Adding fixes for https://github.com/wso2/product-iots/issues/997

components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml

@@ -301,6 +301,16 @@
 			<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
 			<scope>provided</scope>
 		</dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.registry.core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.registry</groupId>
+            <artifactId>org.wso2.carbon.registry.resource</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.user.store.count</artifactId>

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java

@@ -22,6 +22,8 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.RegistryType;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
 import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
 import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
+import org.wso2.carbon.registry.api.Registry;
+import org.wso2.carbon.registry.core.session.UserRegistry;
+import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
 import org.wso2.carbon.user.api.*;
 import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
 import org.wso2.carbon.user.mgt.UserRealmProxy;
@@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
                 }
             }
             userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
+            authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions());
 
             //TODO fix what's returned in the entity
             return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
@@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
                         authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
                     }
                 }
+                authorizeRoleForAppmgt(roleName, roleInfo.getPermissions());
             }
             //TODO: Need to send the updated role information in the entity back to the client
             return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService {
         }
     }
 
+    /**
+     * When presented with role and a set of permissions, if given role has permission to
+     * perform mobile app management, said role will be given rights mobile app collection in the
+     * governance registry.
+     *
+     * @param role
+     * @param permissions
+     * @return state of role update Operation
+     */
+    private boolean authorizeRoleForAppmgt(String role, String[] permissions) {
+        String permissionString =
+                "ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false";
+        String resourcePath = "/_system/governance/mobileapps/";
+        boolean appmPermAvailable = false;
+
+        if (permissions != null) {
+            for (int i = 0; i < permissions.length; i++)
+                switch (permissions[i]) {
+                    case "/permission/admin/manage/mobileapp":
+                        appmPermAvailable = true;
+                        break;
+                    case "/permission/admin/manage/mobileapp/create":
+                        appmPermAvailable = true;
+                        break;
+                    case "/permission/admin/manage/mobileapp/publish":
+                        appmPermAvailable = true;
+                        break;
+                }
+        }
+
+        if (appmPermAvailable) {
+            try {
+                Registry registry = CarbonContext.getThreadLocalCarbonContext().
+                        getRegistry(RegistryType.SYSTEM_GOVERNANCE);
+                ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry,
+                        resourcePath, role + ":" + permissionString);
+
+                return true;
+            } catch (Exception e) {
+                String msg = "Error while retrieving user registry in order to update permissions "
+                        + "for resource : " + resourcePath;
+                log.error(msg, e);
+                return false;
+            }
+        } else {
+            if (log.isDebugEnabled()) {
+                log.debug("Mobile App Management permissions not selected, therefore role : " +
+                        role + " not given permission for registry collection : " + resourcePath);
+            }
+            return false;
+        }
+    }
+
     @DELETE
     @Path("/{roleName}")
     @Override

pom.xml

@@ -1523,6 +1523,11 @@
                 <artifactId>org.wso2.carbon.event.stream.stub</artifactId>
                 <version>${carbon.analytics.common.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.registry</groupId>
+                <artifactId>org.wso2.carbon.registry.resource</artifactId>
+                <version>4.6.5</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>