feat: jans-linux-setup include permission of all user roles (#3009)

JanssenProject · Nov 16, 2022 · 62a421d · 62a421d
1 parent f66a072
commit 62a421d
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/...pt-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py b/...pt-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py
@@ -45,6 +45,7 @@ def getApiVersion(self):
     # context is reference of io.jans.as.service.external.context.ExternalIntrospectionContext (in https://github.com/JanssenFederation/oxauth project, )
     def modifyResponse(self, responseAsJsonObject, context):
         print "Inside modifyResponse method of introspection script ...."
+        scopes = []
         try:
             # Getting user-info-jwt
             ujwt = context.getHttpRequest().getParameter("ujwt")
@@ -55,7 +56,7 @@ def modifyResponse(self, responseAsJsonObject, context):
                 adminConf = AdminConf()
                 adminUIConfig = entryManager.find(adminConf.getClass(), "ou=admin-ui,ou=configuration,o=jans")
                 permissions = adminUIConfig.getDynamic().getPermissions()
-                scopes = []
+
                 for ele in permissions:
                     if ele.getDefaultPermissionInToken() is not None and ele.getDefaultPermissionInToken():
                         scopes.append(ele.getPermission())
@@ -77,18 +78,19 @@ def modifyResponse(self, responseAsJsonObject, context):
             if validJwt == True:
                 # Get claims from parsed JWT
                 jwtClaims = userInfoJwt.getClaims()
-                jansAdminUIRole = jwtClaims.getClaim("jansAdminUIRole")
+                jansAdminUIRole = list(jwtClaims.getClaim("jansAdminUIRole"))
                 # fetch role-scope mapping from database
-                scopes = None
                 try:
                     entryManager = CdiUtil.bean(PersistenceEntryManager)
                     adminConf = AdminConf()
                     adminUIConfig = entryManager.find(adminConf.getClass(), "ou=admin-ui,ou=configuration,o=jans")
                     roleScopeMapping = adminUIConfig.getDynamic().getRolePermissionMapping()
 
                     for ele in roleScopeMapping:
-                        if ele.getRole() == jansAdminUIRole.getString(0):
-                            scopes = ele.getPermissions()
+                        if ele.getRole() in jansAdminUIRole:
+                            for scope in ele.getPermissions():
+                                if not scope in scopes:
+                                    scopes.append(scope)
                 except Exception as e:
                     print "Error:  Failed to fetch/parse Admin UI roleScopeMapping from DB"
                     print e
@@ -99,4 +101,4 @@ def modifyResponse(self, responseAsJsonObject, context):
         except Exception as e:
                 print "Exception occured. Unable to resolve role/scope mapping."
                 print e
-        return True
+        return True