Update getApplicationSharedOrganizations service to include sharingInitiationMode for future-impacting policy-holder organizations

HasiniSama · HasiniSama · commit cd835be38288 · 2025-07-09T14:38:30.000+05:30
diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java
@@ -74,6 +74,7 @@
 import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationDO;
 import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationOrganizationNode;
 import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationOrganizationNodePage;
+import org.wso2.carbon.identity.organization.management.application.model.SharingInitiationModeDO;
 import org.wso2.carbon.identity.organization.management.application.model.operation.ApplicationShareRolePolicy;
 import org.wso2.carbon.identity.organization.management.application.model.operation.ApplicationShareUpdateOperation;
 import org.wso2.carbon.identity.organization.management.application.model.operation.GeneralApplicationShareOperation;
@@ -101,6 +102,7 @@
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
+import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
 import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
@@ -1022,8 +1024,7 @@ public SharedApplicationOrganizationNodePage getApplicationSharedOrganizations(S
                 mainOrganizationId, mainApplicationId, organizationIds, expressionNodeList, sortOrder, fetchLimit);
 
         if (CollectionUtils.isEmpty(sharedApplications)) {
-            return new SharedApplicationOrganizationNodePage(
-                    Collections.emptyList(), 0, 0);
+            return new SharedApplicationOrganizationNodePage(Collections.emptyList(), null, 0, 0);
         }
 
         // Check if we have more items than requested.
@@ -1073,9 +1074,12 @@ public SharedApplicationOrganizationNodePage getApplicationSharedOrganizations(S
             SharedApplicationDO lastItem = sharedApplications.get(sharedApplications.size() - 1);
             nextToken = lastItem.getAppId();
         }
+        String mainOrgHandle = getOrganizationManager().resolveTenantDomain(mainOrganizationId);
+        SharingInitiationModeDO sharingInitiationModeDO = resolveSharingInitiationMode(mainOrganizationId,
+                mainOrganizationId, mainApplicationId, mainApplicationId, mainOrgHandle);
 
         return new SharedApplicationOrganizationNodePage(
-                applicationSharedOrganizationsList, nextToken, previousToken);
+                applicationSharedOrganizationsList, sharingInitiationModeDO, nextToken, previousToken);
     }
 
     private List<String> getExcludedAttributes(String excludedAttributes) {
@@ -1109,8 +1113,9 @@ private SharedApplicationOrganizationNode getApplicationSharedOrganizationNode(
         // Resolve has children with above information
         // 3. Get the role sharing config.
         // 4. Get the depth from root.
-        String mainOrgName = getOrganizationManager().resolveTenantDomain(mainOrgId);
+        String mainOrgHandle = getOrganizationManager().resolveTenantDomain(mainOrgId);
         String subOrgId = sharedApplicationDO.getOrganizationId();
+        String subOrgHandle = getOrganizationManager().resolveTenantDomain(subOrgId);
         String sharedAppResourceId = sharedApplicationDO.getFragmentApplicationId();
         Organization organization = getOrganizationManager().getOrganization(subOrgId, true, false);
         String subOrgName = organization.getName();
@@ -1124,16 +1129,101 @@ private SharedApplicationOrganizationNode getApplicationSharedOrganizationNode(
         String organizationHandle = organization.getOrganizationHandle();
         String parentOrganizationId = organization.getParent().getId();
         int depthFromRoot = getOrganizationManager().getOrganizationDepthInHierarchy(subOrgId);
+        SharingInitiationModeDO sharingInitiationModeDO =
+                resolveSharingInitiationMode(mainOrgId, subOrgId, mainApplicationId, sharedAppResourceId, subOrgHandle);
+
         if (!excludedAttributesList.contains(SP_SHARED_ROLE_EXCLUDED_KEY)) {
-            List<RoleWithAudienceDO> sharedAppRoles = getSharedAppRoles(mainOrgName, mainApplicationId, subOrgId,
+            List<RoleWithAudienceDO> sharedAppRoles = getSharedAppRoles(mainOrgHandle, mainApplicationId, subOrgId,
                     sharedApplicationDO.getFragmentApplicationId());
             return new SharedApplicationOrganizationNode(sharedAppResourceId, subOrgId, subOrgName, organizationStatus,
-                    parentOrganizationId, organizationHandle, sharedAppRoles, hasChildren, depthFromRoot);
+                    parentOrganizationId, organizationHandle, sharedAppRoles, hasChildren, depthFromRoot,
+                    sharingInitiationModeDO);
         }
         // If roles are excluded, we do not need to fetch roles and returning null so it will differentiate
         // not having any roles and not need to fetch roles.
         return new SharedApplicationOrganizationNode(sharedAppResourceId, subOrgId, subOrgName, organizationStatus,
-                parentOrganizationId, organizationHandle, null, hasChildren, depthFromRoot);
+                parentOrganizationId, organizationHandle, null, hasChildren, depthFromRoot,
+                sharingInitiationModeDO);
+    }
+
+    private SharingInitiationModeDO resolveSharingInitiationMode(String initiatingOrgId, String orgId,
+                                                                 String mainAppId, String appId, String orgHandle)
+            throws OrganizationManagementException {
+
+        try {
+            Map<ResourceSharingPolicy, List<SharedResourceAttribute>> result = getResourceSharingPolicyHandlerService()
+                            .getResourceSharingPolicyByInitiatingOrgId(initiatingOrgId, B2B_APPLICATION, mainAppId);
+
+            if (result != null && !result.isEmpty()) {
+                Map.Entry<ResourceSharingPolicy, List<SharedResourceAttribute>> entry
+                        = result.entrySet().iterator().next();
+                ResourceSharingPolicy resourceSharingPolicy = entry.getKey();
+                List<SharedResourceAttribute> resourceAttributes = entry.getValue();
+
+                ServiceProvider application = getApplicationManagementService()
+                        .getApplicationByResourceId(appId, orgHandle);
+                boolean isPolicyHolderOrg = Objects.equals(resourceSharingPolicy.getPolicyHoldingOrgId(), orgId);
+
+                if ((resourceSharingPolicy.getSharingPolicy()
+                        == PolicyEnum.SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN
+                        && isPolicyHolderOrg) ||
+                        (resourceSharingPolicy.getSharingPolicy() == PolicyEnum.ALL_EXISTING_AND_FUTURE_ORGS
+                                || OrgApplicationManagerUtil.isShareWithAllChildren(application.getSpProperties()))) {
+
+                    //Get Role MODE.
+                    ApplicationShareRolePolicy.Mode mode =
+                            OrgApplicationManagerUtil.getAppAssociatedRoleSharingMode(application);
+
+                    ApplicationShareRolePolicy applicationShareRolePolicy;
+                    if (ApplicationShareRolePolicy.Mode.SELECTED.ordinal() == mode.ordinal()) {
+                        List<RoleWithAudienceDO> roleWithAudienceDOList = null;
+
+                        //Get the list of Roles.
+                        if (resourceAttributes != null && resourceAttributes.get(0) != null) {
+                            roleWithAudienceDOList = new ArrayList<>();
+                            String roleAudience = getApplicationManagementService()
+                                    .getAllowedAudienceForRoleAssociation(appId, orgHandle);
+                            RoleWithAudienceDO.AudienceType audienceType =
+                                    StringUtils.equalsIgnoreCase(RoleConstants.APPLICATION, roleAudience)
+                                            ? RoleWithAudienceDO.AudienceType.APPLICATION
+                                            : RoleWithAudienceDO.AudienceType.ORGANIZATION;
+
+                            for (SharedResourceAttribute attribute : resourceAttributes) {
+                                if (attribute.getSharedAttributeType() == SharedAttributeType.ROLE) {
+                                    try {
+                                        Role role = getRoleManagementServiceV2()
+                                                .getRole(attribute.getSharedAttributeId());
+                                        if (role != null) {
+                                            roleWithAudienceDOList.add(new RoleWithAudienceDO(
+                                                    role.getName(), role.getAudienceName(), audienceType));
+                                        }
+                                    } catch (Exception e) {
+                                        if (LOG.isDebugEnabled()) {
+                                            LOG.debug("Empty or blank attribute found in excluded attributes.");
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                        applicationShareRolePolicy = new ApplicationShareRolePolicy.Builder()
+                                .mode(mode)
+                                .roleWithAudienceDOList(roleWithAudienceDOList)
+                                .build();
+                    } else {
+                        applicationShareRolePolicy = new ApplicationShareRolePolicy.Builder()
+                                .mode(mode)
+                                .build();
+                    }
+                    return new SharingInitiationModeDO(resourceSharingPolicy.getSharingPolicy(),
+                            applicationShareRolePolicy);
+                }
+            }
+        } catch (ResourceSharingPolicyMgtException e) {
+            throw new OrganizationManagementException(e.getMessage(), e.getDescription(), e.getErrorCode());
+        } catch (IdentityApplicationManagementException e) {
+            throw new OrganizationManagementException(e.getMessage(), e.getDescription(), e.getErrorCode());
+        }
+        return null;
     }
 
     private List<RoleWithAudienceDO> getSharedAppRoles(String mainOrgName, String mainApplicationId, String subOrgId,
diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/model/SharedApplicationOrganizationNode.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/model/SharedApplicationOrganizationNode.java
@@ -33,13 +33,13 @@ public class SharedApplicationOrganizationNode {
     private final List<RoleWithAudienceDO> roleWithAudienceDOList;
     private final boolean hasChildren;
     private final int depthFromRoot;
-
+    private final SharingInitiationModeDO sharingInitiationModeDO;
 
     public SharedApplicationOrganizationNode(String applicationResourceId, String organizationId,
                                              String organizationName, String organizationStatus,
                                              String parentOrganizationId, String organizationHandle,
                                              List<RoleWithAudienceDO> roleWithAudienceDOList, boolean hasChildren,
-                                             int depthFromRoot) {
+                                             int depthFromRoot, SharingInitiationModeDO sharingInitiationModeDO) {
 
         this.applicationResourceId = applicationResourceId;
         this.organizationId = organizationId;
@@ -50,6 +50,7 @@ public SharedApplicationOrganizationNode(String applicationResourceId, String or
         this.roleWithAudienceDOList = roleWithAudienceDOList;
         this.hasChildren = hasChildren;
         this.depthFromRoot = depthFromRoot;
+        this.sharingInitiationModeDO = sharingInitiationModeDO;
     }
 
     public String getApplicationResourceId() {
@@ -96,4 +97,9 @@ public int getDepthFromRoot() {
 
         return depthFromRoot;
     }
+
+    public SharingInitiationModeDO getSharingInitiationModeDO() {
+
+        return sharingInitiationModeDO;
+    }
 }
diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/model/SharedApplicationOrganizationNodePage.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/model/SharedApplicationOrganizationNodePage.java
@@ -25,14 +25,17 @@
 public class SharedApplicationOrganizationNodePage {
 
     private final List<SharedApplicationOrganizationNode> sharedApplicationOrganizationNodes;
+    private final SharingInitiationModeDO sharingInitiationModeDO;
     private final int nextPageCursor;
     private final int previousPageCursor;
 
     public SharedApplicationOrganizationNodePage(List<SharedApplicationOrganizationNode>
-                                                         sharedApplicationOrganizationNodes, int nextPageCursor,
-                                                 int previousPageCursor) {
+                                                         sharedApplicationOrganizationNodes,
+                                                 SharingInitiationModeDO sharingInitiationModeDO,
+                                                 int nextPageCursor, int previousPageCursor) {
 
         this.sharedApplicationOrganizationNodes = sharedApplicationOrganizationNodes;
+        this.sharingInitiationModeDO = sharingInitiationModeDO;
         this.nextPageCursor = nextPageCursor;
         this.previousPageCursor = previousPageCursor;
     }
@@ -51,4 +54,9 @@ public int getPreviousPageCursor() {
 
         return previousPageCursor;
     }
+
+    public SharingInitiationModeDO getSharingInitiationModeDO() {
+
+        return sharingInitiationModeDO;
+    }
 }
diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/model/SharingInitiationModeDO.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/model/SharingInitiationModeDO.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.organization.management.application.model;
+
+import org.wso2.carbon.identity.organization.management.application.model.operation.ApplicationShareRolePolicy;
+import org.wso2.carbon.identity.organization.resource.sharing.policy.management.constant.PolicyEnum;
+
+public class SharingInitiationModeDO  {
+
+    private final PolicyEnum policy;
+    private final ApplicationShareRolePolicy applicationShareRolePolicy;
+
+    public SharingInitiationModeDO(PolicyEnum policy, ApplicationShareRolePolicy applicationShareRolePolicy) {
+
+        this.policy = policy;
+        this.applicationShareRolePolicy = applicationShareRolePolicy;
+    }
+
+    public PolicyEnum getPolicy() {
+
+        return policy;
+    }
+
+    public ApplicationShareRolePolicy getApplicationShareRolePolicy() {
+
+        return applicationShareRolePolicy;
+    }
+}
diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/util/OrgApplicationManagerUtil.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/util/OrgApplicationManagerUtil.java
@@ -94,6 +94,21 @@ public static void setShareWithAllChildrenProperty(ServiceProvider serviceProvid
         }
     }
 
+    /**
+     * Checks whether the application is configured to be shared with all child organizations.
+     *
+     * @param properties The array of service provider properties.
+     * @return true if SHARE_WITH_ALL_CHILDREN property is set to true, false otherwise.
+     */
+    public static boolean isShareWithAllChildren(ServiceProviderProperty[] properties) {
+
+        if (properties == null) {
+            return false;
+        }
+        return Arrays.stream(properties).anyMatch(property -> SHARE_WITH_ALL_CHILDREN
+                .equalsIgnoreCase(property.getName()) && Boolean.parseBoolean(property.getValue()));
+    }
+
     /**
      * Set property value to service provider indicating the role sharing mode of the application. We only set the
      * property if the role sharing mode is ALL.
diff --git a/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/ResourceSharingPolicyHandlerService.java b/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/ResourceSharingPolicyHandlerService.java
@@ -312,4 +312,26 @@ default void deleteResourceSharingPoliciesAndAttributesByOrganizationId(String o
                 "deleteResourceSharingPoliciesAndAttributesByOrganizationId method is not implemented in " +
                         this.getClass());
     }
+
+    /**
+     * Retrieves a map of resource sharing policies and their associated shared resource attributes
+     * for a given initiating organization ID, resource type, and resource ID.
+     *
+     * @param initiatingOrganizationId The ID of the organization initiating the resource sharing. Must be a valid ID.
+     * @param resourceType             The type of the resource being shared. Must not be {@code null}.
+     * @param resourceId               The unique identifier of the resource being shared. Must not be {@code null}.
+     * @return A map where:
+     * - The key is the {@link ResourceSharingPolicy} applicable to the initiating organization for the given resource.
+     * - The value is a list of {@link SharedResourceAttribute} associated with the policy.
+     * If no matching policies or attributes are found, an empty map will be returned.
+     * @throws ResourceSharingPolicyMgtException If an error occurs while retrieving the resource sharing
+     *                                           policies or shared attributes.
+     */
+    default Map<ResourceSharingPolicy, List<SharedResourceAttribute>>
+    getResourceSharingPolicyByInitiatingOrgId(String initiatingOrganizationId, String resourceType, String resourceId)
+            throws ResourceSharingPolicyMgtException {
+
+        throw new NotImplementedException(
+                "getResourceSharingPolicyByInitiatingOrgId method is not implemented in " + this.getClass());
+    }
 }
diff --git a/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/ResourceSharingPolicyHandlerServiceImpl.java b/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/ResourceSharingPolicyHandlerServiceImpl.java
@@ -268,6 +268,15 @@ public void deleteResourceSharingPoliciesAndAttributesByOrganizationId(String or
         RESOURCE_SHARING_POLICY_HANDLER_DAO.deleteResourceSharingPoliciesAndAttributesByOrganizationId(organizationId);
     }
 
+    @Override
+    public Map<ResourceSharingPolicy, List<SharedResourceAttribute>> getResourceSharingPolicyByInitiatingOrgId(
+            String initiatingOrganizationId, String resourceType, String resourceId)
+            throws ResourceSharingPolicyMgtException {
+
+        return RESOURCE_SHARING_POLICY_HANDLER_DAO.getResourceSharingPolicyByInitiatingOrgId(
+                initiatingOrganizationId, resourceType, resourceId);
+    }
+
     private boolean isValidAttributeForTheResource(ResourceSharingPolicy resourceSharingPolicy,
                                                    SharedResourceAttribute sharedResourceAttribute) {
 
diff --git a/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/constant/ResourceSharingSQLConstants.java b/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/constant/ResourceSharingSQLConstants.java
diff --git a/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/dao/ResourceSharingPolicyHandlerDAO.java b/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/dao/ResourceSharingPolicyHandlerDAO.java
diff --git a/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/dao/ResourceSharingPolicyHandlerDAOImpl.java b/components/org.wso2.carbon.identity.organization.resource.sharing.policy.management/src/main/java/org/wso2/carbon/identity/organization/resource/sharing/policy/management/dao/ResourceSharingPolicyHandlerDAOImpl.java
