From 2425721744cac3698659def080f5dfa3c94d31c4 Mon Sep 17 00:00:00 2001
From: isuri <isuri@entgra.io>
Date: Sun, 15 Oct 2023 23:57:24 +0530
Subject: [PATCH] permission and web configurations for device organization

---
 .../pom.xml                                   | 154 ++++++++++++++++--
 .../organization/api/ApiOriginFilter.java     |  43 +++++
 .../api/DeviceOrganizationMgtServiceImpl.java |  11 +-
 .../src/main/webapp/META-INF/permissions.xml  |  76 +++++++++
 .../src/main/webapp/WEB-INF/web.xml           |  36 +++-
 5 files changed, 294 insertions(+), 26 deletions(-)
 create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/ApiOriginFilter.java

diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/pom.xml b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/pom.xml
index 80fb7dc076..3443528ad4 100644
--- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/pom.xml
+++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/pom.xml
@@ -133,39 +133,75 @@
     </profiles>
 
     <dependencies>
+        <dependency>
+            <groupId>org.testng</groupId>
+            <artifactId>testng</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-bundle</artifactId>
+            <version>3.0.0-milestone2</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-bundle-jaxrs</artifactId>
             <scope>provided</scope>
         </dependency>
-
         <dependency>
-            <groupId>commons-codec.wso2</groupId>
-            <artifactId>commons-codec</artifactId>
+            <groupId>commons-httpclient.wso2</groupId>
+            <artifactId>commons-httpclient</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.utils</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.user.mgt</artifactId>
+            <scope>provided</scope>
             <exclusions>
                 <exclusion>
-                    <groupId>commons-codec</groupId>
-                    <artifactId>commons-codec</artifactId>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>jcl-over-slf4j</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-jaxrs</artifactId>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.logging</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
+            <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.axis2.wso2</groupId>
+                    <artifactId>axis2-client</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
-       <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <scope>test</scope>
+        <dependency>
+            <groupId>org.json.wso2</groupId>
+            <artifactId>json</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.wso2.carbon</groupId>
-            <artifactId>org.wso2.carbon.logging</artifactId>
+            <groupId>commons-codec.wso2</groupId>
+            <artifactId>commons-codec</artifactId>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -187,13 +223,17 @@
             <artifactId>swagger-core</artifactId>
             <exclusions>
                 <exclusion>
-                    <groupId>org.wso2.orbit.com.fasterxml.jackson.core</groupId>
-                    <artifactId>jackson-annotations</artifactId>
+                    <groupId>com.fasterxml.jackson.module</groupId>
+                    <artifactId>jackson-module-jaxb-annotations</artifactId>
                 </exclusion>
                 <exclusion>
                     <groupId>org.slf4j</groupId>
                     <artifactId>slf4j-api</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.wso2.orbit.com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
@@ -208,13 +248,97 @@
                     <groupId>org.slf4j</groupId>
                     <artifactId>slf4j-api</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.wso2.orbit.com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>io.entgra.device.mgt.core</groupId>
             <artifactId>io.entgra.device.mgt.core.apimgt.annotations</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.orbit.com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hibernate</groupId>
+            <artifactId>hibernate-validator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>javax.ws.rs-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>jsr311-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.commons</groupId>
+            <artifactId>org.wso2.carbon.application.mgt.stub</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.entgra.device.mgt.core</groupId>
+            <artifactId>io.entgra.device.mgt.core.identity.jwt.client.extension</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.registry.core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.registry</groupId>
+            <artifactId>org.wso2.carbon.registry.resource</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.user.store.count</artifactId>
+            <version>${carbon.identity.framework.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-module-testng</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-api-mockito</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.entgra.device.mgt.core</groupId>
+            <artifactId>io.entgra.device.mgt.core.device.mgt.common</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.entgra.device.mgt.core</groupId>
+            <artifactId>io.entgra.device.mgt.core.device.mgt.extensions</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.claim.metadata.mgt</artifactId>
+            <version>${carbon.identity.framework.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.entgra.device.mgt.core</groupId>
+            <artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 
 </project>
diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/ApiOriginFilter.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/ApiOriginFilter.java
new file mode 100644
index 0000000000..1755327573
--- /dev/null
+++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/ApiOriginFilter.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class ApiOriginFilter implements Filter {
+
+    public void doFilter(ServletRequest request, ServletResponse response,
+                         FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse res = (HttpServletResponse) response;
+        res.addHeader("Access-Control-Allow-Origin", "*");
+        res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
+        res.addHeader("Access-Control-Allow-Headers", "Content-Type");
+        chain.doFilter(request, response);
+    }
+
+    public void destroy() {
+        //do nothing
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+        //do nothing
+    }
+
+}
diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/DeviceOrganizationMgtServiceImpl.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/DeviceOrganizationMgtServiceImpl.java
index 1176e2f9ee..47174542d0 100644
--- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/DeviceOrganizationMgtServiceImpl.java
+++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/device/organization/api/DeviceOrganizationMgtServiceImpl.java
@@ -51,11 +51,16 @@ public class DeviceOrganizationMgtServiceImpl implements DeviceOrganizationMgtSe
     @Override
     @Path("/add-device-organization")
     public Response addDeviceOrganization(DeviceOrganization deviceOrganizationRequest) {
+        if (deviceOrganizationRequest == null) {
+            String errorMessage = "The payload of the device organization is incorrect.";
+            return Response.status(Response.Status.BAD_REQUEST).entity(errorMessage).build();
+        }
         try {
+            if (deviceOrganizationRequest.getDeviceId() <= 0 || deviceOrganizationRequest.getParentDeviceId() <= 0) {
+                String errorMessage = "The payload of the device organization is incorrect.";
+                return Response.status(Response.Status.BAD_REQUEST).entity(errorMessage).build();
+            }
             DeviceOrganizationService deviceOrganizationService = new DeviceOrganizationServiceImpl();
-//            DeviceOrganization deviceOrganization = new DeviceOrganization();
-//            deviceOrganization.setDeviceId(DeviceOrganization.getDeviceId());
-//            deviceOrganization.setParentDeviceId(DeviceOrganization.getParentDeviceId());
             boolean resp = deviceOrganizationService.addDeviceOrganization(deviceOrganizationRequest);
             return Response.status(Response.Status.OK).entity(gson.toJson(resp)).build();
         } catch (DeviceOrganizationMgtPluginException e) {
diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/META-INF/permissions.xml
index addd717eb6..28e415b7af 100644
--- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/META-INF/permissions.xml
+++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/META-INF/permissions.xml
@@ -29,4 +29,80 @@
 -->
 <PermissionConfiguration>
     <APIVersion></APIVersion>
+
+    <!-- Device Organization related APIs -->
+    <Permission>
+        <name>Create a new Device Organization</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/add-device-organization</url>
+        <method>POST</method>
+    </Permission>
+    <Permission>
+        <name>View Child Devices</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/children</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>View Parent Devices</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/parents</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>View All Device Organizations</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/all</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>View Device Organization Details</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/{organizationId}</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>Check Device Organization Existence</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/exists</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>View Device Organization By Unique key</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/unique</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>Check Device Organization Existence</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/device-exists</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>Check Child Device Existence</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/child-exists</url>
+        <method>GET</method>
+    </Permission>
+    <Permission>
+        <name>Update Device Organization</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/update</url>
+        <method>PUT</method>
+    </Permission>
+    <Permission>
+        <name>Delete Device Organization By ID</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/delete/{organizationId}</url>
+        <method>DELETE</method>
+    </Permission>
+    <Permission>
+        <name>Delete Device Organizations Associated with an ID</name>
+        <path>/device-mgt/devices/owning/view</path>
+        <url>/deviceOrganization/delete-associations/{deviceId}</url>
+        <method>DELETE</method>
+    </Permission>
+
+    <!-- End of Device Organization related APIs -->
 </PermissionConfiguration>
diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/WEB-INF/web.xml b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/WEB-INF/web.xml
index 7ffe0a5806..1777fa716c 100644
--- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api/src/main/webapp/WEB-INF/web.xml
@@ -17,9 +17,9 @@
   ~ under the License.
   -->
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
-    <display-name>Grafana-API-Proxy-Webapp</display-name>
+    <display-name>Admin-Webapp</display-name>
     <servlet>
-        <description>JAX-WS/JAX-RS Grafana API Management Endpoint</description>
+        <description>JAX-WS/JAX-RS Device Management Endpoint</description>
         <display-name>JAX-WS/JAX-RS Servlet</display-name>
         <servlet-name>CXFServlet</servlet-name>
         <servlet-class>
@@ -42,17 +42,16 @@
 
     <context-param>
         <param-name>doAuthentication</param-name>
-        <param-value>false</param-value>
-    </context-param>
-    <context-param>
-        <param-name>basicAuth</param-name>
-        <param-value>false</param-value>
+        <param-value>true</param-value>
     </context-param>
 
     <context-param>
         <param-name>nonSecuredEndPoints</param-name>
         <param-value>
-            /keymgt-test-api/.*,
+            /api/device-mgt/v1.0/users/validate,
+            /api/device-mgt/v1.0/whitelabel/.*/favicon,
+            /api/device-mgt/v1.0/whitelabel/.*/logo,
+            /api/device-mgt/v1.0/whitelabel/.*/icon,
         </param-value>
     </context-param>
 
@@ -70,6 +69,22 @@
         <param-value>true</param-value>
     </context-param>
 
+    <!-- Below configuration is used to redirect http requests to https -->
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>DeviceMgt-Admin</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <filter>
+        <filter-name>ApiOriginFilter</filter-name>
+        <filter-class>io.entgra.device.mgt.core.device.mgt.extensions.device.organization.api.ApiOriginFilter</filter-class>
+    </filter>
+
     <filter>
         <filter-name>HttpHeaderSecurityFilter</filter-name>
         <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
@@ -106,4 +121,9 @@
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 
+    <filter-mapping>
+        <filter-name>ApiOriginFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
 </web-app>