diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java index fcb5a7db6c..a90b51d409 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java @@ -40,6 +40,7 @@ import org.wso2.carbon.device.mgt.jaxrs.util.CredentialManagementResponseBuilder import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.identity.user.store.count.UserStoreCountRetriever; import org.wso2.carbon.identity.user.store.count.exception.UserStoreCounterException; +import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.CarbonUtils; @@ -82,6 +83,16 @@ public class UserManagementServiceImpl implements UserManagementService { private static final String DEFAULT_DEVICE_USER = "Internal/devicemgt-user"; private static final String DEFAULT_DEVICE_ADMIN = "Internal/devicemgt-admin"; + // Permissions that are given for a normal device user. + private static final Permission[] PERMISSIONS_FOR_DEVICE_USER = { + new Permission("/permission/admin/Login", "ui.execute"), + new Permission("/permission/admin/device-mgt/device/api/subscribe", "ui.execute"), + new Permission("/permission/admin/device-mgt/devices/enroll", "ui.execute"), + new Permission("/permission/admin/device-mgt/devices/disenroll", "ui.execute"), + new Permission("/permission/admin/device-mgt/devices/owning-device/view", "ui.execute"), + new Permission("/permission/admin/manage/portal", "ui.execute") + }; + @POST @Override public Response addUser(UserInfo userInfo) { @@ -114,6 +125,11 @@ public class UserManagementServiceImpl implements UserManagementService { String[] roles = new String[tmpRoles.size()]; tmpRoles.toArray(roles); + // If the normal device user role does not exist, create a new role with the minimal permissions + if (!userStoreManager.isExistingRole(DEFAULT_DEVICE_USER)) { + userStoreManager.addRole(DEFAULT_DEVICE_USER, null, PERMISSIONS_FOR_DEVICE_USER); + } + userStoreManager.addUser(userInfo.getUsername(), initialUserPassword, roles, defaultUserClaims, null); // Outputting debug message upon successful addition of user @@ -258,13 +274,10 @@ public class UserManagementServiceImpl implements UserManagementService { } } - private List getFilteredRoles(UserStoreManager userStoreManager, String username) { + private List getFilteredRoles(UserStoreManager userStoreManager, String username) + throws UserStoreException { String[] roleListOfUser = new String[0]; - try { - roleListOfUser = userStoreManager.getRoleListOfUser(username); - } catch (UserStoreException e) { - e.printStackTrace(); - } + roleListOfUser = userStoreManager.getRoleListOfUser(username); List filteredRoles = new ArrayList<>(); for (String role : roleListOfUser) { if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) { @@ -380,7 +393,6 @@ public class UserManagementServiceImpl implements UserManagementService { } else { offsetList = new ArrayList<>(); } - BasicUserInfoList result = new BasicUserInfoList(); result.setList(offsetList); result.setCount(users.length);