Merge pull request #112 from ThaminduR/legacy-runtime-fix

Fix for authorized orgs in legacy runtime
wso2 · Nov 14, 2023 · d73c2bf · d73c2bf
2 parents fedd674 + fbbf673
commit d73c2bf
Show file tree

Hide file tree

Showing 3 changed files with 119 additions and 13 deletions.
diff --git a/components/org.wso2.carbon.identity.organization.management.service/pom.xml b/components/org.wso2.carbon.identity.organization.management.service/pom.xml
@@ -124,6 +124,7 @@
                             org.wso2.carbon.user.core.tenant;version="${carbon.kernel.package.import.version.range}",
                             org.wso2.carbon.user.core.util;version="${carbon.kernel.package.import.version.range}",
                             org.wso2.carbon.utils;version="${carbon.kernel.package.import.version.range}",
+                            org.wso2.carbon;version="${carbon.kernel.package.import.version.range}",
                         </Import-Package>
                     </instructions>
                 </configuration>

diff --git a/.../java/org/wso2/carbon/identity/organization/management/service/constant/SQLConstants.java b/.../java/org/wso2/carbon/identity/organization/management/service/constant/SQLConstants.java
@@ -257,6 +257,52 @@ public class SQLConstants {
             "UM_ORG_HIERARCHY WHERE UM_ID = :" + SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_ID + "; AND DEPTH = :" +
             SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_DEPTH + ";";
 
+    public static final String GET_ORGANIZATIONS_LEGACY = "SELECT DISTINCT UM_ORG.UM_ID, UM_ORG.UM_ORG_NAME, " +
+            "UM_ORG.UM_CREATED_TIME, UM_ORG.UM_STATUS FROM UM_ORG " +
+            "INNER JOIN UM_ORG_ROLE ON UM_ORG_ROLE.UM_ORG_ID = UM_ORG.UM_ID " +
+            "INNER JOIN UM_ORG_ROLE_USER ON UM_ORG_ROLE.UM_ROLE_ID = UM_ORG_ROLE_USER.UM_ROLE_ID " +
+            "INNER JOIN UM_ORG_ROLE_PERMISSION ON UM_ORG_ROLE.UM_ROLE_ID = UM_ORG_ROLE_PERMISSION.UM_ROLE_ID " +
+            "INNER JOIN UM_ORG_PERMISSION ON UM_ORG_ROLE_PERMISSION.UM_PERMISSION_ID = UM_ORG_PERMISSION.UM_ID " +
+            "WHERE ";
+
+    public static final String GET_ORGANIZATIONS_WITHOUT_PERMISSION_CHECK = "SELECT DISTINCT UM_ORG.UM_ID, " +
+            "UM_ORG.UM_ORG_NAME, UM_ORG.UM_CREATED_TIME, UM_ORG.UM_STATUS FROM UM_ORG WHERE ";
+
+    public static final String GET_ORGANIZATIONS_TAIL_LEGACY = "UM_ORG_ROLE_USER.UM_USER_ID = :" +
+            SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_USER_ID + "; AND UM_ORG_PERMISSION.UM_RESOURCE_ID IN (" +
+            PERMISSION_LIST_PLACEHOLDER + ") AND UM_ORG.UM_ID IN (SELECT O.UM_ID FROM UM_ORG O JOIN " +
+            "UM_ORG_HIERARCHY OH ON O.UM_ID = OH.UM_ID WHERE OH.UM_PARENT_ID = (SELECT UM_ID FROM UM_ORG WHERE %s) " +
+            "AND OH.DEPTH %s) ORDER BY UM_ORG.UM_CREATED_TIME %s LIMIT :" + SQLPlaceholders.DB_SCHEMA_LIMIT + ";";
+
+    public static final String GET_ORGANIZATIONS_TAIL_WITHOUT_PERMISSION_CHECK = "UM_ORG.UM_ID IN " +
+            "(SELECT O.UM_ID FROM UM_ORG O JOIN UM_ORG_HIERARCHY OH ON O.UM_ID = OH.UM_ID " +
+            "WHERE OH.UM_PARENT_ID = (SELECT UM_ID FROM UM_ORG WHERE %s) " +
+            "AND OH.DEPTH %s) ORDER BY UM_ORG.UM_CREATED_TIME %s LIMIT :" + SQLPlaceholders.DB_SCHEMA_LIMIT + ";";
+
+    public static final String GET_ORGANIZATIONS_TAIL_ORACLE_LEGACY = "UM_ORG_ROLE_USER.UM_USER_ID = :" +
+            SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_USER_ID + "; AND UM_ORG_PERMISSION.UM_RESOURCE_ID IN (" +
+            PERMISSION_LIST_PLACEHOLDER + ") AND UM_ORG.UM_ID IN (SELECT O.UM_ID FROM UM_ORG O JOIN " +
+            "UM_ORG_HIERARCHY OH ON O.UM_ID = OH.UM_ID WHERE OH.UM_PARENT_ID = (SELECT UM_ID FROM UM_ORG WHERE %s) " +
+            "AND OH.DEPTH %s) ORDER BY UM_ORG.UM_CREATED_TIME %s FETCH FIRST :" + SQLPlaceholders.DB_SCHEMA_LIMIT +
+            "; ROWS ONLY";
+
+    public static final String GET_ORGANIZATIONS_TAIL_ORACLE_WITHOUT_PERMISSION_CHECK = "UM_ORG.UM_ID IN " +
+            "(SELECT O.UM_ID FROM UM_ORG O JOIN UM_ORG_HIERARCHY OH ON O.UM_ID = OH.UM_ID WHERE OH.UM_PARENT_ID = " +
+            "(SELECT UM_ID FROM UM_ORG WHERE %s) AND OH.DEPTH %s) ORDER BY UM_ORG.UM_CREATED_TIME %s FETCH FIRST :" +
+            SQLPlaceholders.DB_SCHEMA_LIMIT + "; ROWS ONLY";
+
+    public static final String GET_ORGANIZATIONS_TAIL_MSSQL_LEGACY = "UM_ORG_ROLE_USER.UM_USER_ID = :" +
+            SQLPlaceholders.DB_SCHEMA_COLUMN_NAME_USER_ID + "; AND UM_ORG_PERMISSION.UM_RESOURCE_ID IN (" +
+            PERMISSION_LIST_PLACEHOLDER + ") AND UM_ORG.UM_ID IN (SELECT O.UM_ID FROM UM_ORG O JOIN " +
+            "UM_ORG_HIERARCHY OH ON O.UM_ID = OH.UM_ID WHERE OH.UM_PARENT_ID = (SELECT UM_ID FROM UM_ORG WHERE %s) " +
+            "AND OH.DEPTH %s) ORDER BY UM_ORG.UM_CREATED_TIME %s OFFSET 0 ROWS FETCH NEXT :" +
+            SQLPlaceholders.DB_SCHEMA_LIMIT + "; ROWS ONLY";
+
+    public static final String GET_ORGANIZATIONS_TAIL_MSSQL_WITHOUT_PERMISSION_CHECK = "UM_ORG.UM_ID IN " +
+            "(SELECT O.UM_ID FROM UM_ORG O JOIN UM_ORG_HIERARCHY OH ON O.UM_ID = OH.UM_ID WHERE OH.UM_PARENT_ID = " +
+            "(SELECT UM_ID FROM UM_ORG WHERE %s) AND OH.DEPTH %s) ORDER BY UM_ORG.UM_CREATED_TIME %s OFFSET 0 ROWS " +
+            "FETCH NEXT :" + SQLPlaceholders.DB_SCHEMA_LIMIT + "; ROWS ONLY";
+
     /**
      * SQL Placeholders.
      */

diff --git a/...rbon/identity/organization/management/service/dao/impl/OrganizationManagementDAOImpl.java b/...rbon/identity/organization/management/service/dao/impl/OrganizationManagementDAOImpl.java
@@ -22,6 +22,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.database.utils.jdbc.NamedJdbcTemplate;
 import org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException;
 import org.wso2.carbon.database.utils.jdbc.exceptions.TransactionException;
@@ -112,6 +113,7 @@
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_ID_COLUMN;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_LAST_MODIFIED_COLUMN;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_NAME_COLUMN;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_ORGANIZATION_PERMISSION;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_PARENT_ID_COLUMN;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_STATUS_COLUMN;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.VIEW_TENANT_UUID_COLUMN;
@@ -134,9 +136,17 @@
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_CHILD_ORGANIZATION_IDS;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_BY_NAME;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_LEGACY;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_LEGACY;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_MSSQL;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_MSSQL_LEGACY;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_MSSQL_WITHOUT_PERMISSION_CHECK;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_ORACLE;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_ORACLE_LEGACY;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_ORACLE_WITHOUT_PERMISSION_CHECK;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_TAIL_WITHOUT_PERMISSION_CHECK;
+import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_WITHOUT_PERMISSION_CHECK;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL;
 import static org.wso2.carbon.identity.organization.management.service.constant.SQLConstants.GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL_MSSQL;
@@ -703,23 +713,44 @@ private List<BasicOrganization> getOrganizationsList(boolean authorizedSubOrgsOn
         String parentIdFilterQuery = parentIdFilterQueryBuilder.getFilterQuery();
 
         String sqlStmt;
-        String getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL
-                : GET_ORGANIZATIONS_TAIL;
-
-        if (isOracleDB()) {
-            getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL_ORACLE
-                    : GET_ORGANIZATIONS_TAIL_ORACLE;
-        } else if (isMSSqlDB()) {
-            getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL_MSSQL
-                    : GET_ORGANIZATIONS_TAIL_MSSQL;
-        }
+        String getOrgSqlStmtTail;
+        if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+            getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL
+                    : GET_ORGANIZATIONS_TAIL;
+
+            if (isOracleDB()) {
+                getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL_ORACLE
+                        : GET_ORGANIZATIONS_TAIL_ORACLE;
+            } else if (isMSSqlDB()) {
+                getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS_TAIL_MSSQL
+                        : GET_ORGANIZATIONS_TAIL_MSSQL;
+            }
 
-        if (authorizedSubOrgsOnly) {
-            sqlStmt = GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS;
+            if (authorizedSubOrgsOnly) {
+                sqlStmt = GET_ORGANIZATIONS_WITH_USER_ASSOCIATIONS;
+            } else {
+                sqlStmt = GET_ORGANIZATIONS;
+            }
         } else {
-            sqlStmt = GET_ORGANIZATIONS;
+            getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_TAIL_LEGACY
+                    : GET_ORGANIZATIONS_TAIL_WITHOUT_PERMISSION_CHECK;
+
+            if (isOracleDB()) {
+                getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_TAIL_ORACLE_LEGACY
+                        : GET_ORGANIZATIONS_TAIL_ORACLE_WITHOUT_PERMISSION_CHECK;
+            } else if (isMSSqlDB()) {
+                getOrgSqlStmtTail = authorizedSubOrgsOnly ? GET_ORGANIZATIONS_TAIL_MSSQL_LEGACY
+                        : GET_ORGANIZATIONS_TAIL_MSSQL_WITHOUT_PERMISSION_CHECK;
+            }
+
+            if (authorizedSubOrgsOnly) {
+                sqlStmt = GET_ORGANIZATIONS_LEGACY;
+            } else {
+                sqlStmt = GET_ORGANIZATIONS_WITHOUT_PERMISSION_CHECK;
+            }
         }
 
+
         if (StringUtils.isBlank(parentIdFilterQuery)) {
             sqlStmt += filterQueryBuilder.getFilterQuery() +
                     String.format(getOrgSqlStmtTail, SET_ID, recursive ? "> 0" : "= 1", sortOrder);
@@ -728,6 +759,25 @@ private List<BasicOrganization> getOrganizationsList(boolean authorizedSubOrgsOn
                     String.format(getOrgSqlStmtTail, parentIdFilterQuery, recursive ? "> 0" : "= 1",
                             sortOrder);
         }
+        List<String> permissions;
+        String permissionPlaceholder;
+        if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+            permissionPlaceholder = "PERMISSION_";
+            permissions = getAllowedPermissions(VIEW_ORGANIZATION_PERMISSION);
+            List<String> permissionPlaceholders = new ArrayList<>();
+            if (authorizedSubOrgsOnly) {
+                // Constructing the placeholders required to hold the permission strings in the named prepared
+                // statement.
+                for (int i = 1; i <= permissions.size(); i++) {
+                    permissionPlaceholders.add(":" + permissionPlaceholder + i + ";");
+                }
+                String placeholder = String.join(", ", permissionPlaceholders);
+                sqlStmt = sqlStmt.replace(PERMISSION_LIST_PLACEHOLDER, placeholder);
+            }
+        } else {
+            permissionPlaceholder = "";
+            permissions = new ArrayList<>();
+        }
 
         List<BasicOrganization> organizations;
         NamedJdbcTemplate namedJdbcTemplate = Utils.getNewTemplate();
@@ -757,6 +807,15 @@ private List<BasicOrganization> getOrganizationsList(boolean authorizedSubOrgsOn
                                 namedPreparedStatement.setString(entry.getKey(), entry.getValue());
                             }
                         }
+                        if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+                            if (authorizedSubOrgsOnly) {
+                                int index = 1;
+                                for (String permission : permissions) {
+                                    namedPreparedStatement.setString(permissionPlaceholder + index, permission);
+                                    index++;
+                                }
+                            }
+                        }
                         namedPreparedStatement.setInt(DB_SCHEMA_LIMIT, limit);
                     });
         } catch (DataAccessException e) {