Scopes and related permissions added when scope is not attached to an API

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml

@@ -205,7 +205,9 @@
                             org.wso2.carbon.utils;version="4.6",
                             org.wso2.carbon.utils.multitenancy;version="4.6",
                             org.apache.commons.lang,
-                            org.json
+                            org.json,
+                            io.entgra.device.mgt.core.device.mgt.common.permission.mgt,
+                            io.entgra.device.mgt.core.device.mgt.core.permission.mgt
                         </Import-Package>
                         <Embed-Dependency>
                             jsr311-api;scope=compile|runtime;inline=false

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java

@@ -46,6 +46,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
 import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
 import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
 import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
+import io.entgra.device.mgt.core.device.mgt.core.permission.mgt.PermissionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -68,6 +69,8 @@ import org.wso2.carbon.user.core.tenant.TenantSearchResult;
 import org.wso2.carbon.utils.CarbonUtils;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+import io.entgra.device.mgt.core.device.mgt.core.permission.mgt.PermissionUtils;
+import io.entgra.device.mgt.core.device.mgt.common.permission.mgt.PermissionManagementException;
 
 import java.io.BufferedReader;
 import java.io.File;
@@ -610,9 +613,17 @@ public class APIPublisherServiceImpl implements APIPublisherService {
 
                             if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getName())) {
                                 publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
+                                // todo: permission changed in update path, is not handled yet.
                             } else {
-                                // todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
+                                // This scope doesn't have an api attached.
-                                log.warn(scope.getName() + " not available as shared scope");
+                                log.warn(scope.getName() + " not available as shared, add as new scope");
+                                publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
+                                // add permission if not exist
+                                try {
+                                    PermissionUtils.putPermission(permission);
+                                } catch(PermissionManagementException e) {
+                                    log.error("Error when adding permission ", e);
+                                }
                             }
                         }
                         for (String role : rolePermissions.keySet()) {