community
/
device-mgt-core
12
0
Fork 47
Code Issues Pull Requests 27 Packages Projects Releases Wiki Activity

Merge branch 'master' into deviceOrganization

Browse Source
pull/238/head
Isuri Mendis 1 year ago
parent dc8df69719 15de6d397e
commit 11b32b4bf8
11 changed files with 204 additions and 51 deletions
Show Stats Download Patch File Download Diff File

15
components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java
Unescape View File

@ -36,8 +36,21 @@ public interface APIPublisherService {
void updateScopeRoleMapping() throws APIManagerPublisherException; void updateScopeRoleMapping() throws APIManagerPublisherException;
/**
* Add default scopes defined in the cdm-config.xml
*/
void addDefaultScopesIfNotExist(); void addDefaultScopesIfNotExist();
void updateScopeRoleMapping(String roleName, String[] permissions) throws APIManagerPublisherException; /**
* If the permissions are in the permission list, identify the relevant scopes of the supplied permission list
* and put the role there; if the permissions are in the removedPermission list, update the relevant scopes by
* deleting the role from those scopes.
*
* @param roleName Role Name
* @param permissions List of adding permissions
* @param removedPermissions List of removing permissions
* @throws APIManagerPublisherException If error occurred while updating the scope role mapping
*/
void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException;
} }

118
components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java
Unescape View File

@ -626,7 +626,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
} }
@Override @Override
public void updateScopeRoleMapping(String roleName, String[] permissions) throws APIManagerPublisherException { public void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException {
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl(); APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
APIApplicationKey apiApplicationKey; APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo; AccessTokenInfo accessTokenInfo;
@ -643,49 +643,14 @@ public class APIPublisherServiceImpl implements APIPublisherService {
try { try {
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl(); PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo); JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping(); Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping();
for (String permission : permissions) { if (permissions.length != 0) {
String scopeValue = permScopeMap.get(permission); updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, permissions, permScopeMap, false);
if (scopeValue == null) {
String msg = "Found invalid permission: " + permission + ". Hence aborting the scope role " +
"mapping process";
log.error(msg);
throw new APIManagerPublisherException(msg);
}
JSONArray scopeList = (JSONArray) scopeObject.get("list");
for (int i = 0; i < scopeList.length(); i++) {
JSONObject scopeObj = scopeList.getJSONObject(i);
if (scopeObj.getString("name").equals(scopeValue)) {
Scope scope = new Scope();
scope.setName(scopeObj.getString("name"));
scope.setKey(scopeObj.getString("name"));
scope.setDescription(scopeObj.getString("description"));
scope.setId(scopeObj.getString("id"));
// Including already existing roles
JSONArray existingRolesArray = (JSONArray) scopeObj.get("bindings");
List<String> existingRoleList = new ArrayList<String>();
for (int j = 0; j < existingRolesArray.length(); j++) {
existingRoleList.add((String) existingRolesArray.get(j));
}
if (!existingRoleList.contains(roleName)) {
existingRoleList.add(roleName);
}
scope.setRoles(String.join(",", existingRoleList));
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
} else {
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
log.warn(scope.getKey() + " not available as shared scope");
}
break;
}
}
} }
if (removedPermissions.length != 0) {
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, removedPermissions, permScopeMap, true);
}
try { try {
updatePermissions(roleName, Arrays.asList(permissions)); updatePermissions(roleName, Arrays.asList(permissions));
} catch (UserStoreException e) { } catch (UserStoreException e) {
@ -708,6 +673,75 @@ public class APIPublisherServiceImpl implements APIPublisherService {
} }
} }
/**
* Update Scopes
*
* @param roleName Role Name
* @param publisherRESTAPIServices {@link PublisherRESTAPIServices}
* @param apiApplicationKey {@link APIApplicationKey}
* @param accessTokenInfo {@link AccessTokenInfo}
* @param scopeObject scope object returning from APIM
* @param permissions List of permissions
* @param permScopeMap Permission Scope map
* @param removingPermissions if list of permissions has to be removed from the role send true, otherwise sends false.
* @throws APIManagerPublisherException If the method receives invalid permission to update.
*/
private void updateScopes (String roleName, PublisherRESTAPIServices publisherRESTAPIServices,
APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
JSONObject scopeObject, String[] permissions, Map<String, String> permScopeMap, boolean removingPermissions )
throws APIManagerPublisherException {
for (String permission : permissions) {
String scopeValue = permScopeMap.get(permission);
if (scopeValue == null) {
String msg = "Found invalid permission: " + permission + ". Hence aborting the scope role " +
"mapping process";
log.error(msg);
throw new APIManagerPublisherException(msg);
}
JSONArray scopeList = (JSONArray) scopeObject.get("list");
for (int i = 0; i < scopeList.length(); i++) {
JSONObject scopeObj = scopeList.getJSONObject(i);
if (scopeObj.getString("name").equals(scopeValue)) {
Scope scope = new Scope();
scope.setName(scopeObj.getString("name"));
scope.setKey(scopeObj.getString("name"));
scope.setDescription(scopeObj.getString("description"));
scope.setId(scopeObj.getString("id"));
// Including already existing roles
JSONArray existingRolesArray = (JSONArray) scopeObj.get("bindings");
List<String> existingRoleList = new ArrayList<String>();
for (int j = 0; j < existingRolesArray.length(); j++) {
existingRoleList.add((String) existingRolesArray.get(j));
}
if (removingPermissions) {
existingRoleList.remove(roleName);
} else {
if (!existingRoleList.contains(roleName)) {
existingRoleList.add(roleName);
}
}
scope.setRoles(String.join(",", existingRoleList));
try {
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
} else {
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
log.warn(scope.getKey() + " not available as shared scope");
}
} catch (APIServicesException | BadRequestException | UnexpectedResponseException e) {
log.error("Error occurred while updating role scope mapping via APIM REST endpoint.", e);
}
break;
}
}
}
}
private void updatePermissions(String role, List<String> permissions) throws UserStoreException { private void updatePermissions(String role, List<String> permissions) throws UserStoreException {
AuthorizationManager authorizationManager = APIPublisherDataHolder.getInstance().getUserRealm() AuthorizationManager authorizationManager = APIPublisherDataHolder.getInstance().getUserRealm()
.getAuthorizationManager(); .getAuthorizationManager();

8
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/RoleInfo.java
Unescape View File

@ -33,6 +33,11 @@ public class RoleInfo {
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.", @ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
required = true, dataType = "List[java.lang.String]") required = true, dataType = "List[java.lang.String]")
private String[] permissions; private String[] permissions;
@ApiModelProperty(name = "removedPermissions", value = "Lists out all the permissions unassociated with roles.",
required = true, dataType = "List[java.lang.String]")
private String[] removedPermissions;
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.", @ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
required = true, dataType = "List[java.lang.String]") required = true, dataType = "List[java.lang.String]")
private String[] users; private String[] users;
@ -76,4 +81,7 @@ public class RoleInfo {
this.permissionList = permissionList; this.permissionList = permissionList;
} }
public String[] getRemovedPermissions() { return removedPermissions; }
public void setRemovedPermissions(String[] removedPermissions) { this.removedPermissions = removedPermissions; }
} }

8
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GeoLocationBasedServiceImpl.java
Unescape View File

@ -870,6 +870,14 @@ public class GeoLocationBasedServiceImpl implements GeoLocationBasedService {
PaginationResult paginationResult = new PaginationResult(); PaginationResult paginationResult = new PaginationResult();
paginationResult.setData(geofenceList); paginationResult.setData(geofenceList);
paginationResult.setRecordsTotal(geofenceList.size()); paginationResult.setRecordsTotal(geofenceList.size());
try {
GeoLocationProviderService geoService = DeviceMgtAPIUtils.getGeoService();
paginationResult.setTotalDeviceCount(geoService.getGeoFenceCount());
} catch (GeoLocationBasedServiceException e) {
String msg = "Failed to retrieve geofence data";
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
return Response.status(Response.Status.OK).entity(paginationResult).build(); return Response.status(Response.Status.OK).entity(paginationResult).build();
} }

35
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
Unescape View File

@ -279,6 +279,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
} }
} }
/**
* Retrieve filtered permissions by analyzing all the permission paths.
*
* @param rolePermissions All the permission paths
* @param permissionPaths Permission paths that needs to filter
* @param permissions List of filtered permissions
* @return {@link List<String>}
*/
private List<String> processAndFilterPermissions(UIPermissionNode[] rolePermissions, List<String> permissionPaths, List<String> permissions) { private List<String> processAndFilterPermissions(UIPermissionNode[] rolePermissions, List<String> permissionPaths, List<String> permissions) {
for (UIPermissionNode rolePermission : rolePermissions) { for (UIPermissionNode rolePermission : rolePermissions) {
@ -299,6 +307,15 @@ public class RoleManagementServiceImpl implements RoleManagementService {
return permissions; return permissions;
} }
/**
* Getting platform permissions
*
* @param roleName Role Name
* @param userRealm {@link UserRealm}
* @param permissions list of permissions
* @return {@link List<String>}
* @throws UserAdminException if error occurred when getting {@link UIPermissionNode}
*/
private String[] getPlatformUIPermissions(String roleName, UserRealm userRealm, String[] permissions) private String[] getPlatformUIPermissions(String roleName, UserRealm userRealm, String[] permissions)
throws UserAdminException { throws UserAdminException {
UIPermissionNode uiPermissionNode = getUIPermissionNode(roleName, userRealm); UIPermissionNode uiPermissionNode = getUIPermissionNode(roleName, userRealm);
@ -403,8 +420,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
try { try {
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) { if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
String[] roleName = roleInfo.getRoleName().split("/"); String[] roleName = roleInfo.getRoleName().split("/");
addPermissions(roleName[roleName.length - 1], roleInfo.getPermissions(), roleInfo.setRemovedPermissions(new String[0]);
DeviceMgtAPIUtils.getUserRealm()); updatePermissions(roleName[roleName.length - 1], roleInfo, DeviceMgtAPIUtils.getUserRealm());
} }
} catch (UserStoreException e) { } catch (UserStoreException e) {
String msg = "Error occurred while loading the user store."; String msg = "Error occurred while loading the user store.";
@ -546,7 +563,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
if (roleInfo.getPermissions() != null) { if (roleInfo.getPermissions() != null) {
String[] roleDetails = roleName.split("/"); String[] roleDetails = roleName.split("/");
addPermissions(roleDetails[roleDetails.length - 1], roleInfo.getPermissions(), userRealm); updatePermissions(roleDetails[roleDetails.length - 1], roleInfo, userRealm);
} }
//TODO: Need to send the updated role information in the entity back to the client //TODO: Need to send the updated role information in the entity back to the client
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " + return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@ -697,7 +714,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
return rolePermissions; return rolePermissions;
} }
private void addPermissions(String roleName, String[] permissions, UserRealm userRealm) { /**
* Update the role's permissions. This will function in the fire and forget pattern and run on a new thread.
*
* @param roleName Role Name
* @param roleInfo {@link RoleInfo}
* @param userRealm {@link UserRealm}
*/
private void updatePermissions(String roleName, RoleInfo roleInfo, UserRealm userRealm) {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
Thread thread = new Thread(new Runnable() { Thread thread = new Thread(new Runnable() {
@Override @Override
@ -707,7 +731,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName, DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName,
RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm, RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
permissions)); roleInfo.getPermissions()), RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
roleInfo.getRemovedPermissions()));
} catch (APIManagerPublisherException | UserAdminException e) { } catch (APIManagerPublisherException | UserAdminException e) {
log.error("Error Occurred while updating role scope mapping. ", e); log.error("Error Occurred while updating role scope mapping. ", e);
} finally { } finally {

7
components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/geo/service/GeoLocationProviderService.java
Unescape View File

@ -171,4 +171,11 @@ public interface GeoLocationProviderService {
* @throws GeoLocationBasedServiceException any errors occurred while reading event records to geofence * @throws GeoLocationBasedServiceException any errors occurred while reading event records to geofence
*/ */
List<EventConfig> getEventsOfGeoFence(int geoFenceId) throws GeoLocationBasedServiceException; List<EventConfig> getEventsOfGeoFence(int geoFenceId) throws GeoLocationBasedServiceException;
/**
* Get geo fence count by tenant id
* @return returns the geofence count of tenant.
* @throws GeoLocationBasedServiceException any errors occurred while reading event records to geofence
*/
int getGeoFenceCount() throws GeoLocationBasedServiceException;
} }

8
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GeofenceDAO.java
Unescape View File

@ -174,4 +174,12 @@ public interface GeofenceDAO {
* @throws DeviceManagementDAOException * @throws DeviceManagementDAOException
*/ */
GeofenceData getGeofence(int fenceId, boolean requireGroupData) throws DeviceManagementDAOException; GeofenceData getGeofence(int fenceId, boolean requireGroupData) throws DeviceManagementDAOException;
/**
* This method is used to get the geofence count by tenant id.
* @param tenantId tenant id.
* @return returns the geofence count of tenant.
* @throws DeviceManagementDAOException
*/
int getGeofenceCount(int tenantId) throws DeviceManagementDAOException;
} }

24
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGeofenceDAOImpl.java
Unescape View File

@ -644,4 +644,28 @@ public abstract class AbstractGeofenceDAOImpl implements GeofenceDAO {
throw new DeviceManagementDAOException(msg, e); throw new DeviceManagementDAOException(msg, e);
} }
} }
@Override
public int getGeofenceCount(int tenantId) throws DeviceManagementDAOException {
try {
Connection conn = this.getConnection();
String sql = "SELECT COUNT(*) AS geofence_count " +
"FROM DM_GEOFENCE " +
"WHERE TENANT_ID = ?";
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setInt(1, tenantId);
try (ResultSet rst = stmt.executeQuery()) {
if (rst.next()) {
return rst.getInt("geofence_count");
}
}
}
return 0; // Return 0 if no records found for the given tenantId.
} catch (SQLException e) {
String msg = "Error occurred while retrieving Geofence count of the tenant " + tenantId;
log.error(msg, e);
throw new DeviceManagementDAOException(msg, e);
}
}
} }

4
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/device/GenericDeviceDAOImpl.java
Unescape View File

@ -94,7 +94,7 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl {
"t.NAME AS DEVICE_TYPE "; "t.NAME AS DEVICE_TYPE ";
//Filter by serial number or any Custom Property in DM_DEVICE_INFO //Filter by serial number or any Custom Property in DM_DEVICE_INFO
if (serial != null || !request.getCustomProperty().isEmpty()) { if ((serial != null) || (request.getCustomProperty() != null && !request.getCustomProperty().isEmpty())) {
sql = sql + sql = sql +
"FROM DM_DEVICE d " + "FROM DM_DEVICE d " +
"INNER JOIN DM_DEVICE_TYPE t ON d.DEVICE_TYPE_ID = t.ID " + "INNER JOIN DM_DEVICE_TYPE t ON d.DEVICE_TYPE_ID = t.ID " +
@ -170,7 +170,7 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl {
if (isSerialProvided) { if (isSerialProvided) {
stmt.setString(paramIdx++, "%" + serial + "%"); stmt.setString(paramIdx++, "%" + serial + "%");
} }
if (!request.getCustomProperty().isEmpty()) { if (request.getCustomProperty() != null && !request.getCustomProperty().isEmpty()) {
for (Map.Entry<String, String> entry : request.getCustomProperty().entrySet()) { for (Map.Entry<String, String> entry : request.getCustomProperty().entrySet()) {
stmt.setString(paramIdx++, "%" + entry.getValue() + "%"); stmt.setString(paramIdx++, "%" + entry.getValue() + "%");
} }

26
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/geo/service/GeoLocationProviderServiceImpl.java
Unescape View File

@ -1747,6 +1747,32 @@ public class GeoLocationProviderServiceImpl implements GeoLocationProviderServic
} }
} }
@Override
public int getGeoFenceCount() throws GeoLocationBasedServiceException {
int tenantId;
try {
tenantId = DeviceManagementDAOUtil.getTenantId();
} catch (DeviceManagementDAOException e) {
String msg = "Error occurred while retrieving tenant id while get geofence data";
log.error(msg, e);
throw new GeoLocationBasedServiceException(msg, e);
}
try {
EventManagementDAOFactory.openConnection();
return geofenceDAO.getGeofenceCount(tenantId);
} catch (DeviceManagementDAOException e) {
String msg = "Error occurred while retrieving geofence data for the tenant " + tenantId;
log.error(msg, e);
throw new GeoLocationBasedServiceException(msg, e);
} catch (SQLException e) {
String msg = "Failed to open the DB connection to retrieve Geofence";
log.error(msg, e);
throw new GeoLocationBasedServiceException(msg, e);
} finally {
EventManagementDAOFactory.closeConnection();
}
}
/** /**
* Delete events of geofence * Delete events of geofence
* *

2
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
Unescape View File

@ -652,7 +652,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
Map<String, DeviceManager> deviceManagerMap = new HashMap<>(); Map<String, DeviceManager> deviceManagerMap = new HashMap<>();
List<DeviceCacheKey> deviceCacheKeyList = new ArrayList<>(); List<DeviceCacheKey> deviceCacheKeyList = new ArrayList<>();
List<Device> existingDevices; List<Device> existingDevices;
List<Device> validDevices = new ArrayList<>();; List<Device> validDevices = new ArrayList<>();
int tenantId = this.getTenantId(); int tenantId = this.getTenantId();
try { try {

Write Preview
Loading…
Cancel
Save