Merge pull request #424 from BimsaraBodaragama/feature/modified-assoc…

…iation-deletion Refactor unshare organization users logic to support specific user unsharing for shared organizations
wso2-extensions · Jan 17, 2025 · 842f79c · 842f79c
2 parents 46fed85 + 8a42e53
commit 842f79c
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 14 deletions.
diff --git a/...ity/organization/management/organization/user/sharing/OrganizationUserSharingService.java b/...ity/organization/management/organization/user/sharing/OrganizationUserSharingService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2023-2025, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -19,6 +19,7 @@
 package org.wso2.carbon.identity.organization.management.organization.user.sharing;
 
 import org.wso2.carbon.identity.organization.management.organization.user.sharing.models.UserAssociation;
+import org.wso2.carbon.identity.organization.management.service.exception.NotImplementedException;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
 
 import java.util.List;
@@ -50,6 +51,21 @@ void shareOrganizationUser(String orgId, String associatedUserId, String associa
     boolean unshareOrganizationUsers(String associatedUserId, String associatedOrgId)
             throws OrganizationManagementException;
 
+    /**
+     * Unshare the specified user in the given shared organization.
+     *
+     * @param associatedUserId  The ID of the associated user.
+     * @param sharedOrgId       The ID of the shared organization from which the user will be unshared.
+     * @return True if the user is unshared successfully.
+     * @throws OrganizationManagementException If an error occurs while unsharing the user in the shared organization.
+     */
+    default boolean unshareOrganizationUserInSharedOrganization(String associatedUserId, String sharedOrgId)
+            throws OrganizationManagementException {
+
+        throw new NotImplementedException("unshareOrganizationUserInSharedOrganization method is not implemented in " +
+                this.getClass().getName());
+    }
+
     /**
      * Delete the organization user association of the shared user.
      *

diff --git a/...organization/management/organization/user/sharing/OrganizationUserSharingServiceImpl.java b/...organization/management/organization/user/sharing/OrganizationUserSharingServiceImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2023-2025, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -41,8 +41,10 @@
 import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants.DEFAULT_PROFILE;
 import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants.ID_CLAIM_READ_ONLY;
 import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants.PRIMARY_DOMAIN;
+import static org.wso2.carbon.identity.organization.management.organization.user.sharing.constant.UserSharingConstants.USER_UNSHARING_RESTRICTION;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_CREATE_SHARED_USER;
 import static org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_DELETE_SHARED_USER;
+import static org.wso2.carbon.identity.organization.management.service.util.Utils.getOrganizationId;
 import static org.wso2.carbon.identity.organization.management.service.util.Utils.handleServerException;
 
 /**
@@ -111,20 +113,23 @@ public boolean unshareOrganizationUsers(String associatedUserId, String associat
                 organizationUserSharingDAO.getUserAssociationsOfAssociatedUser(associatedUserId, associatedOrgId);
         // Removing the shared users from the shared organizations.
         for (UserAssociation userAssociation : userAssociationList) {
-            String organizationId = userAssociation.getOrganizationId();
-            String tenantDomain = getOrganizationManager().resolveTenantDomain(organizationId);
-            int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
-            try {
-                AbstractUserStoreManager sharedOrgUserStoreManager = getAbstractUserStoreManager(tenantId);
-                sharedOrgUserStoreManager.deleteUserWithID(userAssociation.getUserId());
-            } catch (UserStoreException e) {
-                throw handleServerException(ERROR_CODE_ERROR_DELETE_SHARED_USER, e,
-                        userAssociation.getUserId(), organizationId);
-            }
+            removeSharedUser(userAssociation);
         }
         return true;
     }
 
+    @Override
+    public boolean unshareOrganizationUserInSharedOrganization(String associatedUserId, String sharedOrgId)
+            throws OrganizationManagementException {
+
+        UserAssociation userAssociation =
+                organizationUserSharingDAO.getUserAssociationOfAssociatedUserByOrgId(associatedUserId, sharedOrgId);
+
+        // Removing the shared user from the shared organization.
+        removeSharedUser(userAssociation);
+        return true;
+    }
+
     @Override
     public boolean deleteUserAssociation(String userId, String associatedOrgId) throws OrganizationManagementException {
 
@@ -169,4 +174,23 @@ private String generatePassword() {
         UUID uuid = UUID.randomUUID();
         return uuid.toString().substring(0, 12);
     }
+
+    private void removeSharedUser(UserAssociation userAssociation) throws OrganizationManagementException {
+
+        if (USER_UNSHARING_RESTRICTION.equals(userAssociation.getEditRestriction()) &&
+                !userAssociation.getUserResidentOrganizationId().equals(getOrganizationId())) {
+            return;
+        }
+
+        String organizationId = userAssociation.getOrganizationId();
+        String tenantDomain = getOrganizationManager().resolveTenantDomain(organizationId);
+        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
+        try {
+            AbstractUserStoreManager sharedOrgUserStoreManager = getAbstractUserStoreManager(tenantId);
+            sharedOrgUserStoreManager.deleteUserWithID(userAssociation.getUserId());
+        } catch (UserStoreException e) {
+            throw handleServerException(ERROR_CODE_ERROR_DELETE_SHARED_USER, e,
+                    userAssociation.getUserId(), organizationId);
+        }
+    }
 }
diff --git a/...tity/organization/management/organization/user/sharing/constant/UserSharingConstants.java b/...tity/organization/management/organization/user/sharing/constant/UserSharingConstants.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2023-2025, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -53,6 +53,8 @@ public class UserSharingConstants {
     public static final String AUTHENTICATION_TYPE = "authenticationType";
     public static final String APPLICATION_AUTHENTICATION_TYPE = "APPLICATION";
 
+    public static final String USER_UNSHARING_RESTRICTION = "RESTRICTED";
+
     /*
     Minimum permissions required for org creator to logged in to the console and view user, groups, roles, SP,
     IDP sections.

diff --git a/...on/identity/organization/management/organization/user/sharing/models/UserAssociation.java b/...on/identity/organization/management/organization/user/sharing/models/UserAssociation.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2023-2025, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -23,10 +23,23 @@
  */
 public class UserAssociation {
 
+    private int id;
     private String userId;
     private String organizationId;
     private String associatedUserId;
     private String userResidentOrganizationId;
+    private String sharedType;
+    private String editRestriction;
+
+    public int getId() {
+
+        return id;
+    }
+
+    public void setId(int id) {
+
+        this.id = id;
+    }
 
     public String getUserId() {
 
@@ -67,4 +80,24 @@ public void setUserResidentOrganizationId(String userResidentOrganizationId) {
 
         this.userResidentOrganizationId = userResidentOrganizationId;
     }
+
+    public String getSharedType() {
+
+        return sharedType;
+    }
+
+    public void setSharedType(String sharedType) {
+
+        this.sharedType = sharedType;
+    }
+
+    public String getEditRestriction() {
+
+        return editRestriction;
+    }
+
+    public void setEditRestriction(String editRestriction) {
+
+        this.editRestriction = editRestriction;
+    }
 }