From 7ab68e2c99ab40b8ed2695d1505da3b966323f65 Mon Sep 17 00:00:00 2001
From: Madawa Soysa <madawa.rc@gmail.com>
Date: Fri, 1 Mar 2019 18:54:58 +1100
Subject: [PATCH] Fix issue of app installation with admin user

In the current implementation, devices owned by the logged in user is fetched as the device list. When an admin user logged in, even though the user has permission to view and install apps to other users devices the devices does not get fetched if the admin user is not the owner.

This resolves the above issue by fetching all devices if the user has admin permission.

Resolves product-iots#55
---
 .../ApplicationOperationsImpl.java            | 28 +++++++++++++------
 .../mdmmgt/util/MDMServiceAPIUtils.java       | 21 ++++++++++++++
 2 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java
index eb2cad167..25dbe4242 100644
--- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java
+++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java
@@ -39,6 +39,8 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.Platform;
 import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
 import org.wso2.carbon.appmgt.mobile.utils.User;
@@ -233,25 +235,32 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
         List<Device> devices;
         List<org.wso2.carbon.device.mgt.common.Device> deviceList;
         try {
-            DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils
-                    .getDeviceManagementService(applicationOperationDevice.getTenantId());
+            final int tenantId = applicationOperationDevice.getTenantId();
             final String username = applicationOperationDevice.getCurrentUser().getUsername();
             final String platform = applicationOperationDevice.getPlatform();
+            DeviceAccessAuthorizationService deviceAccessAuthorizationService = MDMServiceAPIUtils
+                    .getDeviceAccessAuthorizationService(applicationOperationDevice.getTenantId());
+            DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils
+                    .getDeviceManagementService(tenantId);
+            boolean isAdmin = deviceAccessAuthorizationService.isDeviceAdminUser();
+
             switch (platform) {
                 case MDMAppConstants.WEBAPP:
-                    deviceList = deviceManagementService.getDevicesOfUser(username);
+                    deviceList = isAdmin ? deviceManagementService.getAllDevices() :
+                            deviceManagementService.getDevicesOfUser(username);
                     break;
                 case MDMAppConstants.ANDROID:
-                    deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID);
+                    deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.ANDROID) :
+                            deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID);
                     break;
                 case MDMAppConstants.IOS:
-                    deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS);
+                    deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.IOS) :
+                            deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS);
                     break;
                 default:
-                    String msg = "App platform:" + platform + "is not supported.";
-                    log.error(msg);
-                    throw new MobileApplicationException(msg);
+                    throw new MobileApplicationException("App platform: [" + platform + "] is not supported.");
             }
+
             devices = new ArrayList<>(deviceList.size());
             if (log.isDebugEnabled()) {
                 log.debug("device list got from mdm " + deviceList.toString());
@@ -291,7 +300,8 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
         } catch (DeviceManagementException e) {
             logError("Error While retrieving Device List.", e);
             throw new MobileApplicationException(e.getMessage());
-
+        } catch (DeviceAccessAuthorizationException e) {
+            throw new MobileApplicationException("Error while checking user permissions", e);
         }
         return devices;
     }
diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java
index 922f01732..9bf9822eb 100644
--- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java
+++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java
@@ -19,6 +19,7 @@ package org.wso2.carbon.appmgt.mdm.osgiconnector.mdmmgt.util;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 
@@ -49,6 +50,26 @@ public class MDMServiceAPIUtils {
 		return deviceManagementProviderService;
 	}
 
+    /**
+     * Returns the DeviceAccessAuthorizationService osgi service.
+     *
+     * @param tenantId tenant id
+     * @return {@link DeviceAccessAuthorizationService}
+     */
+    public static DeviceAccessAuthorizationService getDeviceAccessAuthorizationService(int tenantId) {
+        PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        ctx.setTenantId(tenantId, true);
+        DeviceAccessAuthorizationService deviceAccessAuthorizationService =
+                (DeviceAccessAuthorizationService) ctx
+                        .getOSGiService(DeviceAccessAuthorizationService.class, null);
+        if (deviceAccessAuthorizationService == null) {
+            String msg = "Device Access Authorization service has not initialized.";
+            log.error(msg);
+            throw new IllegalStateException(msg);
+        }
+        return deviceAccessAuthorizationService;
+    }
+
 	/**
 	 * Returns the ApplicationManagementProviderService osgi service.
 	 *