From b765c8ded32dfe5e2e4e80b0bb8807d2f563e395 Mon Sep 17 00:00:00 2001 From: Thilina Sandaruwan Date: Mon, 10 Jul 2023 07:46:21 +0000 Subject: [PATCH] Grouping Improvements (#169) Purpose After deleting a role, delete relevant records from DM_ROLE_GROUP_MAP table Related tickets: https://roadmap.entgra.net/issues/9528 and https://roadmap.entgra.net/issues/9529 Co-authored-by: ThilinaPremachandra Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/169 Co-authored-by: Thilina Sandaruwan Co-committed-by: Thilina Sandaruwan --- .../impl/GroupManagementServiceImpl.java | 4 +- .../impl/RoleManagementServiceImpl.java | 13 ++++-- .../GroupManagementAdminServiceImpl.java | 4 +- .../core/device/mgt/core/dao/GroupDAO.java | 9 ++++ .../core/dao/impl/AbstractGroupDAOImpl.java | 17 ++++++++ .../GroupManagementProviderService.java | 16 ++++++- .../GroupManagementProviderServiceImpl.java | 42 +++++++++++++++++-- 7 files changed, 93 insertions(+), 12 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java index b4fb899ba8..98ca6249d0 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java @@ -489,8 +489,8 @@ public class GroupManagementServiceImpl implements GroupManagementService { log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (GroupAlreadyExistException e) { - String msg = "Group already exists with name : " + groups.getName() + "."; - log.warn(msg); + String msg = "Group already exists with name : " + groups.getName() + " Try with another group name."; + log.error(msg, e); return Response.status(Response.Status.CONFLICT).entity(msg).build(); } catch (RoleDoesNotExistException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 03a66c383e..44150409ad 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -18,6 +18,7 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import org.apache.axis2.databinding.types.xsd._boolean; import org.json.simple.JSONObject; @@ -638,6 +639,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { @Consumes(MediaType.WILDCARD) @Override public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) { + String roleToDelete = roleName; if (userStoreName != null && !userStoreName.isEmpty()) { roleName = userStoreName + "/" + roleName; } @@ -645,6 +647,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { try { final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); final UserStoreManager userStoreManager = userRealm.getUserStoreManager(); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); if (!userStoreManager.isExistingRole(roleName)) { String msg = "No role exists with the name : " + roleName ; return Response.status(404).entity(msg).build(); @@ -654,16 +657,18 @@ public class RoleManagementServiceImpl implements RoleManagementService { if (log.isDebugEnabled()) { log.debug("Deleting the role in user store"); } - userStoreManager.deleteRole(roleName); - // Delete all authorizations for the current role before deleting - authorizationManager.clearRoleAuthorization(roleName); - + DeviceMgtAPIUtils.getGroupManagementProviderService().deleteRoleAndRoleGroupMapping(roleName, roleToDelete, tenantId, userStoreManager, authorizationManager); return Response.status(Response.Status.OK).build(); } catch (UserStoreException e) { String msg = "Error occurred while deleting the role '" + roleName + "'"; log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } catch (GroupManagementException e) { + String msg = "Error occurred while deleting group-role mapping records"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java index 35be14c7cb..d7bf236acf 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java @@ -199,8 +199,8 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (GroupAlreadyExistException e) { - String msg = "Group already exists with name : " + group.getName() + "."; - log.warn(msg); + String msg = "Group already exists with name : " + group.getName() + " Try with another group name."; + log.error(msg, e); return Response.status(Response.Status.CONFLICT).entity(msg).build(); } catch (RoleDoesNotExistException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java index 777cdb922f..ac91b7036f 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java @@ -155,6 +155,15 @@ public interface GroupDAO { */ void deleteGroupsMapping(List groupIds, int tenantId) throws GroupManagementDAOException; + /** + * Delete mappings of Device Groups. + * + * @param role of Device Groups. + * @param tenantId of the role. + * @throws GroupManagementDAOException on error during deletion of mappings of groups + */ + void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException; + /** * Delete existing Device Groups. * diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java index 9705c5772c..e1fc26eb8e 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java @@ -541,6 +541,23 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { } } + @Override + public void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException { + + try { + Connection conn = GroupManagementDAOFactory.getConnection(); + String sql = "DELETE FROM DM_ROLE_GROUP_MAP WHERE ROLE = ? AND TENANT_ID = ?"; + try (PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, role); + stmt.setInt(2, tenantId); + stmt.executeUpdate(); + } + } catch (SQLException e) { + String msg = "Error occurred while removing record from group-role mapping."; + log.error(msg); + throw new GroupManagementDAOException(msg, e); + } + } @Override public void deleteGroups(List groupIds, int tenantId) throws GroupManagementDAOException { try { diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java index b263ea1234..ef2338688f 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java @@ -31,6 +31,8 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistEx import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException; import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException; import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException; +import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.UserStoreManager; import java.util.List; @@ -58,7 +60,7 @@ public interface GroupManagementProviderService { * @param defaultPermissions of the default role * @throws GroupManagementException */ - void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupManagementException, GroupAlreadyExistException, RoleDoesNotExistException; + void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException,GroupManagementException, RoleDoesNotExistException; /** * Update existing device group. @@ -80,6 +82,18 @@ public interface GroupManagementProviderService { */ boolean deleteGroup(int groupId, boolean isDeleteChildren) throws GroupManagementException; + /** + * Delete existing device group. + * + * @param role to be deleted with the userStore name. + * @param roleToDelete to delete the role. + * @param tenantId to belongs to roles. + * @param userStoreManager with details. + * @param authorizationManager with details. + * @throws GroupManagementException + */ + void deleteRoleAndRoleGroupMapping(String role, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException; + /** * Get the device group provided the device group id. * diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java index 9b5ab0e5ae..3e03301769 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java @@ -49,10 +49,12 @@ import io.entgra.device.mgt.core.device.mgt.core.util.DeviceManagerUtil; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.netbeans.lib.cvsclient.commandLine.command.status; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; +import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest; +import io.entgra.device.mgt.core.device.mgt.common.PaginationResult; +import org.wso2.carbon.user.api.AuthorizationManager; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; @@ -148,7 +150,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } } - public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupManagementException { + public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException, GroupManagementException { if (groups == null) { String msg = "Received incomplete data for createGroup"; log.error(msg); @@ -181,7 +183,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } GroupManagementDAOFactory.commitTransaction(); } else { - throw new GroupManagementException("Group exist with name " + groups.getName()); + throw new GroupAlreadyExistException("Group already exists with name : " + groups.getName() + " Try with another group name."); } } catch (GroupManagementDAOException e) { GroupManagementDAOFactory.rollbackTransaction(); @@ -359,6 +361,40 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } } + /** + * {@inheritDoc} + */ + @Override + public void deleteRoleAndRoleGroupMapping(String roleName, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException { + if (log.isDebugEnabled()) { + log.debug("Delete roles"); + } + try { + GroupManagementDAOFactory.beginTransaction(); + groupDAO.deleteGroupsMapping(roleToDelete, tenantId); + userStoreManager.deleteRole(roleName); + // Delete all authorizations for the current role before deleting + authorizationManager.clearRoleAuthorization(roleName); + GroupManagementDAOFactory.commitTransaction(); + } catch (UserStoreException e) { + GroupManagementDAOFactory.rollbackTransaction(); + String msg = "Error occurred while deleting the role '" + roleName + "'"; + log.error(msg, e); + throw new GroupManagementException(msg, e); + } catch (TransactionManagementException e) { + String msg = "Error occurred while initiating transaction."; + log.error(msg, e); + throw new GroupManagementException(msg, e); + } catch (GroupManagementDAOException e) { + GroupManagementDAOFactory.rollbackTransaction(); + String msg = "Error occurred while deleting the role"; + log.error(msg, e); + throw new GroupManagementException(msg, e); + } finally { + GroupManagementDAOFactory.closeConnection(); + } + } + /** * {@inheritDoc} */