diff --git a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java index cea60fdb0..37d6f32a5 100644 --- a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java +++ b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.java @@ -57,7 +57,6 @@ import java.security.SecureRandom; import java.sql.Timestamp; import java.time.Instant; -import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.Date; @@ -112,8 +111,6 @@ public class InvitationCoreServiceImpl implements InvitationCoreService { private static final Log LOG = LogFactory.getLog(InvitationCoreServiceImpl.class); private static final UserInvitationDAO userInvitationDAO = new UserInvitationDAOImpl(); - private RoleManagementService roleManagementService = UserInvitationMgtDataHolder.getInstance() - .getRoleManagementService(); @Override public Invitation createInvitation(Invitation invitation) throws UserInvitationMgtException { @@ -177,7 +174,9 @@ public Invitation createInvitation(Invitation invitation) throws UserInvitationM invitation.setEmail(emailClaim); invitation.setUserOrganizationId(parentOrgId); invitation.setStatus(STATUS_PENDING); - validateRoleAssignments(invitation, invitedUserId, invitedTenantDomain, parentTenantDomain); + if (ArrayUtils.isNotEmpty(invitation.getRoleAssignments())) { + validateRoleAssignments(invitation, invitedUserId, invitedTenantDomain, parentTenantDomain); + } invitation.setInvitationId(UUID.randomUUID().toString()); invitation.setConfirmationCode(UUID.randomUUID().toString()); userInvitationDAO.createInvitation(invitation); @@ -228,9 +227,9 @@ public boolean acceptInvitation(String confirmationCode) throws UserInvitationMg // Trigger event to add the role assignments if any available in the invitation. if (ArrayUtils.isNotEmpty(invitation.getRoleAssignments())) { for (RoleAssignments roleAssignments : invitation.getRoleAssignments()) { - if (roleManagementService.isExistingRole(roleAssignments.getRoleId(), + if (getRoleManagementService().isExistingRole(roleAssignments.getRoleId(), invitedTenantDomain)) { - roleManagementService.updateUserListOfRole(roleAssignments.getRoleId(), + getRoleManagementService().updateUserListOfRole(roleAssignments.getRoleId(), Collections.singletonList(associatedUserId), Collections.emptyList(), invitedTenantDomain); } else { @@ -516,13 +515,18 @@ private OrganizationManager getOrganizationManager() { return UserInvitationMgtDataHolder.getInstance().getOrganizationManagerService(); } + private RoleManagementService getRoleManagementService() { + + return UserInvitationMgtDataHolder.getInstance().getRoleManagementService(); + } + private void processingRoleAssignments(RoleAssignments[] roleAssignments, String invitedTenantId) throws UserInvitationMgtServerException { Role roleInfo; for (RoleAssignments roleAssignment : roleAssignments) { try { - roleInfo = roleManagementService.getRoleWithoutUsers(roleAssignment.getRoleId(), + roleInfo = getRoleManagementService().getRoleWithoutUsers(roleAssignment.getRoleId(), invitedTenantId); AudienceInfo audienceInfo = new AudienceInfo(); audienceInfo.setApplicationType(roleInfo.getAudience()); @@ -556,60 +560,47 @@ private void checkUserExistenceAtInvitedOrganization(String domainQualifiedUserN } } - private String getAudienceName(String roleId, String invitedTenantId) throws UserInvitationMgtServerException { + private boolean isConsoleAudienceAvailableInRole(Invitation invitation, String invitedTenantDomain) + throws IdentityRoleManagementException { - try { - Role roleInfo = roleManagementService.getRoleWithoutUsers(roleId, invitedTenantId); - if (roleInfo != null) { - return roleInfo.getAudienceName(); + for (RoleAssignments roleAssignments : invitation.getRoleAssignments()) { + Role roleInfo = getRoleManagementService() + .getRoleWithoutUsers(roleAssignments.getRole(), invitedTenantDomain); + if (roleInfo != null + && FrameworkConstants.Application.CONSOLE_APP.equals(roleInfo.getAudienceName())) { + return true; } - } catch (IdentityRoleManagementException e) { - throw new UserInvitationMgtServerException(ERROR_CODE_GET_ROLE_ASSIGNMENTS_BY_ROLE_ID.getCode(), - ERROR_CODE_GET_ROLE_ASSIGNMENTS_BY_ROLE_ID.getMessage(), - String.format(ERROR_CODE_GET_ROLE_ASSIGNMENTS_BY_ROLE_ID.getDescription(), roleId), e); } - return null; + return false; } private void validateRoleAssignments(Invitation invitation, String userId, String invitedTenantDomain, String parentTenantDomain) throws UserInvitationMgtException, IdentityRoleManagementException { - List audienceNameList = new ArrayList<>(); - - if (ArrayUtils.isNotEmpty(invitation.getRoleAssignments())) { - for (RoleAssignments roleAssignment : invitation.getRoleAssignments()) { - if (!roleManagementService.isExistingRole(roleAssignment.getRole(), invitedTenantDomain)) { - throw new UserInvitationMgtClientException(ERROR_CODE_INVALID_ROLE.getCode(), - ERROR_CODE_INVALID_ROLE.getMessage(), - String.format(ERROR_CODE_INVALID_ROLE.getDescription(), roleAssignment.getRole())); - } else { - String audienceName = - getAudienceName(roleAssignment.getRole(), invitedTenantDomain); - if (StringUtils.isNotEmpty(audienceName)) { - audienceNameList.add(audienceName); - } - } + for (RoleAssignments roleAssignment : invitation.getRoleAssignments()) { + if (!getRoleManagementService().isExistingRole(roleAssignment.getRole(), invitedTenantDomain)) { + throw new UserInvitationMgtClientException(ERROR_CODE_INVALID_ROLE.getCode(), + ERROR_CODE_INVALID_ROLE.getMessage(), + String.format(ERROR_CODE_INVALID_ROLE.getDescription(), roleAssignment.getRole())); } } - if (ArrayUtils.isNotEmpty(audienceNameList.toArray()) - && audienceNameList.contains(FrameworkConstants.Application.CONSOLE_APP)) { - if (!isInvitedUserHasConsoleAccess(userId, parentTenantDomain)) { - if (LOG.isDebugEnabled()) { - LOG.debug("The given role list for User: " + invitation.getUsername() + " doesn't contain" + - " the console access."); - } - throw new UserInvitationMgtClientException(ERROR_CODE_CONSOLE_ACCESS_RESTRICTED.getCode(), - ERROR_CODE_CONSOLE_ACCESS_RESTRICTED.getMessage(), - String.format(ERROR_CODE_CONSOLE_ACCESS_RESTRICTED.getDescription())); + if (!isConsoleAudienceAvailableInRole(invitation, invitedTenantDomain) && + !isInvitedUserHasConsoleAccess(userId, parentTenantDomain)) { + if (LOG.isDebugEnabled()) { + LOG.debug("The user: " + invitation.getUsername() + " is not having" + + " the console access."); } + throw new UserInvitationMgtClientException(ERROR_CODE_CONSOLE_ACCESS_RESTRICTED.getCode(), + ERROR_CODE_CONSOLE_ACCESS_RESTRICTED.getMessage(), + String.format(ERROR_CODE_CONSOLE_ACCESS_RESTRICTED.getDescription())); } } private boolean isInvitedUserHasConsoleAccess(String userId, String tenantDomain) throws IdentityRoleManagementException { - List roleList = roleManagementService.getRoleListOfUser(userId, tenantDomain); + List roleList = getRoleManagementService().getRoleListOfUser(userId, tenantDomain); return roleList.stream().anyMatch(p -> FrameworkConstants.Application.CONSOLE_APP.equals(p.getAudienceName())); } diff --git a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/constant/UserInvitationMgtConstants.java b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/constant/UserInvitationMgtConstants.java index 0c4d00ac3..67701e7e7 100644 --- a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/constant/UserInvitationMgtConstants.java +++ b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/main/java/org/wso2/carbon/identity/organization/user/invitation/management/constant/UserInvitationMgtConstants.java @@ -127,7 +127,7 @@ public enum ErrorMessage { "Failed to resolve the email of the invited user.", "Could not find the email of the invited user %s."), ERROR_CODE_CONSOLE_ACCESS_RESTRICTED("10031", - "The provided role list doesn't contain console access.", + "The console access is restricted to the user.", "Could not find any role with a console access to create an invitation."), // DAO layer errors diff --git a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/test/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImplTest.java b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/test/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImplTest.java index 682c3f8d8..44f40d63e 100644 --- a/components/org.wso2.carbon.identity.organization.user.invitation.management/src/test/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImplTest.java +++ b/components/org.wso2.carbon.identity.organization.user.invitation.management/src/test/java/org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImplTest.java @@ -38,6 +38,8 @@ import org.wso2.carbon.identity.organization.user.invitation.management.models.Invitation; import org.wso2.carbon.identity.organization.user.invitation.management.models.RoleAssignments; import org.wso2.carbon.identity.organization.user.invitation.management.util.TestUtils; +import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; +import org.wso2.carbon.identity.role.v2.mgt.core.model.Role; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.core.common.AbstractUserStoreManager; import org.wso2.carbon.user.core.service.RealmService; @@ -79,6 +81,7 @@ import static org.wso2.carbon.identity.organization.user.invitation.management.util.TestUtils.getConnection; @PrepareForTest({PrivilegedCarbonContext.class, + RoleManagementService.class, IdentityDatabaseUtil.class, UserInvitationMgtDataHolder.class, IdentityTenantUtil.class, @@ -88,7 +91,7 @@ public class InvitationCoreServiceImplTest extends PowerMockTestCase { private final UserInvitationDAO userInvitationDAO = new UserInvitationDAOImpl(); private InvitationCoreServiceImpl invitationCoreService; - + private final String [] roleList = {"1224", "12345"}; @BeforeClass public void setUp() throws Exception { @@ -110,16 +113,24 @@ public void setUp() throws Exception { Invitation invitation2 = buildInvitation(INV_02_INVITATION_ID, INV_02_CONF_CODE, INV_02_UN, "DEFAULT", INV_02_EMAIL, "https://localhost:8080/travel-manager-001/invitations/accept", INV_02_USER_ORG_ID, INV_02_INV_ORG_ID, null, "PENDING"); - - RoleAssignments roleAssignments2 = buildRoleAssignments("1e174bbd-19fa-4449-b8e7-5fabe6f3dab7", - new String[]{"1224", "12345"}); + RoleAssignments roleAssignments2 = buildRoleAssignments(roleList); Invitation invitation3 = buildInvitation(INV_03_INVITATION_ID, INV_03_CONF_CODE, INV_03_UN, "DEFAULT", INV_03_EMAIL, "https://localhost:8080/travel-manager-001/invitations/accept", INV_03_USER_ORG_ID, INV_03_INV_ORG_ID, new RoleAssignments[]{roleAssignments2}, "PENDING"); populateH2Base(connection1, invitation1); populateH2Base(connection2, invitation2); -// populateH2Base(connection3, invitation3); + populateH2Base(connection3, invitation3); + } + + private Role buildRoleInfo() { + + Role roleInfo = new Role(); + roleInfo.setAudience("application"); + roleInfo.setAudienceId("98765"); + roleInfo.setAudienceName("Console"); + roleInfo.setName("testApp"); + return roleInfo; } @AfterClass @@ -137,24 +148,27 @@ public Object[][] getInvitationFilter() { }; } -// @Test(priority = 1) -// public void testGetInvitation() throws Exception { -// -// when(IdentityDatabaseUtil.getDBConnection(anyBoolean())).thenReturn(getConnection()); -// List invitationList = invitationCoreService.getInvitations(null); -// // Checking whether the size of the Invitation list is not empty. -// assertFalse(invitationList.isEmpty()); -// -// Invitation invitation0 = invitationList.get(0); -// assertEquals(invitation0.getInvitationId(), INV_02_INVITATION_ID); -// assertEquals(invitation0.getConfirmationCode(), INV_02_CONF_CODE); -// assertEquals(invitation0.getUsername(), INV_02_UN); -// -// Invitation invitation1 = invitationList.get(1); -// assertEquals(invitation1.getInvitationId(), INV_03_INVITATION_ID); -// assertEquals(invitation1.getConfirmationCode(), INV_03_CONF_CODE); -// assertEquals(invitation1.getUsername(), INV_03_UN); -// } + @Test(priority = 1) + public void testGetInvitation() throws Exception { + + when(IdentityDatabaseUtil.getDBConnection(anyBoolean())).thenReturn(getConnection()); + RoleManagementService roleManagementService = mock(RoleManagementService.class); + UserInvitationMgtDataHolder.getInstance().setRoleManagementService(roleManagementService); + when(roleManagementService.getRoleWithoutUsers(anyString(), anyString())).thenReturn(buildRoleInfo()); + List invitationList = invitationCoreService.getInvitations(null); + // Checking whether the size of the Invitation list is not empty. + assertFalse(invitationList.isEmpty()); + + Invitation invitation0 = invitationList.get(0); + assertEquals(invitation0.getInvitationId(), INV_02_INVITATION_ID); + assertEquals(invitation0.getConfirmationCode(), INV_02_CONF_CODE); + assertEquals(invitation0.getUsername(), INV_02_UN); + + Invitation invitation1 = invitationList.get(1); + assertEquals(invitation1.getInvitationId(), INV_03_INVITATION_ID); + assertEquals(invitation1.getConfirmationCode(), INV_03_CONF_CODE); + assertEquals(invitation1.getUsername(), INV_03_UN); + } @Test(priority = 2) public void testIntrospectInvitation() throws Exception { @@ -278,6 +292,13 @@ private void populateH2Base(Connection connection, Invitation invitation) throws when(IdentityDatabaseUtil.getDBConnection(anyBoolean())).thenReturn(connection); when(IdentityUtil.getProperty(anyString())).thenReturn("1440"); + if (invitation.getRoleAssignments() != null) { + for (RoleAssignments roleAssignments : invitation.getRoleAssignments()) { + for (String role : roleList) { + roleAssignments.setRole(role); + } + } + } userInvitationDAO.createInvitation(invitation); } @@ -310,10 +331,9 @@ private Invitation buildInvitation(String invitationId, String confirmationCode, return invitation; } - private RoleAssignments buildRoleAssignments(String applicationId, String[] roles) { + private RoleAssignments buildRoleAssignments(String[] roles) { RoleAssignments roleAssignments = new RoleAssignments(); - roleAssignments.setApplicationId(applicationId); roleAssignments.setRoles(roles); return roleAssignments; }