From 9967d6e7da1ec6f7600ca5b57c146c6f6148793a Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 26 Apr 2017 00:56:32 +0530 Subject: [PATCH] few fixes after testing mqtt authorisation flow (cherry picked from commit 4aba08b) --- .../extension/api/filter/ApiPermissionFilter.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java index 1f043c7b86..0c78488a2d 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java @@ -47,6 +47,7 @@ public class ApiPermissionFilter implements Filter { private static final String PERMISSION_PREFIX = "/permission/admin"; private static List permissions; private static final String WEBAPP_CONTEXT = "/api-application-registration"; + private static final String DEFAULT_ADMIN_ROLE = "admin"; @Override public void init(FilterConfig filterConfig) throws ServletException { InputStream permissionStream = filterConfig.getServletContext().getResourceAsStream(PERMISSION_CONFIG_PATH); @@ -122,7 +123,17 @@ public class ApiPermissionFilter implements Filter { UserRealm userRealm = APIUtil.getRealmService().getTenantUserRealm(PrivilegedCarbonContext .getThreadLocalCarbonContext().getTenantId()); String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username); - return userRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, permission, action); + boolean status = userRealm.getAuthorizationManager() + .isUserAuthorized(tenantAwareUsername, permission, action); + if (!status) { + String[] roles = userRealm.getUserStoreManager().getRoleListOfUser(tenantAwareUsername); + for (String role : roles) { + if (role.equals(DEFAULT_ADMIN_ROLE)) { + return true; + } + } + } + return status; } catch (UserStoreException e) { String errorMsg = String.format("Unable to authorize the user : %s", username); log.error(errorMsg, e);