Improving device admin service impl

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java

@@ -65,6 +65,9 @@ public interface DeviceManagementAdminService {
             @ApiResponse(
                     code = 304,
                     message = "Not Modified. \n Empty body because the client has already the latest version of the requested resource."),
+            @ApiResponse(
+                    code = 401,
+                    message = "Unauthorized.\n The requested resource access is unauthorized"),
             @ApiResponse(
                     code = 406,
                     message = "Not Acceptable.\n The requested media type is not supported"),

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java

@@ -20,9 +20,14 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
+import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceManagementAdminService;
+import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnauthorizedAccessException;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
 
 import javax.ws.rs.*;
@@ -45,18 +50,28 @@ public class DeviceManagementAdminServiceImpl implements DeviceManagementAdminSe
                                      @HeaderParam("If-Modified-Since") String ifModifiedSince,
                                      @QueryParam("offset") int offset,
                                      @QueryParam("limit") int limit) {
-        List<Device> devices;
         try {
-            devices = DeviceMgtAPIUtils.getDeviceManagementService().getDevicesByName(name);
+            int currentTenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-            if (devices == null || devices.size() == 0) {
+            if (MultitenantConstants.SUPER_TENANT_ID != currentTenantId) {
+                throw new UnauthorizedAccessException(
+                        new ErrorResponse.ErrorResponseBuilder().setCode(401l).setMessage(
+                                "Current logged in user is not authorized to perform this operation").build());
+            }
+            PrivilegedCarbonContext.startTenantFlow();
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
+
+            List<Device> devices = DeviceMgtAPIUtils.getDeviceManagementService().getDevicesByName(name);
+            if (devices == null) {
                 return Response.status(Response.Status.NOT_FOUND).entity("No device, which carries the name '" +
                         name + "', is currently enrolled in the system").build();
             }
             return Response.status(Response.Status.OK).entity(devices).build();
         } catch (DeviceManagementException e) {
-            String msg = "ErrorResponse occurred while fetching the devices that carry the name '" + name + "'";
+            String msg = "Error occurred while fetching the devices that carry the name '" + name + "'";
             log.error(msg, e);
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+        } finally {
+            PrivilegedCarbonContext.endTenantFlow();
         }
     }
 

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java

@@ -0,0 +1,34 @@
+/*
+ *   Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *   WSO2 Inc. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.wso2.carbon.device.mgt.jaxrs.service.impl.util;
+
+import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+
+public class UnauthorizedAccessException extends WebApplicationException {
+
+    private static final long serialVersionUID = 147943579458906890L;
+
+    public UnauthorizedAccessException(ErrorResponse error) {
+        super(Response.status(Response.Status.UNAUTHORIZED).entity(error).build());
+    }
+
+}