Add api resoures and access control for user share API.

features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml

@@ -917,6 +917,30 @@
                    description="Introspect tokens"/>
         </Scopes>
     </APIResource>
+    <APIResource name="User Sharing API" identifier="/api/server/v1/users"
+                 requiresAuthorization="true"
+                 description="API representation of the user share API" type="TENANT">
+        <Scopes>
+            <Scope displayName="Share Users" name="internal_user_share"
+                   description="Share users with organizations"/>
+            <Scope displayName="Unshare users" name="internal_user_unshare"
+                   description="Unshare users from organizations"/>
+            <Scope displayName="View Shared Users" name="internal_user_shared_access_view"
+                   description="View users shared with organizations"/>
+        </Scopes>
+    </APIResource>
+    <APIResource name="User Sharing API" identifier="/o/api/server/v1/users"
+                 requiresAuthorization="true"
+                 description="API representation of the user share API" type="ORGANIZATION">
+        <Scopes>
+            <Scope displayName="Share Users" name="internal_org_user_share"
+                   description="Share users with organizations"/>
+            <Scope displayName="Unshare users" name="internal_org_user_unshare"
+                   description="Unshare users from organizations"/>
+            <Scope displayName="View Shared Users" name="internal_org_user_shared_access_view"
+                   description="View users shared with organizations"/>
+        </Scopes>
+    </APIResource>
     <APIResource name="Application Management Feature" identifier="console:applications"
                  requiresAuthorization="true"
                  description="Resource representation of the Application Management Feature"

features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2

@@ -926,6 +926,30 @@
                     description="Introspect tokens"/>
         </Scopes>
     </APIResource>
+    <APIResource name="User Sharing API" identifier="/api/server/v1/users"
+                 requiresAuthorization="true"
+                 description="API representation of the user share API" type="TENANT">
+        <Scopes>
+            <Scope displayName="Share Users" name="internal_user_share"
+                   description="Share users with organizations"/>
+            <Scope displayName="Unshare users" name="internal_user_unshare"
+                   description="Unshare users from organizations"/>
+            <Scope displayName="View Shared Users" name="internal_user_shared_access_view"
+                   description="View users shared with organizations"/>
+        </Scopes>
+    </APIResource>
+    <APIResource name="User Sharing API" identifier="/o/api/server/v1/users"
+                 requiresAuthorization="true"
+                 description="API representation of the user share API" type="ORGANIZATION">
+        <Scopes>
+            <Scope displayName="Share Users" name="internal_org_user_share"
+                   description="Share users with organizations"/>
+            <Scope displayName="Unshare users" name="internal_org_user_unshare"
+                   description="Unshare users from organizations"/>
+            <Scope displayName="View Shared Users" name="internal_org_user_shared_access_view"
+                   description="View users shared with organizations"/>
+        </Scopes>
+    </APIResource>
     <APIResource name="Application Management Feature" identifier="console:applications"
                  requiresAuthorization="true"
                  description="Resource representation of the Application Management Feature"

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml

@@ -1322,6 +1322,46 @@
         <Scopes>internal_custom_authenticator_delete</Scopes>
     </Resource>
 
+    <!-- [Organization] User share API -->
+    <Resource context="(.*)/o/api/server/v1/users/share(.*)" secured="true" http-method="POST">
+        <Scopes>internal_org_user_share</Scopes>
+    </Resource>
+    <Resource context="(.*)/o/api/server/v1/users/share-with-all(.*)" secured="true" http-method="POST">
+        <Scopes>internal_org_user_share</Scopes>
+    </Resource>
+    <Resource context="(.*)/o/api/server/v1/users/unshare(.*)" secured="true" http-method="POST">
+        <Scopes>internal_org_user_unshare</Scopes>
+    </Resource>
+    <Resource context="(.*)/o/api/server/v1/users/unshare-with-all(.*)" secured="true" http-method="POST">
+        <Scopes>internal_org_user_unshare</Scopes>
+    </Resource>
+    <Resource context="(.*)/o/api/server/v1/users/(.*)/shared-organizations" secured="true" http-method="GET">
+        <Scopes>internal_org_user_shared_access_view</Scopes>
+    </Resource>
+    <Resource context="(.*)/api/server/v1/users/(.*)/shared-roles" secured="true" http-method="GET">
+        <Scopes>internal_org_user_shared_access_view</Scopes>
+    </Resource>
+
+    <!-- User share API -->
+    <Resource context="(.*)/api/server/v1/users/share(.*)" secured="true" http-method="POST">
+        <Scopes>internal_user_share</Scopes>
+    </Resource>
+    <Resource context="(.*)/api/server/v1/users/share-with-all(.*)" secured="true" http-method="POST">
+        <Scopes>internal_user_share</Scopes>
+    </Resource>
+    <Resource context="(.*)/api/server/v1/users/unshare(.*)" secured="true" http-method="POST">
+        <Scopes>internal_user_unshare</Scopes>
+    </Resource>
+    <Resource context="(.*)/api/server/v1/users/unshare-with-all(.*)" secured="true" http-method="POST">
+        <Scopes>internal_user_unshare</Scopes>
+    </Resource>
+    <Resource context="(.*)/api/server/v1/users/(.*)/shared-organizations" secured="true" http-method="GET">
+        <Scopes>internal_user_shared_access_view</Scopes>
+    </Resource>
+    <Resource context="(.*)/api/server/v1/users/(.*)/shared-roles" secured="true" http-method="GET">
+        <Scopes>internal_user_shared_access_view</Scopes>
+    </Resource>
+
     <Resource context="/carbon(.*)" secured="false" http-method="all"/>
     <Resource context="(.*)/myaccount(.*)" secured="false" http-method="all"/>
     <Resource context="(.*)/console(.*)" secured="false" http-method="all"/>

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2

@@ -1391,6 +1391,46 @@
              <Scopes>internal_custom_authenticator_delete</Scopes>
          </Resource>
 
+          <!-- [Organization] User share API -->
+          <Resource context="(.*)/o/api/server/v1/users/share(.*)" secured="true" http-method="POST">
+              <Scopes>internal_org_user_share</Scopes>
+          </Resource>
+          <Resource context="(.*)/o/api/server/v1/users/share-with-all(.*)" secured="true" http-method="POST">
+              <Scopes>internal_org_user_share</Scopes>
+          </Resource>
+          <Resource context="(.*)/o/api/server/v1/users/unshare(.*)" secured="true" http-method="POST">
+              <Scopes>internal_org_user_unshare</Scopes>
+          </Resource>
+          <Resource context="(.*)/o/api/server/v1/users/unshare-with-all(.*)" secured="true" http-method="POST">
+              <Scopes>internal_org_user_unshare</Scopes>
+          </Resource>
+          <Resource context="(.*)/o/api/server/v1/users/(.*)/shared-organizations" secured="true" http-method="GET">
+              <Scopes>internal_org_user_shared_access_view</Scopes>
+          </Resource>
+          <Resource context="(.*)/api/server/v1/users/(.*)/shared-roles" secured="true" http-method="GET">
+              <Scopes>internal_org_user_shared_access_view</Scopes>
+          </Resource>
+
+         <!-- User share API -->
+         <Resource context="(.*)/api/server/v1/users/share(.*)" secured="true" http-method="POST">
+             <Scopes>internal_user_share</Scopes>
+         </Resource>
+         <Resource context="(.*)/api/server/v1/users/share-with-all(.*)" secured="true" http-method="POST">
+             <Scopes>internal_user_share</Scopes>
+         </Resource>
+         <Resource context="(.*)/api/server/v1/users/unshare(.*)" secured="true" http-method="POST">
+             <Scopes>internal_user_unshare</Scopes>
+         </Resource>
+         <Resource context="(.*)/api/server/v1/users/unshare-with-all(.*)" secured="true" http-method="POST">
+             <Scopes>internal_user_unshare</Scopes>
+         </Resource>
+         <Resource context="(.*)/api/server/v1/users/(.*)/shared-organizations" secured="true" http-method="GET">
+             <Scopes>internal_user_shared_access_view</Scopes>
+         </Resource>
+         <Resource context="(.*)/api/server/v1/users/(.*)/shared-roles" secured="true" http-method="GET">
+             <Scopes>internal_user_shared_access_view</Scopes>
+         </Resource>
+
         <Resource context="/carbon(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/myaccount(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/console(.*)" secured="false" http-method="all"/>