Improve app visibility restricting functionality

Co-authored-by: Nishan Sangeeth <nishan@entgra.io>
Co-committed-by: Nishan Sangeeth <nishan@entgra.io>
temp-changes
Nishan Sangeeth 1 year ago committed by Lasantha Dharmakeerthi
parent e0a1cd3dbb
commit 3616245ae6

@ -27,6 +27,7 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category;
import io.entgra.device.mgt.core.application.mgt.common.response.Tag; import io.entgra.device.mgt.core.application.mgt.common.response.Tag;
import io.entgra.device.mgt.core.device.mgt.common.Base64File; import io.entgra.device.mgt.core.device.mgt.common.Base64File;
import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO; import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import org.apache.cxf.jaxrs.ext.multipart.Attachment; import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact;
import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger; import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger;

@ -22,6 +22,8 @@ import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestExcept
import io.entgra.device.mgt.core.device.mgt.common.Base64File; import io.entgra.device.mgt.core.device.mgt.common.Base64File;
import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO; import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO;
import io.entgra.device.mgt.core.application.mgt.core.util.ApplicationManagementUtil; import io.entgra.device.mgt.core.application.mgt.core.util.ApplicationManagementUtil;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringEscapeUtils;
@ -30,6 +32,7 @@ import org.apache.commons.validator.routines.UrlValidator;
import org.apache.cxf.jaxrs.ext.multipart.Attachment; import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact;
@ -95,6 +98,7 @@ import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProvide
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import javax.ws.rs.core.Response;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@ -1713,6 +1717,31 @@ public class ApplicationManagerImpl implements ApplicationManager {
} }
} }
/**
* Check whether valid metaData value or not
*
* @return true or false
* @throws MetadataManagementException If it is unable to load metaData
*/
private boolean isUserAbleToViewAllRoles() throws MetadataManagementException {
List<Metadata> allMetadata;
allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata();
if (allMetadata != null && !allMetadata.isEmpty()) {
for(Metadata metadata : allMetadata){
if(Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())){
String metaValue = metadata.getMetaValue();
if (metaValue != null) {
JSONObject jsonObject;
jsonObject = new JSONObject(metaValue);
boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
return isUserAbleToViewAllRoles;
}
}
}
}
return false;
}
/** /**
* Get assigned role list of the given user. * Get assigned role list of the given user.
* *
@ -3486,7 +3515,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
} }
@Override @Override
public <T> void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException { public <T> void validateAppCreatingRequest(T param)
throws ApplicationManagementException, RequestValidatingException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
int deviceTypeId = -1; int deviceTypeId = -1;
@ -3658,6 +3688,15 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);
} }
if (!isUserAbleToViewAllRoles()) {
if (!hasUserRole(unrestrictedRoles, userName)) {
String msg = "You are trying to restrict the visibility of the application for a role set, but "
+ "in order to perform the action at least one role should be assigned to user: "
+ userName;
log.error(msg);
throw new BadRequestException(msg);
}
}
} }
Filter filter = new Filter(); Filter filter = new Filter();
@ -3709,6 +3748,10 @@ public class ApplicationManagerImpl implements ApplicationManager {
String msg = "Error occurred when validating the unrestricted roles given for the web clip"; String msg = "Error occurred when validating the unrestricted roles given for the web clip";
log.error(msg, e); log.error(msg, e);
throw new ApplicationManagementException(msg, e); throw new ApplicationManagementException(msg, e);
} catch (MetadataManagementException e) {
String msg = "Error occurred while retrieving metadata list";
log.error(msg, e);
throw new ApplicationManagementException(msg, e);
} finally { } finally {
ConnectionManagerUtil.closeDBConnection(); ConnectionManagerUtil.closeDBConnection();
} }

@ -26,6 +26,7 @@ import io.entgra.device.mgt.core.application.mgt.core.config.IdentityServiceProv
import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService; import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService;
import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException; import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException; import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -71,6 +72,7 @@ public class APIUtil {
private static volatile SubscriptionManager subscriptionManager; private static volatile SubscriptionManager subscriptionManager;
private static volatile ReviewManager reviewManager; private static volatile ReviewManager reviewManager;
private static volatile AppmDataHandler appmDataHandler; private static volatile AppmDataHandler appmDataHandler;
private static volatile MetadataManagementService metadataManagementService;
public static SPApplicationManager getSPApplicationManager() { public static SPApplicationManager getSPApplicationManager() {
if (SPApplicationManager == null) { if (SPApplicationManager == null) {
@ -523,4 +525,20 @@ public class APIUtil {
.getAppHashValue() + Constants.FORWARD_SLASH; .getAppHashValue() + Constants.FORWARD_SLASH;
return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName(); return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
} }
public static MetadataManagementService getMetadataManagementService() {
if (metadataManagementService == null) {
synchronized (APIUtil.class) {
if (metadataManagementService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
metadataManagementService = (MetadataManagementService) ctx.getOSGiService(
MetadataManagementService.class, null);
if (metadataManagementService == null) {
throw new IllegalStateException("Metadata Management service not initialized.");
}
}
}
}
return metadataManagementService;
}
} }

@ -70,7 +70,8 @@ public class Constants {
public static final String ANY = "ANY"; public static final String ANY = "ANY";
public static final String DEFAULT_PCK_NAME = "default.app.com"; public static final String DEFAULT_PCK_NAME = "default.app.com";
public static final String ALL = "ALL"; public static final String ALL = "ALL";
public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES";
public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id="; public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id=";
public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id"; public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id";

@ -19,7 +19,6 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.apache.axis2.databinding.types.xsd._boolean;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.json.simple.JSONObject; import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser; import org.json.simple.parser.JSONParser;
@ -110,8 +109,10 @@ public class RoleManagementServiceImpl implements RoleManagementService {
@QueryParam("filter") String filter, @QueryParam("filter") String filter,
@QueryParam("user-store") String userStore, @QueryParam("user-store") String userStore,
@HeaderParam("If-Modified-Since") String ifModifiedSince, @HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("limit") int limit, @QueryParam("offset") int offset,
@QueryParam("username") String username, @QueryParam("domain") String domain, @QueryParam("limit") int limit,
@QueryParam("username") String username,
@QueryParam("domain") String domain,
@PathParam("metaKey") String metaKey) { @PathParam("metaKey") String metaKey) {
RequestValidationUtil.validatePaginationParameters(offset, limit); RequestValidationUtil.validatePaginationParameters(offset, limit);
if (limit == 0){ if (limit == 0){
@ -128,7 +129,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
String metaValue = metadata.getMetaValue(); String metaValue = metadata.getMetaValue();
JSONParser parser = new JSONParser(); JSONParser parser = new JSONParser();
JSONObject jsonObject = (JSONObject) parser.parse(metaValue); JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles"); boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
if (decision) { if (decision) {
if (userStore == null || "".equals(userStore)){ if (userStore == null || "".equals(userStore)){
userStore = PRIMARY_USER_STORE; userStore = PRIMARY_USER_STORE;
@ -148,7 +149,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} }
} else { } else {
try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) { if (!userStoreManager.isExistingUser(username)) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("User by username: " + username + " does not exist for role retrieval."); log.debug("User by username: " + username + " does not exist for role retrieval.");
@ -171,7 +173,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
log.error(msg, e); log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (ParseException e) { } catch (ParseException e) {
throw new RuntimeException(e); String msg = "Error occurred while parsing JSON metadata: " + e.getMessage();
log.error(msg, e);
return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
} }
} }

@ -38,6 +38,7 @@ public class Constants {
public static final int DEFAULT_PAGE_LIMIT = 50; public static final int DEFAULT_PAGE_LIMIT = 50;
public static final String FORWARD_SLASH = "/"; public static final String FORWARD_SLASH = "/";
public static final String ANDROID = "android"; public static final String ANDROID = "android";
public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." + public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." +
"core.polcy.AndroidPolicyPayloadValidator"; "core.polcy.AndroidPolicyPayloadValidator";
public static final String IOS = "ios"; public static final String IOS = "ios";

Loading…
Cancel
Save