Add review suggestions and bump organization management core version

Author: HasiniSama

components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java

@@ -204,10 +204,12 @@
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_DELETE_SHARE_REQUEST;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_FILTER_FORMAT;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ORGANIZATION;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_SHARE_OPERATION_TYPE;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNAUTHORIZED_APPLICATION_SHARE;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNAUTHORIZED_FRAGMENT_APP_ACCESS;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_COMPLEX_QUERY_IN_FILTER;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE;
+import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_SHARE_OPERATION_PATH;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.IS_APP_SHARED;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ORGANIZATION_ATTRIBUTES_FIELD;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ORGANIZATION_ATTRIBUTES_FIELD_PREFIX;
@@ -548,14 +550,12 @@ public void updateSharedApplication(String mainOrganizationId, String mainApplic
             ApplicationShareUpdateOperation.Operation operation = updateOperation.getOperation();
             if (!(ApplicationShareUpdateOperation.Operation.ADD.ordinal() == operation.ordinal() ||
                     ApplicationShareUpdateOperation.Operation.REMOVE.ordinal() == operation.ordinal())) {
-                LOG.warn("Invalid operation type: " + operation);
-                continue;
+                throw handleClientException(ERROR_CODE_INVALID_SHARE_OPERATION_TYPE, operation.name());
             }
             OrgApplicationScimFilterParser.ParsedFilterResult parsedFilterResult = parseFilter(
                     updateOperation.getPath());
             if (!parsedFilterResult.hasPathAttribute()) {
-                LOG.warn("Unsupported path attribute: " + updateOperation.getPath());
-                continue;
+                throw handleClientException(ERROR_CODE_UNSUPPORTED_SHARE_OPERATION_PATH, updateOperation.getPath());
             }
             String orgId = parsedFilterResult.getOrganizationId();
             List<RoleWithAudienceDO> roleChanges = (List<RoleWithAudienceDO>) updateOperation.getValues();
@@ -1596,11 +1596,6 @@ public void shareApplicationWithPolicy(String ownerOrgId, ServiceProvider mainAp
                                            String operationId) throws OrganizationManagementException {
 
         String mainApplicationId = mainApplication.getApplicationResourceId();
-        if (StringUtils.equals(ownerOrgId, sharingOrgId)) {
-            LOG.error("Application: " + mainApplicationId + " can't be shared with the same organization: "
-                    + ownerOrgId);
-            return;
-        }
         try {
             getListener().preShareApplication(ownerOrgId, mainApplicationId, sharingOrgId, applicationShareRolePolicy);
             // Use tenant of the organization to whom the application getting shared. When the consumer application is

components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/listener/OrganizationCreationHandler.java

@@ -68,7 +68,6 @@
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.IS_APP_SHARED;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.SUPER_ORG_ID;
 import static org.wso2.carbon.identity.organization.management.service.util.Utils.getAuthenticatedUsername;
-import static org.wso2.carbon.identity.organization.management.service.util.Utils.getTenantDomain;
 
 /**
  * This class contains the implementation of the handler for post organization creation.
@@ -145,25 +144,11 @@ private void addSharedApplicationsToOrganization(Organization organization)
             String mainTenantDomain = getOrganizationManager().resolveTenantDomain(mainOrganizationId);
             String mainApplicationId = resourceSharingPolicy.getResourceId();
             boolean isMainOrganization = parentOrgId.equals(mainOrganizationId);
-            String sharedAppId;
-
-            // Check whether the shared application is present in the immediate parent organization.
-            if (isMainOrganization) {
-                // The original application is available in the parent organization. Not a fragment application.
-                sharedAppId = mainApplicationId;
-            } else {
-                Optional<String> sharedAppIdOptional = resolveSharedApp(mainApplicationId, mainOrganizationId,
-                        parentOrgId);
-                if (!sharedAppIdOptional.isPresent()) {
-                    LOG.error("No shared application found in the parent organization for organization: " + orgId +
-                            ". Skipping sharing of the main application with ID: " + mainApplicationId);
-                    continue;
-                }
-                sharedAppId = sharedAppIdOptional.get();
+            ServiceProvider sharedApplication = resolveSharedApplication(orgId, parentOrgId, parentOrgHandle,
+                    mainOrganizationId, mainApplicationId);
+            if (sharedApplication == null) {
+                continue;
             }
-            ServiceProvider sharedApplication = getApplicationManagementService().getApplicationByResourceId(
-                    sharedAppId, parentOrgHandle);
-
             ApplicationShareRolePolicy.Mode roleSharingMode = getAppAssociatedRoleSharingMode(sharedApplication);
             ApplicationShareRolePolicy.Builder roleSharingConfigBuilder = new ApplicationShareRolePolicy.Builder()
                     .mode(roleSharingMode);
@@ -207,7 +192,7 @@ private void addSharedApplicationsToOrganization(Organization organization)
             }
             getOrgApplicationManager().shareApplicationWithPolicy(mainOrganizationId, mainApplication, orgId,
                     PolicyEnum.SELECTED_ORG_ONLY, roleSharingConfigBuilder.build(), null);
-            alreadyHandledSharedAppIds.add(sharedAppId);
+            alreadyHandledSharedAppIds.add(mainApplicationId);
 
             if (isMainOrganization) {
                 boolean isAppShared = isAppShared(mainApplication);
@@ -220,51 +205,83 @@ private void addSharedApplicationsToOrganization(Organization organization)
 
         // NOTE: The below code is to handle the backward compatibility of the applications that are shared with
         // all children organizations using the `shareWithAllChildren` property.
+        String primaryOrganizationId = getOrganizationManager().getPrimaryOrganizationId(organization.getId());
+        if (primaryOrganizationId == null) {
+            primaryOrganizationId = SUPER_ORG_ID;
+        }
         ApplicationBasicInfo[] applicationBasicInfos;
         applicationBasicInfos = getApplicationManagementService().getApplicationBasicInfoBySPProperty(
-                getOrganizationManager().resolveTenantDomain(parentOrgId), getAuthenticatedUsername(),
+                getOrganizationManager().resolveTenantDomain(primaryOrganizationId), getAuthenticatedUsername(),
                 SHARE_WITH_ALL_CHILDREN, "true");
 
         for (ApplicationBasicInfo applicationBasicInfo : applicationBasicInfos) {
-            if (alreadyHandledSharedAppIds.contains(applicationBasicInfo.getUuid())) {
+            String mainApplicationId = applicationBasicInfo.getUuid();
+            if (alreadyHandledSharedAppIds.contains(mainApplicationId)) {
                 continue;
             }
-            String mainOrganizationId;
-            String mainApplicationId;
-            String ownerTenantDomain;
-            if (getOrgApplicationMgtDAO().isFragmentApplication(applicationBasicInfo.getApplicationId())) {
-                mainApplicationId = getApplicationManagementService()
-                        .getMainAppId(applicationBasicInfo.getUuid());
-                ownerTenantDomain = getTenantDomain(getApplicationManagementService()
-                        .getTenantIdByApp(mainApplicationId));
-                mainOrganizationId = getOrganizationManager().resolveOrganizationId(ownerTenantDomain);
-            } else {
-                mainApplicationId = applicationBasicInfo.getUuid();
-                mainOrganizationId = parentOrgId;
-                ownerTenantDomain = parentOrgHandle;
-            }
-            ServiceProvider mainApplication = getApplicationManagementService().getApplicationByResourceId(
-                    mainApplicationId, ownerTenantDomain);
-            ApplicationShareRolePolicy.Builder roleSharingConfigBuilder = new ApplicationShareRolePolicy.Builder()
-                    .mode(ApplicationShareRolePolicy.Mode.ALL);
+            ServiceProvider mainApplication;
+            mainApplication = getApplicationManagementService()
+                    .getServiceProvider(applicationBasicInfo.getApplicationId());
+            if (mainApplication != null) {
+                // Check whether the application is shared with the parent organization.
+                ServiceProvider sharedApplication = resolveSharedApplication(orgId, parentOrgId, parentOrgHandle,
+                        primaryOrganizationId, mainApplicationId);
+                if (sharedApplication == null) {
+                    continue;
+                }
+                ApplicationShareRolePolicy roleSharingConfigBuilder = new ApplicationShareRolePolicy.Builder()
+                        .mode(ApplicationShareRolePolicy.Mode.ALL).build();
 
-            // Share the application to the newly created organization.
-            getOrgApplicationManager().shareApplicationWithPolicy(mainOrganizationId, mainApplication, orgId,
-                    PolicyEnum.SELECTED_ORG_ONLY, roleSharingConfigBuilder.build(), null);
+                // Share the application to the newly created organization.
+                getOrgApplicationManager().shareApplicationWithPolicy(primaryOrganizationId, mainApplication, orgId,
+                        PolicyEnum.SELECTED_ORG_ONLY, roleSharingConfigBuilder, null);
 
-            // Add the resource sharing policy for the main application.
-            getOrgApplicationManager().addOrUpdatePolicy(mainApplication.getApplicationResourceId(),
-                    mainOrganizationId, mainOrganizationId, ownerTenantDomain,
-                    PolicyEnum.ALL_EXISTING_AND_FUTURE_ORGS, roleSharingConfigBuilder.build());
+                // Add the resource sharing policy for the main application.
+                String ownerTenantDomain = getOrganizationManager().resolveTenantDomain(primaryOrganizationId);
+                getOrgApplicationManager().addOrUpdatePolicy(mainApplication.getApplicationResourceId(),
+                        primaryOrganizationId, primaryOrganizationId, ownerTenantDomain,
+                        PolicyEnum.ALL_EXISTING_AND_FUTURE_ORGS, roleSharingConfigBuilder);
 
-            boolean isAppShared = isAppShared(mainApplication);
-            if (!isAppShared) {
-                // Update the `isAppShared` property of the main application to true.
-                updateApplicationWithIsAppSharedProperty(true, mainApplication);
+                // Check whether the application is shared with any child organization using `isAppShared` property.
+                boolean isAppShared = isAppShared(mainApplication);
+                if (!isAppShared) {
+                    // Update the `isAppShared` property of the main application to true if it hasn't been shared
+                    // previously.
+                    updateApplicationWithIsAppSharedProperty(true, mainApplication);
+                }
             }
         }
     }
 
+    private ServiceProvider resolveSharedApplication(String orgId, String parentOrgId, String parentOrgHandle,
+                                                     String mainOrganizationId, String mainApplicationId)
+            throws IdentityApplicationManagementException, OrganizationManagementException {
+
+        String sharedAppId;
+        boolean isMainOrganization = parentOrgId.equals(mainOrganizationId);
+
+        if (isMainOrganization) {
+            // The original application is available in the parent organization. Not a fragment application.
+            sharedAppId = mainApplicationId;
+        } else {
+            Optional<String> sharedAppIdOptional = resolveSharedApp(mainApplicationId, mainOrganizationId, parentOrgId);
+            if (!sharedAppIdOptional.isPresent()) {
+                LOG.error("No shared application found in the parent organization for organization: " + orgId +
+                        ". Skipping sharing of the main application with ID: " + mainApplicationId);
+                return null;
+            }
+            sharedAppId = sharedAppIdOptional.get();
+        }
+        ServiceProvider sharedApplication = getApplicationManagementService().getApplicationByResourceId(
+                sharedAppId, parentOrgHandle);
+        if (sharedApplication == null) {
+            LOG.error("No shared application found in the parent organization for organization: " + orgId +
+                    ". Skipping sharing of the main application with ID: " + mainApplicationId);
+            return null;
+        }
+        return sharedApplication;
+    }
+
     private boolean isValidApplicationSharePolicy(PolicyEnum policyEnum) {
 
         return PolicyEnum.SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN.equals(policyEnum) ||

components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/util/OrgApplicationScimFilterParser.java

@@ -81,24 +81,26 @@ public boolean hasPathAttribute() {
     }
 
     // Regex to strictly match the desired filter format:
-    // organizations[orgId eq "<orgIdValue>"]
+    // organizations[orgId eq <orgIdValue>]
     // or
-    // organizations[orgId eq "<orgIdValue>"].roles
+    // organizations[orgId eq <orgIdValue>].roles
+    //
     // Breakdown:
-    // ^                                      - Start of the string
-    // organizations                          - Literal "organizations"
-    // \[                                     - Literal opening square bracket
-    // orgId                                  - Literal "orgId"
-    // \s+eq\s+                               - "eq" operator surrounded by one or more spaces
-    // \"([^\"]+)\"                           - Quoted organization ID. Group 1 captures the ID itself (without quotes).
-    //                                          [^\"]+ matches one or more characters that are not a double quote.
-    // \]                                     - Literal closing square bracket
-    // (                                      - Start of optional group for the path
-    //   \.roles                              - Literal ".roles"
-    // )?                                     - Makes the entire path group optional. Group 2 captures ".roles".
-    // $                                      - End of the string
+    // ^                                         - Start of the string
+    // organizations                             - Literal "organizations"
+    // \[                                        - Literal opening square bracket
+    // orgId                                     - Literal "orgId"
+    // \s+eq\s+                                  - "eq" operator surrounded by one or more spaces
+    // (?:                                       - Start of non-capturing group for quoted or unquoted value
+    //   "([^\"]+)"                              - Group 1: quoted orgId (excluding quotes)
+    //   |                                       - OR
+    //   ([^\s\]]+)                              - Group 2: unquoted orgId (up to space or closing bracket)
+    // )
+    // \]                                        - Literal closing square bracket
+    // (\.roles)?                                - Optional ".roles" segment; Group 3 captures ".roles" if present
+    // $                                         - End of the string
     private static final Pattern FILTER_PATTERN =
-            Pattern.compile("^organizations\\[orgId\\s+eq\\s+\"([^\"]+)\"\\](\\.roles)?$");
+            Pattern.compile("^organizations\\[orgId\\s+eq\\s+(?:\"([^\"]+)\"|([^\\s\\]]+))\\](\\.roles)?$");
 
     /**
      * Parses the given SCIM-like filter string to extract the organization ID and