Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict specific claim management endpoints for sub-organizations #498

Merged
merged 1 commit into from
Oct 9, 2023
Merged

Restrict specific claim management endpoints for sub-organizations #498

merged 1 commit into from
Oct 9, 2023

Conversation

ChanikaRuchini
Copy link
Contributor

@ChanikaRuchini ChanikaRuchini commented Oct 6, 2023
edited
Loading

Purpose

Restricted the following claim management endpoints for sub organizations.

  • Add local claim
  • Update local claim
  • Delete local claim
  • Add external claim
  • Update external claim
  • Delete external claim
  • Add claim dialect
  • update claim dialect
  • Delete claim dialect

Related issue

sadilchamishka
sadilchamishka reviewed Oct 6, 2023
View reviewed changes
...2/carbon/identity/rest/api/server/claim/management/v1/core/ServerClaimManagementService.java

String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
try {
String organizationId = getOrganizationManager().resolveOrganizationId(tenantDomain);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can use PrivilegedCarbonContext.getThreadLocalCarbonContext().getOrganizationId()

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In case the API is accessed via /t/ path, PrivilegedCarbonContext.getThreadLocalCarbonContext().getOrganizationId() will not set.
So if org id not found need to resolve through tenant domain again

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, ideally sub-orgs resources are meant to be accessed with /o/ paths. In case it was accessed with /t/ path, the mentioned concern is there. But we can first fetch orgId from carbon context, if not available resolve from tenant-domain.

Anyways, with future improvements for sub-organization resources will be accessed with /t/ with organization bound token. In such case, organizationId will be populated in the context and won't be null.

@ChanikaRuchini ChanikaRuchini force-pushed the upstream/claim-management branch 2 times, most recently from 0835f57 to 2d66920 Compare October 6, 2023 17:21
AnuradhaSK
AnuradhaSK previously approved these changes Oct 6, 2023
View reviewed changes
@AnuradhaSK AnuradhaSK self-requested a review October 6, 2023 20:32
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6452362382

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6452362382
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes Oct 9, 2023
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/6452362382

@ChanikaRuchini ChanikaRuchini merged commit 9517fe5 into wso2:master Oct 9, 2023
4 checks passed
@ChanikaRuchini ChanikaRuchini deleted the upstream/claim-management branch October 9, 2023 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sadilchamishka sadilchamishka sadilchamishka left review comments

@jenkins-is-staging jenkins-is-staging jenkins-is-staging approved these changes

@AnuradhaSK AnuradhaSK AnuradhaSK approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ChanikaRuchini @jenkins-is-staging @AnuradhaSK @sadilchamishka