use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class GroupDAOImpl method batchProcessGroupNames.
private Map<String, String> batchProcessGroupNames(List<String> names, String tenantDomain, Connection connection) throws SQLException, IdentityRoleManagementException {
Map<String, String> groupNamesToIDs = new HashMap<>();
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String groupID;
for (String name : names) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_GROUP_ID_BY_NAME_SQL)) {
statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, name);
statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
int count = 0;
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
// Handle multiple matching groups.
count++;
if (count > 1) {
String errorMessage = "Invalid scenario. Multiple groups found for the given group name: " + name + " " + "and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
groupID = resultSet.getString(1);
groupNamesToIDs.put(name, groupID);
}
}
}
}
return groupNamesToIDs;
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method addRole.
@Override
public RoleBasicInfo addRole(String roleName, List<String> userList, List<String> groupList, List<String> permissions, String tenantDomain) throws IdentityRoleManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (log.isDebugEnabled()) {
log.debug("Creating the role: " + roleName + " in the tenantDomain: " + tenantDomain);
}
String primaryDomainName = IdentityUtil.getPrimaryDomainName();
if (primaryDomainName != null) {
primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
}
// Remove internal domain before persisting in order to maintain the backward compatibility.
roleName = removeInternalDomain(roleName);
String roleID;
if (!isExistingRoleName(roleName, tenantDomain)) {
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, ADD_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
statement.executeUpdate();
}
String databaseProductName = connection.getMetaData().getDatabaseProductName();
// Add users to the created role.
if (CollectionUtils.isNotEmpty(userList)) {
List<String> userNamesList = getUserNamesByIDs(userList, tenantDomain);
String addUsersSQL = ADD_USER_TO_ROLE_SQL;
if (MICROSOFT.equals(databaseProductName)) {
addUsersSQL = ADD_USER_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForUsers(roleName, userNamesList, tenantId, primaryDomainName, connection, addUsersSQL);
for (String username : userNamesList) {
clearUserRolesCache(username, tenantId);
}
}
// Add groups to the created role.
if (CollectionUtils.isNotEmpty(groupList)) {
Map<String, String> groupIdsToNames = getGroupNamesByIDs(groupList, tenantDomain);
List<String> groupNamesList = new ArrayList<>(groupIdsToNames.values());
String addGroupsSQL = ADD_GROUP_TO_ROLE_SQL;
if (MICROSOFT.equals(databaseProductName)) {
addGroupsSQL = ADD_GROUP_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForGroups(roleName, groupNamesList, tenantId, primaryDomainName, connection, addGroupsSQL);
}
// Add role ID.
roleID = addRoleID(roleName, tenantDomain);
// Add role permissions.
if (CollectionUtils.isNotEmpty(permissions)) {
setPermissions(roleID, permissions, tenantDomain, roleName);
}
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException | IdentityRoleManagementException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
String errorMessage = "Error while creating the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String errorMessage = "Error while creating the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} else {
throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role already exist for the role name: " + roleName);
}
return new RoleBasicInfo(roleID, roleName);
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMRoleManagerTest method testUpdateRoleUpdateRoleNameThrowingErrors.
@Test(dataProvider = "dataProviderForUpdateRoleUpdateRoleNameThrowingErrors", expectedExceptions = { ConflictException.class, NotFoundException.class, BadRequestException.class, CharonException.class })
public void testUpdateRoleUpdateRoleNameThrowingErrors(String roleId, String oldRoleName, String newRoleName, String tenantDomain, String sError) throws IdentityRoleManagementException, BadRequestException, CharonException, ConflictException, NotFoundException {
Role[] oldAndNewRoles = getOldAndNewRoleDummies(roleId, oldRoleName, newRoleName);
when(mockRoleManagementService.updateRoleName(anyString(), anyString(), anyString())).thenAnswer(invocationOnMock -> {
String newRoleNameArg = invocationOnMock.getArgumentAt(1, String.class);
String roleIdArg = invocationOnMock.getArgumentAt(0, String.class);
String tenantDomainArg = invocationOnMock.getArgumentAt(2, String.class);
if (EXISTING_ROLE_NAMES.contains(newRoleNameArg)) {
throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role name: " + newRoleNameArg + " is already there in the system. Please pick another role name.");
}
if (NON_EXISTING_ROLE_IDS.contains(roleIdArg)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleIdArg + " does not exist in the system.");
}
if (SYSTEM_ROLES.contains(oldRoleName)) {
throw new IdentityRoleManagementClientException(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + oldRoleName + " Cannot be renamed since it's a read only system role.");
}
Throwable unExpectedErrors = unExpectedErrorThrower(tenantDomainArg, sError, "Error while updating users to the role: %s in the tenantDomain: %s", roleIdArg);
if (unExpectedErrors != null)
throw unExpectedErrors;
return null;
});
SCIMRoleManager scimRoleManager = new SCIMRoleManager(mockRoleManagementService, tenantDomain);
scimRoleManager.updateRole(oldAndNewRoles[0], oldAndNewRoles[1]);
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMRoleManagerTest method testListRolesWithGETInvalidLimit.
@Test(dataProvider = "dataProviderForListRolesWithGETInvalidLimit")
public void testListRolesWithGETInvalidLimit(String nodeType, Integer count) throws IdentityRoleManagementException {
Node rootNode = generateNodeBasedOnNodeType(nodeType, null);
when(mockRoleManagementService.getRoles(anyInt(), anyInt(), anyString(), anyString(), anyString())).thenAnswer(invocationOnMock -> {
Integer countArg = invocationOnMock.getArgumentAt(0, Integer.class);
if (countArg != null && countArg < 0) {
String errorMessage = String.format("Invalid limit requested. Limit value should be " + "greater than or equal to zero. limit: %s", count);
throw new IdentityRoleManagementClientException(INVALID_LIMIT.getCode(), errorMessage);
}
return null;
});
when(mockRoleManagementService.getRoles(anyString(), anyInt(), anyInt(), anyString(), anyString(), anyString())).thenAnswer(invocationOnMock -> {
Integer countArg = invocationOnMock.getArgumentAt(1, Integer.class);
if (countArg != null && countArg < 0) {
String errorMessage = String.format("Invalid limit requested. Limit value should be " + "greater than or equal to zero. limit: %s", count);
throw new IdentityRoleManagementClientException(INVALID_LIMIT.getCode(), errorMessage);
}
return null;
});
SCIMRoleManager roleManager = new SCIMRoleManager(mockRoleManagementService, SAMPLE_TENANT_DOMAIN);
assertThrows(CharonException.class, () -> roleManager.listRolesWithGET(rootNode, 2, count, null, null));
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMRoleManagerTest method testUpdateRoleUpdateGroupListOfRoleThrowingErrors.
@Test(dataProvider = "dataProviderForUpdateRoleUpdateGroupListOfRoleThrowingErrors", expectedExceptions = { BadRequestException.class, CharonException.class })
public void testUpdateRoleUpdateGroupListOfRoleThrowingErrors(String roleId, String oldRoleName, String newRoleName, String tenantDomain, String type, String sError) throws IdentityRoleManagementException, BadRequestException, CharonException, ConflictException, NotFoundException {
RoleBasicInfo roleBasicInfo = new RoleBasicInfo(roleId, newRoleName);
Role[] oldAndNewRoles = getOldAndNewRoleDummies(roleId, oldRoleName, newRoleName, type);
when(mockRoleManagementService.updateRoleName(anyString(), anyString(), anyString())).thenReturn(roleBasicInfo);
when(mockRoleManagementService.updateGroupListOfRole(anyString(), anyListOf(String.class), anyListOf(String.class), anyString())).thenAnswer(invocationOnMock -> {
String roleIdArg = invocationOnMock.getArgumentAt(0, String.class);
String tenantDomainArg = invocationOnMock.getArgumentAt(3, String.class);
if (INVALID_ROLE_IDS.contains(roleIdArg)) {
String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleIdArg + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
Throwable unExpectedErrors = unExpectedErrorThrower(tenantDomainArg, sError, "Error while updating users to the role: %s in the tenantDomain: %s", roleIdArg);
if (unExpectedErrors != null)
throw unExpectedErrors;
return roleBasicInfo;
});
when(mockRoleManagementService.updateUserListOfRole(eq(roleId), anyListOf(String.class), anyListOf(String.class), anyString())).thenReturn(roleBasicInfo);
SCIMRoleManager scimRoleManager = new SCIMRoleManager(mockRoleManagementService, tenantDomain);
scimRoleManager.updateRole(oldAndNewRoles[0], oldAndNewRoles[1]);
}
Aggregations