Return roles of the group when get the group by name

modules/charon-core/src/main/java/org/wso2/charon3/core/protocol/endpoints/GroupResourceManager.java

@@ -94,6 +94,7 @@ public SCIMResponse get(String id, UserManager userManager, String attributes, S
             Map<String, Boolean> requiredAttributes = ResourceManagerUtil.getOnlyRequiredAttributesURIs(
                     (SCIMResourceTypeSchema)
                     CopyUtil.deepCopy(schema), attributes, excludeAttributes);
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
 
             //API user should pass a usermanager usermanager to GroupResourceEndpoint.
             //retrieve the group from the provided usermanager.
@@ -254,6 +255,7 @@ public SCIMResponse listWithGET(UserManager userManager, String filter, int star
             Map<String, Boolean> requiredAttributes = ResourceManagerUtil
                     .getOnlyRequiredAttributesURIs((SCIMResourceTypeSchema) CopyUtil.deepCopy(schema), attributes,
                             excludeAttributes);
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
 
             // API group should pass a user manager to GroupResourceEndpoint.
             if (userManager != null) {
@@ -364,6 +366,7 @@ public SCIMResponse listWithGET(UserManager userManager, String filter, Integer
             Map<String, Boolean> requiredAttributes = ResourceManagerUtil
                     .getOnlyRequiredAttributesURIs((SCIMResourceTypeSchema) CopyUtil.deepCopy(schema), attributes,
                             excludeAttributes);
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
 
             // API group should pass a user manager to GroupResourceEndpoint.
             if (userManager != null) {
@@ -474,6 +477,8 @@ public SCIMResponse listWithPOST(String resourceString, UserManager userManager)
                     (SCIMResourceTypeSchema)
                             CopyUtil.deepCopy(schema), searchRequest.getAttributesAsString(),
                     searchRequest.getExcludedAttributesAsString());
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes,
+                    searchRequest.getExcludedAttributesAsString(), searchRequest.getAttributesAsString());
 
             List<Object> returnedGroups;
             int totalResults = 0;
@@ -541,6 +546,8 @@ public SCIMResponse updateWithPUT(String existingId, String scimObjectString,
             Map<String, Boolean> requiredAttributes = ResourceManagerUtil.getOnlyRequiredAttributesURIs(
                     (SCIMResourceTypeSchema)
                     CopyUtil.deepCopy(schema), attributes, excludeAttributes);
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
+
             //decode the SCIM User object, encoded in the submitted payload.
             Group group = (Group) decoder.decodeResource(scimObjectString, schema, new Group());
             Group updatedGroup = null;
@@ -608,6 +615,7 @@ public SCIMResponse updateWithPATCH(String existingId, String patchRequest, User
 
             SCIMResourceTypeSchema schema = SCIMResourceSchemaManager.getInstance().getGroupResourceSchema();
             Map<String, Boolean> requiredAttributes = ResourceManagerUtil.getAllAttributeURIs(schema);
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
 
             List<PatchOperation> opList = getDecoder().decodeRequest(patchRequest);
 
@@ -704,6 +712,7 @@ public SCIMResponse updateWithPatchForAddRemoveOperations(String existingGroupId
             Map<String, Boolean> requiredAttributes =
                     ResourceManagerUtil.getOnlyRequiredAttributesURIs((SCIMResourceTypeSchema)
                             CopyUtil.deepCopy(schema), attributes, excludeAttributes);
+            ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
 
             Group updatedGroup = userManager.patchGroup(existingGroupId, groupName, patchOperations,
                     requiredAttributes);

modules/charon-core/src/main/java/org/wso2/charon3/core/utils/ResourceManagerUtil.java

@@ -16,10 +16,12 @@
 
 package org.wso2.charon3.core.utils;
 
+import org.apache.commons.lang.StringUtils;
 import org.wso2.charon3.core.config.CharonConfiguration;
 import org.wso2.charon3.core.exceptions.BadRequestException;
 import org.wso2.charon3.core.exceptions.CharonException;
 import org.wso2.charon3.core.schema.AttributeSchema;
+import org.wso2.charon3.core.schema.SCIMConstants;
 import org.wso2.charon3.core.schema.SCIMDefinitions;
 import org.wso2.charon3.core.schema.SCIMResourceTypeSchema;
 
@@ -540,4 +542,45 @@ public static List<String> getAllSimpleMultiValuedAttributes(SCIMResourceTypeSch
         }
         return simpleMultiValuedAttributes;
     }
+
+    /**
+     * This method is to include the roles attribute in the required attributes list for group resource
+     * if it is not excluded by the user.
+     *
+     * @param requiredAttributes  The required attributes list.
+     * @param excludeAttributes The comma separated excluded attributes list which is passed by the user in the request.
+     * @param includedAttributes The comma separated included attributes list which is passed by the user in the
+     *                           request.
+     */
+    public static void includeRolesUnlessExcluded(Map<String, Boolean> requiredAttributes, String excludeAttributes,
+                                                  String includedAttributes) {
+
+        /* If the included attributes parameter is not empty, check whether it contains the roles attribute.
+           If not, return without including the roles attribute. */
+        if (StringUtils.isNotEmpty(includedAttributes)) {
+            String[] includedAttributesArray = includedAttributes.split(",");
+            if (Arrays.stream(includedAttributesArray)
+                    .noneMatch(SCIMConstants.GroupSchemaConstants.ROLES::equalsIgnoreCase)) {
+                return;
+            }
+        }
+        if (requiredAttributes == null) {
+            return;
+        }
+
+        /* If the excluded attributes parameter is empty or does not contain the roles attribute, include the roles
+           attribute in the required attributes list. */
+        if (StringUtils.isEmpty(excludeAttributes)) {
+            requiredAttributes.put(SCIMConstants.GroupSchemaConstants.ROLES_URI, true);
+            return;
+        }
+
+        /* If the excluded attributes parameter is not empty, check whether it contains the roles attribute. If not,
+           include the roles attribute in the required attributes list. */
+        String[] excludeAttributesArray = excludeAttributes.split(",");
+        if (Arrays.stream(excludeAttributesArray)
+                .noneMatch(SCIMConstants.GroupSchemaConstants.ROLES::equalsIgnoreCase)) {
+            requiredAttributes.put(SCIMConstants.GroupSchemaConstants.ROLES_URI, true);
+        }
+    }
 }

modules/charon-core/src/test/java/org/wso2/charon3/core/protocol/endpoints/GroupResourceManagerTest.java

@@ -231,6 +231,8 @@ public void testGetGroupSuccess(String id, String attributes, String excludeAttr
         SCIMResourceTypeSchema schema = SCIMResourceSchemaManager.getInstance().getGroupResourceSchema();
         Map<String, Boolean> requiredAttributes = ResourceManagerUtil.getOnlyRequiredAttributesURIs(
                 (SCIMResourceTypeSchema) CopyUtil.deepCopy(schema), attributes, excludeAttributes);
+        ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
+
         abstractResourceManager.when(() -> AbstractResourceManager.getResourceEndpointURL(SCIMConstants.USER_ENDPOINT))
                 .thenReturn(SCIM2_GROUP_ENDPOINT);
         Mockito.when(userManager.getGroup(id, requiredAttributes)).thenReturn(group);
@@ -255,7 +257,7 @@ public void testGetGroupSuccessSpecial()
         SCIMResourceTypeSchema schema = SCIMResourceSchemaManager.getInstance().getGroupResourceSchema();
         Map<String, Boolean> requiredAttributes = ResourceManagerUtil.getOnlyRequiredAttributesURIs(
                 (SCIMResourceTypeSchema) CopyUtil.deepCopy(schema), "", "");
-
+        ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, "", "");
         abstractResourceManager.when(() -> AbstractResourceManager.getResourceEndpointURL(SCIMConstants.USER_ENDPOINT))
                 .thenReturn(SCIM2_GROUP_ENDPOINT);
         Mockito.when(userManager.getGroup(id, requiredAttributes)).thenReturn(group);
@@ -301,6 +303,8 @@ public void testGetUserCharonException(String id, String attributes, String excl
         Map<String, Boolean> requiredAttributes = ResourceManagerUtil.getOnlyRequiredAttributesURIs(
                 (SCIMResourceTypeSchema)
                         CopyUtil.deepCopy(schema), attributes, excludeAttributes);
+        ResourceManagerUtil.includeRolesUnlessExcluded(requiredAttributes, excludeAttributes, attributes);
+
         abstractResourceManager.when(() -> AbstractResourceManager.getResourceEndpointURL(SCIMConstants.USER_ENDPOINT))
                 .thenReturn(SCIM2_GROUP_ENDPOINT);
         abstractResourceManager.when(() -> AbstractResourceManager.encodeSCIMException(any(CharonException.class)))