Example 96 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class RoleDAOImpl method validateUserRemovalFromRole.
private void validateUserRemovalFromRole(List<String> deletedUserNamesList, String roleName, String tenantDomain) throws IdentityRoleManagementException {
if (!IdentityUtil.isSystemRolesEnabled() || deletedUserNamesList.isEmpty()) {
return;
}
try {
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
String adminUserName = userRealm.getRealmConfiguration().getAdminUserName();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) userRealm.getUserStoreManager();
boolean isUseCaseSensitiveUsernameForCacheKeys = IdentityUtil.isUseCaseSensitiveUsernameForCacheKeys(userStoreManager);
// Only the tenant owner can remove users from Administrator role.
if (RoleConstants.ADMINISTRATOR.equalsIgnoreCase(roleName)) {
if ((isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equals(username, adminUserName)) || (!isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equalsIgnoreCase(username, adminUserName))) {
String errorMessage = "Invalid operation. Only the tenant owner can remove users from the role: %s";
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
} else {
// Tenant owner cannot be removed from Administrator role.
if (deletedUserNamesList.contains(adminUserName)) {
String errorMessage = "Invalid operation. Tenant owner cannot be removed from the role: %s";
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
}
}
}
} catch (UserStoreException e) {
String errorMessage = "Error while validating user removal from the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
}
Also used :
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
UserRealm(org.wso2.carbon.user.api.UserRealm)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
Example 97 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class RoleDAOImpl method updateUserListOfRole.
@Override
public RoleBasicInfo updateUserListOfRole(String roleID, List<String> newUserIDList, List<String> deletedUserIDList, String tenantDomain) throws IdentityRoleManagementException {
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
String roleName = getRoleNameByID(roleID, tenantDomain);
if (CollectionUtils.isEmpty(newUserIDList) && CollectionUtils.isEmpty(deletedUserIDList)) {
if (log.isDebugEnabled()) {
log.debug("User lists are empty.");
}
return new RoleBasicInfo(roleID, roleName);
}
String primaryDomainName = IdentityUtil.getPrimaryDomainName();
if (primaryDomainName != null) {
primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
}
List<String> newUserNamesList = getUserNamesByIDs(newUserIDList, tenantDomain);
List<String> deletedUserNamesList = getUserNamesByIDs(deletedUserIDList, tenantDomain);
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
// Validate the user removal operation based on the default system roles.
validateUserRemovalFromRole(deletedUserNamesList, roleName, tenantDomain);
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
// Add new users to the role.
String addUsersSQL = ADD_USER_TO_ROLE_SQL;
String databaseProductName = connection.getMetaData().getDatabaseProductName();
if (MICROSOFT.equals(databaseProductName)) {
addUsersSQL = ADD_USER_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForUsers(roleName, newUserNamesList, tenantId, primaryDomainName, connection, addUsersSQL);
// Delete existing users from the role.
processBatchUpdateForUsers(roleName, deletedUserNamesList, tenantId, primaryDomainName, connection, REMOVE_USER_FROM_ROLE_SQL);
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
String errorMessage = "Error while updating users to the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String errorMessage = "Error while updating users to the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
if (CollectionUtils.isNotEmpty(deletedUserNamesList)) {
for (String username : deletedUserNamesList) {
clearUserRolesCache(username, tenantId);
}
}
if (CollectionUtils.isNotEmpty(newUserNamesList)) {
for (String username : newUserNamesList) {
clearUserRolesCache(username, tenantId);
}
}
return new RoleBasicInfo(roleID, roleName);
}
Also used :
SQLException(java.sql.SQLException)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
Connection(java.sql.Connection)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)
Example 98 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class RoleDAOImpl method deleteSCIMRole.
protected void deleteSCIMRole(String roleName, String tenantDomain) throws IdentityRoleManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
// Append internal domain in order to maintain the backward compatibility.
roleName = appendInternalDomain(roleName);
if (log.isDebugEnabled()) {
log.debug("Deleting the role: " + roleName + " for the role: " + roleName + " in the tenantDomain: " + tenantDomain);
}
try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_SCIM_ROLE_SQL)) {
statement.setInt(RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleTableColumns.ROLE_NAME, roleName);
statement.executeUpdate();
IdentityDatabaseUtil.commitTransaction(connection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
String errorMessage = "Error while deleting the the role: %s for the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String errorMessage = "Error while deleting the the role: %s for the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, roleName, tenantDomain), e);
}
}
Also used :
NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)
SQLException(java.sql.SQLException)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
Connection(java.sql.Connection)
Example 99 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class RoleManagementServiceImpl method deleteRole.
@Override
public void deleteRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
roleManagementEventPublisherProxy.publishPreDeleteRole(roleID, tenantDomain);
roleDAO.deleteRole(roleID, tenantDomain);
roleManagementEventPublisherProxy.publishPostDeleteRole(roleID, tenantDomain);
if (log.isDebugEnabled()) {
log.debug(String.format("%s deleted role of id : %s successfully.", getUser(tenantDomain), roleID));
}
audit.info(String.format(auditMessage, getUser(tenantDomain), "Delete role by id", roleID, getAuditData(tenantDomain), success));
}
Also used :
RoleManagementEventPublisherProxy(org.wso2.carbon.identity.role.mgt.core.RoleManagementEventPublisherProxy)
Example 100 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class RoleManagementServiceImpl method updateRoleName.
@Override
public RoleBasicInfo updateRoleName(String roleID, String newRoleName, String tenantDomain) throws IdentityRoleManagementException {
RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
roleManagementEventPublisherProxy.publishPreUpdateRoleName(roleID, newRoleName, tenantDomain);
RoleBasicInfo roleBasicInfo = roleDAO.updateRoleName(roleID, newRoleName, tenantDomain);
roleManagementEventPublisherProxy.publishPostUpdateRoleName(roleID, newRoleName, tenantDomain);
if (log.isDebugEnabled()) {
log.debug(String.format("%s updated role name of role id : %s successfully.", getUser(tenantDomain), roleID));
}
audit.info(String.format(auditMessage, getUser(tenantDomain), "Update role name by ID", roleID, getAuditData(tenantDomain, newRoleName), success));
return roleBasicInfo;
}
Also used :
RoleManagementEventPublisherProxy(org.wso2.carbon.identity.role.mgt.core.RoleManagementEventPublisherProxy)
RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)
Aggregations
Test (org.testng.annotations.Test)85
ArrayList (java.util.ArrayList)74
UserStoreException (org.wso2.carbon.user.api.UserStoreException)56
HashMap (java.util.HashMap)52
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)42
Connection (java.sql.Connection)36
SQLException (java.sql.SQLException)34
Role (org.wso2.charon3.core.objects.Role)33
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)31
CharonException (org.wso2.charon3.core.exceptions.CharonException)29
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)26
PreparedStatement (java.sql.PreparedStatement)25
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)24
RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)24
ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)23
HashSet (java.util.HashSet)20
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)20
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)19
IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)19
Matchers.anyString (org.mockito.Matchers.anyString)18
