diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java index 35ccabfab3..ee664e2c63 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -143,6 +143,17 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + private UIPermissionNode getAllRolePermissions(String roleName, UserRealm userRealm) throws UserAdminException { + org.wso2.carbon.user.core.UserRealm userRealmCore = null; + if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) { + userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm; + } + final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore); + final UIPermissionNode rolePermissions = + userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID); + return rolePermissions; + } + private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm) throws UserAdminException { org.wso2.carbon.user.core.UserRealm userRealmCore = null; @@ -228,6 +239,19 @@ public class RoleManagementServiceImpl implements RoleManagementService { return list; } + + private List getAuthorizedPermissions(UIPermissionNode uiPermissionNode, List list) { + for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) { + if (permissionNode.isSelected()) { + list.add(permissionNode.getResourcePath()); + } + if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) { + getAuthorizedPermissions(permissionNode, list); + } + } + return list; + } + @POST @Override public Response addRole(RoleInfo roleInfo) { @@ -377,6 +401,17 @@ public class RoleManagementServiceImpl implements RoleManagementService { } if (roleInfo.getPermissions() != null) { + // Get all role permissions + final UIPermissionNode rolePermissions = this.getAllRolePermissions(roleName, userRealm); + List permissions = new ArrayList(); + this.getAuthorizedPermissions(rolePermissions, permissions); + for (String permission : roleInfo.getPermissions()) { + permissions.add(permission); + } + String [] allApplicablePerms = new String[permissions.size()]; + allApplicablePerms = permissions.toArray(allApplicablePerms); + roleInfo.setPermissions(allApplicablePerms); + // Delete all authorizations for the current role before authorizing the permission tree authorizationManager.clearRoleAuthorization(roleName); if (roleInfo.getPermissions().length > 0) { @@ -394,6 +429,11 @@ public class RoleManagementServiceImpl implements RoleManagementService { log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } catch (UserAdminException e) { + String msg = "Error occurred while updating permissions of the role '" + roleName + "'"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } }