Provide support for selective role sharing with application sharing

[sahandilshan]

Purpose

$subject

TODOs:

• Implementation for Get shared application with hierarchical order
• Need to test out edge cases
• Need to add unit tests

[AnuradhaSK]

remove before merging, by adding all required imports

[sahandilshan]

Properly fix the imports

[sahandilshan]

Update the APIs with this change

[codecov]

Codecov Report

Attention: Patch coverage is 26.86145% with 776 lines in your changes missing coverage. Please review.

Project coverage is 52.16%. Comparing base (2569253) to head (73f2fca).
Report is 77 commits behind head on main.

Files with missing lines	Patch %	Lines
...ation/management/handler/SharedRoleMgtHandler.java	37.75%	202 Missing and 42 partials ⚠️
...application/util/OrgApplicationShareProcessor.java	35.10%	106 Missing and 16 partials ⚠️
...lication/listener/OrganizationCreationHandler.java	0.00%	97 Missing ⚠️
...management/application/util/FilterQueriesUtil.java	0.00%	79 Missing ⚠️
...istener/ApplicationSharingManagerListenerImpl.java	0.00%	43 Missing ⚠️
...application/dao/impl/OrgApplicationMgtDAOImpl.java	0.00%	39 Missing ⚠️
...plication/util/OrgApplicationScimFilterParser.java	0.00%	24 Missing ⚠️
...ation/model/SharedApplicationOrganizationNode.java	0.00%	20 Missing ⚠️
...del/operation/ApplicationShareUpdateOperation.java	0.00%	19 Missing ⚠️
.../management/application/OrgApplicationManager.java	0.00%	14 Missing ⚠️
... and 10 more

❌ Your patch status has failed because the patch coverage (26.86%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #512      +/-   ##
============================================
- Coverage     55.49%   52.16%   -3.34%     
- Complexity     1980     2080     +100     
============================================
  Files           184      196      +12     
  Lines         11213    12840    +1627     
  Branches       1639     1936     +297     
============================================
+ Hits           6223     6698     +475     
- Misses         4460     5519    +1059     
- Partials        530      623      +93     

Flag	Coverage Δ
unit	36.06% <26.86%> (-0.37%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[AnuradhaSK]

Suggested change

	} else {
	// The string does not match the strict pattern.
	throw new OrganizationManagementClientException("Invalid filter string format",
	ERROR_CODE_INVALID_ORGANIZATION_PATH_FILTER.getDescription(),
	ERROR_CODE_INVALID_ORGANIZATION_PATH_FILTER.getCode());
	}
	}
	// The string does not match the strict pattern.
	throw new OrganizationManagementClientException("Invalid filter string format",
	ERROR_CODE_INVALID_ORGANIZATION_PATH_FILTER.getDescription(),
	ERROR_CODE_INVALID_ORGANIZATION_PATH_FILTER.getCode());

[AnuradhaSK]

change the class name excluding SCIM, it's fine to have in the comment

[AnuradhaSK]

missing new line after method signature

[AnuradhaSK]

complete the comment

[AnuradhaSK]

Change the year range in copy right header.
Check other classes as well

[Yasasr1]

Suggested change

	"selectiveShareOrganizationApplication method is not implemented in " + this.getClass().getName());
	"shareApplicationWithSelectedOrganizations method is not implemented in " + this.getClass().getName());

[Yasasr1]

Suggested change

	"generalOrganizationApplicationShare method is not implemented in " + this.getClass().getName());
	"shareApplicationWithAllOrganizations method is not implemented in " + this.getClass().getName());

[Yasasr1]

Is it possible for an application to be shared with the immediate parent organization, but not with higher-level parent organizations in the hierarchy?

[AnuradhaSK]

fix this todo

[AnuradhaSK]

there are few more todos in the code

[Copilot]

Pull Request Overview

This pull request adds support for selective role sharing in application sharing, along with new operations and modifications to the DAO, listener, and manager interfaces to integrate resource sharing policies. Key changes include the introduction of SelectiveShareApplicationOperation, updates to role-sharing configuration classes and events, and enhancements in SQL query building for shared applications.

Reviewed Changes

Copilot reviewed 20 out of 33 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
ApplicationShareRolePolicy.java	Added builder and enum changes for role sharing policies.
OrganizationCreationHandler.java	Updated event handling to support new resource sharing exceptions and role sharing logic.
OrgApplicationMgtDAOImpl.java	Modified DAO methods to support filtering and new shared application retrieval queries.
OrgApplicationManager.java & ApplicationSharingManagerListener*.java	Introduced new methods for selective and policy-based application sharing.
Other files (various listener, model, constants, pom.xml)	Updated imports and integrated resource sharing policy support across components.

[Copilot]

Avoid using ordinal() for enum comparisons as it can be error-prone if the enum order changes. It is recommended to use equals() for comparing enum values.

Suggested change

	if (ApplicationShareRolePolicy.Mode.SELECTED.ordinal() == roleSharingMode.ordinal()) {
	// That mean the original application is available in the parent org. Not a fragment application.
	for (SharedResourceAttribute sharedResourceAttribute : sharedResourceAttributes) {
	if (SharedAttributeType.ROLE.ordinal() != sharedResourceAttribute.getSharedAttributeType()
	.ordinal()) {
	if (ApplicationShareRolePolicy.Mode.SELECTED == roleSharingMode) {
	// That mean the original application is available in the parent org. Not a fragment application.
	for (SharedResourceAttribute sharedResourceAttribute : sharedResourceAttributes) {
	if (SharedAttributeType.ROLE != sharedResourceAttribute.getSharedAttributeType()) {

[Copilot]

The placeholder construction appends a semicolon to the parameter name, which may not match with the parameter keys when setting them. Remove the trailing semicolon to ensure the parameter names remain consistent.

Suggested change

	.mapToObj(i -> ":" + SHARED_ORG_ID_PLACEHOLDER_PREFIX + i + ";")
	.mapToObj(i -> ":" + SHARED_ORG_ID_PLACEHOLDER_PREFIX + i)

[AnuradhaSK]

remove unwanted newlines

[HasiniSama]

It's better if we can add a debug log for invalid child org IDs sent.

[HasiniSama]

Instead of using a set for availableOrgIds we can use, orgIdToConfigMap.keySet() which returns the list of available organization IDs.

[HasiniSama]

Map.keySet() returns a live view of the map’s keys. It's backed directly by the map — no copying or new allocation.

[HasiniSama]

How can there be descendantId in the effectiveConfigs if we are iterating the Ids in the bfsOrder?

[HasiniSama]

This will omit all orgs not sent in the request and gets unshared along with it's child orgs. And if it is present in the orgsThatNeedToBeShared list, get reshared again. Can't we remove it from both lists if the config is unchanged? It could reduce the overhead, as a whole subtree would not get unshared/reshared.

[HasiniSama]

Was there a particular reason this part is commented out?

[sahandilshan]

These methods can be removed