Add default perm config

master
tcdlpds 1 year ago
parent db80546a5a
commit 49747efa18

@ -130,6 +130,10 @@
<groupId>org.json.wso2</groupId>
<artifactId>json</artifactId>
</dependency>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
</dependency>
</dependencies>
@ -187,6 +191,8 @@
io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util,
io.entgra.device.mgt.core.device.mgt.common.exceptions,
io.entgra.device.mgt.core.device.mgt.common.metadata.mgt,
io.entgra.device.mgt.core.device.mgt.core.config,
io.entgra.device.mgt.core.device.mgt.core.config.permission,
org.wso2.carbon.base;version="1.0",
org.wso2.carbon.context;version="4.6",
org.wso2.carbon;version="4.6",

@ -17,7 +17,6 @@
*/
package io.entgra.device.mgt.core.apimgt.webapp.publisher;
import io.entgra.device.mgt.core.apimgt.annotations.Scopes;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
@ -40,6 +39,11 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -437,18 +441,8 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
public void addDefaultScopesIfNotExist() {
ArrayList<String> defaultScopes = new ArrayList<>();
defaultScopes.add("dm:devices:any:permitted");
defaultScopes.add("dm:device:api:subscribe");
defaultScopes.add("am:admin:lc:app:approve");
defaultScopes.add("am:admin:lc:app:create");
defaultScopes.add("am:admin:lc:app:reject");
defaultScopes.add("am:admin:lc:app:block");
defaultScopes.add("am:admin:lc:app:review");
defaultScopes.add("am:admin:lc:app:retire");
defaultScopes.add("am:admin:lc:app:deprecate");
defaultScopes.add("am:admin:lc:app:publish");
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
try {
APIApplicationKey apiApplicationKey =
@ -460,12 +454,13 @@ public class APIPublisherServiceImpl implements APIPublisherService {
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
Scope scope = new Scope();
for (String defaultScope: defaultScopes) {
for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) {
//todo check whether scope is available or not
scope.setName(defaultScope);
scope.setDescription(defaultScope);
scope.setKey(defaultScope);
scope.setRoles("Internal/devicemgt-user");
ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
scope.setName(scopeMapping.getName());
scope.setDescription(scopeMapping.getName());
scope.setKey(scopeMapping.getKey());
scope.setRoles(scopeMapping.getDefaultRoles());
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
}
} catch (BadRequestException | UnexpectedResponseException | APIServicesException e) {

@ -18,17 +18,14 @@
package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener;
import com.google.gson.Gson;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
@ -47,7 +44,10 @@ import org.wso2.carbon.user.api.UserStoreException;
import javax.servlet.ServletContext;
import java.io.IOException;
import java.util.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@SuppressWarnings("unused")
public class APIPublisherLifecycleListener implements LifecycleListener {
@ -128,45 +128,26 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
"' and version '" + apiConfig.getVersion() + "'", e);
}
}
apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
Map<String, String> permScopeMapping = apiPublisherDataHolder.getPermScopeMapping();
if (!permScopeMapping.isEmpty()) {
Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
"-mapping");
if (existingMetaData != null) {
existingMetaData.setMetaValue(new Gson().toJson(apiPublisherDataHolder.getPermScopeMapping()
));
existingMetaData.setMetaValue(new Gson().toJson(permScopeMap));
metadataManagementService.updateMetadata(existingMetaData);
} else {
Metadata newMetaData = new Metadata();
newMetaData.setMetaKey("perm-scope-mapping");
permScopeMapping =
apiPublisherDataHolder.getPermScopeMapping();
//Todo fix this properly with a config
Map<String, String> defaultScopePermMap = new HashMap<>();
defaultScopePermMap.put("/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device", "dm:devices:any:permitted");
defaultScopePermMap.put("/permission/admin/device-mgt/device/api/subscribe", "dm:device:api:subscribe");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/approve", "am:admin:lc:app:approve");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/create", "am:admin:lc:app:create");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/reject", "am:admin:lc:app:reject");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/block", "am:admin:lc:app:block");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/review", "am:admin:lc:app:review");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/retire", "am:admin:lc:app:retire");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/deprecate", "am:admin:lc:app:deprecate");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/publish", "am:admin:lc:app:publish");
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
for (Map.Entry<String,String> mapElement : defaultScopePermMap.entrySet()) {
String key = mapElement.getKey();
String value = mapElement.getValue();
permScopeMapping.put(key,value);
for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
}
apiPublisherDataHolder.setPermScopeMapping(permScopeMapping);
newMetaData.setMetaValue(new Gson().toJson(permScopeMapping));
newMetaData.setMetaValue(new Gson().toJson(permScopeMap));
metadataManagementService.createMetadata(newMetaData);
}
}
apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
} catch (IOException e) {
log.error("Error encountered while discovering annotated classes", e);
} catch (ClassNotFoundException e) {

@ -39,6 +39,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.push.notification.PushNo
import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration;
import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@ -75,6 +76,8 @@ public final class DeviceManagementConfig {
private MetaDataConfiguration metaDataConfiguration;
private EnrollmentGuideConfiguration enrollmentGuideConfiguration;
private DefaultPermissions defaultPermissions;
@XmlElement(name = "ManagementRepository", required = true)
public DeviceManagementConfigRepository getDeviceManagementConfigRepository() {
return deviceManagementConfigRepository;
@ -287,5 +290,14 @@ public final class DeviceManagementConfig {
public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) {
this.enrollmentGuideConfiguration = enrollmentGuideConfiguration;
}
@XmlElement(name = "DefaultPermissions", required = true)
public DefaultPermissions getDefaultPermissions() {
return defaultPermissions;
}
public void setDefaultPermissions(DefaultPermissions defaultPermissions) {
this.defaultPermissions = defaultPermissions;
}
}

@ -0,0 +1,47 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "DefaultPermission")
public class DefaultPermission {
private String name;
private ScopeMapping scopeMapping;
@XmlElement(name = "Name", required = true)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@XmlElement(name = "MappedScopeDetails", required = true)
public ScopeMapping getScopeMapping() {
return scopeMapping;
}
public void setScopeMapping(ScopeMapping scopeMapping) {
this.scopeMapping = scopeMapping;
}
}

@ -0,0 +1,38 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
@XmlRootElement(name = "DefaultPermissions")
public class DefaultPermissions {
private List<DefaultPermission> defaultPermissions;
@XmlElement(name = "DefaultPermission", required = true)
public List<DefaultPermission> getDefaultPermissions() {
return defaultPermissions;
}
public void setDefaultPermissions(List<DefaultPermission> defaultPermissions) {
this.defaultPermissions = defaultPermissions;
}
}

@ -0,0 +1,58 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "MappedScopeDetails")
public class ScopeMapping {
private String name;
private String key;
private String defaultRoles;
@XmlElement(name = "Name", required = true)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@XmlElement(name = "Key", required = true)
public String getKey() {
return key;
}
public void setKey(String key) {
this.key = key;
}
@XmlElement(name = "DefaultRoles", required = true)
public String getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(String defaultRoles) {
this.defaultRoles = defaultRoles;
}
}

@ -211,5 +211,87 @@
<Enable>false</Enable>
<Mail>Replace with mail</Mail>
</EnrollmentGuideConfiguration>
<DefaultPermissions>
<DefaultPermission>
<Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
<MappedScopeDetails>
<Name>Apply permitted actions on any device</Name>
<Key>dm:devices:any:permitted</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/device-mgt/device/api/subscribe</Name>
<MappedScopeDetails>
<Name>Subscribe APIs</Name>
<Key>dm:device:api:subscribe</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
<MappedScopeDetails>
<Name>Approve Applications</Name>
<Key>am:admin:lc:app:approve</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
<MappedScopeDetails>
<Name>Create Applications</Name>
<Key>am:admin:lc:app:create</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
<MappedScopeDetails>
<Name>Reject Applications</Name>
<Key>am:admin:lc:app:reject</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
<MappedScopeDetails>
<Name>Block Applications</Name>
<Key>am:admin:lc:app:block</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
<MappedScopeDetails>
<Name>Review Applications</Name>
<Key>am:admin:lc:app:review</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
<MappedScopeDetails>
<Name>Retire Applications</Name>
<Key>am:admin:lc:app:retire</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
<MappedScopeDetails>
<Name>Deprecate Application</Name>
<Key>am:admin:lc:app:deprecate</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
<MappedScopeDetails>
<Name>Publish Applications</Name>
<Key>am:admin:lc:app:publish</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
</DefaultPermissions>
</DeviceMgtConfiguration>

@ -383,5 +383,87 @@
<Mail>Replace with mail</Mail>
{% endif %}
</EnrollmentGuideConfiguration>
<DefaultPermissions>
<DefaultPermission>
<Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
<MappedScopeDetails>
<Name>Apply permitted actions on any device</Name>
<Key>dm:devices:any:permitted</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/device-mgt/device/api/subscribe</Name>
<MappedScopeDetails>
<Name>Subscribe APIs</Name>
<Key>dm:device:api:subscribe</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
<MappedScopeDetails>
<Name>Approve Applications</Name>
<Key>am:admin:lc:app:approve</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
<MappedScopeDetails>
<Name>Create Applications</Name>
<Key>am:admin:lc:app:create</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
<MappedScopeDetails>
<Name>Reject Applications</Name>
<Key>am:admin:lc:app:reject</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
<MappedScopeDetails>
<Name>Block Applications</Name>
<Key>am:admin:lc:app:block</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
<MappedScopeDetails>
<Name>Review Applications</Name>
<Key>am:admin:lc:app:review</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
<MappedScopeDetails>
<Name>Retire Applications</Name>
<Key>am:admin:lc:app:retire</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
<MappedScopeDetails>
<Name>Deprecate Application</Name>
<Key>am:admin:lc:app:deprecate</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
<MappedScopeDetails>
<Name>Publish Applications</Name>
<Key>am:admin:lc:app:publish</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
</DefaultPermissions>
</DeviceMgtConfiguration>

Loading…
Cancel
Save