osh.silva
/
device-mgt-core
forked from community/device-mgt-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #800 from ruwany/master

Browse Source 
Adding fixes for https://github.com/wso2/product-iots/issues/997
revert-70aa11f8
Geeth 7 years ago committed by GitHub
parent d07098ae1d ac01fef7be
commit e41b60eee9
3 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File

10
components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
Unescape View File

@ -311,6 +311,16 @@
<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId> <artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.registry.core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.registry</groupId>
<artifactId>org.wso2.carbon.registry.resource</artifactId>
<scope>provided</scope>
</dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon.identity.framework</groupId> <groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.user.store.count</artifactId> <artifactId>org.wso2.carbon.identity.user.store.count</artifactId>

60
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
Unescape View File

@ -22,6 +22,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer; import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
import org.wso2.carbon.registry.api.Registry;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
import org.wso2.carbon.user.api.*; import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager; import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy; import org.wso2.carbon.user.mgt.UserRealmProxy;
@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
} }
} }
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions); userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions());
//TODO fix what's returned in the entity //TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))). return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION); authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
} }
} }
authorizeRoleForAppmgt(roleName, roleInfo.getPermissions());
} }
//TODO: Need to send the updated role information in the entity back to the client //TODO: Need to send the updated role information in the entity back to the client
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " + return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService {
} }
} }
/**
* When presented with role and a set of permissions, if given role has permission to
* perform mobile app management, said role will be given rights mobile app collection in the
* governance registry.
*
* @param role
* @param permissions
* @return state of role update Operation
*/
private boolean authorizeRoleForAppmgt(String role, String[] permissions) {
String permissionString =
"ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false";
String resourcePath = "/_system/governance/mobileapps/";
boolean appmPermAvailable = false;
if (permissions != null) {
for (int i = 0; i < permissions.length; i++)
switch (permissions[i]) {
case "/permission/admin/manage/mobileapp":
appmPermAvailable = true;
break;
case "/permission/admin/manage/mobileapp/create":
appmPermAvailable = true;
break;
case "/permission/admin/manage/mobileapp/publish":
appmPermAvailable = true;
break;
}
}
if (appmPermAvailable) {
try {
Registry registry = CarbonContext.getThreadLocalCarbonContext().
getRegistry(RegistryType.SYSTEM_GOVERNANCE);
ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry,
resourcePath, role + ":" + permissionString);
return true;
} catch (Exception e) {
String msg = "Error while retrieving user registry in order to update permissions "
+ "for resource : " + resourcePath;
log.error(msg, e);
return false;
}
} else {
if (log.isDebugEnabled()) {
log.debug("Mobile App Management permissions not selected, therefore role : " +
role + " not given permission for registry collection : " + resourcePath);
}
return false;
}
}
@DELETE @DELETE
@Path("/{roleName}") @Path("/{roleName}")
@Override @Override

6
pom.xml
Unescape View File

@ -1538,6 +1538,11 @@
<artifactId>org.wso2.carbon.event.stream.stub</artifactId> <artifactId>org.wso2.carbon.event.stream.stub</artifactId>
<version>${carbon.analytics.common.version}</version> <version>${carbon.analytics.common.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.registry</groupId>
<artifactId>org.wso2.carbon.registry.resource</artifactId>
<version>${carbon.registry.resource.version}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
@ -1851,6 +1856,7 @@
<!-- Carbon Registry --> <!-- Carbon Registry -->
<carbon.registry.version>4.6.0</carbon.registry.version> <carbon.registry.version>4.6.0</carbon.registry.version>
<carbon.registry.resource.version>4.6.5</carbon.registry.resource.version>
<carbon.registry.imp.pkg.version.range>[4.4.8, 5.0.0)</carbon.registry.imp.pkg.version.range> <carbon.registry.imp.pkg.version.range>[4.4.8, 5.0.0)</carbon.registry.imp.pkg.version.range>
<!--CXF properties--> <!--CXF properties-->

Write Preview
Loading…
Cancel
Save