diff --git a/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py b/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py index 135280a6e0a..83cd5b217ac 100644 --- a/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py +++ b/docs/script-catalog/introspection/introspection-role-based-scope/introspection_role_based_scope.py @@ -45,6 +45,7 @@ def getApiVersion(self): # context is reference of io.jans.as.service.external.context.ExternalIntrospectionContext (in https://github.com/JanssenFederation/oxauth project, ) def modifyResponse(self, responseAsJsonObject, context): print "Inside modifyResponse method of introspection script ...." + scopes = [] try: # Getting user-info-jwt ujwt = context.getHttpRequest().getParameter("ujwt") @@ -55,7 +56,7 @@ def modifyResponse(self, responseAsJsonObject, context): adminConf = AdminConf() adminUIConfig = entryManager.find(adminConf.getClass(), "ou=admin-ui,ou=configuration,o=jans") permissions = adminUIConfig.getDynamic().getPermissions() - scopes = [] + for ele in permissions: if ele.getDefaultPermissionInToken() is not None and ele.getDefaultPermissionInToken(): scopes.append(ele.getPermission()) @@ -77,9 +78,8 @@ def modifyResponse(self, responseAsJsonObject, context): if validJwt == True: # Get claims from parsed JWT jwtClaims = userInfoJwt.getClaims() - jansAdminUIRole = jwtClaims.getClaim("jansAdminUIRole") + jansAdminUIRole = list(jwtClaims.getClaim("jansAdminUIRole")) # fetch role-scope mapping from database - scopes = None try: entryManager = CdiUtil.bean(PersistenceEntryManager) adminConf = AdminConf() @@ -87,8 +87,10 @@ def modifyResponse(self, responseAsJsonObject, context): roleScopeMapping = adminUIConfig.getDynamic().getRolePermissionMapping() for ele in roleScopeMapping: - if ele.getRole() == jansAdminUIRole.getString(0): - scopes = ele.getPermissions() + if ele.getRole() in jansAdminUIRole: + for scope in ele.getPermissions(): + if not scope in scopes: + scopes.append(scope) except Exception as e: print "Error: Failed to fetch/parse Admin UI roleScopeMapping from DB" print e @@ -99,4 +101,4 @@ def modifyResponse(self, responseAsJsonObject, context): except Exception as e: print "Exception occured. Unable to resolve role/scope mapping." print e - return True \ No newline at end of file + return True