Merge branch 'release-2.0.x' of https://github.com/wso2/carbon-device-mgt into release-2.0.x

8 years ago · ba506183b1
parent 34aac48071 68ad05fde2
commit ba506183b1
8 changed files with 96 additions and 57 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
@ -74,6 +74,43 @@
        <filter-name>ApiOriginFilter</filter-name>
        <filter-class>org.wso2.carbon.device.mgt.jaxrs.ApiOriginFilter</filter-class>
    </filter>
+
+    <filter>
+        <filter-name>HttpHeaderSecurityFilter</filter-name>
+        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+        <init-param>
+            <param-name>hstsEnabled</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
+
+    <filter>
+        <filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
+        <filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
+        <init-param>
+            <param-name>patterns</param-name>
+            <param-value>"text/html*","application/json*","text/plain*"</param-value>
+        </init-param>
+        <init-param>
+            <param-name>filterAction</param-name>
+            <param-value>enforce</param-value>
+        </init-param>
+        <init-param>
+            <param-name>httpHeaders</param-name>
+            <param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
+        </init-param>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>HttpHeaderSecurityFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter-mapping>
+        <filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
    <filter-mapping>
        <filter-name>ApiOriginFilter</filter-name>
        <url-pattern>/*</url-pattern>
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
@ -29,13 +29,15 @@ var carbonServer = new carbonModule.server.Server({
 application.put("carbonServer", carbonServer);

 var permissions = {
-    "/permission/admin/device-mgt/devices/enroll": ["ui.execute"],
-    "/permission/admin/device-mgt/devices/disenroll": ["ui.execute"],
-    "/permission/admin/device-mgt/devices/owning-device": ["ui.execute"],
-    "/permission/admin/device-mgt/groups": ["ui.execute"],
-    "/permission/admin/device-mgt/notifications": ["ui.execute"],
-    "/permission/admin/device-mgt/policies": ["ui.execute"],
-    "/permission/admin/manage/api/subscribe": ["ui.execute"]
+    "/permission/admin/Login": ["ui.execute"]
 };

+var adminPermissions = {
+    "/permission/admin": ["ui.execute"]
+};
+
+//On Startup, admin user will get both roles: devicemgt-admin and devicemgt-user
+//Average user through sign-up will only receive the role: devicemgt-user.
+//Admin can setup necessary permissions for the role: devicemgt-user
 userModule.addRole("internal/devicemgt-user", ["admin"], permissions);
+userModule.addRole("internal/devicemgt-admin", ["admin"], adminPermissions);
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs
@ -45,33 +45,33 @@
            </a>
        </li>
    {{/if}}
-    <li><a><i class="fw fw-user"></i>User Management</a>
-        <ul>
-            {{#if permissions.LIST_USERS}}
-                <li><a href="{{@app.context}}/users"><i class="fw fw-user"></i>Users</a></li>
-            {{/if}}
+    {{#if userMgtEnabled}}
+        <li><a><i class="fw fw-user"></i>User Management</a>
+            <ul>
+                {{#if permissions.LIST_USERS}}
+                    <li><a href="{{@app.context}}/users"><i class="fw fw-user"></i>Users</a></li>
+                {{/if}}

-            {{#if permissions.LIST_ROLES}}
-                <li><a href="{{@app.context}}/roles"><i class="fw fw-bookmark"></i>Roles</a></li>
-            {{/if}}
-        </ul>
-    </li>
+                {{#if permissions.LIST_ROLES}}
+                    <li><a href="{{@app.context}}/roles"><i class="fw fw-bookmark"></i>Roles</a></li>
+                {{/if}}
+            </ul>
+        </li>
+    {{/if}}
    {{#if permissions.LIST_POLICIES}}
        <li><a href="{{@app.context}}/policies"><i class="fw fw-policy"></i>Policy Management</a></li>
    {{/if}}
-    <li><a><i class="fw fw-settings"></i>Configuration Management</a>
-        <ul>
-            {{#if permissions.TENANT_CONFIGURATION}}
+    {{#if permissions.TENANT_CONFIGURATION}}
+        <li><a><i class="fw fw-settings"></i>Configuration Management</a>
+            <ul>
                <li><a href="{{@app.context}}/platform-configuration"><i class="fw fw-service"></i>Platform Configurations</a>
                </li>
-            {{/if}}
-            <!-- todo change the permission and get the related permission -->
-            {{#if permissions.TENANT_CONFIGURATION}}
+                <!-- todo change the permission and get the related permission -->
                <li><a href="{{@app.context}}/certificates"><i class="fw fw-security-policy"></i>Certificate Configurations</a>
                </li>
-            {{/if}}
-        </ul>
-    </li>
+            </ul>
+        </li>
+    {{/if}}
 {{/zone}}

 {{#zone "navbarCollapsableRightItems"}}
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
@ -66,24 +66,39 @@
    },
  "filters": [
    {
-      "name": "URLBasedCachePreventionFilter",
-      "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
+            "name": "ContentTypeBasedCachePreventionFilter",
+            "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
+            "params" : [
+                {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
+                {"name" : "filterAction", "value" : "enforce"},
+                {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
+            ]
    },
    {
      "name":"HttpHeaderSecurityFilter",
      "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
      "params" : [{"name" : "hstsEnabled", "value" : "false"}]
+    },
+    {
+        "name" : "CSRFGuard",
+        "class" : "org.owasp.csrfguard.CsrfGuardFilter"
    }
+
  ],
  "filterMappings": [
-    {
-      "name": "URLBasedCachePreventionFilter",
-      "url": "/api/*"
-    },
    {
      "name":"HttpHeaderSecurityFilter",
       "url":"*"
+    },
+    {
+        "name" : "CSRFGuard",
+        "url" : "/*"
+    },
+    {
+        "name":"ContentTypeBasedCachePreventionFilter",
+        "url":"*"
    }
+
  ],
  "listeners" : [
      {
@ -108,7 +123,7 @@
    "contextParams" : [
      {
        "name" : "Owasp.CsrfGuard.Config",
-        "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
+        "value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
      }
    ]
 }
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mssql.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mssql.sql
@ -192,8 +192,8 @@ CREATE TABLE DM_PROFILE (
  CREATED_TIME DATETIME NOT NULL ,
  UPDATED_TIME DATETIME NOT NULL ,
  PRIMARY KEY (ID) ,
-  CONSTRAINT DM_PROFILE_DEVICE_TYPE FOREIGN KEY (DEVICE_TYPE) REFERENCES
-  DM_DEVICE_TYPE (NAME) ON DELETE NO ACTION ON UPDATE NO ACTION
+  CONSTRAINT DM_PROFILE_DEVICE_TYPE FOREIGN KEY (DEVICE_TYPE, TENANT_ID) REFERENCES
+  DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID) ON DELETE NO ACTION ON UPDATE NO ACTION
 );

 IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[DM_POLICY]') AND TYPE IN (N'U'))
@ -234,8 +234,6 @@ CREATE TABLE DM_DEVICE_TYPE_POLICY (
  POLICY_ID INTEGER NOT NULL ,
  PRIMARY KEY (ID) ,
  CONSTRAINT FK_DEVICE_TYPE_POLICY FOREIGN KEY (POLICY_ID) REFERENCES DM_POLICY (ID)
-  ON DELETE NO ACTION ON UPDATE NO ACTION,
-  CONSTRAINT FK_DEVICE_TYPE_POLICY_DEVICE_TYPE FOREIGN KEY (DEVICE_TYPE_ID) REFERENCES DM_DEVICE_TYPE (ID)
  ON DELETE NO ACTION ON UPDATE NO ACTION
 );

--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mysql.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mysql.sql
@ -170,8 +170,8 @@ CREATE  TABLE IF NOT EXISTS DM_PROFILE (
  UPDATED_TIME DATETIME NOT NULL ,
  PRIMARY KEY (ID) ,
  CONSTRAINT DM_PROFILE_DEVICE_TYPE
-    FOREIGN KEY (DEVICE_TYPE)
-    REFERENCES DM_DEVICE_TYPE (NAME)
+    FOREIGN KEY (DEVICE_TYPE, TENANT_ID)
+    REFERENCES DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID)
    ON DELETE NO ACTION
    ON UPDATE NO ACTION
 )ENGINE = InnoDB;
@ -226,11 +226,6 @@ CREATE  TABLE IF NOT EXISTS DM_DEVICE_TYPE_POLICY (
    FOREIGN KEY (POLICY_ID )
    REFERENCES DM_POLICY (ID )
    ON DELETE NO ACTION
-    ON UPDATE NO ACTION,
-  CONSTRAINT FK_DEVICE_TYPE_POLICY_DEVICE_TYPE
-    FOREIGN KEY (DEVICE_TYPE )
-    REFERENCES DM_DEVICE_TYPE (NAME )
-    ON DELETE NO ACTION
    ON UPDATE NO ACTION
 )ENGINE = InnoDB;

--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/oracle.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/oracle.sql
@ -270,8 +270,8 @@ CREATE  TABLE DM_PROFILE (
  UPDATED_TIME TIMESTAMP(0) NOT NULL ,
  CONSTRAINT PK_DM_PROFILE PRIMARY KEY (ID) ,
  CONSTRAINT DM_PROFILE_DEVICE_TYPE
-  FOREIGN KEY (DEVICE_TYPE )
-  REFERENCES DM_DEVICE_TYPE (NAME )
+  FOREIGN KEY (DEVICE_TYPE, TENANT_ID)
+  REFERENCES DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID)
 )
 /
 -- Generate ID using sequence and trigger
@ -358,10 +358,7 @@ CREATE  TABLE DM_DEVICE_TYPE_POLICY (
  CONSTRAINT PK_DEV_TYPE_POLICY PRIMARY KEY (ID) ,
  CONSTRAINT FK_DEV_TYPE_POLICY
  FOREIGN KEY (POLICY_ID )
-  REFERENCES DM_POLICY (ID ),
-  CONSTRAINT FK_DEV_TYPE_POLICY_DEV_TYPE
-  FOREIGN KEY (DEVICE_TYPE )
-  REFERENCES DM_DEVICE_TYPE (NAME )
+  REFERENCES DM_POLICY (ID )
 )
 /

--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/postgresql.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/postgresql.sql
@ -150,8 +150,8 @@ CREATE TABLE IF NOT EXISTS DM_PROFILE (
  CREATED_TIME TIMESTAMP NOT NULL ,
  UPDATED_TIME TIMESTAMP NOT NULL ,
  CONSTRAINT DM_PROFILE_DEVICE_TYPE
-  FOREIGN KEY (DEVICE_TYPE )
-  REFERENCES DM_DEVICE_TYPE (NAME )
+  FOREIGN KEY (DEVICE_TYPE, TENANT_ID)
+  REFERENCES DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION
 );
@ -201,11 +201,6 @@ CREATE TABLE IF NOT EXISTS DM_DEVICE_TYPE_POLICY (
  FOREIGN KEY (POLICY_ID )
  REFERENCES DM_POLICY (ID )
  ON DELETE NO ACTION
-  ON UPDATE NO ACTION,
-  CONSTRAINT FK_DEVICE_TYPE_POLICY_DEVICE_TYPE
-  FOREIGN KEY (DEVICE_TYPE )
-  REFERENCES DM_DEVICE_TYPE (NAME )
-  ON DELETE NO ACTION
  ON UPDATE NO ACTION
 );