Skip to content

Commit

Permalink
Merge pull request #314 from sadilchamishka/get-tenant-admin-info-whe…
Browse files Browse the repository at this point in the history 
…n-sharing-creator

Use organization owner information when sharing the organization creator and block sharing the owner when not reside in parent for self-service org onboard
  • Loading branch information
@sadilchamishka
sadilchamishka authored Dec 18, 2023
2 parents acb29bf + f5fdd35 commit 433d1b0
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 7 deletions.
6 changes: 6 additions & 0 deletions ...onents/org.wso2.carbon.identity.organization.management.organization.user.sharing/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.mgt</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.utils</groupId>
<artifactId>org.wso2.carbon.database.utils</artifactId>
Expand Down Expand Up @@ -140,6 +144,7 @@
org.wso2.carbon.identity.application.common;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.application.common.model;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.application.mgt;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.application.authentication.framework.util; version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.core;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.core.util;version="${carbon.identity.package.import.version.range}",
org.wso2.carbon.identity.role.v2.mgt.core;version="${carbon.identity.package.import.version.range}",
Expand All @@ -151,6 +156,7 @@
org.wso2.carbon.identity.organization.management.service.constant;version="${org.wso2.identity.organization.mgt.core.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.role.management.service;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.role.management.service.models;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.identity.organization.management.ext;version="${org.wso2.identity.organization.mgt.imp.pkg.version.range}",
org.wso2.carbon.user.api;version="${carbon.user.api.imp.pkg.version.range}",
org.wso2.carbon.user.core;version="${carbon.kernel.package.import.version.range}",
org.wso2.carbon.user.core.common;version="${carbon.kernel.package.import.version.range}",
Expand Down
35 changes: 29 additions & 6 deletions ...gement/organization/user/sharing/listener/SharingOrganizationCreatorUserEventHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,12 @@
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
Expand All @@ -42,11 +45,14 @@
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.UserStoreException;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;

import static org.wso2.carbon.identity.organization.management.ext.Constants.EVENT_PROP_ORGANIZATION_ID;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_ADMINISTRATOR_ROLE;
import static org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants.ORG_CREATOR_ROLE;

Expand Down Expand Up @@ -90,14 +96,18 @@ public void handleEvent(Event event) throws IdentityEventException {
} else {
if ("POST_SHARED_CONSOLE_APP".equals(eventName)) {
Map<String, Object> eventProperties = event.getEventProperties();
orgId = (String) eventProperties.get("ORGANIZATION_ID");
orgId = (String) eventProperties.get(EVENT_PROP_ORGANIZATION_ID);
String tenantDomain = OrganizationUserSharingDataHolder.getInstance().getOrganizationManager()
.resolveTenantDomain(orgId);
if (!OrganizationManagementUtil.isOrganization(tenantDomain)) {
return;
}
String associatedUserName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
String associatedUserId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();

RealmConfiguration realmConfiguration = OrganizationUserSharingDataHolder.getInstance()
.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(tenantDomain))
.getRealmConfiguration();
String associatedUserName = realmConfiguration.getAdminUserName();
String associatedUserId = realmConfiguration.getAdminUserId();
String associatedOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
.getUserResidentOrganizationId();
if (StringUtils.isEmpty(associatedOrgId)) {
Expand All @@ -111,18 +121,31 @@ public void handleEvent(Event event) throws IdentityEventException {
String userId = userSharingService
.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, orgId)
.getUserId();
assignUserToAdminRole(userId, orgId, tenantDomain);
if (isAuthenticatedFromConsoleApp()) {
assignUserToConsoleAppAdminRole(userId, tenantDomain);
}
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
}
} catch (OrganizationManagementException e) {
} catch (OrganizationManagementException | UserStoreException e) {
throw new IdentityEventException("An error occurred while sharing the organization creator to the " +
"organization : " + orgId, e);
}
}

private boolean isAuthenticatedFromConsoleApp() {

Object authenticatedAppFromThreadLocal = IdentityUtil.threadLocalProperties.get()
.get(FrameworkConstants.SERVICE_PROVIDER);
if (!(authenticatedAppFromThreadLocal instanceof String)) {
return false;
}
String authenticatedApp = (String) authenticatedAppFromThreadLocal;
return FrameworkConstants.Application.CONSOLE_APP.equals(authenticatedApp);
}

private Role buildOrgCreatorRole(String adminUUID) {

Role organizationCreatorRole = new Role();
Expand Down Expand Up @@ -165,7 +188,7 @@ private RoleManager getRoleManager() {
return OrganizationUserSharingDataHolder.getInstance().getRoleManager();
}

private void assignUserToAdminRole(String userId, String organizationId, String tenantDomain)
private void assignUserToConsoleAppAdminRole(String userId, String tenantDomain)
throws IdentityEventException {

try {
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -507,7 +507,7 @@
<org.wso2.identity.organization.mgt.imp.pkg.version.range>[1.0.0,2.0.0)
</org.wso2.identity.organization.mgt.imp.pkg.version.range>

<identity.organization.management.core.version>1.0.90</identity.organization.management.core.version>
<identity.organization.management.core.version>1.0.94</identity.organization.management.core.version>
<org.wso2.identity.organization.mgt.core.imp.pkg.version.range>[1.0.0,2.0.0)
</org.wso2.identity.organization.mgt.core.imp.pkg.version.range>

Expand Down

0 comments on commit 433d1b0

Please sign in to comment.