From 5c680b3f655b5419b62208d2fe60b7cb2ebba137 Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 4 May 2016 04:13:39 +0530 Subject: [PATCH 1/2] Fixing issue on group permission validating --- .../DeviceAccessAuthorizationServiceImpl.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index d3d3ed09c0..4707bcdd4c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -38,6 +38,7 @@ import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -186,8 +187,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori DeviceManagementDataHolder.getInstance().getGroupManagementProviderService() .getGroups(deviceIdentifier); for (DeviceGroup group : authorizedGroups) { - if (groupsWithDevice.contains(group)) { - return true; + Iterator groupsWithDeviceIterator = groupsWithDevice.iterator(); + while (groupsWithDeviceIterator.hasNext()) { + DeviceGroup deviceGroup = groupsWithDeviceIterator.next(); + if (deviceGroup.getId() == group.getId()) { + return true; + } } } return false; From 18edc21a041fa7d2d79265d361386459baaac21a Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 4 May 2016 04:14:09 +0530 Subject: [PATCH 2/2] Adding group permissions validation for operations --- .../operation/mgt/OperationManagerImpl.java | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java index 9e156618b6..5ec27f4c7c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java @@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.device.mgt.common.*; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.common.operation.mgt.Operation; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager; @@ -88,7 +89,8 @@ public class OperationManagerImpl implements OperationManager { authorizedDeviceList = deviceIds; } else { authorizedDeviceList = DeviceManagementDataHolder.getInstance(). - getDeviceAccessAuthorizationService().isUserAuthorized(deviceIds).getAuthorizedDevices(); + getDeviceAccessAuthorizationService().isUserAuthorized(deviceIds, DeviceGroupConstants. + Permissions.DEFAULT_OPERATOR_PERMISSIONS).getAuthorizedDevices(); } if (authorizedDeviceList.size() > 0) { try { @@ -146,7 +148,7 @@ public class OperationManagerImpl implements OperationManager { List operations = new ArrayList<>(); try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -202,7 +204,7 @@ public class OperationManagerImpl implements OperationManager { List operations = new ArrayList<>(); try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -266,7 +268,7 @@ public class OperationManagerImpl implements OperationManager { List dtoOperationList = new ArrayList<>(); try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -330,7 +332,7 @@ public class OperationManagerImpl implements OperationManager { int enrolmentId; try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -400,7 +402,7 @@ public class OperationManagerImpl implements OperationManager { int enrolmentId; try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -480,7 +482,7 @@ public class OperationManagerImpl implements OperationManager { } try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -554,7 +556,7 @@ public class OperationManagerImpl implements OperationManager { int enrolmentId; try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try {