Migrate Console Role Permissions #6352
Conversation
| List<Permission> deletedPermissions, String audience, String audienceId, | ||
| String tenantDomain) throws IdentityRoleManagementException { | ||
|
|
||
| if (APPLICATION.equals(audience)) { |
There was a problem hiding this comment.
Let's use same isConsoleRole(roleId, tenantDomain) method.
| public void postGetRole(Role role, String roleId, String tenantDomain) throws IdentityRoleManagementException { | ||
|
|
||
|
|
||
| if (isConsoleRole(roleId, tenantDomain)) { |
There was a problem hiding this comment.
Instead of using common method, let's write convenient logics.
if (!"CONSOLE".equals()role.getAudienceName() || !"application".equalsIgnoreCase(role.getAudience())) {
return;
}
| boolean isConsoleRole = false; | ||
| for (String roleId : roleIds) { | ||
| if (isConsoleRole(roleId, tenantDomain)) { | ||
| isConsoleRole = true; | ||
| break; | ||
| } | ||
| } |
There was a problem hiding this comment.
By looking at the permissions also we can decide a console role. A console role exist permissions starts with console: which is not allowed for the roles.
| List<Permission> systemPermissions = getSystemPermission(tenantDomain); | ||
| List<APIResourceCollection> apiResourceCollections = getAPIResourceCollections(tenantDomain); | ||
| List<Permission> consoleFeaturePermissions = getConsoleFeaturePermissions(rolePermissions); | ||
| if (!consoleFeaturePermissions.isEmpty()) { |
There was a problem hiding this comment.
What if we add scopes to an existing role (old role). Then its corresponding scopes will be saved console:abc:view, console:abc:edit.
When getting the scopes of the role, it will have new formatted scopes and old role related scopes. But the logic might skip for processing old roles related scopes.
| } | ||
| } | ||
|
|
||
| private List<Permission> getUpdatedPermissions(List<Permission> rolePermissions, String tenantDomain) |
There was a problem hiding this comment.
A Suggession to organize the code.
HashMap
console:app:edit -> { s1, s2....}
console:app:view - > {s1,..}
Iterate over collection: ex: console:app, console:idp,.....
1. if console:app:edit exist in permission list. // first iteration is console:app
Add all respective scopes.
Continue.
2. if console:app:view exist in permission list.
Add respective view scopes.
Continue.
// backward compatible logic.
x = Fetch previous console:app edit related scopes set.
3. if x contains in permission list
Add all respective scopes.
Continue.
4. Add respective view scopes.
There was a problem hiding this comment.
+1 this will improve the logic
…elopment iteration
…elopment iteration
…elopment iteration
…elopment iteration
…elopment iteration
…elopment iteration
…elopment iteration
|
|
close with this : #6372 |
Proposed changes in this pull request
$subject
Related Issues