diff --git a/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/admin/impl/CDSConsentAdminHandler.java b/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/admin/impl/CDSConsentAdminHandler.java index 9cdacdb7..9cb9d303 100644 --- a/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/admin/impl/CDSConsentAdminHandler.java +++ b/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/admin/impl/CDSConsentAdminHandler.java @@ -131,15 +131,12 @@ public void handleRevoke(ConsentAdminData consentAdminData) throws ConsentExcept final String userID = validateAndGetQueryParam(queryParams, USER_ID); DetailedConsentResource detailedConsentResource = this.consentCoreService.getDetailedConsent(consentID); if (detailedConsentResource != null) { - ArrayList userIDs = (ArrayList) consentAdminData.getQueryParams() - .get(CDSConsentExtensionConstants.USER_ID_KEY_NAME); - // userIDs can be null or empty when the request comes from a CustomerCareOfficer - if (userIDs != null && !userIDs.isEmpty()) { - String userId = userIDs.get(0); - if (!canRevokeByBNR(detailedConsentResource, userId)) { + String userId = validateAndGetQueryParam(queryParams, + CDSConsentExtensionConstants.USER_ID_KEY_NAME); + // userId can be null when the request comes from a CustomerCareOfficer + if (userId != null && (!canRevokeByBNR(detailedConsentResource, userId))) { throw new ConsentException(ResponseStatus.FORBIDDEN, "User is not authorized to revoke the consent"); - } } if (StringUtils.isNotBlank(userID) && !isPrimaryUserRevoking(detailedConsentResource, userID)) { // Deactivate consent mappings as secondary consent holder