Restrict shared apps to only use shared roles when shared apps are accessed #6419
Conversation
ShanChathusanda93
force-pushed
the
shared-role-to-shared-apps-branch
branch
3 times, most recently
from
be942a5 to
5008aea
Compare
Codecov ReportAttention: Patch coverage is
❌ Your patch check has failed because the patch coverage (0.00%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## master #6419 +/- ##
============================================
- Coverage 46.35% 45.96% -0.40%
- Complexity 15171 15549 +378
============================================
Files 1744 1748 +4
Lines 108113 111927 +3814
Branches 19567 20716 +1149
============================================
+ Hits 50120 51448 +1328
- Misses 50863 53116 +2253
- Partials 7130 7363 +233
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
ShanChathusanda93
force-pushed
the
shared-role-to-shared-apps-branch
branch
from
5008aea to
b4a3e8b
Compare
| private static boolean isFragmentApplication() { | ||
|
|
||
| boolean isFragmentApp = false; | ||
| if (IdentityUtil.threadLocalProperties.get().get(ApplicationConstants.IS_FRAGMENT_APP) != null) { |
There was a problem hiding this comment.
From where this threadlocal set and unset
| return; | ||
| } | ||
|
|
||
| filterAndRemoveNonSharedRoles(roleIds, tenantDomain); |
There was a problem hiding this comment.
I think it will be better to implement this logic in getAssociatedRolesOfApplication method in ApplicationManagementService which is used in getRolesAssociatedWithApplication method in AppAssociatedRolesResolverImpl.java. Relying on thread local properties in service level will not be an ideal approach since we can't guarantee setting thread local properties in every place that this service is used.
|
Proposed changes in this pull request