Sync with master

licensing-improvements
Lasantha Dharmakeerthi 3 months ago
commit 2cc7f8ccb7

@ -33,6 +33,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermis
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.ServerStartupObserver;
import java.util.ArrayList;
@ -60,6 +61,7 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
@Override
public void completedServerStartup() {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
APIPublisherDataHolder.getInstance().setServerStarted(true);
currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis();
Thread t = new Thread(() -> {
@ -107,7 +109,14 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
log.error("failed to update scope role mapping.", e);
}
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
updateScopeMetadataEntryWithDefaultScopes();
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
log.info("Successfully published : [" + publishedAPIs + "]. " +
"and failed : [" + failedAPIsStack + "] " +
"Total successful count : [" + publishedAPIs.size() + "]. " +
@ -126,7 +135,7 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
log.info("Starting API publishing procedure");
}
/**
/**
* Publish apis provided by the API stack, if failed while publishing, then failed API will be added to
* the failed API stack
*

@ -73,21 +73,24 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(getTenantId());
String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username);
boolean isAuthorized = true;
boolean isAuthorized;
for (String groupPermission : groupPermissions) {
isAuthorized = false;
for (String role : userRoles) {
if (!userRealm.getAuthorizationManager().
if (userRealm.getAuthorizationManager().
isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) {
isAuthorized = false;
isAuthorized = true;
break;
}
}
if (!isAuthorized) {
return false;
}
}
return isAuthorized;
return true;
} catch (UserStoreException e) {
throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " +
groupId + " for the user : " +
username, e);
groupId + " for the user : " + username, e);
}
}
}

Loading…
Cancel
Save