fix: role sharing issues for other users

issue-10462/secure-pending-operation-6.2
Thilina Sandaruwan 1 year ago
parent 253dc03233
commit 6dbad29776

@ -246,6 +246,15 @@ public interface GroupDAO {
List<DeviceGroup> getGroups(GroupPaginationRequest paginationRequest, List<Integer> deviceGroupIds,
int tenantId) throws GroupManagementDAOException;
/**
* Get the list of Device Groups in tenant.
*
* @param tenantId of user's tenant.
* @return List of all Device Groups in tenant.
* @throws GroupManagementDAOException
*/
List<DeviceGroup> getGroups(List<Integer> deviceGroupIds, int tenantId) throws GroupManagementDAOException;
/**
* Get the list of Device Groups in tenant.
*

@ -169,6 +169,46 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
throw new GroupManagementDAOException(msg, e);
}
}
@Override
public List<DeviceGroup> getGroups(List<Integer> deviceGroupIds, int tenantId) throws GroupManagementDAOException {
int deviceGroupIdsCount = deviceGroupIds.size();
if (deviceGroupIdsCount == 0) {
return new ArrayList<>();
}
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?";
sql += " AND ID IN (";
for (int i = 0; i < deviceGroupIdsCount; i++) {
sql += (deviceGroupIdsCount - 1 != i) ? "?," : "?";
}
sql += ")";
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
int paramIndex = 1;
stmt.setInt(paramIndex++, tenantId);
for (Integer deviceGroupId : deviceGroupIds) {
stmt.setInt(paramIndex++, deviceGroupId);
}
List<DeviceGroup> deviceGroupList = new ArrayList<>();
try (ResultSet resultSet = stmt.executeQuery()) {
while (resultSet.next()) {
deviceGroupList.add(GroupManagementDAOUtil.loadGroup(resultSet));
}
}
return deviceGroupList;
}
} catch (SQLException e) {
String msg = "Error occurred while retrieving groups of groups IDs " + deviceGroupIds
+ " in tenant: " + tenantId;
log.error(msg);
throw new GroupManagementDAOException(msg, e);
}
}
@Override
public List<DeviceGroup> getGroups(GroupPaginationRequest request, List<Integer> deviceGroupIds,
int tenantId, boolean isWithParentPath) throws GroupManagementDAOException {

@ -35,6 +35,7 @@ import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.netbeans.lib.cvsclient.commandLine.command.status;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -57,11 +58,7 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.stream.Collectors;
@ -564,24 +561,18 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
throw new GroupManagementException(msg);
}
if (log.isDebugEnabled()) {
log.debug("Get groups with hierarchy " + request.toString());
log.debug("Get groups with hierarchy " + request);
}
boolean isWithParentPath = false;
DeviceManagerUtil.validateGroupListPageSize(request);
List<DeviceGroup> rootGroups;
try {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
request.setParentPath(DeviceGroupConstants.HierarchicalGroup.SEPERATOR);
String parentPath;
List<DeviceGroup> childrenGroups;
if (StringUtils.isBlank(username)) {
GroupManagementDAOFactory.openConnection();
rootGroups = groupDAO.getGroups(request, tenantId);
} else {
List<Integer> allDeviceGroupIdsOfUser = getGroupIds(username);
GroupManagementDAOFactory.openConnection();
rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId, isWithParentPath);
}
String parentPath;
List<DeviceGroup> childrenGroups;
for (DeviceGroup rootGroup : rootGroups) {
parentPath = DeviceManagerUtil.createParentPath(rootGroup);
childrenGroups = groupDAO.getChildrenGroups(parentPath, tenantId);
@ -591,6 +582,17 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
populateGroupProperties(rootGroup, tenantId);
}
}
} else {
List<Integer> allDeviceGroupIdsOfUser = getGroupIds(username);
GroupManagementDAOFactory.openConnection();
rootGroups = this.getGroups(allDeviceGroupIdsOfUser, tenantId);
if (requireGroupProps) {
for (DeviceGroup rootGroup : rootGroups) {
populateGroupProperties(rootGroup, tenantId);
}
}
}
} catch (GroupManagementDAOException e) {
String msg = "Error occurred while retrieving all groups with hierarchy";
log.error(msg, e);
@ -613,6 +615,49 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
return groupResult;
}
private List<DeviceGroup> getGroups(List<Integer> groupIds, int tenantId) throws GroupManagementException {
try {
List<DeviceGroup >groups = groupDAO.getGroups(groupIds, tenantId);
if (groups == null) {
String msg = "Retrieved null when getting groups for group ids " + groupIds.toString();
log.error(msg);
throw new GroupManagementException(msg);
}
if (groups.isEmpty()) return groups;
groups.sort(Comparator.comparing(DeviceGroup::getGroupId));
return getTree(groups);
} catch (GroupManagementDAOException ex) {
String msg = "Error occurred while getting groups for group ids " + groupIds.toString();
log.error(msg, ex);
throw new GroupManagementException(msg, ex);
}
}
private List<DeviceGroup> getTree(List<DeviceGroup> groups) {
List<DeviceGroup> tree = new ArrayList<>();
for (DeviceGroup deviceGroup : groups) {
DeviceGroup treeNode = tree.stream().
filter(node -> deviceGroup.getParentPath().
contains(Integer.toString(node.getGroupId()))).
findFirst().orElse(null);
if (treeNode != null) {
if (Objects.equals(treeNode.getParentPath(), deviceGroup.getParentPath())) {
tree.add(deviceGroup);
} else {
List<DeviceGroup> tempGroups = treeNode.getChildrenGroups();
if (tempGroups == null) {
tempGroups = new ArrayList<>();
}
tempGroups.add(deviceGroup);
treeNode.setChildrenGroups(getTree(tempGroups));
}
} else {
tree.add(deviceGroup);
}
}
return tree;
}
@Override
public List<DeviceGroup> getGroups(String username, boolean requireGroupProps) throws GroupManagementException {
if (username == null || username.isEmpty()) {

Loading…
Cancel
Save