From 58670028c09c82c1dedb48eedb94c4595ef2412c Mon Sep 17 00:00:00 2001 From: tcdlpds Date: Wed, 11 Oct 2023 06:54:46 +0530 Subject: [PATCH] Fix scope attaching issue --- .../impl/RoleManagementServiceImpl.java | 75 ++++++++----------- .../impl/UserManagementServiceImpl.java | 49 +----------- .../src/main/resources/conf/mdm-ui-config.xml | 16 ---- 3 files changed, 32 insertions(+), 108 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 036c4f67660..a9ea688d056 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -30,7 +30,6 @@ import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.context.RegistryType; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleInfo; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList; @@ -40,9 +39,6 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestV import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.SetReferenceTransformer; -import org.wso2.carbon.registry.api.Registry; -import org.wso2.carbon.registry.core.session.UserRegistry; -import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil; import org.wso2.carbon.user.api.*; import org.wso2.carbon.user.core.common.AbstractUserStoreManager; import org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages; @@ -57,9 +53,11 @@ import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URISyntaxException; import java.net.URLEncoder; -import java.util.*; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; import static io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants.PRIMARY_USER_STORE; @@ -404,25 +402,9 @@ public class RoleManagementServiceImpl implements RoleManagementService { userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions); try { if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) { - String finalRoleName = roleInfo.getRoleName(); - String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); - final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); - Thread thread = new Thread(new Runnable() { - @Override - public void run() { - try { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); - DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleInfo.getRoleName(), - RoleManagementServiceImpl.this.getPlatformUIPermissions(finalRoleName, userRealm, roleInfo.getPermissions())); - } catch (APIManagerPublisherException | UserAdminException e) { - log.error("Error Occurred while updating role scope mapping. ", e); - } finally { - PrivilegedCarbonContext.endTenantFlow(); - } - } - }); - thread.start(); + String[] roleName = roleInfo.getRoleName().split("/"); + addPermissions(roleName[roleName.length - 1], roleInfo.getPermissions(), + DeviceMgtAPIUtils.getUserRealm()); } } catch (UserStoreException e) { String msg = "Error occurred while loading the user store."; @@ -563,24 +545,8 @@ public class RoleManagementServiceImpl implements RoleManagementService { } if (roleInfo.getPermissions() != null) { - String finalRoleName = roleName; - String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); - Thread thread = new Thread(new Runnable() { - @Override - public void run() { - try { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); - DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleInfo.getRoleName(), - RoleManagementServiceImpl.this.getPlatformUIPermissions(finalRoleName, userRealm, roleInfo.getPermissions())); - } catch (APIManagerPublisherException | UserAdminException e) { - log.error("Error Occurred while updating role scope mapping. ", e); - } finally { - PrivilegedCarbonContext.endTenantFlow(); - } - } - }); - thread.start(); + String[] roleDetails = roleName.split("/"); + addPermissions(roleDetails[roleDetails.length - 1], roleInfo.getPermissions(), userRealm); } //TODO: Need to send the updated role information in the entity back to the client return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " + @@ -730,4 +696,25 @@ public class RoleManagementServiceImpl implements RoleManagementService { } return rolePermissions; } + + private void addPermissions(String roleName, String[] permissions, UserRealm userRealm) { + String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); + Thread thread = new Thread(new Runnable() { + @Override + public void run() { + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); + DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName, + RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm, + permissions)); + } catch (APIManagerPublisherException | UserAdminException e) { + log.error("Error Occurred while updating role scope mapping. ", e); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } + }); + thread.start(); + } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java index 71528bf32d5..6d24ee6aa3f 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java @@ -114,11 +114,6 @@ public class UserManagementServiceImpl implements UserManagementService { private static final String API_BASE_PATH = "/users"; private static final Log log = LogFactory.getLog(UserManagementServiceImpl.class); - private static final String ADMIN_ROLE = "admin"; - private static final String DEFAULT_DEVICE_USER = "Internal/devicemgt-user"; - private static final String DEFAULT_DEVICE_ADMIN = "Internal/devicemgt-admin"; - private static final String DEFAULT_SUBSCRIBER = "Internal/subscriber"; - // Permissions that are given for a normal device user. private static final Permission[] PERMISSIONS_FOR_DEVICE_USER = { new Permission("/permission/admin/Login", "ui.execute"), @@ -155,51 +150,9 @@ public class UserManagementServiceImpl implements UserManagementService { Map defaultUserClaims = this.buildDefaultUserClaims(userInfo.getFirstname(), userInfo.getLastname(), userInfo.getEmailAddress(), true); - // calling addUser method of carbon user api - List tmpRoles = new ArrayList<>(); - String[] userInfoRoles = userInfo.getRoles(); - tmpRoles.add(DEFAULT_DEVICE_USER); - - boolean subscriberFound = false; - boolean adminFound = false; - - if (userInfoRoles != null) { - //check if subscriber role is coming in the payload - for (String r : userInfoRoles) { - if (!subscriberFound || !adminFound) { - if (DEFAULT_SUBSCRIBER.equals(r)) { - subscriberFound = true; - } else if (ADMIN_ROLE.equals(r)) { - tmpRoles.add(DEFAULT_DEVICE_ADMIN); - adminFound = true; - } - } else { - break; - } - } - tmpRoles.addAll(Arrays.asList(userInfoRoles)); - } - - if (!subscriberFound) { - // Add Internal/subscriber role to new users - if (userStoreManager.isExistingRole(DEFAULT_SUBSCRIBER)) { - tmpRoles.add(DEFAULT_SUBSCRIBER); - } else { - log.warn("User: " + userInfo.getUsername() + " will not be able to enroll devices as '" + - DEFAULT_SUBSCRIBER + "' is missing in the system"); - } - } - - String[] roles = new String[tmpRoles.size()]; - tmpRoles.toArray(roles); - - // If the normal device user role does not exist, create a new role with the minimal permissions - if (!userStoreManager.isExistingRole(DEFAULT_DEVICE_USER)) { - userStoreManager.addRole(DEFAULT_DEVICE_USER, null, PERMISSIONS_FOR_DEVICE_USER); - } userStoreManager.addUser(userInfo.getUsername(), initialUserPassword, - roles, defaultUserClaims, null); + userInfo.getRoles(), defaultUserClaims, null); // Outputting debug message upon successful addition of user if (log.isDebugEnabled()) { log.debug("User '" + userInfo.getUsername() + "' has successfully been added."); diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml index 612bb39ec44..aada3c5255d 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml @@ -187,7 +187,6 @@ am:store:app:modify am:store:app:sub:install am:store:app:sub:uninstall - am:admin:pub:app:review:update am:admin:pub:app:review:view am:admin:pub:app:update am:admin:store:app:review:update @@ -196,12 +195,8 @@ dm:device-type:view and:enterprise:modify and:enterprise:view - and:work:customer - and:work:admin - app:command:modify dm:sign-csr dm:admin:devices:view - dm:admin:topics:view rm:roles:add rm:users:add rm:roles:update @@ -210,15 +205,6 @@ rm:roles:view rm:roles:combined:add rm:roles:delete - an:db:vulnerabilities - an:db:non-compliant:count - an:db:non-compliant - an:db:by-groups - an:db:device:count - an:db:feature-non-compliant - an:db:overview:count - an:db:filtered-count - an:db:details dm:activity:get dm:devices:delete dm:devices:app:view @@ -295,7 +281,6 @@ dm:device:enroll dm:geo:an:view dm:geo:alerts:manage - appm:read dm:admin:devices:permanent-delete and:conf:manage and:conf:view @@ -345,7 +330,6 @@ win:ops:reboot win:ops:location admin:tenant:view - dm:admin:metadata:view dm:admin:devices:usage:view and:ops:clear-app and:ops:suspend-package