diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index d3d3ed09c00..4707bcdd4c9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -38,6 +38,7 @@ import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -186,8 +187,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori DeviceManagementDataHolder.getInstance().getGroupManagementProviderService() .getGroups(deviceIdentifier); for (DeviceGroup group : authorizedGroups) { - if (groupsWithDevice.contains(group)) { - return true; + Iterator groupsWithDeviceIterator = groupsWithDevice.iterator(); + while (groupsWithDeviceIterator.hasNext()) { + DeviceGroup deviceGroup = groupsWithDeviceIterator.next(); + if (deviceGroup.getId() == group.getId()) { + return true; + } } } return false; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java index 9e156618b68..5ec27f4c7cb 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java @@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.device.mgt.common.*; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.common.operation.mgt.Operation; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager; @@ -88,7 +89,8 @@ public class OperationManagerImpl implements OperationManager { authorizedDeviceList = deviceIds; } else { authorizedDeviceList = DeviceManagementDataHolder.getInstance(). - getDeviceAccessAuthorizationService().isUserAuthorized(deviceIds).getAuthorizedDevices(); + getDeviceAccessAuthorizationService().isUserAuthorized(deviceIds, DeviceGroupConstants. + Permissions.DEFAULT_OPERATOR_PERMISSIONS).getAuthorizedDevices(); } if (authorizedDeviceList.size() > 0) { try { @@ -146,7 +148,7 @@ public class OperationManagerImpl implements OperationManager { List operations = new ArrayList<>(); try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -202,7 +204,7 @@ public class OperationManagerImpl implements OperationManager { List operations = new ArrayList<>(); try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -266,7 +268,7 @@ public class OperationManagerImpl implements OperationManager { List dtoOperationList = new ArrayList<>(); try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -330,7 +332,7 @@ public class OperationManagerImpl implements OperationManager { int enrolmentId; try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -400,7 +402,7 @@ public class OperationManagerImpl implements OperationManager { int enrolmentId; try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -480,7 +482,7 @@ public class OperationManagerImpl implements OperationManager { } try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try { @@ -554,7 +556,7 @@ public class OperationManagerImpl implements OperationManager { int enrolmentId; try { boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId); + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); if (isUserAuthorized) { try { try {