From b682e77d346c9a9fbabae473aa5e93eaefc71a23 Mon Sep 17 00:00:00 2001 From: ThilinaPremachandra Date: Mon, 3 Jul 2023 18:53:34 +0530 Subject: [PATCH] fix: group assigned role issue --- .../impl/GroupManagementServiceImpl.java | 22 +++++++++++++++++-- .../GroupManagementAdminServiceImpl.java | 16 +++++++++++--- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java index 262e51eb9f..b4fb899ba8 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java @@ -29,6 +29,7 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistExc import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import io.entgra.device.mgt.core.device.mgt.common.Device; import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier; @@ -58,6 +59,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.user.api.UserRealm; +import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.*; import javax.naming.InitialContext; @@ -70,6 +73,7 @@ import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; public class GroupManagementServiceImpl implements GroupManagementService { @@ -123,8 +127,18 @@ public class GroupManagementServiceImpl implements GroupManagementService { request.setGroupName(name); request.setOwner(owner); request.setDepth(depth); - PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() - .getGroupsWithHierarchy(currentUser, request, requireGroupProps); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId); + String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser); + boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE); + PaginationResult deviceGroupsResult; + if (hasAdminRole) { + deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() + .getGroupsWithHierarchy(null, request, requireGroupProps); + } else{ + deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() + .getGroupsWithHierarchy(currentUser, request, requireGroupProps); + } DeviceGroupList deviceGroupList = new DeviceGroupList(); deviceGroupList.setList(deviceGroupsResult.getData()); deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal()); @@ -133,6 +147,10 @@ public class GroupManagementServiceImpl implements GroupManagementService { String error = "Error occurred while retrieving groups with hierarchy."; log.error(error, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while getting user realm."; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java index 636ed66062..35be14c7cb 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java @@ -43,8 +43,11 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupManagementAdminService; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils; +import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.apache.commons.lang.StringUtils; +import org.wso2.carbon.user.api.UserRealm; +import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; @@ -53,6 +56,7 @@ import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; import java.util.ArrayList; +import java.util.Arrays; public class GroupManagementAdminServiceImpl implements GroupManagementAdminService { @@ -113,17 +117,19 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ request.setOwner(owner); request.setStatus(status); request.setDepth(depth); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId); + String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser); boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser); - + boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE); PaginationResult deviceGroupsResult; - if (StringUtils.isBlank(currentUser) || isAdmin) { + if (StringUtils.isBlank(currentUser) || isAdmin || hasAdminRole) { deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() .getGroupsWithHierarchy(null, request, requireGroupProps); } else { deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() .getGroupsWithHierarchy(currentUser, request, requireGroupProps); } - DeviceGroupList deviceGroupList = new DeviceGroupList(); deviceGroupList.setList(deviceGroupsResult.getData()); deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal()); @@ -132,6 +138,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ String error = "Error occurred while retrieving groups with hierarchy."; log.error(error, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while getting user realm."; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } }