Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle role extraction for a shared user in organization switching #5648

Merged
merged 1 commit into from
May 2, 2024
Merged

Handle role extraction for a shared user in organization switching #5648

merged 1 commit into from
May 2, 2024

Conversation

ShanChathusanda93
Copy link
Contributor

@ShanChathusanda93 ShanChathusanda93 commented Apr 21, 2024
edited
Loading

Proposed changes in this pull request

When should this PR be merged

@ShanChathusanda93 ShanChathusanda93 mentioned this pull request Apr 21, 2024
Merged
1 task
@ShanChathusanda93 ShanChathusanda93 force-pushed the shared-user-roles-groups-branch branch from a16711f to 37846e2 Compare April 21, 2024 18:02
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/8777597715

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/8777597715
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes Apr 22, 2024
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/8777597715

@ShanChathusanda93 ShanChathusanda93 force-pushed the shared-user-roles-groups-branch branch from 37846e2 to 165c054 Compare April 24, 2024 10:27
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/8922502779

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/8922502779
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes May 2, 2024
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/8922502779

@wso2 wso2 deleted a comment from jenkins-is-staging May 2, 2024
@wso2 wso2 deleted a comment from jenkins-is-staging May 2, 2024
@wso2 wso2 deleted a comment from jenkins-is-staging May 2, 2024
@wso2 wso2 deleted a comment from jenkins-is-staging May 2, 2024
@ShanChathusanda93 ShanChathusanda93 merged commit f670293 into wso2:master May 2, 2024
2 checks passed
sadilchamishka
sadilchamishka reviewed May 9, 2024
View reviewed changes
...plication/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.java
@@ -119,13 +122,60 @@ private String[] getAppAssociatedRolesForLocalUser(AuthenticatedUser authenticat
Set<String> userRoleIds = getAllRolesOfLocalUser(authenticatedUser);
List<RoleV2> rolesAssociatedWithApp = getRolesAssociatedWithApplication(applicationId,
authenticatedUser.getTenantDomain());
if (StringUtils.isNotEmpty(authenticatedUser.getSharedUserId())) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can check whether isOrganizatioSwitchUser()

...plication/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.java
Comment on lines +139 to +141
if (!isSharedUserAccessingSharedOrg(authenticatedUser)) {
return;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic looks redundant as we are invoking this method for organization switched users.

...plication/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.java
Comment on lines +418 to +424
private boolean isSharedUserAccessingSharedOrg(AuthenticatedUser authenticatedUser) {

return StringUtils.isNotEmpty(authenticatedUser.getUserSharedOrganizationId()) &&
StringUtils.isNotEmpty(authenticatedUser.getAccessingOrganization()) &&
StringUtils.equals(authenticatedUser.getUserSharedOrganizationId(),
authenticatedUser.getAccessingOrganization());
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove this and add a new method
isOrganizationSwitchedUser()
if resident & accessing org are not equal, it is an organization switching.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sadilchamishka sadilchamishka sadilchamishka left review comments

@AnuradhaSK AnuradhaSK AnuradhaSK approved these changes

@jenkins-is-staging jenkins-is-staging jenkins-is-staging approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ShanChathusanda93 @jenkins-is-staging @AnuradhaSK @sadilchamishka