From 9f481456143ea937269999c5e06301f4dd593960 Mon Sep 17 00:00:00 2001
From: prabathabey <prabathabey@git.com>
Date: Tue, 31 May 2016 13:12:57 +0530
Subject: [PATCH] Improving device admin service impl

---
 .../admin/DeviceManagementAdminService.java   |  3 ++
 .../DeviceManagementAdminServiceImpl.java     | 23 ++++++++++---
 .../util/UnauthorizedAccessException.java     | 34 +++++++++++++++++++
 3 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
index 2112a89e81..2ed4403b68 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
@@ -65,6 +65,9 @@ public interface DeviceManagementAdminService {
             @ApiResponse(
                     code = 304,
                     message = "Not Modified. \n Empty body because the client has already the latest version of the requested resource."),
+            @ApiResponse(
+                    code = 401,
+                    message = "Unauthorized.\n The requested resource access is unauthorized"),
             @ApiResponse(
                     code = 406,
                     message = "Not Acceptable.\n The requested media type is not supported"),
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java
index 9a07245cd2..7c6d779591 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java
@@ -20,9 +20,14 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
+import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceManagementAdminService;
+import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnauthorizedAccessException;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
 
 import javax.ws.rs.*;
@@ -45,18 +50,28 @@ public class DeviceManagementAdminServiceImpl implements DeviceManagementAdminSe
                                      @HeaderParam("If-Modified-Since") String ifModifiedSince,
                                      @QueryParam("offset") int offset,
                                      @QueryParam("limit") int limit) {
-        List<Device> devices;
         try {
-            devices = DeviceMgtAPIUtils.getDeviceManagementService().getDevicesByName(name);
-            if (devices == null || devices.size() == 0) {
+            int currentTenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+            if (MultitenantConstants.SUPER_TENANT_ID != currentTenantId) {
+                throw new UnauthorizedAccessException(
+                        new ErrorResponse.ErrorResponseBuilder().setCode(401l).setMessage(
+                                "Current logged in user is not authorized to perform this operation").build());
+            }
+            PrivilegedCarbonContext.startTenantFlow();
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
+
+            List<Device> devices = DeviceMgtAPIUtils.getDeviceManagementService().getDevicesByName(name);
+            if (devices == null) {
                 return Response.status(Response.Status.NOT_FOUND).entity("No device, which carries the name '" +
                         name + "', is currently enrolled in the system").build();
             }
             return Response.status(Response.Status.OK).entity(devices).build();
         } catch (DeviceManagementException e) {
-            String msg = "ErrorResponse occurred while fetching the devices that carry the name '" + name + "'";
+            String msg = "Error occurred while fetching the devices that carry the name '" + name + "'";
             log.error(msg, e);
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+        } finally {
+            PrivilegedCarbonContext.endTenantFlow();
         }
     }
 
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java
new file mode 100644
index 0000000000..c0f05c9c57
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java
@@ -0,0 +1,34 @@
+/*
+ *   Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *   WSO2 Inc. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.wso2.carbon.device.mgt.jaxrs.service.impl.util;
+
+import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+
+public class UnauthorizedAccessException extends WebApplicationException {
+
+    private static final long serialVersionUID = 147943579458906890L;
+
+    public UnauthorizedAccessException(ErrorResponse error) {
+        super(Response.status(Response.Status.UNAUTHORIZED).entity(error).build());
+    }
+
+}