diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java index e039259b92..d218238dc1 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java @@ -18,12 +18,24 @@ package io.entgra.device.mgt.core.apimgt.webapp.publisher; +import com.google.gson.Gson; +import io.entgra.device.mgt.core.apimgt.extension.rest.api.constants.Constants; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataKeyAlreadyExistsException; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; +import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager; +import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException; import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder; import org.wso2.carbon.core.ServerStartupObserver; +import java.util.HashMap; +import java.util.Map; import java.util.Stack; public class APIPublisherStartupHandler implements ServerStartupObserver { @@ -34,6 +46,7 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { private static final int MAX_RETRY_COUNT = 5; private static Stack failedAPIsStack = new Stack<>(); private static Stack currentAPIsStack; + private static final Gson gson = new Gson(); private APIPublisherService publisher; @@ -91,6 +104,8 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { log.error("failed to update scope role mapping.", e); } + updateScopeMetadataEntryWithDefaultScopes(); + // execute after api publishing for (PostApiPublishingObsever observer : APIPublisherDataHolder.getInstance().getPostApiPublishingObseverList()) { if (log.isDebugEnabled()) { @@ -116,4 +131,39 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { } } + /** + * Update permission scope mapping entry with default scopes if perm-scope-mapping entry exists, otherwise this function + * will create that entry and update the value with default permissions. + */ + private void updateScopeMetadataEntryWithDefaultScopes() { + MetadataManagementService metadataManagementService = APIPublisherDataHolder.getInstance().getMetadataManagementService(); + try { + DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); + DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); + Metadata permScopeMapping = metadataManagementService.retrieveMetadata(Constants.PERM_SCOPE_MAPPING_META_KEY); + Map permScopeMap = (permScopeMapping != null) ? gson.fromJson(permScopeMapping.getMetaValue(), HashMap.class) : + new HashMap<>(); + for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) { + permScopeMap.putIfAbsent(defaultPermission.getName(), + defaultPermission.getScopeMapping().getKey()); + } + + APIPublisherDataHolder.getInstance().setPermScopeMapping(permScopeMap); + if (permScopeMapping != null) { + permScopeMapping.setMetaValue(gson.toJson(permScopeMap)); + metadataManagementService.updateMetadata(permScopeMapping); + return; + } + + permScopeMapping = new Metadata(); + permScopeMapping.setMetaKey(Constants.PERM_SCOPE_MAPPING_META_KEY); + permScopeMapping.setMetaValue(gson.toJson(permScopeMap)); + metadataManagementService.createMetadata(permScopeMapping); + } catch (MetadataManagementException e) { + log.error("Error encountered while updating permission scope mapping metadata with default scopes"); + } catch (MetadataKeyAlreadyExistsException e) { + log.error("Metadata entry already exists for " + Constants.PERM_SCOPE_MAPPING_META_KEY); + } + } + } diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java index bbd2fd952e..737f734d07 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java @@ -22,10 +22,6 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; -import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager; -import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig; -import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; -import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; import org.apache.catalina.Lifecycle; import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleListener; @@ -131,19 +127,13 @@ public class APIPublisherLifecycleListener implements LifecycleListener { Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" + "-mapping"); + if (existingMetaData != null) { existingMetaData.setMetaValue(new Gson().toJson(permScopeMap)); metadataManagementService.updateMetadata(existingMetaData); } else { Metadata newMetaData = new Metadata(); newMetaData.setMetaKey("perm-scope-mapping"); - - DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); - DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); - - for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) { - permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey()); - } newMetaData.setMetaValue(new Gson().toJson(permScopeMap)); metadataManagementService.createMetadata(newMetaData); } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/internal/TenantCreateObserver.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/internal/TenantCreateObserver.java index eb5fe919d2..da5acc7562 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/internal/TenantCreateObserver.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/internal/TenantCreateObserver.java @@ -46,7 +46,6 @@ import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; -import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.util.ArrayList; import java.util.Arrays; @@ -143,26 +142,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser */ private void publishScopesToTenant(String tenantDomain) throws TenantManagementException { if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { - - MetadataManagementService metadataManagementService = DeviceManagementDataHolder.getInstance().getMetadataManagementService(); - - Map superTenantPermScopeMapping = getPermScopeMapping(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - Map subTenantPermScopeMapping = getPermScopeMapping(tenantDomain); - - if (superTenantPermScopeMapping == null) { - msg = "Error occurred while retrieving meta key '" + Constants.PERM_SCOPE_MAPPING_META_KEY + "' for tenant '" + - MultitenantConstants.SUPER_TENANT_DOMAIN_NAME + "'. Hence aborting publishing scopes to tenant: '" + - tenantDomain + "'."; - log.error(msg); - throw new TenantManagementException(msg); - } - if (superTenantPermScopeMapping.equals(subTenantPermScopeMapping)) { - if (log.isDebugEnabled()) { - log.debug( "Scopes in '" + tenantDomain + "' are up to date with super tenant scopes."); - } - return; - } - APIApplicationServices apiApplicationServices = DeviceManagementDataHolder.getInstance().getApiApplicationServices(); APIApplicationKey apiApplicationKey; AccessTokenInfo accessTokenInfo; @@ -268,10 +247,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser } } } - - if (missingScopes.size() > 0 || deletedScopes.size() > 0) { - updatePermScopeMetaData(superTenantPermScopeMapping, metadataManagementService); - } } else { if (log.isDebugEnabled()) { log.debug("Starting to publish shared scopes to newly created tenant: '" + tenantDomain + "'."); @@ -279,7 +254,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser publishSharedScopes(Arrays.asList(superTenantScopes), publisherRESTAPIServices, apiApplicationKey, accessTokenInfo); - updatePermScopeMetaData(superTenantPermScopeMapping, metadataManagementService); } } else { msg = "Unable to publish scopes to sub tenants due to super tenant scopes list being empty."; @@ -298,15 +272,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser msg = "Error occurred while publishing scopes to '" + tenantDomain + "' tenant space."; log.error(msg, e); throw new TenantManagementException(msg, e); - } catch (MetadataManagementException e) { - msg = "Error occurred trying to create metadata entry '" + Constants.PERM_SCOPE_MAPPING_META_KEY + "'."; - log.error(msg); - throw new TenantManagementException(msg); - } catch (MetadataKeyAlreadyExistsException e) { - msg = "Error occurred trying to create metadata entry '" + Constants.PERM_SCOPE_MAPPING_META_KEY + "'. The meta key " + - "already exists."; - log.error(msg); - throw new TenantManagementException(msg); } finally { APIPublisherUtils.removeScopePublishUserIfExists(tenantDomain); PrivilegedCarbonContext.endTenantFlow();