Search in sources :

Example 6 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method getPermissionListOfRole.

@Override
public List<String> getPermissionListOfRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String roleName = appendInternalDomain(getRoleNameByID(roleID, tenantDomain));
    try {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        carbonContext.setTenantDomain(tenantDomain);
        carbonContext.setTenantId(tenantId);
        return getSelectedPermissions(getUserAdminProxy().getRolePermissions(roleName, tenantId));
    } catch (UserAdminException e) {
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "An error occurred when retrieving permissions of role : " + roleID, e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}
Also used : IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException)

Example 7 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method validateUserRemovalFromRole.

private void validateUserRemovalFromRole(List<String> deletedUserNamesList, String roleName, String tenantDomain) throws IdentityRoleManagementException {
    if (!IdentityUtil.isSystemRolesEnabled() || deletedUserNamesList.isEmpty()) {
        return;
    }
    try {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
        String adminUserName = userRealm.getRealmConfiguration().getAdminUserName();
        org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) userRealm.getUserStoreManager();
        boolean isUseCaseSensitiveUsernameForCacheKeys = IdentityUtil.isUseCaseSensitiveUsernameForCacheKeys(userStoreManager);
        // Only the tenant owner can remove users from Administrator role.
        if (RoleConstants.ADMINISTRATOR.equalsIgnoreCase(roleName)) {
            if ((isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equals(username, adminUserName)) || (!isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equalsIgnoreCase(username, adminUserName))) {
                String errorMessage = "Invalid operation. Only the tenant owner can remove users from the role: %s";
                throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
            } else {
                // Tenant owner cannot be removed from Administrator role.
                if (deletedUserNamesList.contains(adminUserName)) {
                    String errorMessage = "Invalid operation. Tenant owner cannot be removed from the role: %s";
                    throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
                }
            }
        }
    } catch (UserStoreException e) {
        String errorMessage = "Error while validating user removal from the role: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
    }
}
Also used : AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) UserRealm(org.wso2.carbon.user.api.UserRealm) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 8 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method deleteGroup.

@Override
public void deleteGroup(String groupID, String tenantDomain) throws IdentityRoleManagementException {
    String groupName = getGroupNameByID(groupID, tenantDomain);
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String primaryDomainName = IdentityUtil.getPrimaryDomainName();
    if (primaryDomainName != null) {
        primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
    }
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_GROUP_SQL, RoleTableColumns.UM_ID)) {
            // Add domain if not set.
            groupName = UserCoreUtil.addDomainToName(groupName, primaryDomainName);
            // Get domain from name.
            String domainName = UserCoreUtil.extractDomainFromName(groupName);
            if (domainName != null) {
                domainName = domainName.toUpperCase(Locale.ENGLISH);
            }
            String nameWithoutDomain = UserCoreUtil.removeDomainFromName(groupName);
            statement.setString(RoleTableColumns.UM_GROUP_NAME, nameWithoutDomain);
            statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
            statement.setString(RoleTableColumns.UM_DOMAIN_NAME, domainName);
            statement.executeUpdate();
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String errorMessage = "Error while removing the group: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, groupName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String errorMessage = "Error while removing the group: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, groupName, tenantDomain), e);
    }
    clearUserRolesCacheByTenant(tenantId);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection)

Example 9 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method updateUserListOfRole.

@Override
public RoleBasicInfo updateUserListOfRole(String roleID, List<String> newUserIDList, List<String> deletedUserIDList, String tenantDomain) throws IdentityRoleManagementException {
    if (!isExistingRoleID(roleID, tenantDomain)) {
        throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
    }
    String roleName = getRoleNameByID(roleID, tenantDomain);
    if (CollectionUtils.isEmpty(newUserIDList) && CollectionUtils.isEmpty(deletedUserIDList)) {
        if (log.isDebugEnabled()) {
            log.debug("User lists are empty.");
        }
        return new RoleBasicInfo(roleID, roleName);
    }
    String primaryDomainName = IdentityUtil.getPrimaryDomainName();
    if (primaryDomainName != null) {
        primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
    }
    List<String> newUserNamesList = getUserNamesByIDs(newUserIDList, tenantDomain);
    List<String> deletedUserNamesList = getUserNamesByIDs(deletedUserIDList, tenantDomain);
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    // Validate the user removal operation based on the default system roles.
    validateUserRemovalFromRole(deletedUserNamesList, roleName, tenantDomain);
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try {
            // Add new users to the role.
            String addUsersSQL = ADD_USER_TO_ROLE_SQL;
            String databaseProductName = connection.getMetaData().getDatabaseProductName();
            if (MICROSOFT.equals(databaseProductName)) {
                addUsersSQL = ADD_USER_TO_ROLE_SQL_MSSQL;
            }
            processBatchUpdateForUsers(roleName, newUserNamesList, tenantId, primaryDomainName, connection, addUsersSQL);
            // Delete existing users from the role.
            processBatchUpdateForUsers(roleName, deletedUserNamesList, tenantId, primaryDomainName, connection, REMOVE_USER_FROM_ROLE_SQL);
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String errorMessage = "Error while updating users to the role: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String errorMessage = "Error while updating users to the role: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
    }
    if (CollectionUtils.isNotEmpty(deletedUserNamesList)) {
        for (String username : deletedUserNamesList) {
            clearUserRolesCache(username, tenantId);
        }
    }
    if (CollectionUtils.isNotEmpty(newUserNamesList)) {
        for (String username : newUserNamesList) {
            clearUserRolesCache(username, tenantId);
        }
    }
    return new RoleBasicInfo(roleID, roleName);
}
Also used : SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)

Example 10 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method deleteSCIMRole.

protected void deleteSCIMRole(String roleName, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    // Append internal domain in order to maintain the backward compatibility.
    roleName = appendInternalDomain(roleName);
    if (log.isDebugEnabled()) {
        log.debug("Deleting the role: " + roleName + " for the role: " + roleName + " in the tenantDomain: " + tenantDomain);
    }
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_SCIM_ROLE_SQL)) {
            statement.setInt(RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleTableColumns.ROLE_NAME, roleName);
            statement.executeUpdate();
            IdentityDatabaseUtil.commitTransaction(connection);
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollbackTransaction(connection);
            String errorMessage = "Error while deleting the the role: %s for the role: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String errorMessage = "Error while deleting the the role: %s for the role: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, roleName, tenantDomain), e);
    }
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection)

Aggregations

IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)29 IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)23 RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)22 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)20 Test (org.testng.annotations.Test)20 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)20 Connection (java.sql.Connection)19 SQLException (java.sql.SQLException)19 Matchers.anyString (org.mockito.Matchers.anyString)14 IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)14 Role (org.wso2.charon3.core.objects.Role)13 ResultSet (java.sql.ResultSet)12 RoleManagementEventPublisherProxy (org.wso2.carbon.identity.role.mgt.core.RoleManagementEventPublisherProxy)11 ArrayList (java.util.ArrayList)9 CharonException (org.wso2.charon3.core.exceptions.CharonException)8 ExpressionNode (org.wso2.charon3.core.utils.codeutils.ExpressionNode)8 Node (org.wso2.charon3.core.utils.codeutils.Node)8 OperationNode (org.wso2.charon3.core.utils.codeutils.OperationNode)8 UserStoreException (org.wso2.carbon.user.api.UserStoreException)6 BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)6