From 3616245ae65dbcacf762ad8f14a9a887eed3f7f9 Mon Sep 17 00:00:00 2001 From: Nishan Sangeeth Date: Wed, 28 Jun 2023 16:00:53 +0000 Subject: [PATCH] Improve app visibility restricting functionality Co-authored-by: Nishan Sangeeth Co-committed-by: Nishan Sangeeth --- .../common/services/ApplicationManager.java | 1 + .../mgt/core/impl/ApplicationManagerImpl.java | 45 ++++++++++++++++++- .../application/mgt/core/util/APIUtil.java | 18 ++++++++ .../application/mgt/core/util/Constants.java | 3 +- .../impl/RoleManagementServiceImpl.java | 24 +++++----- .../device/mgt/api/jaxrs/util/Constants.java | 1 + 6 files changed, 80 insertions(+), 12 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java index 88a6912a7d..0c75b3b284 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java @@ -27,6 +27,7 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category; import io.entgra.device.mgt.core.application.mgt.common.response.Tag; import io.entgra.device.mgt.core.device.mgt.common.Base64File; import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import org.apache.cxf.jaxrs.ext.multipart.Attachment; import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger; diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java index 09644ff733..3bb8ba8260 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java @@ -22,6 +22,8 @@ import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestExcept import io.entgra.device.mgt.core.device.mgt.common.Base64File; import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO; import io.entgra.device.mgt.core.application.mgt.core.util.ApplicationManagementUtil; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; @@ -30,6 +32,7 @@ import org.apache.commons.validator.routines.UrlValidator; import org.apache.cxf.jaxrs.ext.multipart.Attachment; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.json.JSONObject; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; @@ -95,6 +98,7 @@ import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProvide import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; +import javax.ws.rs.core.Response; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -1713,6 +1717,31 @@ public class ApplicationManagerImpl implements ApplicationManager { } } + /** + * Check whether valid metaData value or not + * + * @return true or false + * @throws MetadataManagementException If it is unable to load metaData + */ + private boolean isUserAbleToViewAllRoles() throws MetadataManagementException { + List allMetadata; + allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata(); + if (allMetadata != null && !allMetadata.isEmpty()) { + for(Metadata metadata : allMetadata){ + if(Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())){ + String metaValue = metadata.getMetaValue(); + if (metaValue != null) { + JSONObject jsonObject; + jsonObject = new JSONObject(metaValue); + boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES); + return isUserAbleToViewAllRoles; + } + } + } + } + return false; + } + /** * Get assigned role list of the given user. * @@ -3486,7 +3515,8 @@ public class ApplicationManagerImpl implements ApplicationManager { } @Override - public void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException { + public void validateAppCreatingRequest(T param) + throws ApplicationManagementException, RequestValidatingException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); int deviceTypeId = -1; @@ -3658,6 +3688,15 @@ public class ApplicationManagerImpl implements ApplicationManager { log.error(msg); throw new ApplicationManagementException(msg); } + if (!isUserAbleToViewAllRoles()) { + if (!hasUserRole(unrestrictedRoles, userName)) { + String msg = "You are trying to restrict the visibility of the application for a role set, but " + + "in order to perform the action at least one role should be assigned to user: " + + userName; + log.error(msg); + throw new BadRequestException(msg); + } + } } Filter filter = new Filter(); @@ -3709,6 +3748,10 @@ public class ApplicationManagerImpl implements ApplicationManager { String msg = "Error occurred when validating the unrestricted roles given for the web clip"; log.error(msg, e); throw new ApplicationManagementException(msg, e); + } catch (MetadataManagementException e) { + String msg = "Error occurred while retrieving metadata list"; + log.error(msg, e); + throw new ApplicationManagementException(msg, e); } finally { ConnectionManagerUtil.closeDBConnection(); } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java index b33fce5bf2..955a642b6f 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java @@ -26,6 +26,7 @@ import io.entgra.device.mgt.core.application.mgt.core.config.IdentityServiceProv import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService; import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException; import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -71,6 +72,7 @@ public class APIUtil { private static volatile SubscriptionManager subscriptionManager; private static volatile ReviewManager reviewManager; private static volatile AppmDataHandler appmDataHandler; + private static volatile MetadataManagementService metadataManagementService; public static SPApplicationManager getSPApplicationManager() { if (SPApplicationManager == null) { @@ -523,4 +525,20 @@ public class APIUtil { .getAppHashValue() + Constants.FORWARD_SLASH; return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName(); } + + public static MetadataManagementService getMetadataManagementService() { + if (metadataManagementService == null) { + synchronized (APIUtil.class) { + if (metadataManagementService == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + metadataManagementService = (MetadataManagementService) ctx.getOSGiService( + MetadataManagementService.class, null); + if (metadataManagementService == null) { + throw new IllegalStateException("Metadata Management service not initialized."); + } + } + } + } + return metadataManagementService; + } } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java index 5864242acf..efd848cdb1 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java @@ -70,7 +70,8 @@ public class Constants { public static final String ANY = "ANY"; public static final String DEFAULT_PCK_NAME = "default.app.com"; public static final String ALL = "ALL"; - + public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES"; + public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles"; public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id="; public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id"; diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 12b0b810da..099473ad0d 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -19,7 +19,6 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; -import org.apache.axis2.databinding.types.xsd._boolean; import org.apache.commons.logging.Log; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; @@ -110,8 +109,10 @@ public class RoleManagementServiceImpl implements RoleManagementService { @QueryParam("filter") String filter, @QueryParam("user-store") String userStore, @HeaderParam("If-Modified-Since") String ifModifiedSince, - @QueryParam("offset") int offset, @QueryParam("limit") int limit, - @QueryParam("username") String username, @QueryParam("domain") String domain, + @QueryParam("offset") int offset, + @QueryParam("limit") int limit, + @QueryParam("username") String username, + @QueryParam("domain") String domain, @PathParam("metaKey") String metaKey) { RequestValidationUtil.validatePaginationParameters(offset, limit); if (limit == 0){ @@ -128,13 +129,13 @@ public class RoleManagementServiceImpl implements RoleManagementService { String metaValue = metadata.getMetaValue(); JSONParser parser = new JSONParser(); JSONObject jsonObject = (JSONObject) parser.parse(metaValue); - boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles"); + boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES); if (decision) { - if(userStore == null || "".equals(userStore)){ + if (userStore == null || "".equals(userStore)){ userStore = PRIMARY_USER_STORE; } - try{ - visibleRoles =getRolesFromUserStore(filter, userStore); + try { + visibleRoles = getRolesFromUserStore(filter, userStore); visibleRoleList.setList(visibleRoles); visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit); @@ -148,7 +149,8 @@ public class RoleManagementServiceImpl implements RoleManagementService { new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } else { - try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + try { + UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); if (!userStoreManager.isExistingUser(username)) { if (log.isDebugEnabled()) { log.debug("User by username: " + username + " does not exist for role retrieval."); @@ -159,7 +161,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username)); return Response.status(Response.Status.OK).entity(visibleRoleList).build(); - }catch (UserStoreException e) { + } catch (UserStoreException e) { String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'"; log.error(msg, e); return Response.serverError().entity( @@ -171,7 +173,9 @@ public class RoleManagementServiceImpl implements RoleManagementService { log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (ParseException e) { - throw new RuntimeException(e); + String msg = "Error occurred while parsing JSON metadata: " + e.getMessage(); + log.error(msg, e); + return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java index c9ad2e182e..02d332baf2 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java @@ -38,6 +38,7 @@ public class Constants { public static final int DEFAULT_PAGE_LIMIT = 50; public static final String FORWARD_SLASH = "/"; public static final String ANDROID = "android"; + public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles"; public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." + "core.polcy.AndroidPolicyPayloadValidator"; public static final String IOS = "ios";