Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict specific claim management endpoints for sub-organizations #498

Merged

Conversation

ChanikaRuchini
Copy link
Contributor

@ChanikaRuchini ChanikaRuchini commented Oct 6, 2023

Purpose

Restricted the following claim management endpoints for sub organizations.

  • Add local claim
  • Update local claim
  • Delete local claim
  • Add external claim
  • Update external claim
  • Delete external claim
  • Add claim dialect
  • update claim dialect
  • Delete claim dialect

Related issue


String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
try {
String organizationId = getOrganizationManager().resolveOrganizationId(tenantDomain);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can use PrivilegedCarbonContext.getThreadLocalCarbonContext().getOrganizationId()

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In case the API is accessed via /t/ path, PrivilegedCarbonContext.getThreadLocalCarbonContext().getOrganizationId() will not set.
So if org id not found need to resolve through tenant domain again

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, ideally sub-orgs resources are meant to be accessed with /o/ paths. In case it was accessed with /t/ path, the mentioned concern is there. But we can first fetch orgId from carbon context, if not available resolve from tenant-domain.

Anyways, with future improvements for sub-organization resources will be accessed with /t/ with organization bound token. In such case, organizationId will be populated in the context and won't be null.

@ChanikaRuchini ChanikaRuchini force-pushed the upstream/claim-management branch from f63cf15 to 825841d Compare October 6, 2023 17:08
@ChanikaRuchini ChanikaRuchini force-pushed the upstream/claim-management branch 2 times, most recently from 0835f57 to 2d66920 Compare October 6, 2023 17:21
AnuradhaSK
AnuradhaSK previously approved these changes Oct 6, 2023
@AnuradhaSK AnuradhaSK self-requested a review October 6, 2023 20:32
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6452362382

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6452362382
Status: success

Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/6452362382

@ChanikaRuchini ChanikaRuchini merged commit 9517fe5 into wso2:master Oct 9, 2023
3 checks passed
@ChanikaRuchini ChanikaRuchini deleted the upstream/claim-management branch October 9, 2023 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants