diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java index 2dc95d4f37..eec6cfcab7 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java @@ -36,8 +36,21 @@ public interface APIPublisherService { void updateScopeRoleMapping() throws APIManagerPublisherException; + /** + * Add default scopes defined in the cdm-config.xml + */ void addDefaultScopesIfNotExist(); + /** + * If the permissions are in the permission list, identify the relevant scopes of the supplied permission list + * and put the role there; if the permissions are in the removedPermission list, update the relevant scopes by + * deleting the role from those scopes. + * + * @param roleName Role Name + * @param permissions List of adding permissions + * @param removedPermissions List of removing permissions + * @throws APIManagerPublisherException If error occurred while updating the scope role mapping + */ void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException; } diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java index 6d037525ae..69f20fa020 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java @@ -673,6 +673,19 @@ public class APIPublisherServiceImpl implements APIPublisherService { } } + /** + * Update Scopes + * + * @param roleName Role Name + * @param publisherRESTAPIServices {@link PublisherRESTAPIServices} + * @param apiApplicationKey {@link APIApplicationKey} + * @param accessTokenInfo {@link AccessTokenInfo} + * @param scopeObject scope object returning from APIM + * @param permissions List of permissions + * @param permScopeMap Permission Scope map + * @param removingPermissions if list of permissions has to be removed from the role send true, otherwise sends false. + * @throws APIManagerPublisherException If the method receives invalid permission to update. + */ private void updateScopes (String roleName, PublisherRESTAPIServices publisherRESTAPIServices, APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo, JSONObject scopeObject, String[] permissions, Map permScopeMap, boolean removingPermissions ) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 63a6a71d12..bca483f6c0 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -279,6 +279,14 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + /** + * Retrieve filtered permissions by analyzing all the permission paths. + * + * @param rolePermissions All the permission paths + * @param permissionPaths Permission paths that needs to filter + * @param permissions List of filtered permissions + * @return {@link List} + */ private List processAndFilterPermissions(UIPermissionNode[] rolePermissions, List permissionPaths, List permissions) { for (UIPermissionNode rolePermission : rolePermissions) { @@ -299,6 +307,15 @@ public class RoleManagementServiceImpl implements RoleManagementService { return permissions; } + /** + * Getting platform permissions + * + * @param roleName Role Name + * @param userRealm {@link UserRealm} + * @param permissions list of permissions + * @return {@link List} + * @throws UserAdminException if error occurred when getting {@link UIPermissionNode} + */ private String[] getPlatformUIPermissions(String roleName, UserRealm userRealm, String[] permissions) throws UserAdminException { UIPermissionNode uiPermissionNode = getUIPermissionNode(roleName, userRealm); @@ -697,6 +714,13 @@ public class RoleManagementServiceImpl implements RoleManagementService { return rolePermissions; } + /** + * Update the role's permissions. This will function in the fire and forget pattern and run on a new thread. + * + * @param roleName Role Name + * @param roleInfo {@link RoleInfo} + * @param userRealm {@link UserRealm} + */ private void updatePermissions(String roleName, RoleInfo roleInfo, UserRealm userRealm) { String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); Thread thread = new Thread(new Runnable() {