, @Valid@ApiParam(value = "Idp ID") @QueryParam("idpId") String idpId) {
+
+ return delegate.getAppRoleGroups(applicationId, roleId, idpId );
+ }
+
+ @Valid
+ @GET
+ @Path("/{applicationId}/roles/{roleId}/assigned-users")
+
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Get role and assigned users ", notes = "Get a role of the application and its assigned users
Permission required:
* /permission/admin/manage/identity/usermgt/view
Scope required:
* internal_user_mgt_view ", response = UsersAssignedRoleResponse.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = UsersAssignedRoleResponse.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 404, message = "Not Found", response = Error.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response getAppRoleUsers(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId) {
+
+ return delegate.getAppRoleUsers(applicationId, roleId );
+ }
+
@Valid
@GET
@Path("/{applicationId}")
@@ -838,6 +988,75 @@ public Response importApplicationForUpdate(@Multipart(value = "file", required =
return delegate.importApplicationForUpdate(fileInputStream, fileDetail );
}
+ @Valid
+ @PATCH
+ @Path("/{applicationId}/roles/{roleId}")
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Update an application role ", notes = "Update role name and permissions
Permission required:
* /permission/admin/manage/identity/applicationmgt/update
Scope required:
* internal_application_mgt_update ", response = Role.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = Role.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response patchAppRole(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId, @ApiParam(value = "" ) @Valid RolePatchModel rolePatchModel) {
+
+ return delegate.patchAppRole(applicationId, roleId, rolePatchModel );
+ }
+
+ @Valid
+ @PATCH
+ @Path("/{applicationId}/roles/{roleId}/assigned-groups")
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Assign groups to an application role ", notes = "Assign groups to an application role
Permission required:
* /permission/admin/manage/identity/rolemgt/update
Scope required:
* internal_role_mgt_update ", response = GroupsAssignedRoleResponse.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = GroupsAssignedRoleResponse.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response patchAppRoleAssignedGroups(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId, @ApiParam(value = "" ) @Valid RoleAssignedGroupsPatchModel roleAssignedGroupsPatchModel) {
+
+ return delegate.patchAppRoleAssignedGroups(applicationId, roleId, roleAssignedGroupsPatchModel );
+ }
+
+ @Valid
+ @PATCH
+ @Path("/{applicationId}/roles/{roleId}/assigned-users")
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @ApiOperation(value = "Assign users to an application role ", notes = "Assign users to an application role
Permission required:
* /permission/admin/manage/identity/usermgt/update
Scope required:
* internal_user_mgt_update ", response = UsersAssignedRoleResponse.class, authorizations = {
+ @Authorization(value = "BasicAuth"),
+ @Authorization(value = "OAuth2", scopes = {
+
+ })
+ }, tags={ "Application Roles", })
+ @ApiResponses(value = {
+ @ApiResponse(code = 200, message = "OK", response = UsersAssignedRoleResponse.class),
+ @ApiResponse(code = 400, message = "Bad Request", response = Error.class),
+ @ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
+ @ApiResponse(code = 403, message = "Forbidden", response = Void.class),
+ @ApiResponse(code = 500, message = "Server Error", response = Error.class)
+ })
+ public Response patchAppRoleAssignedUsers(@ApiParam(value = "Application ID",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "Role ID",required=true) @PathParam("roleId") String roleId, @ApiParam(value = "" ) @Valid RoleAssignedUsersPatchModel roleAssignedUsersPatchModel) {
+
+ return delegate.patchAppRoleAssignedUsers(applicationId, roleId, roleAssignedUsersPatchModel );
+ }
+
@Valid
@PATCH
@Path("/{applicationId}")
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApiService.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApiService.java
index 46d2d8f59d..924c8fd2a1 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApiService.java
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ApplicationsApiService.java
@@ -39,15 +39,23 @@
import org.wso2.carbon.identity.api.server.application.management.v1.CustomInboundProtocolMetaData;
import org.wso2.carbon.identity.api.server.application.management.v1.Error;
import java.io.File;
+import org.wso2.carbon.identity.api.server.application.management.v1.GroupsAssignedRoleResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.InboundProtocolListItem;
import org.wso2.carbon.identity.api.server.application.management.v1.OIDCMetaData;
import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.PaginatedAppRoleResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.PassiveStsConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ResidentApplication;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleCreationModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RolePatchModel;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
import org.wso2.carbon.identity.api.server.application.management.v1.SAMLMetaData;
+import org.wso2.carbon.identity.api.server.application.management.v1.UsersAssignedRoleResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustMetaData;
import javax.ws.rs.core.Response;
@@ -57,10 +65,14 @@ public interface ApplicationsApiService {
public Response changeApplicationOwner(String applicationId, ApplicationOwner applicationOwner);
+ public Response createAppRole(String applicationId, RoleCreationModel roleCreationModel);
+
public Response createApplication(ApplicationModel applicationModel, String template);
public Response createApplicationTemplate(ApplicationTemplateModel applicationTemplateModel);
+ public Response deleteAppRole(String applicationId, String roleId);
+
public Response deleteApplication(String applicationId);
public Response deleteApplicationTemplate(String templateId);
@@ -83,8 +95,16 @@ public interface ApplicationsApiService {
public Response getAllApplicationTemplates(Integer limit, Integer offset, SearchContext searchContext);
+ public Response getAllAppRoles(String applicationId, String before, String after);
+
public Response getAllApplications(Integer limit, Integer offset, String filter, String sortOrder, String sortBy, String attributes);
+ public Response getAppRole(String applicationId, String roleId);
+
+ public Response getAppRoleGroups(String applicationId, String roleId, String idpId);
+
+ public Response getAppRoleUsers(String applicationId, String roleId);
+
public Response getApplication(String applicationId);
public Response getApplicationTemplate(String templateId);
@@ -119,6 +139,12 @@ public interface ApplicationsApiService {
public Response importApplicationForUpdate(InputStream fileInputStream, Attachment fileDetail);
+ public Response patchAppRole(String applicationId, String roleId, RolePatchModel rolePatchModel);
+
+ public Response patchAppRoleAssignedGroups(String applicationId, String roleId, RoleAssignedGroupsPatchModel roleAssignedGroupsPatchModel);
+
+ public Response patchAppRoleAssignedUsers(String applicationId, String roleId, RoleAssignedUsersPatchModel roleAssignedUsersPatchModel);
+
public Response patchApplication(String applicationId, ApplicationPatchModel applicationPatchModel);
public Response regenerateOAuthClientSecret(String applicationId);
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/GroupsAssignedRoleResponse.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/GroupsAssignedRoleResponse.java
new file mode 100644
index 0000000000..b5e523c06a
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/GroupsAssignedRoleResponse.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroup;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class GroupsAssignedRoleResponse {
+
+ private List assignedGroups = null;
+
+
+ /**
+ **/
+ public GroupsAssignedRoleResponse assignedGroups(List assignedGroups) {
+
+ this.assignedGroups = assignedGroups;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("assignedGroups")
+ @Valid
+ public List getAssignedGroups() {
+ return assignedGroups;
+ }
+ public void setAssignedGroups(List assignedGroups) {
+ this.assignedGroups = assignedGroups;
+ }
+
+ public GroupsAssignedRoleResponse addAssignedGroupsItem(RoleAssignedGroup assignedGroupsItem) {
+ if (this.assignedGroups == null) {
+ this.assignedGroups = new ArrayList<>();
+ }
+ this.assignedGroups.add(assignedGroupsItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ GroupsAssignedRoleResponse groupsAssignedRoleResponse = (GroupsAssignedRoleResponse) o;
+ return Objects.equals(this.assignedGroups, groupsAssignedRoleResponse.assignedGroups);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(assignedGroups);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class GroupsAssignedRoleResponse {\n");
+
+ sb.append(" assignedGroups: ").append(toIndentedString(assignedGroups)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PaginatedAppRoleResponse.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PaginatedAppRoleResponse.java
new file mode 100644
index 0000000000..b24fac7ee5
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PaginatedAppRoleResponse.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.PaginationLink;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class PaginatedAppRoleResponse {
+
+ private List links = new ArrayList<>();
+
+ private List roles = null;
+
+
+ /**
+ **/
+ public PaginatedAppRoleResponse links(List links) {
+
+ this.links = links;
+ return this;
+ }
+
+ @ApiModelProperty(required = true, value = "")
+ @JsonProperty("links")
+ @Valid
+ @NotNull(message = "Property links cannot be null.")
+
+ public List getLinks() {
+ return links;
+ }
+ public void setLinks(List links) {
+ this.links = links;
+ }
+
+ public PaginatedAppRoleResponse addLinksItem(PaginationLink linksItem) {
+ this.links.add(linksItem);
+ return this;
+ }
+
+ /**
+ **/
+ public PaginatedAppRoleResponse roles(List roles) {
+
+ this.roles = roles;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("roles")
+ @Valid
+ public List getRoles() {
+ return roles;
+ }
+ public void setRoles(List roles) {
+ this.roles = roles;
+ }
+
+ public PaginatedAppRoleResponse addRolesItem(Role rolesItem) {
+ if (this.roles == null) {
+ this.roles = new ArrayList<>();
+ }
+ this.roles.add(rolesItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ PaginatedAppRoleResponse paginatedAppRoleResponse = (PaginatedAppRoleResponse) o;
+ return Objects.equals(this.links, paginatedAppRoleResponse.links) &&
+ Objects.equals(this.roles, paginatedAppRoleResponse.roles);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(links, roles);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class PaginatedAppRoleResponse {\n");
+
+ sb.append(" links: ").append(toIndentedString(links)).append("\n");
+ sb.append(" roles: ").append(toIndentedString(roles)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PaginationLink.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PaginationLink.java
new file mode 100644
index 0000000000..b86d650023
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PaginationLink.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class PaginationLink {
+
+ private String rel;
+ private String href;
+
+ /**
+ **/
+ public PaginationLink rel(String rel) {
+
+ this.rel = rel;
+ return this;
+ }
+
+ @ApiModelProperty(example = "before", value = "")
+ @JsonProperty("rel")
+ @Valid
+ public String getRel() {
+ return rel;
+ }
+ public void setRel(String rel) {
+ this.rel = rel;
+ }
+
+ /**
+ **/
+ public PaginationLink href(String href) {
+
+ this.href = href;
+ return this;
+ }
+
+ @ApiModelProperty(example = "/t/{tenant-name}/applications/{application-id}/roles?after=NDoy", value = "")
+ @JsonProperty("href")
+ @Valid
+ public String getHref() {
+ return href;
+ }
+ public void setHref(String href) {
+ this.href = href;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ PaginationLink paginationLink = (PaginationLink) o;
+ return Objects.equals(this.rel, paginationLink.rel) &&
+ Objects.equals(this.href, paginationLink.href);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(rel, href);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class PaginationLink {\n");
+
+ sb.append(" rel: ").append(toIndentedString(rel)).append("\n");
+ sb.append(" href: ").append(toIndentedString(href)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/Permission.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/Permission.java
new file mode 100644
index 0000000000..ba44e24887
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/Permission.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class Permission {
+
+ private String name;
+ private String displayName;
+
+ /**
+ **/
+ public Permission name(String name) {
+
+ this.name = name;
+ return this;
+ }
+
+ @ApiModelProperty(example = "deploy_component", required = true, value = "")
+ @JsonProperty("name")
+ @Valid
+ @NotNull(message = "Property name cannot be null.")
+
+ public String getName() {
+ return name;
+ }
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ **/
+ public Permission displayName(String displayName) {
+
+ this.displayName = displayName;
+ return this;
+ }
+
+ @ApiModelProperty(example = "Deploy Component", value = "")
+ @JsonProperty("displayName")
+ @Valid
+ public String getDisplayName() {
+ return displayName;
+ }
+ public void setDisplayName(String displayName) {
+ this.displayName = displayName;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ Permission permission = (Permission) o;
+ return Objects.equals(this.name, permission.name) &&
+ Objects.equals(this.displayName, permission.displayName);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(name, displayName);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class Permission {\n");
+
+ sb.append(" name: ").append(toIndentedString(name)).append("\n");
+ sb.append(" displayName: ").append(toIndentedString(displayName)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/Role.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/Role.java
new file mode 100644
index 0000000000..25ed0584c0
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/Role.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.Permission;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class Role {
+
+ private String id;
+ private String name;
+ private List permissions = null;
+
+
+ /**
+ **/
+ public Role id(String id) {
+
+ this.id = id;
+ return this;
+ }
+
+ @ApiModelProperty(example = "85e3f4b8-0d22-4181-b1e3-1651f71b88bd", value = "")
+ @JsonProperty("id")
+ @Valid
+ public String getId() {
+ return id;
+ }
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ /**
+ **/
+ public Role name(String name) {
+
+ this.name = name;
+ return this;
+ }
+
+ @ApiModelProperty(example = "administrator", value = "")
+ @JsonProperty("name")
+ @Valid
+ public String getName() {
+ return name;
+ }
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ **/
+ public Role permissions(List permissions) {
+
+ this.permissions = permissions;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("permissions")
+ @Valid
+ public List getPermissions() {
+ return permissions;
+ }
+ public void setPermissions(List permissions) {
+ this.permissions = permissions;
+ }
+
+ public Role addPermissionsItem(Permission permissionsItem) {
+ if (this.permissions == null) {
+ this.permissions = new ArrayList<>();
+ }
+ this.permissions.add(permissionsItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ Role role = (Role) o;
+ return Objects.equals(this.id, role.id) &&
+ Objects.equals(this.name, role.name) &&
+ Objects.equals(this.permissions, role.permissions);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, name, permissions);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class Role {\n");
+
+ sb.append(" id: ").append(toIndentedString(id)).append("\n");
+ sb.append(" name: ").append(toIndentedString(name)).append("\n");
+ sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroup.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroup.java
new file mode 100644
index 0000000000..c4176af2f6
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroup.java
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedGroup {
+
+ private String $ref;
+ private String name;
+ private String id;
+ private String idpId;
+ private String idpName;
+
+ /**
+ **/
+ public RoleAssignedGroup $ref(String $ref) {
+
+ this.$ref = $ref;
+ return this;
+ }
+
+ @ApiModelProperty(example = "https://localhost:9443/scim2/Groups/3a12bae9-4386-44be-befd-caf349297f45", value = "")
+ @JsonProperty("$ref")
+ @Valid
+ public String get$Ref() {
+ return $ref;
+ }
+ public void set$Ref(String $ref) {
+ this.$ref = $ref;
+ }
+
+ /**
+ **/
+ public RoleAssignedGroup name(String name) {
+
+ this.name = name;
+ return this;
+ }
+
+ @ApiModelProperty(example = "group name", value = "")
+ @JsonProperty("name")
+ @Valid
+ public String getName() {
+ return name;
+ }
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ **/
+ public RoleAssignedGroup id(String id) {
+
+ this.id = id;
+ return this;
+ }
+
+ @ApiModelProperty(example = "e44dbc52-dcc3-443d-96f5-fe9dc208e9d8", value = "")
+ @JsonProperty("id")
+ @Valid
+ public String getId() {
+ return id;
+ }
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ /**
+ **/
+ public RoleAssignedGroup idpId(String idpId) {
+
+ this.idpId = idpId;
+ return this;
+ }
+
+ @ApiModelProperty(example = "e44dbc52-dcc3-443d-96f5-fe9dc208e9d8", value = "")
+ @JsonProperty("idpId")
+ @Valid
+ public String getIdpId() {
+ return idpId;
+ }
+ public void setIdpId(String idpId) {
+ this.idpId = idpId;
+ }
+
+ /**
+ **/
+ public RoleAssignedGroup idpName(String idpName) {
+
+ this.idpName = idpName;
+ return this;
+ }
+
+ @ApiModelProperty(example = "idp name", value = "")
+ @JsonProperty("idpName")
+ @Valid
+ public String getIdpName() {
+ return idpName;
+ }
+ public void setIdpName(String idpName) {
+ this.idpName = idpName;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedGroup roleAssignedGroup = (RoleAssignedGroup) o;
+ return Objects.equals(this.$ref, roleAssignedGroup.$ref) &&
+ Objects.equals(this.name, roleAssignedGroup.name) &&
+ Objects.equals(this.id, roleAssignedGroup.id) &&
+ Objects.equals(this.idpId, roleAssignedGroup.idpId) &&
+ Objects.equals(this.idpName, roleAssignedGroup.idpName);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash($ref, name, id, idpId, idpName);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedGroup {\n");
+
+ sb.append(" $ref: ").append(toIndentedString($ref)).append("\n");
+ sb.append(" name: ").append(toIndentedString(name)).append("\n");
+ sb.append(" id: ").append(toIndentedString(id)).append("\n");
+ sb.append(" idpId: ").append(toIndentedString(idpId)).append("\n");
+ sb.append(" idpName: ").append(toIndentedString(idpName)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchModel.java
new file mode 100644
index 0000000000..43072f2dea
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchModel.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchOp;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedGroupsPatchModel {
+
+ private List operations = new ArrayList<>();
+
+
+ /**
+ **/
+ public RoleAssignedGroupsPatchModel operations(List operations) {
+
+ this.operations = operations;
+ return this;
+ }
+
+ @ApiModelProperty(required = true, value = "")
+ @JsonProperty("operations")
+ @Valid
+ @NotNull(message = "Property operations cannot be null.")
+
+ public List getOperations() {
+ return operations;
+ }
+ public void setOperations(List operations) {
+ this.operations = operations;
+ }
+
+ public RoleAssignedGroupsPatchModel addOperationsItem(RoleAssignedGroupsPatchOp operationsItem) {
+ this.operations.add(operationsItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedGroupsPatchModel roleAssignedGroupsPatchModel = (RoleAssignedGroupsPatchModel) o;
+ return Objects.equals(this.operations, roleAssignedGroupsPatchModel.operations);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(operations);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedGroupsPatchModel {\n");
+
+ sb.append(" operations: ").append(toIndentedString(operations)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchOp.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchOp.java
new file mode 100644
index 0000000000..b69ed9a773
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchOp.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchOpValue;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedGroupsPatchOp {
+
+ private String op;
+ private List value = new ArrayList<>();
+
+
+ /**
+ **/
+ public RoleAssignedGroupsPatchOp op(String op) {
+
+ this.op = op;
+ return this;
+ }
+
+ @ApiModelProperty(example = "add", required = true, value = "")
+ @JsonProperty("op")
+ @Valid
+ @NotNull(message = "Property op cannot be null.")
+
+ public String getOp() {
+ return op;
+ }
+ public void setOp(String op) {
+ this.op = op;
+ }
+
+ /**
+ **/
+ public RoleAssignedGroupsPatchOp value(List value) {
+
+ this.value = value;
+ return this;
+ }
+
+ @ApiModelProperty(required = true, value = "")
+ @JsonProperty("value")
+ @Valid
+ @NotNull(message = "Property value cannot be null.")
+
+ public List getValue() {
+ return value;
+ }
+ public void setValue(List value) {
+ this.value = value;
+ }
+
+ public RoleAssignedGroupsPatchOp addValueItem(RoleAssignedGroupsPatchOpValue valueItem) {
+ this.value.add(valueItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedGroupsPatchOp roleAssignedGroupsPatchOp = (RoleAssignedGroupsPatchOp) o;
+ return Objects.equals(this.op, roleAssignedGroupsPatchOp.op) &&
+ Objects.equals(this.value, roleAssignedGroupsPatchOp.value);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(op, value);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedGroupsPatchOp {\n");
+
+ sb.append(" op: ").append(toIndentedString(op)).append("\n");
+ sb.append(" value: ").append(toIndentedString(value)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchOpValue.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchOpValue.java
new file mode 100644
index 0000000000..861acbd496
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedGroupsPatchOpValue.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedGroupsPatchOpValue {
+
+ private String idpId;
+ private String groupId;
+
+ /**
+ **/
+ public RoleAssignedGroupsPatchOpValue idpId(String idpId) {
+
+ this.idpId = idpId;
+ return this;
+ }
+
+ @ApiModelProperty(example = "e44dbc52-dcc3-443d-96f5-fe9dc208e9d8", value = "")
+ @JsonProperty("idpId")
+ @Valid
+ public String getIdpId() {
+ return idpId;
+ }
+ public void setIdpId(String idpId) {
+ this.idpId = idpId;
+ }
+
+ /**
+ **/
+ public RoleAssignedGroupsPatchOpValue groupId(String groupId) {
+
+ this.groupId = groupId;
+ return this;
+ }
+
+ @ApiModelProperty(example = "e44dbc52-dcc3-443d-96f5-fe9dc208e9d8", value = "")
+ @JsonProperty("groupId")
+ @Valid
+ public String getGroupId() {
+ return groupId;
+ }
+ public void setGroupId(String groupId) {
+ this.groupId = groupId;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedGroupsPatchOpValue roleAssignedGroupsPatchOpValue = (RoleAssignedGroupsPatchOpValue) o;
+ return Objects.equals(this.idpId, roleAssignedGroupsPatchOpValue.idpId) &&
+ Objects.equals(this.groupId, roleAssignedGroupsPatchOpValue.groupId);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(idpId, groupId);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedGroupsPatchOpValue {\n");
+
+ sb.append(" idpId: ").append(toIndentedString(idpId)).append("\n");
+ sb.append(" groupId: ").append(toIndentedString(groupId)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUser.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUser.java
new file mode 100644
index 0000000000..a1f33a9ab1
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUser.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedUser {
+
+ private String $ref;
+ private String name;
+ private String id;
+
+ /**
+ **/
+ public RoleAssignedUser $ref(String $ref) {
+
+ this.$ref = $ref;
+ return this;
+ }
+
+ @ApiModelProperty(example = "https://localhost:9443/scim2/Users/3a12bae9-4386-44be-befd-caf349297f45", value = "")
+ @JsonProperty("$ref")
+ @Valid
+ public String get$Ref() {
+ return $ref;
+ }
+ public void set$Ref(String $ref) {
+ this.$ref = $ref;
+ }
+
+ /**
+ **/
+ public RoleAssignedUser name(String name) {
+
+ this.name = name;
+ return this;
+ }
+
+ @ApiModelProperty(example = "username", value = "")
+ @JsonProperty("name")
+ @Valid
+ public String getName() {
+ return name;
+ }
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ **/
+ public RoleAssignedUser id(String id) {
+
+ this.id = id;
+ return this;
+ }
+
+ @ApiModelProperty(example = "e44dbc52-dcc3-443d-96f5-fe9dc208e9d8", value = "")
+ @JsonProperty("id")
+ @Valid
+ public String getId() {
+ return id;
+ }
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedUser roleAssignedUser = (RoleAssignedUser) o;
+ return Objects.equals(this.$ref, roleAssignedUser.$ref) &&
+ Objects.equals(this.name, roleAssignedUser.name) &&
+ Objects.equals(this.id, roleAssignedUser.id);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash($ref, name, id);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedUser {\n");
+
+ sb.append(" $ref: ").append(toIndentedString($ref)).append("\n");
+ sb.append(" name: ").append(toIndentedString(name)).append("\n");
+ sb.append(" id: ").append(toIndentedString(id)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchModel.java
new file mode 100644
index 0000000000..a2e4cb75c5
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchModel.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchOp;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedUsersPatchModel {
+
+ private List operations = new ArrayList<>();
+
+
+ /**
+ **/
+ public RoleAssignedUsersPatchModel operations(List operations) {
+
+ this.operations = operations;
+ return this;
+ }
+
+ @ApiModelProperty(required = true, value = "")
+ @JsonProperty("operations")
+ @Valid
+ @NotNull(message = "Property operations cannot be null.")
+
+ public List getOperations() {
+ return operations;
+ }
+ public void setOperations(List operations) {
+ this.operations = operations;
+ }
+
+ public RoleAssignedUsersPatchModel addOperationsItem(RoleAssignedUsersPatchOp operationsItem) {
+ this.operations.add(operationsItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedUsersPatchModel roleAssignedUsersPatchModel = (RoleAssignedUsersPatchModel) o;
+ return Objects.equals(this.operations, roleAssignedUsersPatchModel.operations);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(operations);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedUsersPatchModel {\n");
+
+ sb.append(" operations: ").append(toIndentedString(operations)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchOp.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchOp.java
new file mode 100644
index 0000000000..f167d47109
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchOp.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchOpValue;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedUsersPatchOp {
+
+ private String op;
+ private List value = new ArrayList<>();
+
+
+ /**
+ **/
+ public RoleAssignedUsersPatchOp op(String op) {
+
+ this.op = op;
+ return this;
+ }
+
+ @ApiModelProperty(example = "add", required = true, value = "")
+ @JsonProperty("op")
+ @Valid
+ @NotNull(message = "Property op cannot be null.")
+
+ public String getOp() {
+ return op;
+ }
+ public void setOp(String op) {
+ this.op = op;
+ }
+
+ /**
+ **/
+ public RoleAssignedUsersPatchOp value(List value) {
+
+ this.value = value;
+ return this;
+ }
+
+ @ApiModelProperty(required = true, value = "")
+ @JsonProperty("value")
+ @Valid
+ @NotNull(message = "Property value cannot be null.")
+
+ public List getValue() {
+ return value;
+ }
+ public void setValue(List value) {
+ this.value = value;
+ }
+
+ public RoleAssignedUsersPatchOp addValueItem(RoleAssignedUsersPatchOpValue valueItem) {
+ this.value.add(valueItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedUsersPatchOp roleAssignedUsersPatchOp = (RoleAssignedUsersPatchOp) o;
+ return Objects.equals(this.op, roleAssignedUsersPatchOp.op) &&
+ Objects.equals(this.value, roleAssignedUsersPatchOp.value);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(op, value);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedUsersPatchOp {\n");
+
+ sb.append(" op: ").append(toIndentedString(op)).append("\n");
+ sb.append(" value: ").append(toIndentedString(value)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchOpValue.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchOpValue.java
new file mode 100644
index 0000000000..582db84f06
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleAssignedUsersPatchOpValue.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleAssignedUsersPatchOpValue {
+
+ private String userId;
+
+ /**
+ **/
+ public RoleAssignedUsersPatchOpValue userId(String userId) {
+
+ this.userId = userId;
+ return this;
+ }
+
+ @ApiModelProperty(example = "e44dbc52-dcc3-443d-96f5-fe9dc208e9d8", value = "")
+ @JsonProperty("userId")
+ @Valid
+ public String getUserId() {
+ return userId;
+ }
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleAssignedUsersPatchOpValue roleAssignedUsersPatchOpValue = (RoleAssignedUsersPatchOpValue) o;
+ return Objects.equals(this.userId, roleAssignedUsersPatchOpValue.userId);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(userId);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleAssignedUsersPatchOpValue {\n");
+
+ sb.append(" userId: ").append(toIndentedString(userId)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleCreationModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleCreationModel.java
new file mode 100644
index 0000000000..3575ba36bb
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RoleCreationModel.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.Permission;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RoleCreationModel {
+
+ private String name;
+ private List permissions = null;
+
+
+ /**
+ **/
+ public RoleCreationModel name(String name) {
+
+ this.name = name;
+ return this;
+ }
+
+ @ApiModelProperty(example = "administrator", required = true, value = "")
+ @JsonProperty("name")
+ @Valid
+ @NotNull(message = "Property name cannot be null.")
+
+ public String getName() {
+ return name;
+ }
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ **/
+ public RoleCreationModel permissions(List permissions) {
+
+ this.permissions = permissions;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("permissions")
+ @Valid
+ public List getPermissions() {
+ return permissions;
+ }
+ public void setPermissions(List permissions) {
+ this.permissions = permissions;
+ }
+
+ public RoleCreationModel addPermissionsItem(Permission permissionsItem) {
+ if (this.permissions == null) {
+ this.permissions = new ArrayList<>();
+ }
+ this.permissions.add(permissionsItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RoleCreationModel roleCreationModel = (RoleCreationModel) o;
+ return Objects.equals(this.name, roleCreationModel.name) &&
+ Objects.equals(this.permissions, roleCreationModel.permissions);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(name, permissions);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RoleCreationModel {\n");
+
+ sb.append(" name: ").append(toIndentedString(name)).append("\n");
+ sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RolePatchModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RolePatchModel.java
new file mode 100644
index 0000000000..c3ece77d08
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RolePatchModel.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.Permission;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class RolePatchModel {
+
+ private String name;
+ private List addedPermissions = null;
+
+ private List removedPermissions = null;
+
+
+ /**
+ **/
+ public RolePatchModel name(String name) {
+
+ this.name = name;
+ return this;
+ }
+
+ @ApiModelProperty(example = "uuid", value = "")
+ @JsonProperty("name")
+ @Valid
+ public String getName() {
+ return name;
+ }
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ **/
+ public RolePatchModel addedPermissions(List addedPermissions) {
+
+ this.addedPermissions = addedPermissions;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("addedPermissions")
+ @Valid
+ public List getAddedPermissions() {
+ return addedPermissions;
+ }
+ public void setAddedPermissions(List addedPermissions) {
+ this.addedPermissions = addedPermissions;
+ }
+
+ public RolePatchModel addAddedPermissionsItem(Permission addedPermissionsItem) {
+ if (this.addedPermissions == null) {
+ this.addedPermissions = new ArrayList<>();
+ }
+ this.addedPermissions.add(addedPermissionsItem);
+ return this;
+ }
+
+ /**
+ **/
+ public RolePatchModel removedPermissions(List removedPermissions) {
+
+ this.removedPermissions = removedPermissions;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("removedPermissions")
+ @Valid
+ public List getRemovedPermissions() {
+ return removedPermissions;
+ }
+ public void setRemovedPermissions(List removedPermissions) {
+ this.removedPermissions = removedPermissions;
+ }
+
+ public RolePatchModel addRemovedPermissionsItem(Permission removedPermissionsItem) {
+ if (this.removedPermissions == null) {
+ this.removedPermissions = new ArrayList<>();
+ }
+ this.removedPermissions.add(removedPermissionsItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ RolePatchModel rolePatchModel = (RolePatchModel) o;
+ return Objects.equals(this.name, rolePatchModel.name) &&
+ Objects.equals(this.addedPermissions, rolePatchModel.addedPermissions) &&
+ Objects.equals(this.removedPermissions, rolePatchModel.removedPermissions);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(name, addedPermissions, removedPermissions);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class RolePatchModel {\n");
+
+ sb.append(" name: ").append(toIndentedString(name)).append("\n");
+ sb.append(" addedPermissions: ").append(toIndentedString(addedPermissions)).append("\n");
+ sb.append(" removedPermissions: ").append(toIndentedString(removedPermissions)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/UsersAssignedRoleResponse.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/UsersAssignedRoleResponse.java
new file mode 100644
index 0000000000..4ccd64e7c3
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/UsersAssignedRoleResponse.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUser;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class UsersAssignedRoleResponse {
+
+ private List assignedUsers = null;
+
+
+ /**
+ **/
+ public UsersAssignedRoleResponse assignedUsers(List assignedUsers) {
+
+ this.assignedUsers = assignedUsers;
+ return this;
+ }
+
+ @ApiModelProperty(value = "")
+ @JsonProperty("assignedUsers")
+ @Valid
+ public List getAssignedUsers() {
+ return assignedUsers;
+ }
+ public void setAssignedUsers(List assignedUsers) {
+ this.assignedUsers = assignedUsers;
+ }
+
+ public UsersAssignedRoleResponse addAssignedUsersItem(RoleAssignedUser assignedUsersItem) {
+ if (this.assignedUsers == null) {
+ this.assignedUsers = new ArrayList<>();
+ }
+ this.assignedUsers.add(assignedUsersItem);
+ return this;
+ }
+
+
+
+ @Override
+ public boolean equals(java.lang.Object o) {
+
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ UsersAssignedRoleResponse usersAssignedRoleResponse = (UsersAssignedRoleResponse) o;
+ return Objects.equals(this.assignedUsers, usersAssignedRoleResponse.assignedUsers);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(assignedUsers);
+ }
+
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("class UsersAssignedRoleResponse {\n");
+
+ sb.append(" assignedUsers: ").append(toIndentedString(assignedUsers)).append("\n");
+ sb.append("}");
+ return sb.toString();
+ }
+
+ /**
+ * Convert the given object to string with each line indented by 4 spaces
+ * (except the first line).
+ */
+ private String toIndentedString(java.lang.Object o) {
+
+ if (o == null) {
+ return "null";
+ }
+ return o.toString().replace("\n", "\n");
+ }
+}
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/constants/ApplicationRoleMgtEndpointConstants.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/constants/ApplicationRoleMgtEndpointConstants.java
new file mode 100644
index 0000000000..e955131bd3
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/constants/ApplicationRoleMgtEndpointConstants.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1.constants;
+
+/**
+ * Application role management endpoint constants.
+ */
+public class ApplicationRoleMgtEndpointConstants {
+
+ public static final String APP_ROLE_MGT_ERROR_CODE_PREFIX = "APP-ROLE-";
+ /**
+ * Application role management error message constants.
+ */
+ public enum ErrorMessage {
+
+ // Server Errors.
+ ERROR_CODE_INSERT_ROLE("65001", "Error occurred while adding the role.",
+ "Error occurred while adding the role: %s to application: %s."),
+ ERROR_CODE_GET_ROLE_BY_ID("65002", "Error occurred while retrieving the role.",
+ "Error occurred while retrieving the role: %s."),
+ ERROR_CODE_CHECKING_ROLE_EXISTENCE("65003", "Error occurred while checking the role existence.",
+ "Error occurred while checking whether the role: %s exists in application: %s."),
+ ERROR_CODE_GET_ROLES_BY_APPLICATION("65004", "Error occurred while retrieving the roles of the application",
+ "Error occurred while retrieving the roles of application: %s."),
+ ERROR_CODE_UPDATE_ROLE("65005", "Error occurred while updating the role.",
+ "Error occurred while updating the role: %s of application: %s."),
+ ERROR_CODE_DELETE_ROLE("65006", "Error occurred while deleting the role.",
+ "Error occurred while deleting the role: %s."),
+ ERROR_CODE_UPDATE_ROLE_ASSIGNED_USERS("65007", "Error occurred while updating assigned users to "
+ + "the role.", "Error occurred while updating assigned users to the roleId: %s."),
+ ERROR_CODE_GET_ROLE_ASSIGNED_USERS("65008", "Error occurred while retrieving assigned users of " +
+ "the role.", "Error occurred while retrieving users of the roleId: %s."),
+ ERROR_CODE_UPDATE_ROLE_ASSIGNED_GROUPS("65007", "Error occurred while updating assigned groups " +
+ "to the role.", "Error occurred while updating assigned groups to the roleId: %s."),
+ ERROR_CODE_GET_ROLE_ASSIGNED_GROUPS("65008", "Error occurred while retrieving assigned groups " +
+ "of the role.", "Error occurred while retrieving assigned groups of the roleId: %s."),
+ ERROR_CODE_GET_ROLES_BY_USER_ID("65009", "Error occurred while retrieving the app roles by " +
+ "userID", "Error occurred while retrieving the app roles by userID: %s."),
+ ERROR_CODE_GET_ROLES_BY_GROUP_ID("65010", "Error occurred while retrieving the app role by " +
+ "groupID", "Error occurred while retrieving the app role by groupID: %s."),
+
+ // Client Errors.
+ ERROR_CODE_DUPLICATE_ROLE("60001", "Role already exists.",
+ "Role with name: %s already exists in application: %s."),
+ ERROR_CODE_ROLE_NOT_FOUND("60002", "Role doesn't exist.",
+ "Role with id: %s doesn't exist."),
+ ERROR_CODE_USER_ALREADY_ASSIGNED("60003", "Unable to assign user to app role.",
+ "User already assign for the roleId: %s."),
+ ERROR_CODE_GROUP_ALREADY_ASSIGNED("60004", "Unable to assign group to app role.",
+ "Group already assign for the roleId: %s."),
+ ERROR_CODE_USER_NOT_FOUND("60005", "Unable to assign user to app role.",
+ "User not found for the userId: %s."),
+ ERROR_CODE_GROUP_NOT_FOUND("60006", "Unable to assign group to app role.",
+ "Group not found for the groupId: %s."),
+ ERROR_CODE_IDP_NOT_FOUND("60007", "IDP doesn't exist.",
+ "IDP with id: %s doesn't exist."),
+ ERROR_CODE_INVALID_PATCH_OPERATION("60008", "Invalid patch operation.",
+ "Invalid patch operation"),
+ ERROR_CODE_SCOPE_ALREADY_ASSIGNED("60009", "Unable to assign scope to app role.",
+ "Scope already assign for the roleId: %s."),
+ ;
+
+ private final String code;
+ private final String message;
+ private final String description;
+
+ ErrorMessage(String code, String message, String description) {
+
+ this.code = code;
+ this.message = message;
+ this.description = description;
+ }
+
+ public String getCode() {
+
+ return APP_ROLE_MGT_ERROR_CODE_PREFIX + code;
+ }
+
+ public String getMessage() {
+
+ return message;
+ }
+
+ public String getDescription() {
+
+ return description;
+ }
+ }
+}
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ApplicationRoleManagementService.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ApplicationRoleManagementService.java
new file mode 100644
index 0000000000..9497f50e42
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ApplicationRoleManagementService.java
@@ -0,0 +1,490 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1.core;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
+import org.wso2.carbon.identity.api.server.application.management.v1.GroupsAssignedRoleResponse;
+import org.wso2.carbon.identity.api.server.application.management.v1.Permission;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroup;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchOp;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchOpValue;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUser;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchOp;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchOpValue;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleCreationModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RolePatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.UsersAssignedRoleResponse;
+import org.wso2.carbon.identity.api.server.application.management.v1.util.ApplicationRoleMgtEndpointUtil;
+import org.wso2.carbon.identity.api.server.common.ContextLoader;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
+import org.wso2.carbon.identity.application.role.mgt.exceptions.ApplicationRoleManagementException;
+import org.wso2.carbon.identity.application.role.mgt.model.ApplicationRole;
+import org.wso2.carbon.identity.application.role.mgt.model.Group;
+import org.wso2.carbon.identity.application.role.mgt.model.User;
+import org.wso2.carbon.identity.core.ServiceURLBuilder;
+import org.wso2.carbon.identity.core.URLBuilderException;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import javax.ws.rs.core.Response;
+
+import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.GROUPS;
+import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.LOCAL_IDP;
+import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.SCIM2_ENDPOINT;
+import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.TENANT_URL_SEPERATOR;
+import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.URL_SEPERATOR;
+import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.USERS;
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_INVALID_PATCH_OPERATION;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.PATCH_OP_ADD;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.PATCH_OP_REMOVE;
+
+/**
+ * Application role management service.
+ */
+public class ApplicationRoleManagementService {
+
+ /**
+ * Add a new role to the application.
+ *
+ * @param applicationId Application ID.
+ * @param role Role.
+ * @return Created role.
+ */
+ public Role addApplicationRole(String applicationId, RoleCreationModel role) {
+
+ // Filter names of the permissions in role.getPermissions() to List[] permissions
+ List permissions = null;
+ if (role.getPermissions() != null) {
+ permissions =
+ role.getPermissions().stream().map(permission -> permission.getName()).collect(Collectors.toList());
+ }
+ String roleId = UUID.randomUUID().toString();
+ try {
+ ApplicationRole appRole = getApplicationRoleManager().addApplicationRole(
+ new ApplicationRole(roleId, role.getName(), permissions != null ?
+ permissions.toArray(new String[0]) : new String[0],
+ applicationId));
+
+ Role createdRole = new Role();
+ createdRole.id(appRole.getRoleId())
+ .name(appRole.getRoleName());
+ List addedPermissions = new ArrayList<>();
+ if (appRole.getPermissions() != null) {
+ for (String name : appRole.getPermissions()) {
+ Permission permission = new Permission();
+ permission.setName(name);
+ addedPermissions.add(permission);
+ }
+ }
+ createdRole.setPermissions(addedPermissions);
+ return createdRole;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Get a role by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ * @return Role.
+ */
+ public Role getApplicationRole(String applicationId, String roleId) {
+
+ try {
+ ApplicationRole applicationRole = getApplicationRoleManager().getApplicationRoleById(roleId);
+ List permissions = new ArrayList<>();
+ if (applicationRole.getPermissions() != null) {
+ for (String name : applicationRole.getPermissions()) {
+ Permission permission = new Permission();
+ permission.setName(name);
+ permissions.add(permission);
+ }
+ }
+ Role role = new Role();
+ role.id(roleId)
+ .name(applicationRole.getRoleName())
+ .setPermissions(permissions);
+ return role;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Get all roles of an application.
+ *
+ * @param applicationId Application ID.
+ * @param before Filter to get roles created before a given date. (optional)
+ * @param after Filter to get roles created after a given date. (optional)
+ * @param limit Maximum number of roles to return. (optional)
+ * @param filter Filter expression for filtering fields in the response. (optional)
+ * @param sort Sort expression for sorting the response. (optional)
+ * @return List of roles.
+ */
+ public List getApplicationRoles(String applicationId, String before, String after, Integer limit,
+ String filter, String sort) {
+
+ try {
+ List applicationRoles = getApplicationRoleManager().getApplicationRoles(applicationId);
+ return applicationRoles.stream().map(applicationRole -> {
+ List permissions = new ArrayList<>();
+ if (applicationRole.getPermissions() != null) {
+ for (String name : applicationRole.getPermissions()) {
+ Permission permission = new Permission();
+ permission.setName(name);
+ permissions.add(permission);
+ }
+ }
+ Role role = new Role();
+ role.id(applicationRole.getRoleId())
+ .name(applicationRole.getRoleName())
+ .setPermissions(permissions);
+ return role;
+ }).collect(Collectors.toList());
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Delete a role by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ */
+ public void deleteApplicationRole(String applicationId, String roleId) {
+
+ try {
+ getApplicationRoleManager().deleteApplicationRole(roleId);
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Update a role by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ * @param roleUpdate Role update.
+ */
+ public Role updateApplicationRole(String applicationId, String roleId, RolePatchModel roleUpdate) {
+
+ List addedPermission = null;
+ List removedPermission = null;
+ if (roleUpdate.getAddedPermissions() != null) {
+ addedPermission = roleUpdate.getAddedPermissions().stream()
+ .map(Permission::getName).collect(Collectors.toList());
+ }
+ if (roleUpdate.getRemovedPermissions() != null) {
+ removedPermission = roleUpdate.getRemovedPermissions().stream()
+ .map(Permission::getName).collect(Collectors.toList());
+ }
+ try {
+ ApplicationRole applicationRole = getApplicationRoleManager().updateApplicationRole(applicationId,
+ roleId, roleUpdate.getName(), addedPermission, removedPermission);
+ List permissions = new ArrayList<>();
+ if (applicationRole.getPermissions() != null) {
+ for (String name : applicationRole.getPermissions()) {
+ Permission permission = new Permission();
+ permission.setName(name);
+ permissions.add(permission);
+ }
+ }
+ Role role = new Role();
+ role.id(roleId)
+ .name(applicationRole.getRoleName())
+ .setPermissions(permissions);
+ return role;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Update a app role assigned user by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ * @param roleAssignedUsersPatchModel Role assign update.
+ */
+ public UsersAssignedRoleResponse updateApplicationRoleAssignedUsers(String applicationId, String roleId,
+ RoleAssignedUsersPatchModel
+ roleAssignedUsersPatchModel) {
+
+ try {
+ List patchOperationList = roleAssignedUsersPatchModel.getOperations();
+ List addUsers = new ArrayList<>();
+ List removedUsers = new ArrayList<>();
+
+ for (RoleAssignedUsersPatchOp rolePatchOp : patchOperationList) {
+ List values = rolePatchOp.getValue();
+ String patchOp = rolePatchOp.getOp();
+ if ((CollectionUtils.isNotEmpty(values) && StringUtils.equalsIgnoreCase(patchOp, PATCH_OP_ADD))) {
+ for (RoleAssignedUsersPatchOpValue value : values) {
+ addUsers.add(value.getUserId());
+ }
+ } else if ((CollectionUtils.isNotEmpty(values) &&
+ StringUtils.equalsIgnoreCase(patchOp, PATCH_OP_REMOVE))) {
+ for (RoleAssignedUsersPatchOpValue value : values) {
+ removedUsers.add(value.getUserId());
+ }
+ } else {
+ // Invalid patch operations cannot be sent due to swagger validation.
+ // But, if values are not passed along with ADD operations, an error is thrown.
+ throw ApplicationRoleMgtEndpointUtil.handleException(Response.Status.BAD_REQUEST,
+ ERROR_CODE_INVALID_PATCH_OPERATION);
+ }
+ }
+ String tenantDomain = ContextLoader.getTenantDomainFromContext();
+ ApplicationRole applicationRole = getApplicationRoleManager().updateApplicationRoleAssignedUsers(roleId,
+ addUsers, removedUsers);
+ UsersAssignedRoleResponse response = new UsersAssignedRoleResponse();
+ List users = getUsersForResponseObject(applicationRole.getAssignedUsers(),
+ tenantDomain);
+ response.setAssignedUsers(users);
+ return response;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Get app role's assigned users by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ */
+ public UsersAssignedRoleResponse getApplicationRoleAssignedUsers(String applicationId, String roleId) {
+
+ ApplicationRole applicationRole = null;
+ try {
+ String tenantDomain = ContextLoader.getTenantDomainFromContext();
+ applicationRole = getApplicationRoleManager().getApplicationRoleAssignedUsers(roleId);
+ UsersAssignedRoleResponse response = new UsersAssignedRoleResponse();
+ List users = getUsersForResponseObject(applicationRole.getAssignedUsers(),
+ tenantDomain);
+ response.setAssignedUsers(users);
+ return response;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Update a app role assigned groups by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ * @param roleAssignedGroupsPatchModel Role assign update.
+ */
+ public GroupsAssignedRoleResponse updateApplicationRoleAssignedGroups(String applicationId, String roleId,
+ RoleAssignedGroupsPatchModel
+ roleAssignedGroupsPatchModel) {
+
+ try {
+ List patchOperationList = roleAssignedGroupsPatchModel.getOperations();
+ List addGroups = new ArrayList<>();
+ List removedGroups = new ArrayList<>();
+
+ for (RoleAssignedGroupsPatchOp roleAssignedGroupsPatchOp : patchOperationList) {
+ List values = roleAssignedGroupsPatchOp.getValue();
+ String patchOp = roleAssignedGroupsPatchOp.getOp();
+ if ((CollectionUtils.isNotEmpty(values) && StringUtils.equalsIgnoreCase(patchOp, PATCH_OP_ADD))) {
+ for (RoleAssignedGroupsPatchOpValue value : values) {
+ addGroups.add(new Group(value.getGroupId(), value.getIdpId()));
+ }
+ } else if ((CollectionUtils.isNotEmpty(values) &&
+ StringUtils.equalsIgnoreCase(patchOp, PATCH_OP_REMOVE))) {
+ for (RoleAssignedGroupsPatchOpValue value : values) {
+ removedGroups.add(value.getGroupId());
+ }
+ } else {
+ // Invalid patch operations cannot be sent due to swagger validation.
+ // But, if values are not passed along with ADD operations, an error is thrown.
+ throw ApplicationRoleMgtEndpointUtil.handleException(Response.Status.BAD_REQUEST,
+ ERROR_CODE_INVALID_PATCH_OPERATION);
+ }
+ }
+ ApplicationRole applicationRole = getApplicationRoleManager().updateApplicationRoleAssignedGroups(roleId,
+ addGroups, removedGroups);
+ String tenantDomain = ContextLoader.getTenantDomainFromContext();
+ GroupsAssignedRoleResponse response = new GroupsAssignedRoleResponse();
+ List groups = getGroupsForResponseObject(applicationRole.getAssignedGroups(),
+ tenantDomain);
+ response.setAssignedGroups(groups);
+ return response;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ /**
+ * Get app role's assigned groups by ID.
+ *
+ * @param applicationId Application ID.
+ * @param roleId Role ID.
+ */
+ public GroupsAssignedRoleResponse getApplicationRoleAssignedGroups(String applicationId, String roleId,
+ String idp) {
+
+ ApplicationRole applicationRole = null;
+ try {
+ String tenantDomain = ContextLoader.getTenantDomainFromContext();
+ applicationRole = getApplicationRoleManager().getApplicationRoleAssignedGroups(roleId, idp);
+ GroupsAssignedRoleResponse response = new GroupsAssignedRoleResponse();
+ List groups = getGroupsForResponseObject(applicationRole.getAssignedGroups(),
+ tenantDomain);
+ response.setAssignedGroups(groups);
+ return response;
+ } catch (ApplicationRoleManagementException e) {
+ throw ApplicationRoleMgtEndpointUtil.handleApplicationRoleMgtException(e);
+ }
+ }
+
+ private ApplicationRoleManager getApplicationRoleManager() {
+
+ return ApplicationManagementServiceHolder.getApplicationRoleManagerService();
+ }
+
+ /**
+ * Set the users for the response if they exist.
+ *
+ * @param roleAssignedUsers The users assigned to a role.
+ * @param tenantDomain tenantDomain.
+ * @return The ApplicationRoleGetResponseUser list.
+ */
+ private List getUsersForResponseObject(List roleAssignedUsers,
+ String tenantDomain) {
+
+ List users = new ArrayList<>();
+ for (User basicUser : roleAssignedUsers) {
+ String uri = getSCIMUserURL(basicUser.getId(), tenantDomain);
+
+ RoleAssignedUser user = new RoleAssignedUser();
+ user.id(basicUser.getId())
+ .name(basicUser.getUserName())
+ .$ref(uri);
+ users.add(user);
+ }
+ return users;
+ }
+
+ /**
+ * Set the groups for the response if they exist.
+ *
+ * @param roleAssignedGroups The groups assigned to a role.
+ * @param tenantDomain tenantDomain.
+ * @return The ApplicationRoleGetResponseUser list.
+ */
+ private List getGroupsForResponseObject(List roleAssignedGroups,
+ String tenantDomain) {
+
+ List groups = new ArrayList<>();
+ for (Group group : roleAssignedGroups) {
+ String uri = getSCIMGroupURL(group.getGroupId(), tenantDomain);
+
+ RoleAssignedGroup assignedGroup = new RoleAssignedGroup();
+ assignedGroup.id(group.getGroupId())
+ .name(group.getGroupName())
+ .idpId(group.getIdpId())
+ .idpName(group.getIdpName());
+ if (LOCAL_IDP.equals(group.getIdpName())) {
+ assignedGroup.$ref(uri);
+ }
+ groups.add(assignedGroup);
+ }
+ return groups;
+ }
+
+ private String getSCIMUserURL(String id, String tenantDomain) {
+ return org.apache.commons.lang.StringUtils.isNotBlank(id) ? getSCIMUserURL(tenantDomain) + URL_SEPERATOR +
+ id : null;
+ }
+
+ private String getSCIMUserURL(String tenantDomain) {
+
+ String scimURL = getSCIMURL(tenantDomain);
+ return scimURL + USERS;
+ }
+
+ private String getSCIMGroupURL(String id, String tenantDomain) {
+ return org.apache.commons.lang.StringUtils.isNotBlank(id) ? getSCIMGroupURL(tenantDomain) + URL_SEPERATOR +
+ id : null;
+ }
+
+ private String getSCIMGroupURL(String tenantDomain) {
+
+ String scimURL = getSCIMURL(tenantDomain);
+ return scimURL + GROUPS;
+ }
+
+ private String getSCIMURL(String tenantDomain) {
+
+ String scimURL;
+ try {
+ if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
+ scimURL = ServiceURLBuilder.create().addPath(SCIM2_ENDPOINT).build()
+ .getAbsolutePublicURL();
+ } else {
+ String serverUrl = ServiceURLBuilder.create().build().getAbsolutePublicURL();
+ if (isNotASuperTenantFlow(tenantDomain)) {
+ scimURL = serverUrl + "/t/" + tenantDomain + SCIM2_ENDPOINT;
+ } else {
+ scimURL = serverUrl + SCIM2_ENDPOINT;
+ }
+ }
+ return scimURL;
+ } catch (URLBuilderException e) {
+ // Fallback to legacy approach during error scenarios to maintain backward compatibility.
+ return getSCIMURLLegacy();
+ }
+ }
+
+ private String getSCIMURLLegacy() {
+
+ String scimURL;
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ if (isNotASuperTenantFlow(tenantDomain)) {
+ scimURL = IdentityUtil.getServerURL(
+ TENANT_URL_SEPERATOR + tenantDomain + SCIM2_ENDPOINT,
+ true, true);
+ } else {
+ scimURL = IdentityUtil.getServerURL(SCIM2_ENDPOINT, true, true);
+ }
+ return scimURL;
+ }
+
+ private boolean isNotASuperTenantFlow(String tenantDomain) {
+ return !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain);
+ }
+}
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/exception/ApplicationRoleMgtEndpointException.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/exception/ApplicationRoleMgtEndpointException.java
new file mode 100644
index 0000000000..79845cabb4
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/exception/ApplicationRoleMgtEndpointException.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1.exception;
+
+import org.wso2.carbon.identity.api.server.application.management.v1.Error;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+/**
+ * Application role management endpoint exception.
+ */
+public class ApplicationRoleMgtEndpointException extends WebApplicationException {
+
+
+ public ApplicationRoleMgtEndpointException(Response.Status status, Error error) {
+
+ super(Response.status(status).entity(error).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON)
+ .build());
+ }
+}
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/impl/ApplicationsApiServiceImpl.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/impl/ApplicationsApiServiceImpl.java
index 8c57c012cc..1f6f89375b 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/impl/ApplicationsApiServiceImpl.java
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/impl/ApplicationsApiServiceImpl.java
@@ -34,17 +34,28 @@
import org.wso2.carbon.identity.api.server.application.management.v1.PassiveStsConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ResidentApplication;
+import org.wso2.carbon.identity.api.server.application.management.v1.Role;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedGroupsPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleAssignedUsersPatchModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RoleCreationModel;
+import org.wso2.carbon.identity.api.server.application.management.v1.RolePatchModel;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.core.ApplicationRoleManagementService;
import org.wso2.carbon.identity.api.server.application.management.v1.core.ServerApplicationManagementService;
import org.wso2.carbon.identity.api.server.application.management.v1.core.ServerApplicationMetadataService;
import org.wso2.carbon.identity.api.server.application.management.v1.core.TransferResource;
import org.wso2.carbon.identity.api.server.common.Constants;
import org.wso2.carbon.identity.api.server.common.ContextLoader;
+import org.wso2.carbon.identity.api.server.common.error.APIError;
+import org.wso2.carbon.identity.api.server.common.error.ErrorResponse;
import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
import java.net.URI;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
import java.util.List;
import javax.ws.rs.core.Response;
@@ -60,6 +71,9 @@ public class ApplicationsApiServiceImpl implements ApplicationsApiService {
@Autowired
private ServerApplicationMetadataService applicationMetadataService;
+ @Autowired
+ private ApplicationRoleManagementService applicationRoleManagementService;
+
@Override
public Response getAllApplications(Integer limit, Integer offset, String filter, String sortOrder, String sortBy,
String requiredAttributes) {
@@ -69,6 +83,26 @@ public Response getAllApplications(Integer limit, Integer offset, String filter,
return Response.ok().entity(listResponse).build();
}
+ @Override
+ public Response getAppRole(String applicationId, String roleId) {
+
+ return Response.ok().entity(applicationRoleManagementService.getApplicationRole(applicationId, roleId)).build();
+ }
+
+ @Override
+ public Response getAppRoleGroups(String applicationId, String roleId, String idpId) {
+
+ return Response.ok().entity(applicationRoleManagementService
+ .getApplicationRoleAssignedGroups(applicationId, roleId, idpId)).build();
+ }
+
+ @Override
+ public Response getAppRoleUsers(String applicationId, String roleId) {
+
+ return Response.ok().entity(applicationRoleManagementService
+ .getApplicationRoleAssignedUsers(applicationId, roleId)).build();
+ }
+
@Override
public Response getApplication(String applicationId) {
@@ -95,6 +129,24 @@ public Response changeApplicationOwner(String applicationId, ApplicationOwner ap
return Response.ok().build();
}
+ @Override
+ public Response createAppRole(String applicationId, RoleCreationModel roleCreationModel) {
+
+ Role role = applicationRoleManagementService.addApplicationRole(applicationId, roleCreationModel);
+ URI location;
+ try {
+ location = ContextLoader.buildURIForHeader(Constants.V1_API_PATH_COMPONENT +
+ ApplicationManagementConstants.APPLICATION_MANAGEMENT_PATH_COMPONENT + "/" + applicationId + "/" +
+ ApplicationManagementConstants.ROLES_PATH_COMPONENT + "/" +
+ URLEncoder.encode(role.getId(), StandardCharsets.UTF_8.name()));
+ } catch (UnsupportedEncodingException e) {
+ ErrorResponse errorResponse =
+ new ErrorResponse.Builder().withMessage("Error due to unsupported encoding.").build();
+ throw new APIError(Response.Status.METHOD_NOT_ALLOWED, errorResponse);
+ }
+ return Response.created(location).entity(role).build();
+ }
+
@Override
public Response createApplication(ApplicationModel applicationModel, String template) {
@@ -109,6 +161,13 @@ public Response createApplicationTemplate(ApplicationTemplateModel applicationTe
return Response.created(getTemplateResourceLocation(templateId)).build();
}
+ @Override
+ public Response deleteAppRole(String applicationId, String roleId) {
+
+ applicationRoleManagementService.deleteApplicationRole(applicationId, roleId);
+ return Response.noContent().build();
+ }
+
@Override
public Response deleteApplication(String applicationId) {
@@ -242,6 +301,29 @@ public Response importApplicationForUpdate(InputStream fileInputStream, Attachme
return Response.ok().location(getResourceLocation(resourceId)).build();
}
+ @Override
+ public Response patchAppRole(String applicationId, String roleId, RolePatchModel rolePatchModel) {
+
+ return Response.ok().entity(applicationRoleManagementService.updateApplicationRole(applicationId, roleId,
+ rolePatchModel)).build();
+ }
+
+ @Override
+ public Response patchAppRoleAssignedGroups(String applicationId, String roleId,
+ RoleAssignedGroupsPatchModel roleAssignPatchModel) {
+
+ return Response.ok().entity(applicationRoleManagementService.updateApplicationRoleAssignedGroups(applicationId,
+ roleId, roleAssignPatchModel)).build();
+ }
+
+ @Override
+ public Response patchAppRoleAssignedUsers(String applicationId, String roleId,
+ RoleAssignedUsersPatchModel roleAssignPatchModel) {
+
+ return Response.ok().entity(applicationRoleManagementService.updateApplicationRoleAssignedUsers(applicationId,
+ roleId, roleAssignPatchModel)).build();
+ }
+
@Override
public Response getInboundAuthenticationConfigurations(String applicationId) {
@@ -368,6 +450,13 @@ public Response getAllApplicationTemplates(Integer limit, Integer offset, Search
searchContext)).build();
}
+ @Override
+ public Response getAllAppRoles(String applicationId, String before, String after) {
+
+ return Response.ok().entity(applicationRoleManagementService.getApplicationRoles(applicationId, before,
+ after, null, null, null)).build();
+ }
+
private URI getResourceLocation(String resourceId) {
return ContextLoader.buildURIForHeader(Constants.V1_API_PATH_COMPONENT +
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/util/ApplicationRoleMgtEndpointUtil.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/util/ApplicationRoleMgtEndpointUtil.java
new file mode 100644
index 0000000000..b5ccfa786e
--- /dev/null
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/util/ApplicationRoleMgtEndpointUtil.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1.util;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.api.server.application.management.v1.Error;
+import org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants;
+import org.wso2.carbon.identity.api.server.application.management.v1.exception.ApplicationRoleMgtEndpointException;
+import org.wso2.carbon.identity.application.role.mgt.exceptions.ApplicationRoleManagementClientException;
+import org.wso2.carbon.identity.application.role.mgt.exceptions.ApplicationRoleManagementException;
+
+import javax.ws.rs.core.Response;
+
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_GROUP_ALREADY_ASSIGNED;
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_GROUP_NOT_FOUND;
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_IDP_NOT_FOUND;
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_SCOPE_ALREADY_ASSIGNED;
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_USER_ALREADY_ASSIGNED;
+import static org.wso2.carbon.identity.api.server.application.management.v1.constants.ApplicationRoleMgtEndpointConstants.ErrorMessage.ERROR_CODE_USER_NOT_FOUND;
+import static org.wso2.carbon.identity.api.server.common.Constants.ERROR_CODE_DELIMITER;
+
+/**
+ * Application role management endpoint util.
+ */
+public class ApplicationRoleMgtEndpointUtil {
+
+ private static final Log log = LogFactory.getLog(ApplicationRoleMgtEndpointUtil.class);
+
+ public static ApplicationRoleMgtEndpointException handleException(Response.Status status,
+ ApplicationRoleMgtEndpointConstants.ErrorMessage
+ error) {
+
+ return new ApplicationRoleMgtEndpointException(status, getError(error.getCode(), error.getMessage(),
+ error.getDescription()));
+ }
+
+ public static ApplicationRoleMgtEndpointException handleException(Response.Status status,
+ ApplicationRoleMgtEndpointConstants.ErrorMessage
+ error, String data) {
+
+ return new ApplicationRoleMgtEndpointException(status, getError(error.getCode(), error.getMessage(),
+ String.format(error.getDescription(), data)));
+ }
+ public static ApplicationRoleMgtEndpointException handleException(Response.Status status, String errorCode,
+ String message, String description) {
+
+ return new ApplicationRoleMgtEndpointException(status, getError(errorCode, message, description));
+ }
+ public static ApplicationRoleMgtEndpointException handleApplicationRoleMgtException(
+ ApplicationRoleManagementException e) {
+
+ Response.Status status = Response.Status.INTERNAL_SERVER_ERROR;
+ if (e instanceof ApplicationRoleManagementClientException) {
+
+ if (e.getErrorCode().equals(ERROR_CODE_USER_NOT_FOUND.getCode()) ||
+ e.getErrorCode().equals(ERROR_CODE_GROUP_NOT_FOUND.getCode()) ||
+ e.getErrorCode().equals(ERROR_CODE_IDP_NOT_FOUND.getCode())
+ ) {
+ status = Response.Status.NOT_FOUND;
+ } else if (e.getErrorCode().equals(ERROR_CODE_USER_ALREADY_ASSIGNED.getCode()) ||
+ e.getErrorCode().equals(ERROR_CODE_GROUP_ALREADY_ASSIGNED.getCode()) ||
+ e.getErrorCode().equals(ERROR_CODE_SCOPE_ALREADY_ASSIGNED.getCode())
+ ) {
+ status = Response.Status.CONFLICT;
+ } else {
+ status = Response.Status.BAD_REQUEST;
+ }
+ } else {
+ log.error(e.getMessage(), e);
+ }
+ String errorCode = e.getErrorCode();
+ errorCode = errorCode.contains(ERROR_CODE_DELIMITER) ? errorCode :
+ ApplicationRoleMgtEndpointConstants.APP_ROLE_MGT_ERROR_CODE_PREFIX + errorCode;
+ return handleException(status, errorCode, e.getMessage(), e.getDescription());
+ }
+
+ /**
+ * Returns a generic error object.
+ *
+ * @param errorCode Error code.
+ * @param errorMessage Error message.
+ * @param errorDescription Error description.
+ * @return A generic error with the specified details.
+ */
+ public static Error getError(String errorCode, String errorMessage, String errorDescription) {
+
+ Error error = new Error();
+ error.setCode(errorCode);
+ error.setMessage(errorMessage);
+ error.setDescription(errorDescription);
+ return error;
+ }
+}
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/META-INF/cxf/applications-server-v1-cxf.xml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/META-INF/cxf/applications-server-v1-cxf.xml
index 142d89d26c..aa270f0dec 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/META-INF/cxf/applications-server-v1-cxf.xml
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/META-INF/cxf/applications-server-v1-cxf.xml
@@ -20,6 +20,7 @@
+
-
+
+
+
+
+
diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml
index a4a43de4ee..727ad011e6 100644
--- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml
+++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml
@@ -2194,6 +2194,483 @@ paths:
schema:
$ref: '#/components/schemas/Error'
+ '/applications/{applicationId}/roles':
+ post:
+ tags:
+ - Application Roles
+ summary: |
+ Create an application role with collected permissions
+ description: >
+ Create a new application role with or without permissions
+ Permission required:
+ * /permission/admin/manage/identity/applicationmgt/update
+ Scope required:
+ * internal_application_mgt_update
+ operationId: createAppRole
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RoleCreationModel'
+ description: Role name and Permissions to add to the role
+ responses:
+ 201:
+ description: Successfully created.
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Role'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 409:
+ description: Conflict
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ get:
+ tags:
+ - Application Roles
+ summary: |
+ Get all roles of the application
+ description: >
+ Get all roles of the application
+ Permission required:
+ * /permission/admin/manage/identity/applicationmgt/view
+ Scope required:
+ * internal_application_mgt_view
+ operationId: getAllAppRoles
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: before
+ in: query
+ description: Previous Cursor
+ schema:
+ type: string
+ - name: after
+ in: query
+ description: Next Cursor
+ schema:
+ type: string
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PaginatedAppRoleResponse'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ '/applications/{applicationId}/roles/{roleId}':
+ get:
+ tags:
+ - Application Roles
+ summary: |
+ Get role and associated permissions
+ description: >
+ Get a role of the application and its associated permissions
+ Permission required:
+ * /permission/admin/manage/identity/applicationmgt/update
+ Scope required:
+ * internal_application_mgt_update
+ operationId: getAppRole
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Role'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 404:
+ description: Not Found
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ patch:
+ tags:
+ - Application Roles
+ summary: |
+ Update an application role
+ description: >
+ Update role name and permissions
+ Permission required:
+ * /permission/admin/manage/identity/applicationmgt/update
+ Scope required:
+ * internal_application_mgt_update
+ operationId: patchAppRole
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RolePatchModel'
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Role'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ delete:
+ tags:
+ - Application Roles
+ summary: |
+ Delete an application role
+ description: >
+ Delete a role
+ Permission required:
+ * /permission/admin/manage/identity/applicationmgt/update
+ Scope required:
+ * internal_application_mgt_update
+ operationId: deleteAppRole
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ responses:
+ 204:
+ description: Delete Success
+ 400:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ '/applications/{applicationId}/roles/{roleId}/assigned-users':
+ get:
+ tags:
+ - Application Roles
+ summary: |
+ Get role and assigned users
+ description: >
+ Get a role of the application and its assigned users
+ Permission required:
+ * /permission/admin/manage/identity/usermgt/view
+ Scope required:
+ * internal_user_mgt_view
+ operationId: getAppRoleUsers
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UsersAssignedRoleResponse'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 404:
+ description: Not Found
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ patch:
+ tags:
+ - Application Roles
+ summary: |
+ Assign users to an application role
+ description: >
+ Assign users to an application role
+ Permission required:
+ * /permission/admin/manage/identity/usermgt/update
+ Scope required:
+ * internal_user_mgt_update
+ operationId: patchAppRoleAssignedUsers
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RoleAssignedUsersPatchModel'
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UsersAssignedRoleResponse'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ '/applications/{applicationId}/roles/{roleId}/assigned-groups':
+ get:
+ tags:
+ - Application Roles
+ summary: |
+ Get role and assigned groups
+ description: >
+ Get a role of the application and its assigned groups
+ Permission required:
+ * /permission/admin/manage/identity/rolemgt/view
+ Scope required:
+ * internal_role_mgt_view
+ operationId: getAppRoleGroups
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ - name: idpId
+ in: query
+ description: Idp ID
+ schema:
+ type: string
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GroupsAssignedRoleResponse'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 404:
+ description: Not Found
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ patch:
+ tags:
+ - Application Roles
+ summary: |
+ Assign groups to an application role
+ description: >
+ Assign groups to an application role
+ Permission required:
+ * /permission/admin/manage/identity/rolemgt/update
+ Scope required:
+ * internal_role_mgt_update
+ operationId: patchAppRoleAssignedGroups
+ parameters:
+ - name: applicationId
+ in: path
+ description: Application ID
+ required: true
+ schema:
+ type: string
+ - name: roleId
+ in: path
+ description: Role ID
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RoleAssignedGroupsPatchModel'
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GroupsAssignedRoleResponse'
+ 400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ 401:
+ description: Unauthorized
+ 403:
+ description: Forbidden
+ 500:
+ description: Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+
components:
parameters:
limitQueryParam:
@@ -3507,7 +3984,181 @@ components:
example: "85e3f4b8-0d22-4181-b1e3-1651f71b88bd"
required:
- id
-
+ RoleCreationModel:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ example: administrator
+ permissions:
+ type: array
+ items:
+ $ref: '#/components/schemas/Permission'
+ Role:
+ type: object
+ properties:
+ id:
+ type: string
+ example: "85e3f4b8-0d22-4181-b1e3-1651f71b88bd"
+ name:
+ type: string
+ example: administrator
+ permissions:
+ type: array
+ items:
+ $ref: '#/components/schemas/Permission'
+ Permission:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ example: 'deploy_component'
+ displayName:
+ type: string
+ example: "Deploy Component"
+ PaginatedAppRoleResponse:
+ type: object
+ required:
+ - links
+ properties:
+ links:
+ type: array
+ items:
+ $ref: '#/components/schemas/PaginationLink'
+ roles:
+ type: array
+ items:
+ $ref: '#/components/schemas/Role'
+ PaginationLink:
+ type: object
+ properties:
+ rel:
+ type: string
+ example: before
+ href:
+ type: string
+ example: /t/{tenant-name}/applications/{application-id}/roles?after=NDoy
+ RolePatchModel:
+ type: object
+ properties:
+ name:
+ type: string
+ example: uuid
+ addedPermissions:
+ type: array
+ items:
+ $ref: '#/components/schemas/Permission'
+ removedPermissions:
+ type: array
+ items:
+ $ref: '#/components/schemas/Permission'
+ RoleAssignedGroupsPatchModel:
+ type: object
+ required:
+ - operations
+ properties:
+ operations:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedGroupsPatchOp'
+ RoleAssignedUsersPatchModel:
+ type: object
+ required:
+ - operations
+ properties:
+ operations:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedUsersPatchOp'
+ RoleAssignedUsersPatchOp:
+ type: object
+ required:
+ - op
+ - value
+ properties:
+ op:
+ type: string
+ example: 'add'
+ value:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedUsersPatchOpValue'
+ RoleAssignedGroupsPatchOp:
+ type: object
+ required:
+ - op
+ - value
+ properties:
+ op:
+ type: string
+ example: 'add'
+ value:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedGroupsPatchOpValue'
+ RoleAssignedUsersPatchOpValue:
+ type: object
+ properties:
+ userId:
+ type: string
+ example: 'e44dbc52-dcc3-443d-96f5-fe9dc208e9d8'
+ RoleAssignedGroupsPatchOpValue:
+ type: object
+ properties:
+ idpId:
+ type: string
+ example: 'e44dbc52-dcc3-443d-96f5-fe9dc208e9d8'
+ groupId:
+ type: string
+ example: 'e44dbc52-dcc3-443d-96f5-fe9dc208e9d8'
+ UsersAssignedRoleResponse:
+ type: object
+ properties:
+ assignedUsers:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedUser'
+ GroupsAssignedRoleResponse:
+ type: object
+ properties:
+ assignedGroups:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedGroup'
+ RoleAssignedUser:
+ type: object
+ properties:
+ $ref:
+ type: string
+ example: 'https://localhost:9443/scim2/Users/3a12bae9-4386-44be-befd-caf349297f45'
+ name:
+ type: string
+ example: 'username'
+ id:
+ type: string
+ example: 'e44dbc52-dcc3-443d-96f5-fe9dc208e9d8'
+ RoleAssignedGroup:
+ type: object
+ properties:
+ $ref:
+ type: string
+ example: 'https://localhost:9443/scim2/Groups/3a12bae9-4386-44be-befd-caf349297f45'
+ name:
+ type: string
+ example: 'group name'
+ id:
+ type: string
+ example: 'e44dbc52-dcc3-443d-96f5-fe9dc208e9d8'
+ idpId:
+ type: string
+ example: 'e44dbc52-dcc3-443d-96f5-fe9dc208e9d8'
+ idpName:
+ type: string
+ example: 'idp name'
Error:
type: object
properties:
diff --git a/pom.xml b/pom.xml
index 8bde15147d..e914914ba8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -197,6 +197,12 @@
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.application.role.mgt
+ ${carbon.identity.framework.version}
+ provided
+
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.application.common
@@ -689,7 +695,7 @@
1.4
1.2.4
1.8.57
- 5.25.198
+ 5.25.287-SNAPSHOT
3.0.5
5.2.0
**/gen/**/*