From 9967d6e7da1ec6f7600ca5b57c146c6f6148793a Mon Sep 17 00:00:00 2001
From: ayyoob <ayyoobhamza@gmail.com>
Date: Wed, 26 Apr 2017 00:56:32 +0530
Subject: [PATCH] few fixes after testing mqtt authorisation flow (cherry
 picked from commit 4aba08b)

---
 .../extension/api/filter/ApiPermissionFilter.java   | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
index 1f043c7b86..0c78488a2d 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
@@ -47,6 +47,7 @@ public class ApiPermissionFilter implements Filter {
     private static final String PERMISSION_PREFIX = "/permission/admin";
     private static List<Permission> permissions;
     private static final String WEBAPP_CONTEXT = "/api-application-registration";
+    private static final String DEFAULT_ADMIN_ROLE = "admin";
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
         InputStream permissionStream = filterConfig.getServletContext().getResourceAsStream(PERMISSION_CONFIG_PATH);
@@ -122,7 +123,17 @@ public class ApiPermissionFilter implements Filter {
             UserRealm userRealm = APIUtil.getRealmService().getTenantUserRealm(PrivilegedCarbonContext
                                 .getThreadLocalCarbonContext().getTenantId());
             String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
-            return userRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, permission, action);
+            boolean status =  userRealm.getAuthorizationManager()
+                    .isUserAuthorized(tenantAwareUsername, permission, action);
+            if (!status) {
+                String[] roles = userRealm.getUserStoreManager().getRoleListOfUser(tenantAwareUsername);
+                for (String role : roles) {
+                    if (role.equals(DEFAULT_ADMIN_ROLE)) {
+                        return true;
+                    }
+                }
+            }
+            return status;
         } catch (UserStoreException e) {
             String errorMsg = String.format("Unable to authorize the user : %s", username);
             log.error(errorMsg, e);