|
|
|
@ -33,23 +33,18 @@ import org.wso2.carbon.device.mgt.common.TransactionManagementException;
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException;
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser;
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
|
|
|
|
|
import org.wso2.carbon.device.mgt.core.dao.GroupDAO;
|
|
|
|
|
import org.wso2.carbon.device.mgt.core.dao.GroupManagementDAOException;
|
|
|
|
|
import org.wso2.carbon.device.mgt.core.dao.GroupManagementDAOFactory;
|
|
|
|
|
import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
|
|
|
|
|
import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
|
|
|
|
|
import org.wso2.carbon.user.api.Permission;
|
|
|
|
|
import org.wso2.carbon.user.api.UserRealm;
|
|
|
|
|
import org.wso2.carbon.user.api.UserStoreException;
|
|
|
|
|
import org.wso2.carbon.user.api.UserStoreManager;
|
|
|
|
|
import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException;
|
|
|
|
|
import org.wso2.carbon.user.core.util.UserCoreUtil;
|
|
|
|
|
|
|
|
|
|
import java.sql.SQLException;
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
import java.util.Date;
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.Map;
|
|
|
|
@ -77,12 +72,11 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
throw new GroupManagementException("DeviceGroup cannot be null.", new NullPointerException());
|
|
|
|
|
}
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
int groupId = -1;
|
|
|
|
|
try {
|
|
|
|
|
GroupManagementDAOFactory.beginTransaction();
|
|
|
|
|
DeviceGroup existingGroup = this.groupDAO.getGroup(deviceGroup.getName(), tenantId);
|
|
|
|
|
if (existingGroup == null) {
|
|
|
|
|
groupId = this.groupDAO.addGroup(deviceGroup, tenantId);
|
|
|
|
|
this.groupDAO.addGroup(deviceGroup, tenantId);
|
|
|
|
|
GroupManagementDAOFactory.commitTransaction();
|
|
|
|
|
} else {
|
|
|
|
|
throw new GroupAlreadyExistException("Group exist with name " + deviceGroup.getName());
|
|
|
|
@ -97,7 +91,6 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addGroupSharingRole(deviceGroup.getOwner(), groupId, defaultRole, defaultPermissions);
|
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
|
log.debug("DeviceGroup added: " + deviceGroup.getName());
|
|
|
|
|
}
|
|
|
|
@ -117,7 +110,6 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
GroupManagementDAOFactory.beginTransaction();
|
|
|
|
|
DeviceGroup existingGroup = this.groupDAO.getGroup(deviceGroup.getName(), tenantId);
|
|
|
|
|
if (existingGroup == null || existingGroup.getGroupId() == groupId) {
|
|
|
|
|
deviceGroup.setDateOfLastUpdate(new Date().getTime());
|
|
|
|
|
this.groupDAO.updateGroup(deviceGroup, groupId, tenantId);
|
|
|
|
|
GroupManagementDAOFactory.commitTransaction();
|
|
|
|
|
} else {
|
|
|
|
@ -139,18 +131,10 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public boolean deleteGroup(int groupId) throws GroupManagementException {
|
|
|
|
|
String roleName;
|
|
|
|
|
DeviceGroup deviceGroup = getGroup(groupId);
|
|
|
|
|
if (deviceGroup == null) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
List<String> groupRoles = getRoles(groupId);
|
|
|
|
|
for (String role : groupRoles) {
|
|
|
|
|
if (role != null) {
|
|
|
|
|
roleName = role.replace("Internal/group-" + deviceGroup.getGroupId() + "-", "");
|
|
|
|
|
removeGroupSharingRole(deviceGroup.getGroupId(), roleName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
GroupManagementDAOFactory.beginTransaction();
|
|
|
|
|
this.groupDAO.deleteGroup(groupId, CarbonContext.getThreadLocalCarbonContext().getTenantId());
|
|
|
|
@ -208,14 +192,6 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
@Override
|
|
|
|
|
public PaginationResult getGroups(GroupPaginationRequest request) throws GroupManagementException {
|
|
|
|
|
request = DeviceManagerUtil.validateGroupListPageSize(request);
|
|
|
|
|
List<DeviceGroup> deviceGroups = getPlainDeviceGroups(request);
|
|
|
|
|
PaginationResult groupResult = new PaginationResult();
|
|
|
|
|
groupResult.setData(deviceGroups);
|
|
|
|
|
groupResult.setRecordsTotal(getGroupCount(request));
|
|
|
|
|
return groupResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private List<DeviceGroup> getPlainDeviceGroups(GroupPaginationRequest request) throws GroupManagementException {
|
|
|
|
|
List<DeviceGroup> deviceGroups = new ArrayList<>();
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
@ -228,7 +204,10 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
return deviceGroups;
|
|
|
|
|
PaginationResult groupResult = new PaginationResult();
|
|
|
|
|
groupResult.setData(deviceGroups);
|
|
|
|
|
groupResult.setRecordsTotal(getGroupCount(request));
|
|
|
|
|
return groupResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@ -240,57 +219,70 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
String[] roleList = userStoreManager.getRoleListOfUser(username);
|
|
|
|
|
for (String role : roleList) {
|
|
|
|
|
if (role != null && role.contains("Internal/group-")) {
|
|
|
|
|
DeviceGroup deviceGroup = checkAndExtractNonExistingGroup(groups, role);
|
|
|
|
|
if (deviceGroup != null) {
|
|
|
|
|
GroupManagementDAOFactory.openConnection();
|
|
|
|
|
List<DeviceGroup> deviceGroups = this.groupDAO.getOwnGroups(username, tenantId);
|
|
|
|
|
for (DeviceGroup deviceGroup : deviceGroups) {
|
|
|
|
|
groups.put(deviceGroup.getGroupId(), deviceGroup);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
deviceGroups = this.groupDAO.getGroups(roleList, tenantId);
|
|
|
|
|
for (DeviceGroup deviceGroup : deviceGroups) {
|
|
|
|
|
groups.put(deviceGroup.getGroupId(), deviceGroup);
|
|
|
|
|
}
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while getting user store manager.", e);
|
|
|
|
|
} catch (SQLException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while retrieving all groups accessible to user.", e);
|
|
|
|
|
} catch (GroupManagementDAOException e) {
|
|
|
|
|
throw new GroupManagementException(e);
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
return new ArrayList<>(groups.values());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public PaginationResult getGroups(String currentUser, GroupPaginationRequest request) throws GroupManagementException {
|
|
|
|
|
request = DeviceManagerUtil.validateGroupListPageSize(request);
|
|
|
|
|
int startIndex = request.getStartIndex();
|
|
|
|
|
int count = request.getRowCount();
|
|
|
|
|
int index = 0;
|
|
|
|
|
request.setRowCount(0);
|
|
|
|
|
List<DeviceGroup> allMatchingGroups = this.getPlainDeviceGroups(request);
|
|
|
|
|
List<DeviceGroup> deviceGroups = new ArrayList<>();
|
|
|
|
|
private List<Integer> getGroupIds(String username) throws GroupManagementException {
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
List<Integer> deviceGroupIds = new ArrayList<>();
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
String[] roleList = userStoreManager.getRoleListOfUser(currentUser);
|
|
|
|
|
List<Integer> groupIds = new ArrayList<>();
|
|
|
|
|
for (String role : roleList) {
|
|
|
|
|
if (role != null && role.contains("Internal/group-")) {
|
|
|
|
|
int groupId = Integer.parseInt(role.split("-")[1]);
|
|
|
|
|
if (!groupIds.contains(groupId)) {
|
|
|
|
|
groupIds.add(groupId);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for (DeviceGroup group : allMatchingGroups) {
|
|
|
|
|
int groupId = group.getGroupId();
|
|
|
|
|
if (groupIds.contains(groupId)) {
|
|
|
|
|
if (startIndex <= index && index < count) {
|
|
|
|
|
deviceGroups.add(group);
|
|
|
|
|
}
|
|
|
|
|
index++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
String[] roleList = userStoreManager.getRoleListOfUser(username);
|
|
|
|
|
GroupManagementDAOFactory.openConnection();
|
|
|
|
|
deviceGroupIds = this.groupDAO.getOwnGroupIds(username, tenantId);
|
|
|
|
|
deviceGroupIds.addAll(this.groupDAO.getGroupIds(roleList, tenantId));
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while getting user store manager.", e);
|
|
|
|
|
} catch (SQLException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while retrieving all groups accessible to user.", e);
|
|
|
|
|
} catch (GroupManagementDAOException e) {
|
|
|
|
|
throw new GroupManagementException(e);
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
return deviceGroupIds;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public PaginationResult getGroups(String currentUser, GroupPaginationRequest request)
|
|
|
|
|
throws GroupManagementException {
|
|
|
|
|
request = DeviceManagerUtil.validateGroupListPageSize(request);
|
|
|
|
|
List<Integer> allDeviceGroupIdsOfUser = getGroupIds(currentUser);
|
|
|
|
|
List<DeviceGroup> allMatchingGroups = new ArrayList<>();
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
GroupManagementDAOFactory.openConnection();
|
|
|
|
|
allMatchingGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId);
|
|
|
|
|
} catch (GroupManagementDAOException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while retrieving all groups in tenant", e);
|
|
|
|
|
} catch (SQLException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while opening a connection to the data source.", e);
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
PaginationResult groupResult = new PaginationResult();
|
|
|
|
|
groupResult.setData(deviceGroups);
|
|
|
|
|
groupResult.setRecordsTotal(index);
|
|
|
|
|
groupResult.setData(allMatchingGroups);
|
|
|
|
|
groupResult.setRecordsTotal(getGroupCount(currentUser));
|
|
|
|
|
return groupResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -329,25 +321,24 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
@Override
|
|
|
|
|
public int getGroupCount(String username) throws GroupManagementException {
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
int count = 0;
|
|
|
|
|
int count;
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
String[] roleList = userStoreManager.getRoleListOfUser(username);
|
|
|
|
|
List<Integer> groupIds = new ArrayList<>();
|
|
|
|
|
for (String role : roleList) {
|
|
|
|
|
if (role != null && role.contains("Internal/group-")) {
|
|
|
|
|
int groupId = Integer.parseInt(role.split("-")[1]);
|
|
|
|
|
if (!groupIds.contains(groupId)) {
|
|
|
|
|
groupIds.add(groupId);
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
GroupManagementDAOFactory.openConnection();
|
|
|
|
|
count = groupDAO.getOwnGroupsCount(username, tenantId);
|
|
|
|
|
count += groupDAO.getGroupsCount(roleList, tenantId);
|
|
|
|
|
return count;
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while getting user store manager.", e);
|
|
|
|
|
} catch (GroupManagementDAOException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while retrieving group count of user '" + username + "'", e);
|
|
|
|
|
} catch (SQLException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while opening a connection to the data source.", e);
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -355,103 +346,41 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
@SuppressWarnings("Duplicates")
|
|
|
|
|
public void manageGroupSharing(int groupId, String username, List<String> newRoles)
|
|
|
|
|
throws GroupManagementException, UserDoesNotExistException, RoleDoesNotExistException {
|
|
|
|
|
public void manageGroupSharing(int groupId, List<String> newRoles)
|
|
|
|
|
throws GroupManagementException, RoleDoesNotExistException {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
try {
|
|
|
|
|
userStoreManager =
|
|
|
|
|
DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(
|
|
|
|
|
tenantId).getUserStoreManager();
|
|
|
|
|
if (!userStoreManager.isExistingUser(username)) {
|
|
|
|
|
throw new UserDoesNotExistException("User not exists with name " + username);
|
|
|
|
|
}
|
|
|
|
|
List<String> currentGroupRoles = getRoles(groupId);
|
|
|
|
|
List<String> currentUserRoles = getRoles(username, groupId);
|
|
|
|
|
List<String> rolesToAdd = new ArrayList<>();
|
|
|
|
|
List<String> rolesToRemove = new ArrayList<>();
|
|
|
|
|
String roleNamePrefix = "Internal/group-" + groupId + "-";
|
|
|
|
|
List<String> currentUserRoles = getRoles(groupId);
|
|
|
|
|
GroupManagementDAOFactory.beginTransaction();
|
|
|
|
|
for (String role : newRoles) {
|
|
|
|
|
if (currentGroupRoles.contains(role)) {
|
|
|
|
|
if (!currentUserRoles.contains(role)) {
|
|
|
|
|
rolesToAdd.add(roleNamePrefix + role);
|
|
|
|
|
if (!userStoreManager.isExistingRole(role)) {
|
|
|
|
|
throw new RoleDoesNotExistException("Role '" + role + "' does not exists in the user store.");
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
throw new RoleDoesNotExistException("Role '" + role + "' is not exists in requested group.");
|
|
|
|
|
// Removing role from current user roles of the group will return true if role exist.
|
|
|
|
|
// So we don't need to add it to the db again.
|
|
|
|
|
if (!currentUserRoles.remove(role)) {
|
|
|
|
|
// If group doesn't have the role, it is adding to the db.
|
|
|
|
|
groupDAO.addRole(groupId, role, tenantId);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for (String role : currentUserRoles) {
|
|
|
|
|
if (currentGroupRoles.contains(role)) {
|
|
|
|
|
if (!newRoles.contains(role)) {
|
|
|
|
|
rolesToRemove.add(roleNamePrefix + role);
|
|
|
|
|
// Removing old roles from db which are not available in the new roles list.
|
|
|
|
|
groupDAO.removeRole(groupId, role, tenantId);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
throw new RoleDoesNotExistException("Role '" + role + "' is not exists in requested group.");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
userStoreManager.updateRoleListOfUser(username,
|
|
|
|
|
rolesToRemove.toArray(new String[rolesToRemove.size()]),
|
|
|
|
|
rolesToAdd.toArray(new String[rolesToAdd.size()]));
|
|
|
|
|
GroupManagementDAOFactory.commitTransaction();
|
|
|
|
|
} catch (GroupManagementDAOException e) {
|
|
|
|
|
GroupManagementDAOFactory.rollbackTransaction();
|
|
|
|
|
throw new GroupManagementException(e);
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
if (e instanceof UserDoesNotExistException) {
|
|
|
|
|
throw (UserDoesNotExistException) e;
|
|
|
|
|
}
|
|
|
|
|
throw new GroupManagementException("User store error in updating sharing roles.", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public boolean addGroupSharingRole(String username, int groupId, String roleName, String[] permissions)
|
|
|
|
|
throws GroupManagementException {
|
|
|
|
|
if (groupId == -1) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
String role;
|
|
|
|
|
String[] userNames = new String[1];
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
role = "Internal/group-" + groupId + "-" + roleName;
|
|
|
|
|
userNames[0] = username;
|
|
|
|
|
Permission[] carbonPermissions = new Permission[permissions.length];
|
|
|
|
|
for (int i = 0; i < permissions.length; i++) {
|
|
|
|
|
carbonPermissions[i] = new Permission(permissions[i], CarbonConstants.UI_PERMISSION_ACTION);
|
|
|
|
|
}
|
|
|
|
|
userStoreManager.addRole(role, userNames, carbonPermissions);
|
|
|
|
|
return true;
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
String errorMsg = "User store error in adding role to group id:" + groupId;
|
|
|
|
|
throw new GroupManagementException(errorMsg, e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public boolean removeGroupSharingRole(int groupId, String roleName) throws GroupManagementException {
|
|
|
|
|
if (groupId == -1) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
String role;
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
role = "Internal/group-" + groupId + "-" + roleName;
|
|
|
|
|
userStoreManager.deleteRole(role);
|
|
|
|
|
return true;
|
|
|
|
|
} catch (UserStoreException userStoreEx) {
|
|
|
|
|
String errorMsg = "User store error in adding role to group id:" + groupId;
|
|
|
|
|
log.error(errorMsg, userStoreEx);
|
|
|
|
|
throw new GroupManagementException(errorMsg, userStoreEx);
|
|
|
|
|
} catch (TransactionManagementException e) {
|
|
|
|
|
throw new GroupManagementException(e);
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -460,92 +389,16 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public List<String> getRoles(int groupId) throws GroupManagementException {
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
String[] roles;
|
|
|
|
|
List<String> groupRoles;
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
roles = userStoreManager.getRoleNames();
|
|
|
|
|
groupRoles = new ArrayList<>();
|
|
|
|
|
for (String r : roles) {
|
|
|
|
|
if (r != null && r.contains("Internal/group-" + groupId + "-")) {
|
|
|
|
|
groupRoles.add(r.replace("Internal/group-" + groupId + "-", ""));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return groupRoles;
|
|
|
|
|
} catch (UserStoreException userStoreEx) {
|
|
|
|
|
String errorMsg = "User store error in adding role to group id:" + groupId;
|
|
|
|
|
log.error(errorMsg, userStoreEx);
|
|
|
|
|
throw new GroupManagementException(errorMsg, userStoreEx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public List<String> getRoles(String username, int groupId)
|
|
|
|
|
throws GroupManagementException, UserDoesNotExistException {
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
List<String> groupRoleList = new ArrayList<>();
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
if (!userStoreManager.isExistingUser(username)) {
|
|
|
|
|
throw new UserDoesNotExistException("User not exists with name " + username);
|
|
|
|
|
}
|
|
|
|
|
String[] roleList = userStoreManager.getRoleListOfUser(username);
|
|
|
|
|
for (String role : roleList) {
|
|
|
|
|
if (role != null && role.contains("Internal/group-" + groupId)) {
|
|
|
|
|
String roleName = role.replace("Internal/group-" + groupId + "-", "");
|
|
|
|
|
groupRoleList.add(roleName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return groupRoleList;
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
if (e instanceof UserDoesNotExistException) {
|
|
|
|
|
throw (UserDoesNotExistException) e;
|
|
|
|
|
}
|
|
|
|
|
throw new GroupManagementException("Error occurred while getting user store manager.", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public List<GroupUser> getUsers(int groupId) throws GroupManagementException {
|
|
|
|
|
UserStoreManager userStoreManager;
|
|
|
|
|
Map<String, GroupUser> groupUserHashMap = new HashMap<>();
|
|
|
|
|
try {
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
|
|
|
|
|
.getUserStoreManager();
|
|
|
|
|
List<String> rolesForGroup = this.getRoles(groupId);
|
|
|
|
|
for (String role : rolesForGroup) {
|
|
|
|
|
String[] users = userStoreManager.getUserListOfRole("Internal/group-" + groupId + "-" + role);
|
|
|
|
|
for (String user : users) {
|
|
|
|
|
GroupUser groupUser;
|
|
|
|
|
if (groupUserHashMap.containsKey(user)) {
|
|
|
|
|
groupUser = groupUserHashMap.get(user);
|
|
|
|
|
groupUser.getGroupRoles().add(role);
|
|
|
|
|
} else {
|
|
|
|
|
groupUser = new GroupUser();
|
|
|
|
|
groupUser.setUsername(user);
|
|
|
|
|
groupUser.setGroupRoles(new ArrayList<String>());
|
|
|
|
|
groupUser.getGroupRoles().add(role);
|
|
|
|
|
groupUserHashMap.put(user, groupUser);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return new ArrayList<>(groupUserHashMap.values());
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
String errorMsg = "User store error in fetching user list for group id:" + groupId;
|
|
|
|
|
log.error(errorMsg, e);
|
|
|
|
|
throw new GroupManagementException(errorMsg, e);
|
|
|
|
|
GroupManagementDAOFactory.openConnection();
|
|
|
|
|
return groupDAO.getRoles(groupId, tenantId);
|
|
|
|
|
} catch (GroupManagementDAOException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while retrieving all groups in tenant", e);
|
|
|
|
|
} catch (SQLException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while opening a connection to the data source.", e);
|
|
|
|
|
} finally {
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -653,58 +506,26 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public String[] getPermissions(String username, int groupId)
|
|
|
|
|
throws GroupManagementException, UserDoesNotExistException {
|
|
|
|
|
public List<DeviceGroup> getGroups(String username, String permission) throws GroupManagementException {
|
|
|
|
|
List<DeviceGroup> deviceGroups = getGroups(username);
|
|
|
|
|
Map<Integer, DeviceGroup> permittedDeviceGroups = new HashMap<>();
|
|
|
|
|
UserRealm userRealm;
|
|
|
|
|
List<String> roles = getRoles(username, groupId);
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
try {
|
|
|
|
|
userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
|
|
|
|
|
List<String> lstPermissions = new ArrayList<>();
|
|
|
|
|
String[] resourceIds = userRealm.getAuthorizationManager().getAllowedUIResourcesForUser(username, "/");
|
|
|
|
|
if (resourceIds != null) {
|
|
|
|
|
for (String resourceId : resourceIds) {
|
|
|
|
|
for (DeviceGroup deviceGroup : deviceGroups) {
|
|
|
|
|
List<String> roles = getRoles(deviceGroup.getGroupId());
|
|
|
|
|
for (String roleName : roles) {
|
|
|
|
|
if (userRealm.getAuthorizationManager().
|
|
|
|
|
isRoleAuthorized("Internal/group-" + groupId + "-" + roleName, resourceId,
|
|
|
|
|
CarbonConstants.UI_PERMISSION_ACTION)) {
|
|
|
|
|
lstPermissions.add(resourceId);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
String[] permissions = lstPermissions.toArray(new String[lstPermissions.size()]);
|
|
|
|
|
return UserCoreUtil.optimizePermissions(permissions);
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while getting user realm.", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@inheritDoc}
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public List<DeviceGroup> getGroups(String username, String permission)
|
|
|
|
|
throws GroupManagementException {
|
|
|
|
|
UserRealm userRealm;
|
|
|
|
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
|
|
|
Map<Integer, DeviceGroup> groups = new HashMap<>();
|
|
|
|
|
try {
|
|
|
|
|
userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
|
|
|
|
|
String[] roles = userRealm.getUserStoreManager().getRoleListOfUser(username);
|
|
|
|
|
for (String role : roles) {
|
|
|
|
|
if (role != null && role.contains("Internal/group-") && userRealm.getAuthorizationManager()
|
|
|
|
|
.isRoleAuthorized(role, permission, CarbonConstants.UI_PERMISSION_ACTION)) {
|
|
|
|
|
DeviceGroup group = checkAndExtractNonExistingGroup(groups, role);
|
|
|
|
|
if (group != null) {
|
|
|
|
|
groups.put(group.getGroupId(), group);
|
|
|
|
|
isRoleAuthorized(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION)) {
|
|
|
|
|
permittedDeviceGroups.put(deviceGroup.getGroupId(), deviceGroup);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return new ArrayList<>(groups.values());
|
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
|
throw new GroupManagementException("Error occurred while getting user realm.", e);
|
|
|
|
|
}
|
|
|
|
|
return new ArrayList<>(permittedDeviceGroups.values());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@ -725,26 +546,4 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
|
|
|
|
|
GroupManagementDAOFactory.closeConnection();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method returns group belongs to particular role, if it is not existed in groups map.
|
|
|
|
|
*
|
|
|
|
|
* @param groups existing groups map.
|
|
|
|
|
* @param role group related role which needs to evaluate.
|
|
|
|
|
* @return device group if it is not existing in the groups map.
|
|
|
|
|
* @throws GroupManagementException
|
|
|
|
|
*/
|
|
|
|
|
private DeviceGroup checkAndExtractNonExistingGroup(Map<Integer, DeviceGroup> groups, String role)
|
|
|
|
|
throws GroupManagementException {
|
|
|
|
|
try {
|
|
|
|
|
int groupId = Integer.parseInt(role.split("-")[1]);
|
|
|
|
|
if (!groups.containsKey(groupId)) {
|
|
|
|
|
return getGroup(groupId);
|
|
|
|
|
}
|
|
|
|
|
} catch (NumberFormatException e) {
|
|
|
|
|
log.error("Unable to extract groupId from role " + role, e);
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|