From 4fb4363c8a3c25707e891bcc6346f1d640410383 Mon Sep 17 00:00:00 2001
From: Shan Chathusanda Jayathilaka <shanchathusanda@gmail.com>
Date: Mon, 16 Dec 2024 20:30:44 +0530
Subject: [PATCH] Add role properties to the SCIM2 Role response

---
 .../scim2/common/impl/SCIMRoleManagerV2.java  |  27 ++++
 .../common/impl/SCIMRoleManagerV2Test.java    | 130 +++++++++++++++++-
 pom.xml                                       |   4 +-
 3 files changed, 158 insertions(+), 3 deletions(-)

diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java
index 1a9996303..72807bcf7 100644
--- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java
+++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java
@@ -38,6 +38,7 @@
 import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission;
 import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
 import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
+import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleProperty;
 import org.wso2.carbon.identity.role.v2.mgt.core.model.UserBasicInfo;
 import org.wso2.carbon.identity.role.v2.mgt.core.util.RoleManagementUtils;
 import org.wso2.carbon.identity.role.v2.mgt.core.util.UserIDResolver;
@@ -101,6 +102,7 @@ public class SCIMRoleManagerV2 implements RoleV2Manager {
     private final String GROUPS = "groups";
     private final String PERMISSIONS = "permissions";
     private final String ASSOCIATED_APPLICATIONS = "associatedApplications";
+    private final String PROPERTIES = "properties";
     private RoleManagementService roleManagementService;
     private String tenantDomain;
     private Set<String> systemRoles;
@@ -211,6 +213,9 @@ public RoleV2 getRole(String roleID, Map<String, Boolean> requiredAttributes)
             if (systemRoles.contains(role.getName())) {
                 scimRole.setSystemRole(true);
             }
+            List<MultiValuedComplexType> roleProperties =
+                    convertRolePropertiesToMultiValuedComplexType(role.getRoleProperties());
+            scimRole.setRoleProperties(roleProperties);
             // Set permissions.
             List<MultiValuedComplexType> permissions =
                     convertPermissionsToMultiValuedComplexType(role.getPermissions());
@@ -307,6 +312,20 @@ private List<MultiValuedComplexType> convertPermissionsToMultiValuedComplexType(
         return permissionValues;
     }
 
+    private List<MultiValuedComplexType> convertRolePropertiesToMultiValuedComplexType(List<RoleProperty> roleProperties) {
+
+        List<MultiValuedComplexType> rolePropertyValues = new ArrayList<>();
+        if (roleProperties != null) {
+            for (RoleProperty roleProperty : roleProperties) {
+                MultiValuedComplexType rolePropertyComplexObject = new MultiValuedComplexType();
+                rolePropertyComplexObject.setValue(roleProperty.getValue());
+                rolePropertyComplexObject.setDisplay(roleProperty.getName());
+                rolePropertyValues.add(rolePropertyComplexObject);
+            }
+        }
+        return rolePropertyValues;
+    }
+
     public void deleteRole(String roleID) throws CharonException, NotFoundException, BadRequestException {
 
         try {
@@ -679,6 +698,14 @@ private List<RoleV2> getScimRolesList(List<Role> roles, List<String> requiredAtt
                         scimRole.setAssociatedApplications(associatedApps);
                     }
                 }
+                if (requiredAttributes.contains(PROPERTIES)) {
+                    // Set role properties.
+                    List<MultiValuedComplexType> roleProperties =
+                            convertRolePropertiesToMultiValuedComplexType(role.getRoleProperties());
+                    if (CollectionUtils.isNotEmpty(roleProperties)) {
+                        scimRole.setRoleProperties(roleProperties);
+                    }
+                }
             }
             scimRoles.add(scimRole);
         }
diff --git a/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2Test.java b/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2Test.java
index 7c0e8f005..ac3fda84d 100644
--- a/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2Test.java
+++ b/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2Test.java
@@ -25,28 +25,36 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
-import org.wso2.carbon.base.CarbonBaseConstants;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
+import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
+import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleProperty;
+import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils;
 import org.wso2.charon3.core.exceptions.BadRequestException;
 import org.wso2.charon3.core.exceptions.CharonException;
 import org.wso2.charon3.core.exceptions.ConflictException;
 import org.wso2.charon3.core.exceptions.ForbiddenException;
 import org.wso2.charon3.core.exceptions.NotFoundException;
+import org.wso2.charon3.core.objects.RoleV2;
+import org.wso2.charon3.core.objects.plainobjects.MultiValuedComplexType;
+import org.wso2.charon3.core.objects.plainobjects.RolesV2GetResponse;
 import org.wso2.charon3.core.protocol.ResponseCodeConstants;
 import org.wso2.charon3.core.schema.SCIMConstants;
 import org.wso2.charon3.core.utils.codeutils.PatchOperation;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mockStatic;
 import static org.mockito.Mockito.when;
 import static org.mockito.MockitoAnnotations.initMocks;
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertTrue;
 
 /**
  * Contains the unit test cases for SCIMRoleManagerV2.
@@ -57,6 +65,16 @@ public class SCIMRoleManagerV2Test {
     private static final String SAMPLE_VALID_ROLE_ID = "595f5508-f286-446a-86c4-5071e07b98fc";
     private static final String SAMPLE_GROUP_NAME = "testGroup";
     private static final String SAMPLE_VALID_ROLE_NAME = "admin";
+    private static final String ROLE_ID = "role_id";
+    private static final String ROLE_ID_2 = "role_id_2";
+    private static final String ROLE_NAME = "role_name";
+    private static final String ROLE_NAME_2 = "role_name_2";
+    private static final String ORGANIZATION_AUD = "ORGANIZATION";
+    private static final String ORGANIZATION_ID = "organization_id";
+    private static final String ORGANIZATION_NAME = "organization_name";
+    private static final String ROLE_PROPERTY_NAME = "isSharedRole";
+    private static final String SCIM2_ROLES_V2_LOCATION_URI_BASE = "https://localhost:9443/scim2/v2/Roles/";
+
     private static final int BAD_REQUEST = 400;
 
     @Mock
@@ -121,4 +139,114 @@ public void testPatchRoleWithGroupDisplayNameInsteadOfGroupIdThrowingErrors(Stri
             assertEquals("Group id is required to update group of the role.", e.getDetail());
         }
     }
+
+    @Test
+    public void testGetRoleWithRoleProperties() throws Exception {
+
+        try (MockedStatic<SCIMCommonUtils> mockedSCIMCommonUtils = mockStatic(SCIMCommonUtils.class)) {
+
+            Role mockedRole = new Role();
+            mockedRole.setId(ROLE_ID);
+            mockedRole.setName(ROLE_NAME);
+            mockedRole.setAudience(ORGANIZATION_AUD);
+            mockedRole.setAudienceId(ORGANIZATION_ID);
+            mockedRole.setAudienceName(ORGANIZATION_NAME);
+
+            RoleProperty roleProperty = new RoleProperty();
+            roleProperty.setName(ROLE_PROPERTY_NAME);
+            roleProperty.setValue(Boolean.TRUE.toString());
+            mockedRole.setRoleProperty(roleProperty);
+
+            mockedSCIMCommonUtils.when(() -> SCIMCommonUtils.getSCIMRoleV2URL(anyString())).
+                    thenReturn(SCIM2_ROLES_V2_LOCATION_URI_BASE + ROLE_ID);
+
+            when(roleManagementService.getRoleWithoutUsers(anyString(), anyString())).thenReturn(mockedRole);
+
+            RoleV2 scimRole = scimRoleManagerV2.getRole(ROLE_ID, new HashMap<>());
+
+            assertEquals(scimRole.getId(), ROLE_ID);
+            assertEquals(scimRole.getDisplayName(), ROLE_NAME);
+            assertEquals(scimRole.getLocation(), SCIM2_ROLES_V2_LOCATION_URI_BASE + ROLE_ID);
+
+            List<MultiValuedComplexType> roleProperties = scimRole.getRoleProperties();
+            assertEquals(roleProperties.size(), 1);
+            assertEquals(scimRole.getRoleProperties().get(0).getDisplay(), ROLE_PROPERTY_NAME);
+        }
+    }
+
+    @DataProvider(name = "isPropertiesRequired")
+    public Object[][] provideIsPropertiesRequired() {
+
+        return new Object[][]{
+                {true},
+                {false}
+        };
+    }
+
+    @Test(dataProvider = "isPropertiesRequired")
+    public void testListRolesWithGETWithRoleProperties(boolean isPropertiesRequired) throws Exception {
+
+        try (MockedStatic<SCIMCommonUtils> mockedSCIMCommonUtils = mockStatic(SCIMCommonUtils.class)) {
+
+            List<String> requiredAttributes = new ArrayList<>();
+            requiredAttributes.add("properties");
+
+            Role mockedRole1 = new Role();
+            mockedRole1.setId(ROLE_ID);
+            mockedRole1.setName(ROLE_NAME);
+            mockedRole1.setAudience(ORGANIZATION_AUD);
+            mockedRole1.setAudienceId(ORGANIZATION_ID);
+            mockedRole1.setAudienceName(ORGANIZATION_NAME);
+
+            Role mockedRole2 = new Role();
+            mockedRole2.setId("role_id_2");
+            mockedRole2.setName("role_name_2");
+            mockedRole2.setAudience(ORGANIZATION_AUD);
+            mockedRole2.setAudienceId(ORGANIZATION_ID);
+            mockedRole2.setAudienceName(ORGANIZATION_NAME);
+
+            if (isPropertiesRequired) {
+                RoleProperty roleProperty1 = new RoleProperty();
+                roleProperty1.setName(ROLE_PROPERTY_NAME);
+                roleProperty1.setValue(Boolean.TRUE.toString());
+                mockedRole1.setRoleProperty(roleProperty1);
+
+                RoleProperty roleProperty2 = new RoleProperty();
+                roleProperty2.setName(ROLE_PROPERTY_NAME);
+                roleProperty2.setValue(Boolean.FALSE.toString());
+                mockedRole2.setRoleProperty(roleProperty2);
+            }
+
+            List<Role> mockedRoles = new ArrayList<>();
+            mockedRoles.add(mockedRole1);
+            mockedRoles.add(mockedRole2);
+
+            mockedSCIMCommonUtils.when(() -> SCIMCommonUtils.getSCIMRoleV2URL(ROLE_ID)).
+                    thenReturn(SCIM2_ROLES_V2_LOCATION_URI_BASE + ROLE_ID);
+            mockedSCIMCommonUtils.when(() -> SCIMCommonUtils.getSCIMRoleV2URL(ROLE_ID_2)).
+                    thenReturn(SCIM2_ROLES_V2_LOCATION_URI_BASE + ROLE_ID_2);
+
+            when(roleManagementService.getRoles(10, 1, null, null, SAMPLE_TENANT_DOMAIN, requiredAttributes)).
+                    thenReturn(mockedRoles);
+
+            RolesV2GetResponse rolesV2GetResponse = scimRoleManagerV2.listRolesWithGET(null, 1, 10, null, null,
+                    requiredAttributes);
+            List<RoleV2> roles = rolesV2GetResponse.getRoles();
+            assertEquals(roles.get(0).getDisplayName(), ROLE_NAME);
+            assertEquals(roles.get(0).getLocation(), SCIM2_ROLES_V2_LOCATION_URI_BASE + ROLE_ID);
+
+            assertEquals(roles.get(1).getDisplayName(), ROLE_NAME_2);
+            assertEquals(roles.get(1).getLocation(), SCIM2_ROLES_V2_LOCATION_URI_BASE + ROLE_ID_2);
+
+            if (isPropertiesRequired) {
+                assertEquals(roles.get(0).getRoleProperties().get(0).getDisplay(), ROLE_PROPERTY_NAME);
+                assertEquals(roles.get(0).getRoleProperties().get(0).getValue(), Boolean.TRUE.toString());
+                assertEquals(roles.get(1).getRoleProperties().get(0).getDisplay(), ROLE_PROPERTY_NAME);
+                assertEquals(roles.get(1).getRoleProperties().get(0).getValue(), Boolean.FALSE.toString());
+            } else {
+                assertTrue(roles.get(0).getRoleProperties().isEmpty());
+                assertTrue(roles.get(1).getRoleProperties().isEmpty());
+            }
+        }
+    }
 }
diff --git a/pom.xml b/pom.xml
index a09af45a5..c28f430cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -294,11 +294,11 @@
         <inbound.auth.oauth.version>6.5.3</inbound.auth.oauth.version>
         <commons-collections.version>3.2.0.wso2v1</commons-collections.version>
         <carbon.kernel.version>4.10.24</carbon.kernel.version>
-        <identity.framework.version>7.7.26</identity.framework.version>
+        <identity.framework.version>7.7.40</identity.framework.version>
         <junit.version>4.13.1</junit.version>
         <commons.lang.version>20030203.000129</commons.lang.version>
         <identity.governance.version>1.8.12</identity.governance.version>
-        <charon.version>4.0.20</charon.version>
+        <charon.version>4.0.28</charon.version>
         <org.wso2.carbon.identity.organization.management.core.version>1.0.76
         </org.wso2.carbon.identity.organization.management.core.version>
         <org.wso2.carbon.identity.handler.event.account.lock.version>1.8.13