Refactored scopes

4.x.x
mharindu 8 years ago
parent eb5216091e
commit ed4c762bfd

@ -28,18 +28,24 @@ import java.lang.annotation.Target;
*/ */
@Target(ElementType.METHOD) @Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME) @Retention(RetentionPolicy.RUNTIME)
public @interface Permission { public @interface Scope {
/**
* Represents the scope key which should be unique.
* @return Returns scope key.
*/
String key();
/** /**
* Represents the scope name. * Represents the scope name.
* @return Returns scope name. * @return Returns scope name.
*/ */
String scope(); String name();
/** /**
* Represents the associated permissions. * Represents the scope description.
* @return Returns list of permissions. * @return Returns scope description.
*/ */
String[] roles(); String description();
} }

@ -1,45 +0,0 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
/**
* This class represents the information related to permissions.
*/
public class PermissionConfiguration {
private String scopeName;
private String[] roles;
public String getScopeName() {
return scopeName;
}
public void setScopeName(String scope) {
this.scopeName = scope;
}
public String[] getRoles() {
return roles;
}
public void setRoles(String[] roles) {
this.roles = roles;
}
}

@ -1,60 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
/**
* Custom exception class of Permission related operations.
*/
public class PermissionManagementException extends Exception {
private static final long serialVersionUID = -3151279311929070298L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public PermissionManagementException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public PermissionManagementException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public PermissionManagementException(String msg) {
super(msg);
setErrorMessage(msg);
}
public PermissionManagementException() {
super();
}
public PermissionManagementException(Throwable cause) {
super(cause);
}
}

@ -23,13 +23,9 @@ import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil; import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -242,15 +238,9 @@ public class AnnotationProcessor {
Annotation producesAnno = method.getAnnotation(producesClass); Annotation producesAnno = method.getAnnotation(producesClass);
resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR)); resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
} }
if (annotations[i].annotationType().getName().equals(Permission.class.getName())) { if (annotations[i].annotationType().getName().equals(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName())) {
PermissionConfiguration permissionConf = this.getPermission(method); org.wso2.carbon.apimgt.api.model.Scope scope = this.getScope(method);
if (permissionConf != null) { if (scope != null) {
Scope scope = new Scope();
scope.setKey(permissionConf.getScopeName());
scope.setDescription(permissionConf.getScopeName());
scope.setName(permissionConf.getScopeName());
String roles = StringUtils.join(permissionConf.getRoles(), ",");
scope.setRoles(roles);
resource.setScope(scope); resource.setScope(scope);
} }
} }
@ -348,35 +338,32 @@ public class AnnotationProcessor {
return ((String[]) methodHandler.invoke(annotation, method, null)); return ((String[]) methodHandler.invoke(annotation, method, null));
} }
private PermissionConfiguration getPermission(Method currentMethod) throws Throwable { private org.wso2.carbon.apimgt.api.model.Scope getScope(Method currentMethod) throws Throwable {
Class<Permission> permissionClass = (Class<Permission>) classLoader.loadClass(Permission.class.getName()); Class<org.wso2.carbon.apimgt.annotations.api.Scope> scopeClass =
Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass); (Class<org.wso2.carbon.apimgt.annotations.api.Scope>) classLoader.
if (permissionClass != null) { loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
Method[] permissionClassMethods = permissionClass.getMethods(); Annotation permissionAnnotation = currentMethod.getAnnotation(scopeClass);
PermissionConfiguration permissionConf = new PermissionConfiguration(); if (scopeClass != null) {
Method[] permissionClassMethods = scopeClass.getMethods();
org.wso2.carbon.apimgt.api.model.Scope scope = new org.wso2.carbon.apimgt.api.model.Scope();
for (Method method : permissionClassMethods) { for (Method method : permissionClassMethods) {
switch (method.getName()) { switch (method.getName()) {
case "scope": case "key":
permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING)); scope.setKey(invokeMethod(method, permissionAnnotation, STRING));
break; break;
case "roles": case "name":
String roles[] = invokeMethod(method, permissionAnnotation); scope.setName(invokeMethod(method, permissionAnnotation, STRING));
this.addPermission(roles); break;
permissionConf.setRoles(roles); case "description":
scope.setDescription(invokeMethod(method, permissionAnnotation, STRING));
break; break;
} }
} }
return permissionConf; return scope;
} }
return null; return null;
} }
private void addPermission(String[] permissions) throws PermissionManagementException {
for (String permission : permissions) {
PermissionUtils.addPermission(permission);
}
}
/** /**
* Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory * Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
* if your servlet container does not extract the /WEB-INF/classes into a real file-based directory * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory

@ -1,91 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.Registry;
import java.util.StringTokenizer;
/**
* Utility class which holds necessary utility methods required for persisting permissions in
* registry.
*/
public class PermissionUtils {
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return APIPublisherDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static void addPermission(String permission) throws PermissionManagementException {
String resourcePermission = getAbsolutePermissionPath(permission);
try {
StringTokenizer tokenizer = new StringTokenizer(resourcePermission, "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
}
lastToken = tempPath;
}
} catch (RegistryException e) {
throw new PermissionManagementException("Error occurred while persisting permission : " +
resourcePermission, e);
}
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
private static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
}

@ -4,7 +4,7 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -46,7 +46,7 @@ public interface CertificateMgtService {
message = "Internal Server Error. \n Error occurred while retrieving signed certificate.", message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "sign-csr", roles = {"emm-admin"}) @Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
Response getSignedCertFromCSR( Response getSignedCertFromCSR(
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",

@ -2,7 +2,7 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@ -77,7 +77,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n Server error occurred while adding certificates.", message = "Internal Server Error. \n Server error occurred while adding certificates.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "certificate:add", roles = {"admin"}) @Scope(key = "certificate:write", name = "Add certificates", description = "")
Response addCertificate( Response addCertificate(
@ApiParam( @ApiParam(
name = "enrollmentCertificates", name = "enrollmentCertificates",
@ -135,7 +135,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving information requested certificate.", "Server error occurred while retrieving information requested certificate.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "certificate:view", roles = {"admin"}) @Scope(key = "certificate:read", name = "View certificates", description = "")
Response getCertificate( Response getCertificate(
@ApiParam(name = "serialNumber", @ApiParam(name = "serialNumber",
value = "Provide the serial number of the certificate that you wish to get the details of", value = "Provide the serial number of the certificate that you wish to get the details of",
@ -207,7 +207,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving all certificates enrolled in the system.", "Server error occurred while retrieving all certificates enrolled in the system.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "certificate:view", roles = {"admin"}) @Scope(key = "certificate:read", name = "View certificates", description = "")
Response getAllCertificates( Response getAllCertificates(
@ApiParam( @ApiParam(
name = "offset", name = "offset",
@ -250,7 +250,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n " + message = "Internal Server Error. \n " +
"Server error occurred while removing the certificate.", "Server error occurred while removing the certificate.",
response = ErrorResponse.class)}) response = ErrorResponse.class)})
@Permission(scope = "certificate:modify", roles = {"admin"}) @Scope(key = "certificate:write", name = "Add certificates", description = "")
Response removeCertificate( Response removeCertificate(
@ApiParam( @ApiParam(
name = "serialNumber", name = "serialNumber",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList; import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -91,7 +91,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.", message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "activity:view", roles = {"admin"}) @Scope(key = "activity:read", name = "View Activities", description = "")
Response getActivity( Response getActivity(
@ApiParam( @ApiParam(
name = "id", name = "id",
@ -150,7 +150,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.", message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "activity:view", roles = {"admin"}) @Scope(key = "activity:read", name = "View Activities", description = "")
Response getActivities( Response getActivities(
@ApiParam( @ApiParam(
name = "since", name = "since",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration; import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -81,7 +81,7 @@ public interface ConfigurationManagementService {
"platform configuration.", "platform configuration.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "configuration:view", roles = {"admin"}) @Scope(key = "configuration:read", name = "View Configurations", description = "")
Response getConfiguration( Response getConfiguration(
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
@ -127,7 +127,7 @@ public interface ConfigurationManagementService {
"Server error occurred while modifying general platform configuration.", "Server error occurred while modifying general platform configuration.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "configuration:modify", roles = {"admin"}) @Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
Response updateConfiguration( Response updateConfiguration(
@ApiParam( @ApiParam(
name = "configuration", name = "configuration",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.Feature; import org.wso2.carbon.device.mgt.common.Feature;
import org.wso2.carbon.device.mgt.common.app.mgt.Application; import org.wso2.carbon.device.mgt.common.app.mgt.Application;
@ -91,7 +91,7 @@ public interface DeviceManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.", message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:list", roles = {"admin"}) @Scope(key = "device:read", name = "View Devices", description = "")
Response getDevices( Response getDevices(
@ApiParam( @ApiParam(
name = "name", name = "name",
@ -200,7 +200,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving information requested device.", "Server error occurred while retrieving information requested device.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:view", roles = {"admin"}) @Scope(key = "device:read", name = "View Devices", description = "")
Response getDevice( Response getDevice(
@ApiParam( @ApiParam(
name = "type", name = "type",
@ -280,7 +280,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving feature list of the device.", "Server error occurred while retrieving feature list of the device.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:view", roles = {"admin"}) @Scope(key = "device:read", name = "View Devices", description = "")
Response getFeaturesOfDevice( Response getFeaturesOfDevice(
@ApiParam( @ApiParam(
name = "type", name = "type",
@ -354,7 +354,7 @@ public interface DeviceManagementService {
"Server error occurred while enrolling the device.", "Server error occurred while enrolling the device.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:search", roles = {"admin" }) @Scope(key = "device:read", name = "View Devices", description = "")
Response searchDevices( Response searchDevices(
@ApiParam( @ApiParam(
name = "offset", name = "offset",
@ -433,7 +433,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving installed application list of the device.", "Server error occurred while retrieving installed application list of the device.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:view", roles = {"admin"}) @Scope(key = "device:read", name = "View Devices", description = "")
Response getInstalledApplications( Response getInstalledApplications(
@ApiParam( @ApiParam(
name = "type", name = "type",
@ -527,7 +527,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving operation list scheduled for the device.", "Server error occurred while retrieving operation list scheduled for the device.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:view", roles = {"admin"}) @Scope(key = "device:read", name = "View Devices", description = "")
Response getDeviceOperations( Response getDeviceOperations(
@ApiParam( @ApiParam(
name = "type", name = "type",
@ -623,7 +623,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class) response = ErrorResponse.class)
} }
) )
@Permission(scope = "device:view", roles = {"admin"}) @Scope(key = "device:read", name = "View Devices", description = "")
Response getEffectivePolicyOfDevice( Response getEffectivePolicyOfDevice(
@ApiParam( @ApiParam(
name = "type", name = "type",
@ -674,6 +674,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class) response = ErrorResponse.class)
} }
) )
@Scope(key = "device:read", name = "View Devices", description = "")
Response getComplianceDataOfDevice( Response getComplianceDataOfDevice(
@ApiParam( @ApiParam(
name = "type", name = "type",

@ -18,7 +18,7 @@
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.api; package org.wso2.carbon.device.mgt.jaxrs.service.api;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;

@ -20,10 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationContext;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList; import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -90,7 +88,7 @@ public interface NotificationManagementService {
"\n Server error occurred while fetching the notification list.", "\n Server error occurred while fetching the notification list.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "notification:view", roles = {"admin"}) @Scope(key = "notification:read", name = "View and manage notifications", description = "")
Response getNotifications( Response getNotifications(
@ApiParam( @ApiParam(
name = "status", name = "status",
@ -142,7 +140,7 @@ public interface NotificationManagementService {
message = "Error occurred while updating notification status.") message = "Error occurred while updating notification status.")
} }
) )
@Permission(scope = "notification:view", roles = {"admin"}) @Scope(key = "notification:read", name = "View and manage notifications", description = "")
Response updateNotificationStatus( Response updateNotificationStatus(
@ApiParam( @ApiParam(
name = "id", name = "id",

@ -20,11 +20,11 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.policy.mgt.common.Policy;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
import org.wso2.carbon.policy.mgt.common.Policy;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -99,7 +99,7 @@ public interface PolicyManagementService {
"Server error occurred while adding a new policy.", "Server error occurred while adding a new policy.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:add", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response addPolicy( Response addPolicy(
@ApiParam( @ApiParam(
name = "policy", name = "policy",
@ -153,7 +153,7 @@ public interface PolicyManagementService {
"policies."), "policies."),
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:list", roles = {"admin"}) @Scope(key = "policy:read", name = "Views policies", description = "")
Response getPolicies( Response getPolicies(
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
@ -219,7 +219,7 @@ public interface PolicyManagementService {
"policy.", "policy.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:view", roles = {"admin"}) @Scope(key = "policy:read", name = "View policies", description = "")
Response getPolicy( Response getPolicy(
@ApiParam( @ApiParam(
name = "id", name = "id",
@ -283,7 +283,7 @@ public interface PolicyManagementService {
"Server error occurred while updating the policy.", "Server error occurred while updating the policy.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:modify", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response updatePolicy( Response updatePolicy(
@ApiParam( @ApiParam(
name = "id", name = "id",
@ -329,7 +329,7 @@ public interface PolicyManagementService {
"Server error occurred while bulk removing policies.", "Server error occurred while bulk removing policies.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:modify", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response removePolicies( Response removePolicies(
@ApiParam( @ApiParam(
name = "policyIds", name = "policyIds",
@ -365,7 +365,7 @@ public interface PolicyManagementService {
message = "ErrorResponse in activating policies.", message = "ErrorResponse in activating policies.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:add", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response activatePolicies( Response activatePolicies(
@ApiParam( @ApiParam(
name = "policyIds", name = "policyIds",
@ -401,7 +401,7 @@ public interface PolicyManagementService {
message = "ErrorResponse in deactivating policies.", message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:add", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response deactivatePolicies( Response deactivatePolicies(
@ApiParam( @ApiParam(
name = "policyIds", name = "policyIds",
@ -434,7 +434,7 @@ public interface PolicyManagementService {
message = "ErrorResponse in deactivating policies.", message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:add", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response applyChanges(); Response applyChanges();
@ -463,7 +463,7 @@ public interface PolicyManagementService {
message = "Exception in updating policy priorities.", message = "Exception in updating policy priorities.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "policy:add", roles = {"admin"}) @Scope(key = "policy:write", name = "Add policies", description = "")
Response updatePolicyPriorities( Response updatePolicyPriorities(
@ApiParam( @ApiParam(
name = "priorityUpdatedPolicies", name = "priorityUpdatedPolicies",

@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@ -77,7 +76,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.", message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:list", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:read", name = "View roles", description = "")
Response getRoles( Response getRoles(
@ApiParam( @ApiParam(
name = "filter", name = "filter",
@ -159,7 +158,7 @@ public interface RoleManagementService {
message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.", message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:scope:read", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:read", name = "View roles", description = "")
Response getScopes( Response getScopes(
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
@ -209,7 +208,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while updating the scopes.", message = "Internal Server Error. \n Server error occurred while updating the scopes.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:scope:write", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
Response updateScopes( Response updateScopes(
@ApiParam( @ApiParam(
name = "Scopes", name = "Scopes",
@ -266,7 +265,7 @@ public interface RoleManagementService {
"requested role.", "requested role.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:view", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:read", name = "View roles", description = "")
Response getRole( Response getRole(
@ApiParam( @ApiParam(
name = "roleName", name = "roleName",
@ -326,7 +325,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new role.", message = "Internal Server Error. \n Server error occurred while adding a new role.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:add", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
Response addRole( Response addRole(
@ApiParam( @ApiParam(
name = "role", name = "role",
@ -376,7 +375,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while updating the role.", message = "Internal Server Error. \n Server error occurred while updating the role.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:modify", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
Response updateRole( Response updateRole(
@ApiParam( @ApiParam(
name = "roleName", name = "roleName",
@ -413,7 +412,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while removing the role.", message = "Internal Server Error. \n Server error occurred while removing the role.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:modify", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
Response deleteRole( Response deleteRole(
@ApiParam( @ApiParam(
name = "roleName", name = "roleName",
@ -475,7 +474,7 @@ public interface RoleManagementService {
"Server error occurred while updating the user list of the role.", "Server error occurred while updating the user list of the role.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "role:add", roles = {"admin"}) @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
Response updateUsersOfRole( Response updateUsersOfRole(
@ApiParam( @ApiParam(
name = "roleName", name = "roleName",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.*; import org.wso2.carbon.device.mgt.jaxrs.beans.*;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -83,7 +83,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new user.", message = "Internal Server Error. \n Server error occurred while adding a new user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:add", roles = {"admin"}) @Scope(key = "user:write", name = "Add users", description = "")
Response addUser( Response addUser(
@ApiParam( @ApiParam(
name = "user", name = "user",
@ -135,7 +135,7 @@ public interface UserManagementService {
" fetching the requested user.", " fetching the requested user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:view", roles = {"admin"}) @Scope(key = "user:read", name = "View users", description = "")
Response getUser( Response getUser(
@ApiParam( @ApiParam(
name = "username", name = "username",
@ -192,7 +192,7 @@ public interface UserManagementService {
"Server error occurred while updating the user.", "Server error occurred while updating the user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:modify", roles = {"admin"}) @Scope(key = "user:write", name = "Add users", description = "")
Response updateUser( Response updateUser(
@ApiParam( @ApiParam(
name = "username", name = "username",
@ -227,7 +227,7 @@ public interface UserManagementService {
response = ErrorResponse.class response = ErrorResponse.class
) )
}) })
@Permission(scope = "user:modify", roles = {"admin"}) @Scope(key = "user:write", name = "Add users", description = "")
Response removeUser( Response removeUser(
@ApiParam(name = "username", value = "Username of the user to be deleted.", required = true) @ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
@PathParam("username") String username); @PathParam("username") String username);
@ -276,7 +276,7 @@ public interface UserManagementService {
" assigned to the user.", " assigned to the user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:view", roles = {"admin"}) @Scope(key = "user:read", name = "View users", description = "")
Response getRolesOfUser( Response getRolesOfUser(
@ApiParam(name = "username", value = "Username of the user.", required = true) @ApiParam(name = "username", value = "Username of the user.", required = true)
@PathParam("username") String username); @PathParam("username") String username);
@ -319,7 +319,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the user list.", message = "Internal Server Error. \n Server error occurred while fetching the user list.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:list", roles = {"admin"}) @Scope(key = "user:read", name = "View users", description = "")
Response getUsers( Response getUsers(
@ApiParam( @ApiParam(
name = "filter", name = "filter",
@ -386,7 +386,7 @@ public interface UserManagementService {
"list that matches the given filter.", "list that matches the given filter.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:view", roles = {"admin"}) @Scope(key = "user:read", name = "View users", description = "")
Response getUserNames( Response getUserNames(
@ApiParam( @ApiParam(
name = "filter", name = "filter",
@ -440,7 +440,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.", "Server error occurred while updating credentials of the user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:modify", roles = {"admin"}) @Scope(key = "user:read", name = "View users", description = "")
Response resetPassword( Response resetPassword(
@ApiParam( @ApiParam(
name = "username", name = "username",
@ -483,7 +483,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.", "Server error occurred while updating credentials of the user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:invite", roles = {"admin"}) @Scope(key = "user:write", name = "Add users", description = "")
Response inviteExistingUsersToEnrollDevice( Response inviteExistingUsersToEnrollDevice(
@ApiParam( @ApiParam(
name = "users", name = "users",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -74,7 +74,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.", "a given set of devices.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "application:install", roles = {"admin"}) @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response installApplication( Response installApplication(
@ApiParam( @ApiParam(
name = "applicationWrapper", name = "applicationWrapper",
@ -113,7 +113,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.", "a given set of devices.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "application:uninstall", roles = {"admin"}) @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response uninstallApplication( Response uninstallApplication(
@ApiParam( @ApiParam(
name = "applicationWrapper", name = "applicationWrapper",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -84,7 +84,7 @@ public interface DeviceManagementAdminService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.", message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "device:view", roles = {"admin"}) @Scope(key = "device:admin:read", name = "View Devices", description = "")
Response getDevicesByName( Response getDevicesByName(
@ApiParam( @ApiParam(
name = "name", name = "name",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -78,7 +78,7 @@ public interface DeviceTypeManagementService {
response = ErrorResponse.class) response = ErrorResponse.class)
} }
) )
@Permission(scope = "device-types:read", roles = {"admin"}) @Scope(key = "device-type:admin:read", name = "View device types", description = "")
Response getDeviceTypes( Response getDeviceTypes(
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",

@ -19,7 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.policy.mgt.common.DeviceGroupWrapper; import org.wso2.carbon.policy.mgt.common.DeviceGroupWrapper;
import javax.ws.rs.*; import javax.ws.rs.*;

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
@ -67,7 +67,7 @@ public interface UserManagementAdminService {
"Server error occurred while updating credentials of the user.", "Server error occurred while updating credentials of the user.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Permission(scope = "user:modify", roles = {"admin"}) @Scope(key = "user:admin:reset-password", name = "View users", description = "")
Response resetUserPassword( Response resetUserPassword(
@ApiParam( @ApiParam(
name = "username", name = "username",

@ -314,6 +314,14 @@ public class RequestValidationUtil {
} }
} }
public static void validateScopes(List<Scope> scopes) {
if (scopes == null || scopes.isEmpty()) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Scope details of the request body" +
" is incorrect or empty").build());
}
}
public static void validatePaginationParameters(int offset, int limit) { public static void validatePaginationParameters(int offset, int limit) {
if (offset < 0) { if (offset < 0) {
throw new InputValidationException( throw new InputValidationException(

Loading…
Cancel
Save