Introduce User Sharing API v2

[BimsaraBodaragama]

Purpose

This PR introduces a new versioned User Sharing API (/api/server/v2/users/**) to address functional and frontend limitations of the existing /api/server/v1/users/** endpoints.
The new API aligns conceptually and structurally with the Application Sharing API and enables incremental role assignment and selective sharing across hierarchical organizations.

Goals

• Provide a versioned User Sharing API with a consistent design following Application Sharing patterns.
• Support optional role assignment through a roleAssignment object with supported modes: NONE | SELECTED.
• Enable incremental role modifications via PATCH operations.
• Support paginated retrieval of shared organizations and per-organization role visibility.
• Maintain backward compatibility for existing /v1 integrations.

Approach

• Added new endpoints under /api/server/v2/users/**:

  POST   /users/share
  POST   /users/share-with-all
  POST   /users/unshare
  POST   /users/unshare-with-all
  PATCH  /users/share
  GET    /users/{userId}/share
  

• Model roleAssignment to reflect role assignment semantics in sub-organizations.
• Allowed the role assignment modes NONE and SELECTED, consistent with the Application Sharing model.
• Introduced SCIM-style incremental PATCH for add/remove of roles.
• Updated OpenAPI specification and supporting backend controller logic.
• Ensured no behavioural change to existing v1 implementation.

Related PRs

• API layer logic impl: Introduce User Sharing API v2 #1044 (This PR)
• API layer response fine-tuning: Fix missing fields in user sharing v2 GET response for shared organizations #1089
• API layer resource defining - Add API resources and access control for user share API V2 carbon-identity-framework#7695
• API Servlet registration: Register User Sharing V2 API in Server V2 Servlets product-is#26602
• Service layer scaffolding - Part 1: Introduce Service Layer Scaffolding and Data Objects for User Sharing API v2 wso2-extensions/identity-organization-management#586
• Service layer scaffolding - Part 2: Introduce request DOs for GET and PATCH operations in User Sharing v2 wso2-extensions/identity-organization-management#588
• Service layer scaffolding - Part 3: Refine User Sharing v2 request DOs for GET and PATCH wso2-extensions/identity-organization-management#590
• Service layer scaffolding - Part 4: Harden enum parsing with null-safe, case-insensitive resolution and consistent validation wso2-extensions/identity-organization-management#592
• Service layer scaffolding - Part 5: Remodel GetUserSharedOrgsDO to use normalized pagination parameters wso2-extensions/identity-organization-management#595
• Service layer scaffolding - Part 6: Generalize PATCH handling for shared user attribute updates in v2 wso2-extensions/identity-organization-management#596
• Service layer logic impl: Implement core backend logic for User Sharing API v2 wso2-extensions/identity-organization-management#594
• Service layer policy replacement: Fix selective user sharing policy overwrite across iterations wso2-extensions/identity-organization-management#609
• Service layer role reconciliation: Fix shared role reconciliation during user share updates wso2-extensions/identity-organization-management#610
• Service layer GET sharingMode resolution: Restructure shared user sharing mode resolution wso2-extensions/identity-organization-management#611
• Service layer GET filter validation: Make shared user GET filter optional in V2 wso2-extensions/identity-organization-management#613
• Service layer bump: [Bump] User Sharing version to 1.5.8-SNAPSHOT #1071
• Integration Tests: Add integration tests for user sharing management v2 APIs product-is#26997
• API Docs: [Docs] API Docs - Add organization user share v2 API documentation docs-is#5913

Related Issues

• public-issue: User Sharing API requires a v2 design aligned with Application Sharing product-is#26395

Summary by CodeRabbit

• New Features

  • V2 User Sharing API: share/unshare users (per-organization or global), patch-based sharing updates, and list a user’s shared organizations with pagination, filtering, and scoped auth.

• Documentation

  • Added OpenAPI v3 specification for V2 endpoints, models, examples, and security scopes.

• Chores

  • Introduced V2 module, service wiring, factory and implementation to expose the V2 API.

• Maintenance

  • Added new validation/error codes for V2 flows and bumped organization-management dependency.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a v2 organization user-sharing management module: new Maven module and parent registration, OpenAPI v3 spec for v2, core service + factory + impl wired to a V2 backend, a V2 service holder accessor, new constants and error codes, and an organization-management dependency version bump.

Changes

Cohort / File(s)	Summary
New V2 Module — POM & Parent Registration components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/pom.xml, components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/pom.xml	Adds v2 Maven module POM with dependencies (JAX-RS, CXF, Swagger, common/org-management), build-helper and compiler config; registers the v2 module in the parent POM.
OpenAPI — v2 API Surface components/.../org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml	Adds OpenAPI v3 definition for User Sharing v2: endpoints (share/patch/unshare/list), request/response schemas, examples, pagination/filtering, and OAuth2/BasicAuth security schemes and scopes.
Core Service — Business Logic ...v2/src/main/java/.../v2/core/UsersApiServiceCore.java	New core class implementing validation, request→DO mapping, delegation to UserSharingPolicyHandlerServiceV2, response mapping, pagination/link construction, and standardized error handling for share/patch/unshare/list flows.
Factory & Impl — Wiring ...v2/src/main/java/.../v2/factories/UsersApiServiceCoreFactory.java, ...v2/src/main/java/.../v2/impl/UsersApiServiceImpl.java	Adds factory that eagerly initializes a singleton UsersApiServiceCore via UserSharingMgtServiceHolder.getUserSharingPolicyHandlerServiceV2() and an impl that delegates API endpoints to the core, converting init failures to runtime errors.
Service Holder — V2 accessor components/.../common/src/main/java/.../UserSharingMgtServiceHolder.java	Adds support for UserSharingPolicyHandlerServiceV2 and a public getter getUserSharingPolicyHandlerServiceV2() alongside the existing V1 accessor.
Constants & Errors components/.../common/src/main/java/.../constants/UserSharingMgtConstants.java	Adds RESPONSE_DETAIL_USER_SHARE_PATCH constant and multiple new ErrorMessage enum entries for V2 validations (invalid patch body, missing criteria/ids, unsupported/empty patch paths, unsupported policy, invalid cursor/limit).
Root POM — Dependency Version pom.xml	Bumps property org.wso2.carbon.identity.organization.management.version from 2.0.8 to 2.0.47.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant Impl as UsersApiServiceImpl (v2)
    participant Core as UsersApiServiceCore (v2)
    participant Backend as UserSharingPolicyHandlerServiceV2

    Client->>Impl: HTTP request (e.g., POST /users/share)
    Impl->>Core: delegate(request)
    Core->>Core: validate & map -> DO
    Core->>Backend: perform operation(DO)
    Backend-->>Core: result / error
    Core->>Core: map result -> API response, build links
    Core-->>Impl: Response
    Impl-->>Client: HTTP response

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 A hop, a patch, a share anew,

V2 now hums with spec and glue.
Roles and orgs in tidy rows,
Requests map where logic flows.
A rabbit cheers — the module grew!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 79.55% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main change: introducing a new versioned User Sharing API v2. It clearly reflects the primary focus of the changeset.
Description check	✅ Passed	The PR description comprehensively covers Purpose, Goals, Approach, and Related PRs with detailed API endpoint specifications and design rationale.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1	Y	#1044 (comment)
#### Log Improvement Suggestion No: 2	Y	#1044 (comment)
#### Log Improvement Suggestion No: 3	Y	#1044 (comment)
#### Log Improvement Suggestion No: 4	Y	#1044 (comment)
#### Log Improvement Suggestion No: 5	Y	#1044 (comment)
#### Log Improvement Suggestion No: 6	Y	#1044 (comment)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/factories/UsersApiServiceCoreFactory.java (1)

30-49: Static initializer hides the intended IllegalStateException from callers

Throwing IllegalStateException in the static block will surface to callers as ExceptionInInitializerError, so the IllegalStateException catch in UsersApiServiceImpl will never see it. If you want the API layer to consistently get IllegalStateException from the factory, consider moving the null‑check and construction into getUsersApiServiceCore() (lazy init) instead of the static block.

One possible refactor:

-    private static final UsersApiServiceCore SERVICE;
-
-    static {
-        UserSharingPolicyHandlerService userSharingPolicyHandlerService = UserSharingMgtServiceHolder
-                .getUserSharingPolicyHandlerService();
-        if (userSharingPolicyHandlerService == null) {
-            throw new IllegalStateException("UserSharingPolicyHandlerService is not available from the OSGi context.");
-        }
-        SERVICE = new UsersApiServiceCore(userSharingPolicyHandlerService);
-    }
+    private static volatile UsersApiServiceCore service;
@@
-    public static UsersApiServiceCore getUsersApiServiceCore() {
-
-        return SERVICE;
-    }
+    public static UsersApiServiceCore getUsersApiServiceCore() {
+
+        if (service == null) {
+            synchronized (UsersApiServiceCoreFactory.class) {
+                if (service == null) {
+                    UserSharingPolicyHandlerService userSharingPolicyHandlerService =
+                            UserSharingMgtServiceHolder.getUserSharingPolicyHandlerService();
+                    if (userSharingPolicyHandlerService == null) {
+                        throw new IllegalStateException(
+                                "UserSharingPolicyHandlerService is not available from the OSGi context.");
+                    }
+                    service = new UsersApiServiceCore(userSharingPolicyHandlerService);
+                }
+            }
+        }
+        return service;
+    }

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/impl/UsersApiServiceImpl.java (1)

43-50: Constructor’s IllegalStateException catch won’t see static‑init failures from the factory

Given the current factory implementation, a missing UserSharingPolicyHandlerService will throw IllegalStateException from a static initializer, which reaches this constructor as ExceptionInInitializerError, bypassing the IllegalStateException catch.

If you don’t refactor the factory, consider broadening the catch here; if you do refactor as suggested in the factory comment, this constructor will then work as intended.

Example if you keep the static initializer:

-        try {
-            this.usersApiServiceCore = UsersApiServiceCoreFactory.getUsersApiServiceCore();
-        } catch (IllegalStateException e) {
-            throw new RuntimeException(ERROR_INITIATING_USERS_API_SERVICE.getMessage(), e);
-        }
+        try {
+            this.usersApiServiceCore = UsersApiServiceCoreFactory.getUsersApiServiceCore();
+        } catch (IllegalStateException | ExceptionInInitializerError e) {
+            throw new RuntimeException(ERROR_INITIATING_USERS_API_SERVICE.getMessage(), e);
+        }

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml (3)

455-465: Unbounded userIds array may be problematic; consider adding maxItems

UserCriteria.userIds is required but unconstrained in size. For bulk operations like share/unshare, this can invite very large payloads and DoS‑type scenarios. If the backend already enforces a sensible cap, it’s worth reflecting that here with a maxItems (and optionally minItems) so clients have a clear contract.

For example (adjust the limit to match server behavior):

     userIds:
       type: array
       description: List of user IDs.
       items:
         type: string
+      maxItems: 1000

---

435-449: Clarify that BasicAuth/OAuth2 credentials must only be used over TLS

Static analysis flagged the securitySchemes because HTTP auth can expose credentials over cleartext if used on plain HTTP. Your examples and OAuth2 URLs already use https, but the spec itself doesn’t state the TLS requirement.

I’d recommend explicitly documenting that these endpoints are only supported over HTTPS (and that HTTP is not allowed in production), to satisfy tooling and avoid misconfiguration.

---

753-765: Align Error.code example prefix with actual error prefix

The Error.code example uses "US-00000", while UserSharingMgtConstants.ERROR_PREFIX is "USM-". To avoid confusion for integrators, it’s better if the example matches the real prefix.

-        code:
-          type: string
-          example: "US-00000"
+        code:
+          type: string
+          example: "USM-00000"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73ac434 and 2b99e3d.

⛔ Files ignored due to path filters (20)

• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/UsersApi.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/UsersApiService.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/factories/UsersApiServiceFactory.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/Error.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/Link.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/ProcessSuccessResponse.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/RoleAssignment.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/RoleShareConfig.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/RoleShareConfigAudience.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/SharingMode.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserCriteria.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserOrgShareConfig.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserShareAllRequestBody.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserShareSelectedRequestBody.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserSharedOrganization.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserSharedOrganizationsResponse.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserSharingPatchOperation.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserSharingPatchRequest.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserUnshareAllRequestBody.java is excluded by !**/gen/**
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/gen/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/model/UserUnshareSelectedRequestBody.java is excluded by !**/gen/**

📒 Files selected for processing (6)

• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/pom.xml (1 hunks)
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/core/UsersApiServiceCore.java (1 hunks)
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/factories/UsersApiServiceCoreFactory.java (1 hunks)
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/impl/UsersApiServiceImpl.java (1 hunks)
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml (1 hunks)
• components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/pom.xml (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/impl/UsersApiServiceImpl.java (3)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/core/UsersApiServiceCore.java (1)

• UsersApiServiceCore (35-82)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/v2/factories/UsersApiServiceCoreFactory.java (1)

• UsersApiServiceCoreFactory (28-50)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.common/src/main/java/org/wso2/carbon/identity/api/server/organization/user/sharing/management/common/constants/UserSharingMgtConstants.java (1)

• UserSharingMgtConstants (24-101)

🪛 Checkov (3.2.334)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml

[medium] 460-465: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)

---

[high] 438-441: Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files

(CKV_OPENAPI_3)

🔇 Additional comments (2)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/pom.xml (1)

31-35: V2 module wiring in parent POM looks consistent

Adding the v2 module alongside v1 and common matches the expected multi‑module structure for versioned APIs.

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/pom.xml (1)

31-172: POM configuration for the v2 module looks fine; just ensure generated sources are present

Dependencies and build plugins align with other JAX‑RS/OpenAPI modules (provided scopes, build-helper-maven-plugin for src/gen/java, Java 8 compiler settings). From a POM perspective this looks good.

Just make sure that the generated sources for src/gen/java (e.g., UsersApiService interface) are either checked in or produced by your build pipeline, since the openapi‑generator plugin here is commented out.

[Copilot]

Pull request overview

This PR introduces a new versioned User Sharing API (v2) under /api/server/v2/users/** to address limitations of the existing v1 endpoints. The new API follows the Application Sharing pattern and enables incremental role assignment with selective sharing across hierarchical organizations.

Key Changes:

• Added 6 new REST endpoints for user sharing operations (share, unshare, patch, and query)
• Introduced role assignment modes (NONE, SELECTED) with SCIM-style PATCH semantics for incremental updates
• Implemented paginated retrieval of shared organizations with per-organization role visibility

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 20 comments.

Show a summary per file

File	Description
pom.xml (parent)	Added v2 module to the parent POM build configuration
organization-user-share-v2.yaml	OpenAPI 3.0 specification defining the v2 API endpoints, schemas, and examples
UsersApiServiceImpl.java	Implementation delegating API calls to the core service layer
UsersApiServiceCore.java	Core business logic with placeholder methods for all v2 operations
UsersApiServiceCoreFactory.java	Factory pattern for initializing the core service with OSGi dependencies
Model classes (20 files)	Auto-generated DTOs from OpenAPI spec for request/response handling
UsersApi.java	JAX-RS resource class with endpoint mappings and validation
UsersApiService.java	Service interface defining the API contract
UsersApiServiceFactory.java	Factory for service instantiation
pom.xml (v2 module)	Maven configuration with dependencies and build plugins

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In
`@components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml`:
- Around line 610-627: The PATCH schema currently lists only "op" and "path" as
required while the "value" property is used by operations (add/remove); either
add "value" to the required array so RoleShareConfig lists must be provided for
add/remove, or explicitly document the remove-all semantics for when "value" is
omitted; update the schema's required list to include "value" if the backend
requires it (refer to the "value" property and the "op" values `add`/`remove`)
or add a clear description under "value" and in the "op" description explaining
behavior when "value" is absent (e.g., remove-all) so consumers know which
behavior is supported.
- Around line 699-713: The SharingMode.policy description currently only
documents the global policy and can mislead clients when used in
per-organization contexts (e.g., UserSharedOrganization); update the OpenAPI
schema for SharingMode.policy to enumerate all valid policy values used across
contexts (both global and per-organization selected-org policies) or create a
separate schema (e.g., SharingModePerOrg) for per-organization usage and
reference that from UserSharedOrganization; ensure the chosen approach updates
the description and the required/enum values so responses and request models
accurately reflect valid values for each context.

🧹 Nitpick comments (1)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml (1)

483-492: Add explicit size bounds for request arrays.

Arrays like userIds, orgIds, organizations, roles, and Operations are unbounded. Please reflect server-side limits with minItems/maxItems so clients and tooling can validate payload sizes and avoid oversized requests.

🛠️ Example fix (adjust maxItems to your enforced limit)

    UserCriteria:
      type: object
      description: Criteria for selecting users to share/unshare.
      properties:
        userIds:
          type: array
          description: List of user IDs.
+         minItems: 1
+         maxItems: 1000
          items:
            type: string

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml (2)

522-529: Missing enum constraints on policy (in UserOrgShareConfig, UserShareAllRequestBody) and op (in UserSharingPatchOperation).

Each of these fields documents a fixed set of valid values in its description, but the schema does not enforce them with an enum. This means OpenAPI validators and code generators treat them as unconstrained strings, allowing invalid values to pass schema validation silently.

📋 Proposed additions

 # UserOrgShareConfig.policy (lines 522-529)
         policy:
           type: string
+          enum:
+            - SELECTED_ORG_ONLY
+            - SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN
           description: |-
             Sharing scope for this organization.

 # UserShareAllRequestBody.policy (lines 546-552)
         policy:
           type: string
+          enum:
+            - ALL_EXISTING_AND_FUTURE_ORGS
           description: |-
             Global sharing policy.

 # UserSharingPatchOperation.op (lines 615-617)
         op:
           type: string
+          enum:
+            - add
+            - remove
           description: "Operation type. Supported values: `add`, `remove`."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml`
around lines 522 - 529, The OpenAPI schema fails to enforce the documented fixed
values for the policy and op fields; update the YAML schemas for
UserOrgShareConfig and UserShareAllRequestBody to add an enum for the policy
property with values
["SELECTED_ORG_ONLY","SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN"], and
update the UserSharingPatchOperation schema to add an enum for the op property
with the allowed operation strings documented elsewhere (e.g.,
"add","remove","replace" or the exact operation names used in your API); ensure
the enum arrays exactly match the values described and keep the existing
description text.

---

70-91: Add 401, 403, and (for GET) 404 responses across all operations.

All six operations only document 4xx as 400. Since security scopes are declared, 401 Unauthorized (invalid/missing token) and 403 Forbidden (valid token, insufficient scope) are real failure paths that client code must handle. GET /users/{userId}/share also needs 404 for an unknown userId.

📋 Suggested additions (representative, apply the pattern to all operations)

 # On POST /users/share, PATCH /users/share, POST /users/share-with-all,
 # POST /users/unshare, POST /users/unshare-with-all responses:
+        "401":
+          description: Unauthorized
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+        "403":
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"

 # Additionally on GET /users/{userId}/share responses:
+        "401":
+          description: Unauthorized
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+        "403":
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+        "404":
+          description: User not found
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml`
around lines 70 - 91, The OpenAPI responses are missing 401 and 403 (and 404 for
the GET /users/{userId}/share operation); update each operation's responses
block to include entries for "401" and "403" that use the existing Error schema
(components/schemas/Error) with appropriate description text (e.g.,
"Unauthorized" and "Forbidden"), and for the GET operation also add a "404"
response using the same Error schema for unknown userId; apply this pattern to
all six operations in the YAML so client code can handle missing/invalid tokens
and insufficient scopes (and not-found for GET).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml`:
- Around line 489-494: Add a reasonable upper bound to unbounded array schemas
to prevent DoS by large payloads: for the array fields userIds, organizations,
Operations (items under the patch ops array), the value property in the
UserSharingPatchOperation schema, and roles in the RoleAssignment schema, add a
maxItems (e.g., maxItems: 100) to each array definition in the OpenAPI YAML;
update the schemas that declare type: array for those named properties so the
top-level input arrays enforce the limit.
- Around line 530-534: The roleAssignment property currently places a
description next to a $ref which OpenAPI 3.0 ignores; replace each occurrence
(the roleAssignment entries referencing RoleAssignment) with an allOf array that
first $ref's "#/components/schemas/RoleAssignment" and then a separate schema
object containing the description text (so the description is preserved). Apply
this change to both roleAssignment occurrences that reference RoleAssignment.

---

Duplicate comments:
In
`@components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml`:
- Around line 382-389: The "attributes" parameter lacks an enum constraint—add
an enum to the attributes schema to explicitly list the allowed values
["roles","sharingMode"] so tooling and validation enforce the documented
options; update the schema for the parameter named attributes in the
organization-user-share-v2.yaml operation (schema.type: string for parameter
attributes) to include the enum with those two strings and keep the existing
description and example unchanged.
- Around line 598-628: Rename the top-level schema key "Operations" to
"operations" to match camelCase used across the spec (or, if PascalCase is
intentional for SCIM alignment, add a clear description comment explaining the
deviation) and update the UserSharingPatchOperation schema to include "value" in
its required array so that op/path without a roles list is invalid; specifically
modify the "UserSharingPatchOperation" required list to add "value" and ensure
the "value" property remains typed as an array of RoleShareConfig.
- Around line 700-714: The SharingMode.policy description only documents
ALL_EXISTING_AND_FUTURE_ORGS but omits
SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN referenced elsewhere (e.g.,
UserSharedOrganization.sharingMode); update the SharingMode.policy schema
description to list all valid policy values (including
SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN) and briefly describe each
value so API consumers can understand all possible responses.
- Around line 464-469: Update the OpenAPI securitySchemes entry for BasicAuth to
explicitly state transport must be TLS: add a description under the BasicAuth
scheme (securitySchemes -> BasicAuth) that says credentials must only be sent
over HTTPS/TLS (e.g., "Only use over HTTPS/TLS; do not send credentials over
plain HTTP") so the spec documents the transport constraint and resolves the
Checkov CKV_OPENAPI_3 flag; keep the OAuth2 entry unchanged.

---

Nitpick comments:
In
`@components/org.wso2.carbon.identity.api.server.organization.user.sharing.management/org.wso2.carbon.identity.api.server.organization.user.sharing.management.v2/src/main/resources/organization-user-share-v2.yaml`:
- Around line 522-529: The OpenAPI schema fails to enforce the documented fixed
values for the policy and op fields; update the YAML schemas for
UserOrgShareConfig and UserShareAllRequestBody to add an enum for the policy
property with values
["SELECTED_ORG_ONLY","SELECTED_ORG_WITH_ALL_EXISTING_AND_FUTURE_CHILDREN"], and
update the UserSharingPatchOperation schema to add an enum for the op property
with the allowed operation strings documented elsewhere (e.g.,
"add","remove","replace" or the exact operation names used in your API); ensure
the enum arrays exactly match the values described and keep the existing
description text.
- Around line 70-91: The OpenAPI responses are missing 401 and 403 (and 404 for
the GET /users/{userId}/share operation); update each operation's responses
block to include entries for "401" and "403" that use the existing Error schema
(components/schemas/Error) with appropriate description text (e.g.,
"Unauthorized" and "Forbidden"), and for the GET operation also add a "404"
response using the same Error schema for unknown userId; apply this pattern to
all six operations in the YAML so client code can handle missing/invalid tokens
and insufficient scopes (and not-found for GET).

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/22225962924

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/22225962924
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/22225962924

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/22294699744

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/22294699744
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/22294699744