mapping permissions with scopes

Bug#10494
Viranga Gunarathna 1 year ago
parent db80546a5a
commit d63f2a3f24

@ -78,7 +78,7 @@ import java.util.List;
description = "Get activities",
key = "dm:activity:get",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/activities/view"}
)
}
)

@ -91,21 +91,21 @@ import java.util.Map;
description = "Disenroll a device",
key = "dm:device:disenroll",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/remove"}
permissions = {"/device-mgt/devices/owning-device/disenroll"}
),
@Scope(
name = "Publish Event",
description = "publish device event",
key = "dm:device:event:publish",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/event"}
permissions = {"/device-mgt/devices/owning-device/event/publish"}
),
@Scope(
name = "Getting Device Operation Details",
description = "Getting Device Operation Details",
key = "dm:ops:view",
key = "dm:devices:ops:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/operations/view"}
)
}
)
@ -394,7 +394,7 @@ public interface DeviceAgentService {
tags = "Device Agent Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
})
}
)
@ -453,7 +453,7 @@ public interface DeviceAgentService {
tags = "Device Agent Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
})
}
)
@ -511,7 +511,7 @@ public interface DeviceAgentService {
tags = "Device Agent Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
})
}
)
@ -630,7 +630,7 @@ public interface DeviceAgentService {
tags = "Device Agent Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
})
}
)

@ -71,14 +71,14 @@ import java.util.List;
description = "Add or Delete Event Definition for device type",
key = "dm:device-type:event:modify",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/device-type/add"}
permissions = {"/device-mgt/devices/owning-device/event/modify"}
),
@Scope(
name = "Get Events Details of a Device Type",
description = "Get Events Details of a Device Type",
key = "dm:device-type:event:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/event/view"}
)
}
)

@ -99,63 +99,63 @@ import java.util.Map;
description = "Getting Details of a Device",
key = "dm:devices:details",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/details/view"}
),
@Scope(
name = "Update the device specified by device id",
description = "Update the device specified by device id",
key = "dm:devices:update",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/update"}
),
@Scope(
name = "Delete the device specified by device id",
description = "Delete the device specified by device id",
key = "dm:devices:delete",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/delete"}
),
@Scope(
name = "Getting Feature Details of a Device",
description = "Getting Feature Details of a Device",
key = "dm:devices:features:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/features/view"}
),
@Scope(
name = "Advanced Search for Devices",
description = "Advanced Search for Devices",
key = "dm:devices:search",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/search"}
),
@Scope(
name = "Getting Installed Application Details of a Device",
description = "Getting Installed Application Details of a Device",
key = "dm:devices:app:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/apps/view"}
),
@Scope(
name = "Getting Device Operation Details",
description = "Getting Device Operation Details",
key = "dm:devices:ops:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/operations/view"}
),
@Scope(
name = "Get the details of the policy that is enforced on a device.",
description = "Get the details of the policy that is enforced on a device.",
key = "dm:devices:policy:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/policies/view"}
),
@Scope(
name = "Getting Policy Compliance Details of a Device",
description = "Getting Policy Compliance Details of a Device",
key = "dm:devices:compliance:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/compliance/view"}
),
@Scope(
name = "Change device status.",

@ -91,7 +91,7 @@ import java.util.List;
description = "Get the count of groups belongs to current user.",
key = "gm:groups:count",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/view"}
permissions = {"/device-mgt/groups/count"}
),
@Scope(
name = "Add new device group to the system.",
@ -105,7 +105,7 @@ import java.util.List;
description = "View group specified",
key = "gm:groups:groups-view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/view"}
permissions = {"/device-mgt/groups/specified-groups/view"}
),
@Scope(
name = "Update a group",
@ -147,7 +147,7 @@ import java.util.List;
description = "View list of device count in the device group",
key = "gm:devices:count",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/view"}
permissions = {"/device-mgt/groups/devices/count"}
),
@Scope(
name = "Add devices to group",
@ -168,21 +168,21 @@ import java.util.List;
description = "Assign devices to groups",
key = "gm:devices:assign",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/add"}
permissions = {"/device-mgt/groups/devices/assign"}
),
@Scope(
name = "List of groups that have the device",
description = "List of groups that have the device",
key = "gm:groups:device:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/view"}
permissions = {"/device-mgt/groups/device-groups/view"}
),
@Scope(
name = "View whether the groups has relevant device types",
description = "View whether the groups has relevant device types",
key = "gm:devices-types:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/device-types"}
permissions = {"/device-mgt/groups/device-types/view"}
)
}
)

@ -80,7 +80,7 @@ import javax.ws.rs.core.Response;
description = "Updating the Device Notification Status",
key = "dm:notif:mark-checked",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/notifications/view"}
permissions = {"/device-mgt/notifications/update"}
)
}
)

@ -79,7 +79,7 @@ import java.util.List;
description = "Adding a Policy",
key = "pm:policies:add",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/add"}
),
@Scope(
name = "Getting Details of Policies",
@ -93,56 +93,56 @@ import java.util.List;
description = "Getting Details of a Policy",
key = "pm:policies:details:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/view"}
permissions = {"/device-mgt/policies/view-details"}
),
@Scope(
name = "Updating a Policy",
description = "Updating a Policy",
key = "pm:policies:update",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/update"}
),
@Scope(
name = "Removing Multiple Policies",
description = "Removing Multiple Policies",
key = "pm:policies:remove",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/remove"}
),
@Scope(
name = "Activating Policies",
description = "Activating Policies",
key = "pm:policies:activate",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/activate"}
),
@Scope(
name = "Deactivating Policies",
description = "Deactivating Policies",
key = "pm:policies:deactivate",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/deactivate"}
),
@Scope(
name = "Applying Changes on Policies",
description = "Applying Changes on Policies",
key = "pm:policies:change",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/apply-changes"}
),
@Scope(
name = "Updating the Policy Priorities",
description = "Updating the Policy Priorities",
key = "pm:policies:priorities:update",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
permissions = {"/device-mgt/policies/update-priority"}
),
@Scope(
name = "Fetching the Effective Policy",
description = "Fetching the Effective Policy",
key = "pm:policies:effective-policy",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/view"}
permissions = {"/device-mgt/policies/view-effective-policy"}
)
}
)

@ -60,49 +60,49 @@ import java.util.List;
description = "Getting Permission Details of a Role",
key = "rm:roles:permissions:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/view"}
permissions = {"/device-mgt/roles/view-permissions"}
),
@Scope(
name = "Getting the List of Roles",
description = "Getting the List of Roles",
key = "rm:roles:details:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/view"}
permissions = {"/device-mgt/roles/view-details"}
),
@Scope(
name = "Adding a Role",
description = "Adding a Role",
key = "rm:roles:add",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
permissions = {"/device-mgt/roles/add"}
),
@Scope(
name = "Adding a combined Role",
description = "Adding a combined Role",
key = "rm:roles:combined:add",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
permissions = {"/device-mgt/roles/combined-role/add"}
),
@Scope(
name = "Updating Role Details",
description = "Updating Role Details",
key = "rm:roles:update",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
permissions = {"/device-mgt/roles/update"}
),
@Scope(
name = "Deleting a Role",
description = "Deleting a Role",
key = "rm:roles:delete",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
permissions = {"/device-mgt/roles/delete"}
),
@Scope(
name = "Adding Users to a Role",
description = "Adding Users to a Role",
key = "rm:users:add",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
permissions = {"/device-mgt/roles/assign-user"}
)
}
)

@ -82,35 +82,35 @@ import javax.ws.rs.core.Response;
description = "Adding a User",
key = "um:users:add",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
permissions = {"/device-mgt/users/add"}
),
@Scope(
name = "Getting Details of a User",
description = "Getting Details of a User",
key = "um:users:details:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
permissions = {"/device-mgt/users/details/view"}
),
@Scope(
name = "Updating Details of a User",
description = "Updating Details of a User",
key = "um:users:update",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
permissions = {"/device-mgt/users/update"}
),
@Scope(
name = "Deleting a User",
description = "Deleting a User",
key = "um:users:delete",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
permissions = {"/device-mgt/users/delete"}
),
@Scope(
name = "Getting the Role Details of a User",
description = "Getting the Role Details of a User",
key = "um:roles:view",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
permissions = {"/device-mgt/users/roles/view"}
),
@Scope(
name = "Getting Details of Users",
@ -124,42 +124,42 @@ import javax.ws.rs.core.Response;
description = "Getting the User Count",
key = "um:users:count",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
permissions = {"/device-mgt/users/count"}
),
@Scope(
name = "Getting the User existence status",
description = "Getting the User existence status",
key = "um:users:is-exist",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
permissions = {"/device-mgt/users/existence/view"}
),
@Scope(
name = "Searching for a User Name",
description = "Searching for a User Name",
key = "um:users:search",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
permissions = {"/device-mgt/users/search"}
),
@Scope(
name = "Changing the User Password",
description = "Adding a User",
key = "um:users:cred:change",
roles = {"Internal/devicemgt-user"},
permissions = {"/login"}
permissions = {"/login/password/update"}
),
@Scope(
name = "Sending Enrollment Invitations to Users",
description = "Sending Enrollment Invitations to Users",
key = "um:users:invite",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
permissions = {"/device-mgt/users/invite"}
),
@Scope(
name = "Get activities",
description = "Get activities",
key = "dm:activity:get",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/devices/owning-device/activities/view"}
),
@Scope(
name = "Getting the Permissions of the User",

@ -67,14 +67,14 @@ import javax.ws.rs.core.Response;
description = "Installing an Application (Internal API)",
key = "am:admin:app:install",
roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/applications/manage"}
permissions = {"/device-mgt/admin/applications/install"}
),
@Scope(
name = "Uninstalling an Application (Internal API)",
description = "Uninstalling an Application (Internal API)",
key = "am:admin:app:uninstall",
roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/applications/manage"}
permissions = {"/device-mgt/admin/applications/uninstall"}
)
}
)

@ -79,7 +79,7 @@ import java.util.List;
description = "Getting Details of a Device",
key = "dm:admin:devices:view",
roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/devices/owning-device/view"}
permissions = {"/device-mgt/admin/devices/view"}
),
@Scope(
name = "Update the Device Owner",

@ -84,7 +84,7 @@ import javax.ws.rs.core.Response;
description = "",
key = "gm:admin:groups:count",
roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/groups/view"}
permissions = {"/device-mgt/admin/groups/count"}
),
@Scope(
name = "Add groups",

@ -53,14 +53,14 @@ import javax.ws.rs.core.Response;
description = "View Users",
key = "um:admin:users:view",
roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/users/manage"}
permissions = {"/device-mgt/admin/users/view"}
),
@Scope(
name = "Delete Users Device Information",
description = "Delete users device details",
key = "um:admin:users:remove",
roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/users/manage"}
permissions = {"/device-mgt/admin/users/delete"}
)
}
)

@ -38,7 +38,7 @@ public final class DeviceManagementConstants {
private ConfigurationManagement(){
throw new AssertionError();
}
public static final String SCOPES_FOR_TOKEN = "dm:ops:view dm:device:event:publish win:devices:enroll";
public static final String SCOPES_FOR_TOKEN = "dm:devices:ops:view dm:device:event:publish win:devices:enroll";
public static final String IOT_GATEWAY_HOST = "iot.gateway.host";
public static final String IOT_GATEWAY_HTTPS_PORT = "iot.gateway.https.port";
public static final String IOT_CORE_HOST = "iot.core.host";
@ -156,6 +156,7 @@ public final class DeviceManagementConstants {
new Permission("/permission/admin/device-mgt/devices/enroll", "ui.execute"),
new Permission("/permission/admin/device-mgt/devices/disenroll", "ui.execute"),
new Permission("/permission/admin/device-mgt/devices/owning-device/view", "ui.execute"),
new Permission("/permission/admin/device-mgt/devices/owning-device/operations/view", "ui.execute"),
new Permission("/permission/admin/device-mgt/metadata", "ui.execute"),
new Permission("/permission/admin/manage/portal", "ui.execute")
};

@ -409,7 +409,7 @@ deviceModule = function () {
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
var deviceScope = "device_" + type.replace(" ", "") + "_" + deviceId + " dm:device:enroll " +
"dm:device:disenroll dm:device:modify dm:ops:view dm:device:event:publish";
"dm:device:disenroll dm:device:modify dm:devices:ops:view dm:device:event:publish";
var tokenInfo = jwtClient.getAccessToken(config.clientId, config.clientSecret,
userName, deviceScope);
config.accessToken = tokenInfo.getAccessToken();

@ -120,7 +120,7 @@
-d '{ "applicationName":"testme", "isAllowedToAllDomains":false, "tags":["device_agent"]}'</code>
</li>
<li class="padding-top-double"><span><h4 class="uppercase">Generate Token</h4></span>
<code>curl -k -d "grant_type=password&username=%username%&password=%password%&scope=dm:device:enroll dm:device:disenroll dm:device:modify dm:ops:view dm:device:event:publish"
<code>curl -k -d "grant_type=password&username=%username%&password=%password%&scope=dm:device:enroll dm:device:disenroll dm:device:modify dm:devices:ops:view dm:device:event:publish"
-H "Authorization: Basic Base64(client_id:client_secret)"
-H "Content-Type: application/x-www-form-urlencoded" {{httpsGateway}}/token</code>
</li>

Loading…
Cancel
Save