Merge pull request 'Fix scope attaching issue' (#247) from tcdlpds/device-mgt-core:master into master

Reviewed-on: community/device-mgt-core#247
12 months ago · db80546a5a
parent 8813619929 58670028c0
commit db80546a5a
3 changed files with 32 additions and 108 deletions
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
@ -30,7 +30,6 @@ import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.context.RegistryType;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleInfo;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList;
@ -40,9 +39,6 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestV
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.SetReferenceTransformer;
-import org.wso2.carbon.registry.api.Registry;
-import org.wso2.carbon.registry.core.session.UserRegistry;
-import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
 import org.wso2.carbon.user.api.*;
 import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
 import org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages;
@ -57,9 +53,11 @@ import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
-import java.util.*;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;

 import static io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants.PRIMARY_USER_STORE;

@ -404,25 +402,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
            userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
            try {
                if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
-                    String finalRoleName = roleInfo.getRoleName();
-                    String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
-                    final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
-                    Thread thread = new Thread(new Runnable() {
-                        @Override
-                        public void run() {
-                            try {
-                                PrivilegedCarbonContext.startTenantFlow();
-                                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
-                                DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleInfo.getRoleName(),
-                                        RoleManagementServiceImpl.this.getPlatformUIPermissions(finalRoleName, userRealm, roleInfo.getPermissions()));
-                            } catch (APIManagerPublisherException | UserAdminException e) {
-                                log.error("Error Occurred while updating role scope mapping. ", e);
-                            } finally {
-                                PrivilegedCarbonContext.endTenantFlow();
-                            }
-                        }
-                    });
-                    thread.start();
+                    String[] roleName = roleInfo.getRoleName().split("/");
+                    addPermissions(roleName[roleName.length - 1], roleInfo.getPermissions(),
+                            DeviceMgtAPIUtils.getUserRealm());
                }
            } catch (UserStoreException e) {
                String msg = "Error occurred while loading the user store.";
@ -563,24 +545,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
            }

            if (roleInfo.getPermissions() != null) {
-                String finalRoleName = roleName;
-                String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
-                Thread thread = new Thread(new Runnable() {
-                    @Override
-                    public void run() {
-                        try {
-                            PrivilegedCarbonContext.startTenantFlow();
-                            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
-                            DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleInfo.getRoleName(),
-                                    RoleManagementServiceImpl.this.getPlatformUIPermissions(finalRoleName, userRealm, roleInfo.getPermissions()));
-                        } catch (APIManagerPublisherException | UserAdminException e) {
-                            log.error("Error Occurred while updating role scope mapping. ", e);
-                        } finally {
-                            PrivilegedCarbonContext.endTenantFlow();
-                        }
-                    }
-                });
-                thread.start();
+                String[] roleDetails = roleName.split("/");
+                addPermissions(roleDetails[roleDetails.length - 1], roleInfo.getPermissions(), userRealm);
            }
            //TODO: Need to send the updated role information in the entity back to the client
            return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@ -730,4 +696,25 @@ public class RoleManagementServiceImpl implements RoleManagementService {
        }
        return rolePermissions;
    }
+
+    private void addPermissions(String roleName, String[] permissions, UserRealm userRealm) {
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
+        Thread thread = new Thread(new Runnable() {
+            @Override
+            public void run() {
+                try {
+                    PrivilegedCarbonContext.startTenantFlow();
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
+                    DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName,
+                            RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
+                                    permissions));
+                } catch (APIManagerPublisherException | UserAdminException e) {
+                    log.error("Error Occurred while updating role scope mapping. ", e);
+                } finally {
+                    PrivilegedCarbonContext.endTenantFlow();
+                }
+            }
+        });
+        thread.start();
+    }
 }
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java
@ -114,11 +114,6 @@ public class UserManagementServiceImpl implements UserManagementService {
    private static final String API_BASE_PATH = "/users";
    private static final Log log = LogFactory.getLog(UserManagementServiceImpl.class);

-    private static final String ADMIN_ROLE = "admin";
-    private static final String DEFAULT_DEVICE_USER = "Internal/devicemgt-user";
-    private static final String DEFAULT_DEVICE_ADMIN = "Internal/devicemgt-admin";
-    private static final String DEFAULT_SUBSCRIBER = "Internal/subscriber";
-
    // Permissions that are given for a normal device user.
    private static final Permission[] PERMISSIONS_FOR_DEVICE_USER = {
            new Permission("/permission/admin/Login", "ui.execute"),
@ -155,51 +150,9 @@ public class UserManagementServiceImpl implements UserManagementService {
            Map<String, String> defaultUserClaims =
                    this.buildDefaultUserClaims(userInfo.getFirstname(), userInfo.getLastname(),
                            userInfo.getEmailAddress(), true);
-            // calling addUser method of carbon user api
-            List<String> tmpRoles = new ArrayList<>();
-            String[] userInfoRoles = userInfo.getRoles();
-            tmpRoles.add(DEFAULT_DEVICE_USER);
-
-            boolean subscriberFound = false;
-            boolean adminFound = false;
-
-            if (userInfoRoles != null) {
-                //check if subscriber role is coming in the payload
-                for (String r : userInfoRoles) {
-                    if (!subscriberFound || !adminFound) {
-                        if (DEFAULT_SUBSCRIBER.equals(r)) {
-                            subscriberFound = true;
-                        } else if (ADMIN_ROLE.equals(r)) {
-                            tmpRoles.add(DEFAULT_DEVICE_ADMIN);
-                            adminFound = true;
-                        }
-                    } else {
-                        break;
-                    }
-                }
-                tmpRoles.addAll(Arrays.asList(userInfoRoles));
-            }
-
-            if (!subscriberFound) {
-                // Add Internal/subscriber role to new users
-                if (userStoreManager.isExistingRole(DEFAULT_SUBSCRIBER)) {
-                    tmpRoles.add(DEFAULT_SUBSCRIBER);
-                } else {
-                    log.warn("User: " + userInfo.getUsername() + " will not be able to enroll devices as '" +
-                             DEFAULT_SUBSCRIBER + "' is missing in the system");
-                }
-            }
-
-            String[] roles = new String[tmpRoles.size()];
-            tmpRoles.toArray(roles);
-
-            // If the normal device user role does not exist, create a new role with the minimal permissions
-            if (!userStoreManager.isExistingRole(DEFAULT_DEVICE_USER)) {
-                userStoreManager.addRole(DEFAULT_DEVICE_USER, null, PERMISSIONS_FOR_DEVICE_USER);
-            }

            userStoreManager.addUser(userInfo.getUsername(), initialUserPassword,
-                    roles, defaultUserClaims, null);
+                    userInfo.getRoles(), defaultUserClaims, null);
            // Outputting debug message upon successful addition of user
            if (log.isDebugEnabled()) {
                log.debug("User '" + userInfo.getUsername() + "' has successfully been added.");
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
@ -187,7 +187,6 @@
        <Scope>am:store:app:modify</Scope>
        <Scope>am:store:app:sub:install</Scope>
        <Scope>am:store:app:sub:uninstall</Scope>
-        <Scope>am:admin:pub:app:review:update</Scope>
        <Scope>am:admin:pub:app:review:view</Scope>
        <Scope>am:admin:pub:app:update</Scope>
        <Scope>am:admin:store:app:review:update</Scope>
@ -196,12 +195,8 @@
        <Scope>dm:device-type:view</Scope>
        <Scope>and:enterprise:modify</Scope>
        <Scope>and:enterprise:view</Scope>
-        <Scope>and:work:customer</Scope>
-        <Scope>and:work:admin</Scope>
-        <Scope>app:command:modify</Scope>
        <Scope>dm:sign-csr</Scope>
        <Scope>dm:admin:devices:view</Scope>
-        <Scope>dm:admin:topics:view</Scope>
        <Scope>rm:roles:add</Scope>
        <Scope>rm:users:add</Scope>
        <Scope>rm:roles:update</Scope>
@ -210,15 +205,6 @@
        <Scope>rm:roles:view</Scope>
        <Scope>rm:roles:combined:add</Scope>
        <Scope>rm:roles:delete</Scope>
-        <Scope>an:db:vulnerabilities</Scope>
-        <Scope>an:db:non-compliant:count</Scope>
-        <Scope>an:db:non-compliant</Scope>
-        <Scope>an:db:by-groups</Scope>
-        <Scope>an:db:device:count</Scope>
-        <Scope>an:db:feature-non-compliant</Scope>
-        <Scope>an:db:overview:count</Scope>
-        <Scope>an:db:filtered-count</Scope>
-        <Scope>an:db:details</Scope>
        <Scope>dm:activity:get</Scope>
        <Scope>dm:devices:delete</Scope>
        <Scope>dm:devices:app:view</Scope>
@ -295,7 +281,6 @@
        <Scope>dm:device:enroll</Scope>
        <Scope>dm:geo:an:view</Scope>
        <Scope>dm:geo:alerts:manage</Scope>
-        <Scope>appm:read</Scope>
        <Scope>dm:admin:devices:permanent-delete</Scope>
        <Scope>and:conf:manage</Scope>
        <Scope>and:conf:view</Scope>
@ -345,7 +330,6 @@
        <Scope>win:ops:reboot</Scope>
        <Scope>win:ops:location</Scope>
        <Scope>admin:tenant:view</Scope>
-        <Scope>dm:admin:metadata:view</Scope>
        <Scope>dm:admin:devices:usage:view</Scope>
        <Scope>and:ops:clear-app</Scope>
        <Scope>and:ops:suspend-package</Scope>