From acb2c38799077744a4bb21a9ca54d151d35f50cf Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Sat, 24 Dec 2016 00:40:24 +0530 Subject: [PATCH] Fixing user is not authorized to view devices --- .../mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java index 7de6903180..846fbbb69b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java @@ -45,6 +45,7 @@ import org.wso2.carbon.policy.mgt.common.PolicyManagementException; import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData; import org.wso2.carbon.policy.mgt.common.monitor.PolicyComplianceException; import org.wso2.carbon.policy.mgt.core.PolicyManagerService; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import javax.validation.constraints.Size; import javax.ws.rs.*; @@ -113,15 +114,16 @@ public class DeviceManagementServiceImpl implements DeviceManagementService { } // this is the user who initiates the request - String authorizedUser = CarbonContext.getThreadLocalCarbonContext().getUsername(); + String authorizedUser = MultitenantUtils.getTenantAwareUsername(CarbonContext.getThreadLocalCarbonContext().getUsername()); // check whether the user is device-mgt admin if (deviceAccessAuthorizationService.isDeviceAdminUser()) { if (user != null && !user.isEmpty()) { - request.setOwner(user); + request.setOwner(MultitenantUtils.getTenantAwareUsername(user)); } } else { if (user != null && !user.isEmpty()) { + user = MultitenantUtils.getTenantAwareUsername(user); if (user.equals(authorizedUser)) { request.setOwner(user); } else {