Add permission updating logic

certificate-patch
Akeela Azhar 1 year ago
parent fe795bc399
commit 22b9897a4b

@ -38,6 +38,6 @@ public interface APIPublisherService {
void addDefaultScopesIfNotExist(); void addDefaultScopesIfNotExist();
void updateScopeRoleMapping(String roleName, String[] permissions) throws APIManagerPublisherException; void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException;
} }

@ -626,7 +626,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
} }
@Override @Override
public void updateScopeRoleMapping(String roleName, String[] permissions) throws APIManagerPublisherException { public void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException {
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl(); APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
APIApplicationKey apiApplicationKey; APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo; AccessTokenInfo accessTokenInfo;
@ -643,8 +643,40 @@ public class APIPublisherServiceImpl implements APIPublisherService {
try { try {
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl(); PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo); JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping(); Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping();
if (permissions.length != 0) {
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, permissions, permScopeMap, false);
}
if (removedPermissions.length != 0) {
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, removedPermissions, permScopeMap, true);
}
try {
updatePermissions(roleName, Arrays.asList(permissions));
} catch (UserStoreException e) {
String errorMsg = "Error occurred when adding permissions to role: " + roleName;
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
}
} catch (APIServicesException e) {
String errorMsg = "Error while processing Publisher REST API response";
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
} catch (BadRequestException e) {
String errorMsg = "Error while calling Publisher REST APIs";
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
} catch (UnexpectedResponseException e) {
String errorMsg = "Unexpected response from the server";
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
}
}
private void updateScopes (String roleName, PublisherRESTAPIServices publisherRESTAPIServices,
APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
JSONObject scopeObject, String[] permissions, Map<String, String> permScopeMap, boolean removingPermissions )
throws APIManagerPublisherException {
for (String permission : permissions) { for (String permission : permissions) {
String scopeValue = permScopeMap.get(permission); String scopeValue = permScopeMap.get(permission);
if (scopeValue == null) { if (scopeValue == null) {
@ -671,40 +703,29 @@ public class APIPublisherServiceImpl implements APIPublisherService {
for (int j = 0; j < existingRolesArray.length(); j++) { for (int j = 0; j < existingRolesArray.length(); j++) {
existingRoleList.add((String) existingRolesArray.get(j)); existingRoleList.add((String) existingRolesArray.get(j));
} }
if (removingPermissions) {
existingRoleList.remove(roleName);
} else {
if (!existingRoleList.contains(roleName)) { if (!existingRoleList.contains(roleName)) {
existingRoleList.add(roleName); existingRoleList.add(roleName);
} }
}
scope.setRoles(String.join(",", existingRoleList)); scope.setRoles(String.join(",", existingRoleList));
try {
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) { if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope); publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
} else { } else {
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list // todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
log.warn(scope.getKey() + " not available as shared scope"); log.warn(scope.getKey() + " not available as shared scope");
} }
break; } catch (APIServicesException | BadRequestException | UnexpectedResponseException e) {
} log.error("Error occurred while updating role scope mapping via APIM REST endpoint.", e);
} }
break;
} }
try {
updatePermissions(roleName, Arrays.asList(permissions));
} catch (UserStoreException e) {
String errorMsg = "Error occurred when adding permissions to role: " + roleName;
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
} }
} catch (APIServicesException e) {
String errorMsg = "Error while processing Publisher REST API response";
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
} catch (BadRequestException e) {
String errorMsg = "Error while calling Publisher REST APIs";
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
} catch (UnexpectedResponseException e) {
String errorMsg = "Unexpected response from the server";
log.error(errorMsg, e);
throw new APIManagerPublisherException(errorMsg, e);
} }
} }

@ -33,6 +33,11 @@ public class RoleInfo {
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.", @ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
required = true, dataType = "List[java.lang.String]") required = true, dataType = "List[java.lang.String]")
private String[] permissions; private String[] permissions;
@ApiModelProperty(name = "removedPermissions", value = "Lists out all the permissions unassociated with roles.",
required = true, dataType = "List[java.lang.String]")
private String[] removedPermissions;
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.", @ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
required = true, dataType = "List[java.lang.String]") required = true, dataType = "List[java.lang.String]")
private String[] users; private String[] users;
@ -76,4 +81,7 @@ public class RoleInfo {
this.permissionList = permissionList; this.permissionList = permissionList;
} }
public String[] getRemovedPermissions() { return removedPermissions; }
public void setRemovedPermissions(String[] removedPermissions) { this.removedPermissions = removedPermissions; }
} }

@ -403,8 +403,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
try { try {
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) { if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
String[] roleName = roleInfo.getRoleName().split("/"); String[] roleName = roleInfo.getRoleName().split("/");
addPermissions(roleName[roleName.length - 1], roleInfo.getPermissions(), roleInfo.setRemovedPermissions(new String[0]);
DeviceMgtAPIUtils.getUserRealm()); updatePermissions(roleName[roleName.length - 1], roleInfo, DeviceMgtAPIUtils.getUserRealm());
} }
} catch (UserStoreException e) { } catch (UserStoreException e) {
String msg = "Error occurred while loading the user store."; String msg = "Error occurred while loading the user store.";
@ -546,7 +546,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
if (roleInfo.getPermissions() != null) { if (roleInfo.getPermissions() != null) {
String[] roleDetails = roleName.split("/"); String[] roleDetails = roleName.split("/");
addPermissions(roleDetails[roleDetails.length - 1], roleInfo.getPermissions(), userRealm); updatePermissions(roleDetails[roleDetails.length - 1], roleInfo, userRealm);
} }
//TODO: Need to send the updated role information in the entity back to the client //TODO: Need to send the updated role information in the entity back to the client
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " + return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@ -697,7 +697,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
return rolePermissions; return rolePermissions;
} }
private void addPermissions(String roleName, String[] permissions, UserRealm userRealm) { private void updatePermissions(String roleName, RoleInfo roleInfo, UserRealm userRealm) {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
Thread thread = new Thread(new Runnable() { Thread thread = new Thread(new Runnable() {
@Override @Override
@ -707,7 +707,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName, DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName,
RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm, RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
permissions)); roleInfo.getPermissions()), RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
roleInfo.getRemovedPermissions()));
} catch (APIManagerPublisherException | UserAdminException e) { } catch (APIManagerPublisherException | UserAdminException e) {
log.error("Error Occurred while updating role scope mapping. ", e); log.error("Error Occurred while updating role scope mapping. ", e);
} finally { } finally {

Loading…
Cancel
Save