Fix update query not committing issue in RoleDAO. #7610

UdeshAthukorala · 2025-11-12T06:31:40Z

Proposed changes in this pull request

Resolved an issue where the update query in RoleDAO was not being committed properly, causing changes to remain unpersisted in the database.

When should this PR be merged

[Please describe any preconditions that need to be addressed before we
can merge this pull request.]

Follow up actions

[List any possible follow-up actions here; for instance, testing data
migrations, software that we need to install on staging and production
environments.]

Developer Checklist (Mandatory)

Complete the Developer Checklist in the related product-is issue to track any behavioral change or migration impact.

Checklist (for reviewing)

General

Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
Is the PR labeled correctly?

Functionality

Are all requirements met? Compare implemented functionality with the requirements specification.
Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.

Code

Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.

Tests

Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
If this is a bug fix, are tests for the issue in place? There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.
If this is a new feature or a significant change to an existing feature? has the manual testing spreadsheet been updated with instructions for manual testing?

Security

Confirm this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.
Are all UI and API inputs run through forms or serializers?
Are all external inputs validated and sanitized appropriately?
Does all branching logic have a default case?
Does this solution handle outliers and edge cases gracefully?
Are all external communications secured and restricted to SSL?

Documentation

Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes should be documented.
Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented.
Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.

Summary by CodeRabbit

Bug Fixes
- Consolidated role relationship operations into a single transactional flow to ensure atomic commits and rollbacks.
- Added validation to detect invalid role identifiers before writes to prevent inconsistent relationships.
- Improved error handling with explicit rollback on failures to avoid partial writes and strengthen data consistency.
Refactor
- Streamlined role lookup and insert steps into one transactional operation for reliability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

...ole.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java

wso2-engineering

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

Review all AI-generated comments for accuracy and relevance.
Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1	N	This info log is not required here, as it does not provide any useful information and unnecessarily increases the info log count.
#### Log Improvement Suggestion No: 2	N	This info log is not required here, as it does not provide any useful information and unnecessarily increases the info log count.

coderabbitai · 2025-11-12T06:32:27Z

Walkthrough

Performs both UM_ID lookups and the insert for addMainRoleToSharedRoleRelationship within a single writable user DB transaction: resolves mainRoleUMId and sharedRoleUMId via prepared statements, validates neither is zero, executes the insert, commits on success, and rolls back on SQLException or validation failure.

Changes

Cohort / File(s)	Summary
Transaction + ID-resolution consolidation `components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java`	Consolidates UM_ID lookups and the insert into one writable user DB transaction (auto-commit false). Retrieves `mainRoleUMId` and `sharedRoleUMId` using dedicated PreparedStatements within the same transaction, validates neither ID is zero (throws on invalid), performs `INSERT_MAIN_TO_SHARED_ROLE_RELATIONSHIP`, commits on success, explicitly rolls back on SQLException, and restores auto-commit/cleans up resources in all exit paths.

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant RoleDAO as RoleDAOImpl
    participant UserDB as UserDB

    Caller->>RoleDAO: addMainRoleToSharedRoleRelationship(mainRole, sharedRole)
    RoleDAO->>UserDB: getConnection(write=true)
    RoleDAO->>UserDB: setAutoCommit(false)
    Note over RoleDAO,UserDB: Begin single transaction for lookups + insert

    RoleDAO->>UserDB: prepare/execute -> resolveMainRoleUMId
    UserDB-->>RoleDAO: mainRoleUMId
    RoleDAO->>UserDB: prepare/execute -> resolveSharedRoleUMId
    UserDB-->>RoleDAO: sharedRoleUMId

    alt any ID == 0
        RoleDAO->>RoleDAO: throw IllegalArgument/DAOError
        RoleDAO->>UserDB: rollback()
        Note over RoleDAO,UserDB: Transaction rolled back due to invalid IDs
        RoleDAO->>UserDB: setAutoCommit(true)
        RoleDAO->>UserDB: close()
        RoleDAO-->>Caller: throw exception
    else IDs valid
        RoleDAO->>UserDB: prepare/execute -> INSERT_MAIN_TO_SHARED_ROLE_RELATIONSHIP
        UserDB-->>RoleDAO: insert OK
        RoleDAO->>UserDB: commit()
        Note over RoleDAO,UserDB: Transaction committed
        RoleDAO->>UserDB: setAutoCommit(true)
        RoleDAO->>UserDB: close()
        RoleDAO-->>Caller: return success
    end

    opt SQLException
        RoleDAO->>UserDB: rollback()
        RoleDAO-->>Caller: propagate SQLException
    end

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Focus areas:
- Confirm both UM_ID lookups use the same writable connection and that PreparedStatements/ResultSets are closed.
- Verify validation throws when either UM ID is zero and that rollback executes on validation failure or SQLException.
- Ensure commit occurs only after successful insert and auto-commit is restored in all exit paths.
- Check exception propagation and resource cleanup to avoid leaks.

Poem

🐇 I hopped through SQL with two curious looks,
Found both UM IDs in one tidy book.
If either was zero, I rolled back in time,
Else I committed the link—neat, tidy, and prime.
A carrot for code, a burrow in rhyme.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description lacks most required template sections including Goals, Approach, User Stories, Release Notes, Documentation, Testing details, Security checks, and Test Environment, providing minimal detail about the actual changes.	Expand the description to include Goals explaining why transactional consolidation fixes the issue, Approach detailing the implementation strategy, Testing and Security sections documenting validation performed, and Test Environment specifications.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main fix: addressing a commit issue in RoleDAO's update query, which aligns with the refactoring that consolidates UM ID lookups and query execution into a single transactional block.

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

Provide your own instructions using the high_level_summary_instructions setting.
Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

📝 Description — Summarize the main change in 50–60 words, explaining what was done.

📓 References — List relevant issues, discussions, documentation, or related PRs.

📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.

📊 Contributor Summary — Include a Markdown table showing contributions:
| Contributor | Lines Added | Lines Removed | Files Changed |

✔️ Additional Notes — Add any extra reviewer context.
Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Copilot

Pull Request Overview

This PR fixes a transaction management issue in the addMainRoleToSharedRoleRelationship method where database changes were not being committed properly. The fix ensures that role relationship data is persisted to the database by enabling write mode on the connection and adding explicit commit/rollback transaction handling.

Changed database connection mode from read-only to write mode by passing true to getUserDBConnection()
Added explicit transaction commit after successful INSERT operation
Added transaction rollback in the exception handler to maintain data consistency

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (1)

1036-1078: Consider wrapping all database operations in a single transaction boundary.

Currently, the SELECT queries (lines 1036-1058) execute outside the transaction boundary of the INSERT operation (lines 1065-1078). If a SQLException occurs during the SELECT operations, no rollback is performed, potentially leaving the connection in an inconsistent state.

For better transactional consistency, consider restructuring to handle all operations within a single try-catch block with rollback:

         try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(false)) {
+            try {
             try (NamedPreparedStatement stmt = new NamedPreparedStatement(connection, GET_ROLE_UM_ID_BY_UUID)) {
                 stmt.setString(RoleConstants.RoleTableColumns.UM_UUID, mainRoleUUID);
                 ResultSet resultSet = stmt.executeQuery();
                 while (resultSet.next()) {
                     mainRoleUMId = resultSet.getInt(1);
                 }
-            } catch (SQLException e) {
-                String message = "Error while resolving id of role name: %s in the tenantDomain: %s.";
-                throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(),
-                        String.format(message, mainRoleName, mainRoleTenantDomain), e);
             }

             try (NamedPreparedStatement stmt = new NamedPreparedStatement(connection, GET_ROLE_UM_ID_BY_UUID)) {
                 stmt.setString(RoleConstants.RoleTableColumns.UM_UUID, sharedRoleUUID);
                 ResultSet resultSet = stmt.executeQuery();
                 while (resultSet.next()) {
                     sharedRoleUMId = resultSet.getInt(1);
                 }
-            } catch (SQLException e) {
-                String message = "Error while resolving id of role name: %s in the tenantDomain: %s.";
-                throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(),
-                        String.format(message, sharedRoleName, sharedRoleTenantDomain), e);
             }

             if (mainRoleUMId == 0 || sharedRoleUMId == 0) {
                 String message = "Error while resolving role id.";
                 throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(),
                         message);
             }
-            try (NamedPreparedStatement preparedStatement = new NamedPreparedStatement(connection,
+            
+            try (NamedPreparedStatement preparedStatement = new NamedPreparedStatement(connection,
                     INSERT_MAIN_TO_SHARED_ROLE_RELATIONSHIP)) {
                 preparedStatement.setInt(RoleConstants.RoleTableColumns.UM_SHARED_ROLE_ID, sharedRoleUMId);
                 preparedStatement.setInt(RoleConstants.RoleTableColumns.UM_MAIN_ROLE_ID, mainRoleUMId);
                 preparedStatement.setInt(RoleConstants.RoleTableColumns.UM_SHARED_ROLE_TENANT_ID, sharedRoleTenantId);
                 preparedStatement.setInt(RoleConstants.RoleTableColumns.UM_MAIN_ROLE_TENANT_ID, mainRoleTenantId);
                 preparedStatement.executeUpdate();
                 IdentityDatabaseUtil.commitUserDBTransaction(connection);
-            } catch (SQLException e) {
+            }
+            } catch (SQLException e) {
                 IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
                 String message = "Error while adding the role relationship of role: %s.";
                 throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(),
                         String.format(message, sharedRoleName), e);
             }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5a6b4db and 2f31998.

📒 Files selected for processing (1)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (2 hunks)

🔇 Additional comments (1)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (1)

1035-1035: No issues found — the code correctly uses getUserDBConnection(true) for manual transaction management.

The review comment's assumption is incorrect. When shouldApplyTransaction is true, dbConnection.setAutoCommit(false) is called, enabling manual transaction management. The explicit commitUserDBTransaction and rollbackUserDBTransaction calls (lines 1072, 1074) are therefore correct and necessary.

The codebase pattern is consistent: all methods requiring manual transaction control use getUserDBConnection(true) paired with explicit commit/rollback. The PR change is sound.

codecov · 2025-11-12T07:02:36Z

Codecov Report

❌ Patch coverage is 78.26087% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.44%. Comparing base (c88c85a) to head (c2c6d12).
⚠️ Report is 101 commits behind head on master.

Files with missing lines	Patch %	Lines
...bon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java	78.26%	4 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #7610      +/-   ##
============================================
+ Coverage     50.37%   50.44%   +0.06%     
- Complexity    19502    19745     +243     
============================================
  Files          2093     2121      +28     
  Lines        126898   129898    +3000     
  Branches      26671    27056     +385     
============================================
+ Hits          63927    65525    +1598     
- Misses        54834    56090    +1256     
- Partials       8137     8283     +146

Flag	Coverage Δ
unit	`35.60% <78.26%> (+0.27%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (1)

1044-1054: Close the ResultSet handles with try-with resources

Line 1044 and Line 1051 allocate ResultSet cursors that stay open until the statements are auto-closed at scope exit. On DB2 and Oracle we have repeatedly hit “maximum open cursors” when ResultSets are not closed explicitly before executing additional statements in the same transaction. Please wrap each executeQuery() in its own try-with block so we release the cursor immediately after reading it.

-                ResultSet resultSetForMainRole = statementForGetMainRoleId.executeQuery();
-                while (resultSetForMainRole.next()) {
-                    mainRoleUMId = resultSetForMainRole.getInt(1);
-                }
+                try (ResultSet resultSetForMainRole = statementForGetMainRoleId.executeQuery()) {
+                    while (resultSetForMainRole.next()) {
+                        mainRoleUMId = resultSetForMainRole.getInt(1);
+                    }
+                }
 
-                ResultSet resultSetForSharedRole = statementForGetSharedRoleId.executeQuery();
-                while (resultSetForSharedRole.next()) {
-                    sharedRoleUMId = resultSetForSharedRole.getInt(1);
-                }
+                try (ResultSet resultSetForSharedRole = statementForGetSharedRoleId.executeQuery()) {
+                    while (resultSetForSharedRole.next()) {
+                        sharedRoleUMId = resultSetForSharedRole.getInt(1);
+                    }
+                }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f31998 and def1e50.

📒 Files selected for processing (1)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-11-07T06:21:44.448Z

Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java:133-137
Timestamp: 2025-11-07T06:21:44.448Z
Learning: In the carbon-identity-framework project, when OrganizationManager is used in the authentication framework components (FrameworkServiceComponent and related classes), null checks are not required because OrganizationManager is declared with ReferenceCardinality.MANDATORY in the OSGi component. This means the component will not activate until OrganizationManager is available, providing an architectural guarantee that the service is always present when the code executes.

Applied to files:

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (2)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (2)

1033-1074: Transactional fix looks correct - addresses the commit issue.

The refactoring properly wraps all operations in a single transaction, ensuring the insert is committed. However, there's a minor inconsistency: the while loops for retrieving UM_IDs (lines 1045, 1053) don't warn about unexpected multiple results, unlike similar patterns elsewhere in this class (e.g., getRoleNameByID at lines 2726-2731).

Consider adding consistency checks:

                 try (ResultSet resultSetForMainRole = statementForGetMainRoleId.executeQuery()) {
+                    int count = 0;
                     while (resultSetForMainRole.next()) {
+                        count++;
+                        if (count > 1) {
+                            LOG.warn("Multiple UM_IDs found for main role UUID: " + mainRoleUUID);
+                        }
                         mainRoleUMId = resultSetForMainRole.getInt(1);
                     }
                 }

1058-1063: Consider a more descriptive error message.

The current message "Error while resolving role id." doesn't indicate which role ID failed resolution (main or shared). A more specific message would aid debugging.

                 if (mainRoleUMId == 0 || sharedRoleUMId == 0) {
-                    String message = "Error while resolving role id.";
+                    String message = String.format(
+                            "Error while resolving role UM_ID. Main role UUID: %s (UM_ID: %d), " +
+                            "Shared role UUID: %s (UM_ID: %d)", 
+                            mainRoleUUID, mainRoleUMId, sharedRoleUUID, sharedRoleUMId);
                     throw new IdentityRoleManagementServerException(
                             RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(),
                             message);
                 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5e6bb3 and c2c6d12.

📒 Files selected for processing (1)

components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/dao/RoleDAOImpl.java (2 hunks)

🧰 Additional context used

📓 Path-based instructions (5)

**/*.{py,java,ts,tsx,js,jsx,cs,go,rb,php}