diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java index eb2cad1670..25dbe42421 100644 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java @@ -39,6 +39,8 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.Platform; import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.common.operation.mgt.Operation; import org.wso2.carbon.appmgt.mobile.utils.User; @@ -233,25 +235,32 @@ public class ApplicationOperationsImpl implements ApplicationOperations { List devices; List deviceList; try { - DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils - .getDeviceManagementService(applicationOperationDevice.getTenantId()); + final int tenantId = applicationOperationDevice.getTenantId(); final String username = applicationOperationDevice.getCurrentUser().getUsername(); final String platform = applicationOperationDevice.getPlatform(); + DeviceAccessAuthorizationService deviceAccessAuthorizationService = MDMServiceAPIUtils + .getDeviceAccessAuthorizationService(applicationOperationDevice.getTenantId()); + DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils + .getDeviceManagementService(tenantId); + boolean isAdmin = deviceAccessAuthorizationService.isDeviceAdminUser(); + switch (platform) { case MDMAppConstants.WEBAPP: - deviceList = deviceManagementService.getDevicesOfUser(username); + deviceList = isAdmin ? deviceManagementService.getAllDevices() : + deviceManagementService.getDevicesOfUser(username); break; case MDMAppConstants.ANDROID: - deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID); + deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.ANDROID) : + deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID); break; case MDMAppConstants.IOS: - deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS); + deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.IOS) : + deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS); break; default: - String msg = "App platform:" + platform + "is not supported."; - log.error(msg); - throw new MobileApplicationException(msg); + throw new MobileApplicationException("App platform: [" + platform + "] is not supported."); } + devices = new ArrayList<>(deviceList.size()); if (log.isDebugEnabled()) { log.debug("device list got from mdm " + deviceList.toString()); @@ -291,7 +300,8 @@ public class ApplicationOperationsImpl implements ApplicationOperations { } catch (DeviceManagementException e) { logError("Error While retrieving Device List.", e); throw new MobileApplicationException(e.getMessage()); - + } catch (DeviceAccessAuthorizationException e) { + throw new MobileApplicationException("Error while checking user permissions", e); } return devices; } diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java index 922f017326..9bf9822eba 100644 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java @@ -19,6 +19,7 @@ package org.wso2.carbon.appmgt.mdm.osgiconnector.mdmmgt.util; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; @@ -49,6 +50,26 @@ public class MDMServiceAPIUtils { return deviceManagementProviderService; } + /** + * Returns the DeviceAccessAuthorizationService osgi service. + * + * @param tenantId tenant id + * @return {@link DeviceAccessAuthorizationService} + */ + public static DeviceAccessAuthorizationService getDeviceAccessAuthorizationService(int tenantId) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + ctx.setTenantId(tenantId, true); + DeviceAccessAuthorizationService deviceAccessAuthorizationService = + (DeviceAccessAuthorizationService) ctx + .getOSGiService(DeviceAccessAuthorizationService.class, null); + if (deviceAccessAuthorizationService == null) { + String msg = "Device Access Authorization service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + return deviceAccessAuthorizationService; + } + /** * Returns the ApplicationManagementProviderService osgi service. *