Fix issue of app installation with admin user

In the current implementation, devices owned by the logged in user is fetched as the device list. When an admin user logged in, even though the user has permission to view and install apps to other users devices the devices does not get fetched if the admin user is not the owner.

This resolves the above issue by fetching all devices if the user has admin permission.

Resolves product-iots#55
merge-requests/18/head
Madawa Soysa 6 years ago
parent 6470efcb31
commit 7ab68e2c99

@ -39,6 +39,8 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.Platform;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
import org.wso2.carbon.appmgt.mobile.utils.User;
@ -233,25 +235,32 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
List<Device> devices;
List<org.wso2.carbon.device.mgt.common.Device> deviceList;
try {
DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils
.getDeviceManagementService(applicationOperationDevice.getTenantId());
final int tenantId = applicationOperationDevice.getTenantId();
final String username = applicationOperationDevice.getCurrentUser().getUsername();
final String platform = applicationOperationDevice.getPlatform();
DeviceAccessAuthorizationService deviceAccessAuthorizationService = MDMServiceAPIUtils
.getDeviceAccessAuthorizationService(applicationOperationDevice.getTenantId());
DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils
.getDeviceManagementService(tenantId);
boolean isAdmin = deviceAccessAuthorizationService.isDeviceAdminUser();
switch (platform) {
case MDMAppConstants.WEBAPP:
deviceList = deviceManagementService.getDevicesOfUser(username);
deviceList = isAdmin ? deviceManagementService.getAllDevices() :
deviceManagementService.getDevicesOfUser(username);
break;
case MDMAppConstants.ANDROID:
deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID);
deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.ANDROID) :
deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID);
break;
case MDMAppConstants.IOS:
deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS);
deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.IOS) :
deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS);
break;
default:
String msg = "App platform:" + platform + "is not supported.";
log.error(msg);
throw new MobileApplicationException(msg);
throw new MobileApplicationException("App platform: [" + platform + "] is not supported.");
}
devices = new ArrayList<>(deviceList.size());
if (log.isDebugEnabled()) {
log.debug("device list got from mdm " + deviceList.toString());
@ -291,7 +300,8 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
} catch (DeviceManagementException e) {
logError("Error While retrieving Device List.", e);
throw new MobileApplicationException(e.getMessage());
} catch (DeviceAccessAuthorizationException e) {
throw new MobileApplicationException("Error while checking user permissions", e);
}
return devices;
}

@ -19,6 +19,7 @@ package org.wso2.carbon.appmgt.mdm.osgiconnector.mdmmgt.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
@ -49,6 +50,26 @@ public class MDMServiceAPIUtils {
return deviceManagementProviderService;
}
/**
* Returns the DeviceAccessAuthorizationService osgi service.
*
* @param tenantId tenant id
* @return {@link DeviceAccessAuthorizationService}
*/
public static DeviceAccessAuthorizationService getDeviceAccessAuthorizationService(int tenantId) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ctx.setTenantId(tenantId, true);
DeviceAccessAuthorizationService deviceAccessAuthorizationService =
(DeviceAccessAuthorizationService) ctx
.getOSGiService(DeviceAccessAuthorizationService.class, null);
if (deviceAccessAuthorizationService == null) {
String msg = "Device Access Authorization service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return deviceAccessAuthorizationService;
}
/**
* Returns the ApplicationManagementProviderService osgi service.
*

Loading…
Cancel
Save