From 62a421df821067432cbcced0e89cc2a410cd40be Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Wed, 16 Nov 2022 16:26:24 +0300
Subject: [PATCH] feat: jans-linux-setup include permission of all user roles
 (#3009)

---
 .../introspection_role_based_scope.py              | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py b/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py
index 135280a6e0a..83cd5b217ac 100644
--- a/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py
+++ b/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py
@@ -45,6 +45,7 @@ def getApiVersion(self):
     # context is reference of io.jans.as.service.external.context.ExternalIntrospectionContext (in https://github.com/JanssenFederation/oxauth project, )
     def modifyResponse(self, responseAsJsonObject, context):
         print "Inside modifyResponse method of introspection script ...."
+        scopes = []
         try:
             # Getting user-info-jwt
             ujwt = context.getHttpRequest().getParameter("ujwt")
@@ -55,7 +56,7 @@ def modifyResponse(self, responseAsJsonObject, context):
                 adminConf = AdminConf()
                 adminUIConfig = entryManager.find(adminConf.getClass(), "ou=admin-ui,ou=configuration,o=jans")
                 permissions = adminUIConfig.getDynamic().getPermissions()
-                scopes = []
+                
                 for ele in permissions:
                     if ele.getDefaultPermissionInToken() is not None and ele.getDefaultPermissionInToken():
                         scopes.append(ele.getPermission())
@@ -77,9 +78,8 @@ def modifyResponse(self, responseAsJsonObject, context):
             if validJwt == True:
                 # Get claims from parsed JWT
                 jwtClaims = userInfoJwt.getClaims()
-                jansAdminUIRole = jwtClaims.getClaim("jansAdminUIRole")
+                jansAdminUIRole = list(jwtClaims.getClaim("jansAdminUIRole"))
                 # fetch role-scope mapping from database
-                scopes = None
                 try:
                     entryManager = CdiUtil.bean(PersistenceEntryManager)
                     adminConf = AdminConf()
@@ -87,8 +87,10 @@ def modifyResponse(self, responseAsJsonObject, context):
                     roleScopeMapping = adminUIConfig.getDynamic().getRolePermissionMapping()
 
                     for ele in roleScopeMapping:
-                        if ele.getRole() == jansAdminUIRole.getString(0):
-                            scopes = ele.getPermissions()
+                        if ele.getRole() in jansAdminUIRole:
+                            for scope in ele.getPermissions():
+                                if not scope in scopes:
+                                    scopes.append(scope)
                 except Exception as e:
                     print "Error:  Failed to fetch/parse Admin UI roleScopeMapping from DB"
                     print e
@@ -99,4 +101,4 @@ def modifyResponse(self, responseAsJsonObject, context):
         except Exception as e:
                 print "Exception occured. Unable to resolve role/scope mapping."
                 print e
-        return True
\ No newline at end of file
+        return True