Search in sources :

Example 6 with IdentityRoleManagementClientException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.

the class GroupDAOImpl method batchProcessGroupNames.

private Map<String, String> batchProcessGroupNames(List<String> names, String tenantDomain, Connection connection) throws SQLException, IdentityRoleManagementException {
    Map<String, String> groupNamesToIDs = new HashMap<>();
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String groupID;
    for (String name : names) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_GROUP_ID_BY_NAME_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, name);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching groups.
                    count++;
                    if (count > 1) {
                        String errorMessage = "Invalid scenario. Multiple groups found for the given group name: " + name + " " + "and tenantDomain: " + tenantDomain;
                        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
                    }
                    groupID = resultSet.getString(1);
                    groupNamesToIDs.put(name, groupID);
                }
            }
        }
    }
    return groupNamesToIDs;
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) HashMap(java.util.HashMap) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 7 with IdentityRoleManagementClientException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method addRole.

@Override
public RoleBasicInfo addRole(String roleName, List<String> userList, List<String> groupList, List<String> permissions, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    if (log.isDebugEnabled()) {
        log.debug("Creating the role: " + roleName + " in the tenantDomain: " + tenantDomain);
    }
    String primaryDomainName = IdentityUtil.getPrimaryDomainName();
    if (primaryDomainName != null) {
        primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
    }
    // Remove internal domain before persisting in order to maintain the backward compatibility.
    roleName = removeInternalDomain(roleName);
    String roleID;
    if (!isExistingRoleName(roleName, tenantDomain)) {
        try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
            try {
                try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, ADD_ROLE_SQL, RoleTableColumns.UM_ID)) {
                    statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
                    statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
                    statement.executeUpdate();
                }
                String databaseProductName = connection.getMetaData().getDatabaseProductName();
                // Add users to the created role.
                if (CollectionUtils.isNotEmpty(userList)) {
                    List<String> userNamesList = getUserNamesByIDs(userList, tenantDomain);
                    String addUsersSQL = ADD_USER_TO_ROLE_SQL;
                    if (MICROSOFT.equals(databaseProductName)) {
                        addUsersSQL = ADD_USER_TO_ROLE_SQL_MSSQL;
                    }
                    processBatchUpdateForUsers(roleName, userNamesList, tenantId, primaryDomainName, connection, addUsersSQL);
                    for (String username : userNamesList) {
                        clearUserRolesCache(username, tenantId);
                    }
                }
                // Add groups to the created role.
                if (CollectionUtils.isNotEmpty(groupList)) {
                    Map<String, String> groupIdsToNames = getGroupNamesByIDs(groupList, tenantDomain);
                    List<String> groupNamesList = new ArrayList<>(groupIdsToNames.values());
                    String addGroupsSQL = ADD_GROUP_TO_ROLE_SQL;
                    if (MICROSOFT.equals(databaseProductName)) {
                        addGroupsSQL = ADD_GROUP_TO_ROLE_SQL_MSSQL;
                    }
                    processBatchUpdateForGroups(roleName, groupNamesList, tenantId, primaryDomainName, connection, addGroupsSQL);
                }
                // Add role ID.
                roleID = addRoleID(roleName, tenantDomain);
                // Add role permissions.
                if (CollectionUtils.isNotEmpty(permissions)) {
                    setPermissions(roleID, permissions, tenantDomain, roleName);
                }
                IdentityDatabaseUtil.commitUserDBTransaction(connection);
            } catch (SQLException | IdentityRoleManagementException e) {
                IdentityDatabaseUtil.rollbackTransaction(connection);
                String errorMessage = "Error while creating the role: %s in the tenantDomain: %s";
                throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
            }
        } catch (SQLException e) {
            String errorMessage = "Error while creating the role: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
        }
    } else {
        throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role already exist for the role name: " + roleName);
    }
    return new RoleBasicInfo(roleID, roleName);
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) ArrayList(java.util.ArrayList) NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)

Example 8 with IdentityRoleManagementClientException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMRoleManagerTest method testUpdateRoleUpdateRoleNameThrowingErrors.

@Test(dataProvider = "dataProviderForUpdateRoleUpdateRoleNameThrowingErrors", expectedExceptions = { ConflictException.class, NotFoundException.class, BadRequestException.class, CharonException.class })
public void testUpdateRoleUpdateRoleNameThrowingErrors(String roleId, String oldRoleName, String newRoleName, String tenantDomain, String sError) throws IdentityRoleManagementException, BadRequestException, CharonException, ConflictException, NotFoundException {
    Role[] oldAndNewRoles = getOldAndNewRoleDummies(roleId, oldRoleName, newRoleName);
    when(mockRoleManagementService.updateRoleName(anyString(), anyString(), anyString())).thenAnswer(invocationOnMock -> {
        String newRoleNameArg = invocationOnMock.getArgumentAt(1, String.class);
        String roleIdArg = invocationOnMock.getArgumentAt(0, String.class);
        String tenantDomainArg = invocationOnMock.getArgumentAt(2, String.class);
        if (EXISTING_ROLE_NAMES.contains(newRoleNameArg)) {
            throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role name: " + newRoleNameArg + " is already there in the system. Please pick another role name.");
        }
        if (NON_EXISTING_ROLE_IDS.contains(roleIdArg)) {
            throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleIdArg + " does not exist in the system.");
        }
        if (SYSTEM_ROLES.contains(oldRoleName)) {
            throw new IdentityRoleManagementClientException(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + oldRoleName + " Cannot be renamed since it's a read only system role.");
        }
        Throwable unExpectedErrors = unExpectedErrorThrower(tenantDomainArg, sError, "Error while updating users to the role: %s in the tenantDomain: %s", roleIdArg);
        if (unExpectedErrors != null)
            throw unExpectedErrors;
        return null;
    });
    SCIMRoleManager scimRoleManager = new SCIMRoleManager(mockRoleManagementService, tenantDomain);
    scimRoleManager.updateRole(oldAndNewRoles[0], oldAndNewRoles[1]);
}
Also used : Role(org.wso2.charon3.core.objects.Role) Matchers.anyString(org.mockito.Matchers.anyString) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 9 with IdentityRoleManagementClientException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMRoleManagerTest method testListRolesWithGETInvalidLimit.

@Test(dataProvider = "dataProviderForListRolesWithGETInvalidLimit")
public void testListRolesWithGETInvalidLimit(String nodeType, Integer count) throws IdentityRoleManagementException {
    Node rootNode = generateNodeBasedOnNodeType(nodeType, null);
    when(mockRoleManagementService.getRoles(anyInt(), anyInt(), anyString(), anyString(), anyString())).thenAnswer(invocationOnMock -> {
        Integer countArg = invocationOnMock.getArgumentAt(0, Integer.class);
        if (countArg != null && countArg < 0) {
            String errorMessage = String.format("Invalid limit requested. Limit value should be " + "greater than or equal to zero. limit: %s", count);
            throw new IdentityRoleManagementClientException(INVALID_LIMIT.getCode(), errorMessage);
        }
        return null;
    });
    when(mockRoleManagementService.getRoles(anyString(), anyInt(), anyInt(), anyString(), anyString(), anyString())).thenAnswer(invocationOnMock -> {
        Integer countArg = invocationOnMock.getArgumentAt(1, Integer.class);
        if (countArg != null && countArg < 0) {
            String errorMessage = String.format("Invalid limit requested. Limit value should be " + "greater than or equal to zero. limit: %s", count);
            throw new IdentityRoleManagementClientException(INVALID_LIMIT.getCode(), errorMessage);
        }
        return null;
    });
    SCIMRoleManager roleManager = new SCIMRoleManager(mockRoleManagementService, SAMPLE_TENANT_DOMAIN);
    assertThrows(CharonException.class, () -> roleManager.listRolesWithGET(rootNode, 2, count, null, null));
}
Also used : OperationNode(org.wso2.charon3.core.utils.codeutils.OperationNode) ExpressionNode(org.wso2.charon3.core.utils.codeutils.ExpressionNode) Node(org.wso2.charon3.core.utils.codeutils.Node) Matchers.anyString(org.mockito.Matchers.anyString) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 10 with IdentityRoleManagementClientException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMRoleManagerTest method testUpdateRoleUpdateGroupListOfRoleThrowingErrors.

@Test(dataProvider = "dataProviderForUpdateRoleUpdateGroupListOfRoleThrowingErrors", expectedExceptions = { BadRequestException.class, CharonException.class })
public void testUpdateRoleUpdateGroupListOfRoleThrowingErrors(String roleId, String oldRoleName, String newRoleName, String tenantDomain, String type, String sError) throws IdentityRoleManagementException, BadRequestException, CharonException, ConflictException, NotFoundException {
    RoleBasicInfo roleBasicInfo = new RoleBasicInfo(roleId, newRoleName);
    Role[] oldAndNewRoles = getOldAndNewRoleDummies(roleId, oldRoleName, newRoleName, type);
    when(mockRoleManagementService.updateRoleName(anyString(), anyString(), anyString())).thenReturn(roleBasicInfo);
    when(mockRoleManagementService.updateGroupListOfRole(anyString(), anyListOf(String.class), anyListOf(String.class), anyString())).thenAnswer(invocationOnMock -> {
        String roleIdArg = invocationOnMock.getArgumentAt(0, String.class);
        String tenantDomainArg = invocationOnMock.getArgumentAt(3, String.class);
        if (INVALID_ROLE_IDS.contains(roleIdArg)) {
            String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleIdArg + " and tenantDomain: " + tenantDomain;
            throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
        }
        Throwable unExpectedErrors = unExpectedErrorThrower(tenantDomainArg, sError, "Error while updating users to the role: %s in the tenantDomain: %s", roleIdArg);
        if (unExpectedErrors != null)
            throw unExpectedErrors;
        return roleBasicInfo;
    });
    when(mockRoleManagementService.updateUserListOfRole(eq(roleId), anyListOf(String.class), anyListOf(String.class), anyString())).thenReturn(roleBasicInfo);
    SCIMRoleManager scimRoleManager = new SCIMRoleManager(mockRoleManagementService, tenantDomain);
    scimRoleManager.updateRole(oldAndNewRoles[0], oldAndNewRoles[1]);
}
Also used : Role(org.wso2.charon3.core.objects.Role) Matchers.anyString(org.mockito.Matchers.anyString) RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)29 IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)13 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)12 Connection (java.sql.Connection)11 SQLException (java.sql.SQLException)11 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)10 Test (org.testng.annotations.Test)10 ResultSet (java.sql.ResultSet)9 Matchers.anyString (org.mockito.Matchers.anyString)9 RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)8 UserRealm (org.wso2.carbon.user.api.UserRealm)5 UserStoreException (org.wso2.carbon.user.api.UserStoreException)5 Role (org.wso2.charon3.core.objects.Role)5 ArrayList (java.util.ArrayList)4 ExpressionNode (org.wso2.charon3.core.utils.codeutils.ExpressionNode)4 Node (org.wso2.charon3.core.utils.codeutils.Node)4 OperationNode (org.wso2.charon3.core.utils.codeutils.OperationNode)4 HashMap (java.util.HashMap)3 IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)3 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3