From dfb7e9a9c8267101a851c210f708f3687755a32a Mon Sep 17 00:00:00 2001
From: charithag <charitha.ws@gmail.com>
Date: Mon, 25 Apr 2016 22:36:41 +0530
Subject: [PATCH] Fix permissions

---
 .../java/org/wso2/carbon/mdm/api/Group.java   |  47 ++--
 .../src/main/webapp/META-INF/permissions.xml  | 229 ++++++++++++------
 .../jaggeryapps/devicemgt/api/group-api.jag   | 133 ----------
 .../jaggeryapps/devicemgt/app/modules/init.js |   9 +-
 .../jaggeryapps/devicemgt/app/modules/user.js |  16 +-
 .../app/pages/cdmf.page.devices/devices.hbs   |   2 +-
 .../cdmf.page.devices/public/js/listing.js    |  31 +--
 .../cdmf.page.groups/public/js/listing.js     |  15 +-
 8 files changed, 230 insertions(+), 252 deletions(-)
 delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/mdm/api/Group.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/mdm/api/Group.java
index 8c86419aea..71d91f97f0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/mdm/api/Group.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/mdm/api/Group.java
@@ -97,7 +97,7 @@ public class Group {
         }
     }
 
-    @Path("/{owner}/{groupName}")
+    @Path("/owner/{owner}/name/{groupName}")
     @PUT
     @Consumes("application/json")
     @Produces("application/json")
@@ -112,7 +112,7 @@ public class Group {
         }
     }
 
-    @Path("/{owner}/{groupName}")
+    @Path("/owner/{owner}/name/{groupName}")
     @DELETE
     public Response deleteGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner) {
         try {
@@ -160,7 +160,7 @@ public class Group {
         }
     }
 
-    @Path("/{owner}/{groupName}")
+    @Path("/owner/{owner}/name/{groupName}")
     @GET
     @Produces("application/json")
     public Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner) {
@@ -177,14 +177,14 @@ public class Group {
         }
     }
 
-    @Path("/search")
+    @Path("/user/{user}/search")
     @GET
     @Produces("application/json")
     public Response findGroups(@QueryParam("groupName") String groupName,
-                               @QueryParam("userName") String userName) {
+                               @PathParam("user") String user) {
         try {
             List<DeviceGroup> groups = DeviceMgtAPIUtils.getGroupManagementProviderService()
-                    .findInGroups(groupName, userName);
+                    .findInGroups(groupName, user);
             DeviceGroup[] deviceGroups = new DeviceGroup[groups.size()];
             groups.toArray(deviceGroups);
             return Response.status(Response.Status.OK).entity(deviceGroups).build();
@@ -216,6 +216,19 @@ public class Group {
         }
     }
 
+    @Path("/count")
+    @GET
+    @Produces("application/json")
+    public Response getAllGroupCount() {
+        try {
+            int count = DeviceMgtAPIUtils.getGroupManagementProviderService().getGroupCount();
+            return Response.status(Response.Status.OK).entity(count).build();
+        } catch (GroupManagementException e) {
+            log.error(e.getMessage(), e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
+        }
+    }
+
     @Path("/user/{user}/count")
     @GET
     @Produces("application/json")
@@ -229,7 +242,7 @@ public class Group {
         }
     }
 
-    @Path("/{owner}/{groupName}/share")
+    @Path("/owner/{owner}/name/{groupName}/share")
     @PUT
     @Produces("application/json")
     public Response shareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@@ -250,7 +263,7 @@ public class Group {
         }
     }
 
-    @Path("/{owner}/{groupName}/unshare")
+    @Path("/owner/{owner}/name/{groupName}/unshare")
     @PUT
     @Produces("application/json")
     public Response unShareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@@ -270,7 +283,7 @@ public class Group {
         }
     }
 
-    @Path("/{owner}/{groupName}/share/roles/{roleName}/permissions")
+    @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions")
     @PUT
     @Produces("application/json")
     public Response addSharing(@QueryParam("shareUser") String shareUser, @PathParam("groupName") String groupName,
@@ -293,7 +306,7 @@ public class Group {
     }
 
     @DELETE
-    @Path("/{owner}/{groupName}/share/roles/{roleName}/permissions")
+    @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions")
     @Produces("application/json")
     public Response removeSharing(@QueryParam("userName") String userName, @PathParam("groupName") String groupName,
                                   @PathParam("owner") String owner,
@@ -313,7 +326,7 @@ public class Group {
     }
 
     @GET
-    @Path("/{owner}/{groupName}/share/roles")
+    @Path("/owner/{owner}/name/{groupName}/share/roles")
     @Produces("application/json")
     public Response getRoles(@PathParam("groupName") String groupName,
                              @PathParam("owner") String owner, @QueryParam("userName") String userName) {
@@ -334,7 +347,7 @@ public class Group {
     }
 
     @GET
-    @Path("/{owner}/{groupName}/users")
+    @Path("/owner/{owner}/name/{groupName}/users")
     @Produces("application/json")
     public Response getUsers(@PathParam("groupName") String groupName,
                              @PathParam("owner") String owner) {
@@ -351,7 +364,7 @@ public class Group {
     }
 
     @GET
-    @Path("/{owner}/{groupName}/devices/all")
+    @Path("/owner/{owner}/name/{groupName}/devices/all")
     @Produces("application/json")
     public Response getDevices(@PathParam("groupName") String groupName,
                                @PathParam("owner") String owner) {
@@ -368,7 +381,7 @@ public class Group {
     }
 
     @GET
-    @Path("/{owner}/{groupName}/devices/count")
+    @Path("/owner/{owner}/name/{groupName}/devices/count")
     @Produces("application/json")
     public Response getDeviceCount(@PathParam("groupName") String groupName,
                                    @PathParam("owner") String owner) {
@@ -382,7 +395,7 @@ public class Group {
     }
 
     @PUT
-    @Path("/{owner}/{groupName}/devices/{deviceType}/{deviceId}")
+    @Path("/owner/{owner}/name/{groupName}/devices/{deviceType}/{deviceId}")
     @Produces("application/json")
     public Response addDevice(@PathParam("groupName") String groupName,
                               @PathParam("owner") String owner, @PathParam("deviceId") String deviceId,
@@ -404,7 +417,7 @@ public class Group {
     }
 
     @DELETE
-    @Path("/{owner}/{groupName}/devices/{deviceType}/{deviceId}")
+    @Path("/owner/{owner}/name/{groupName}/devices/{deviceType}/{deviceId}")
     @Produces("application/json")
     public Response removeDevice(@PathParam("groupName") String groupName,
                                  @PathParam("owner") String owner, @PathParam("deviceId") String deviceId,
@@ -425,7 +438,7 @@ public class Group {
     }
 
     @GET
-    @Path("/{owner}/{groupName}/users/{userName}/permissions")
+    @Path("/owner/{owner}/name/{groupName}/users/{userName}/permissions")
     @Produces("application/json")
     public Response getPermissions(@PathParam("userName") String userName,
                                    @PathParam("groupName") String groupName,
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
index 42fd366369..e99164cdb2 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
@@ -59,6 +59,13 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>User Devices</name>
+        <path>/device-mgt/user/devices</path>
+        <url>/</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Policies</name>
         <path>/device-mgt/admin/policies</path>
@@ -66,6 +73,13 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>User Policies</name>
+        <path>/device-mgt/user/policies</path>
+        <url>/</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Notifications</name>
         <path>/device-mgt/admin/notifications</path>
@@ -73,6 +87,13 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>User Notifications</name>
+        <path>/device-mgt/user/notifications</path>
+        <url>/</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Users</name>
         <path>/device-mgt/admin/users</path>
@@ -87,6 +108,13 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>User Operations</name>
+        <path>/device-mgt/user/operations</path>
+        <url>/</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Applications</name>
         <path>/device-mgt/admin/operations/applications</path>
@@ -123,12 +151,19 @@
     </Permission>
 
     <Permission>
-        <name>List devices</name>
+        <name>List device types</name>
         <path>/device-mgt/admin/devices/list</path>
         <url>/devices/types</url>
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>List device types</name>
+        <path>/device-mgt/user/devices/list</path>
+        <url>/devices/types</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Add policy</name>
         <path>/device-mgt/admin/policies/add</path>
@@ -136,6 +171,13 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>Add User policy</name>
+        <path>/device-mgt/user/policies/add</path>
+        <url>/devices/types</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Edit policy</name>
         <path>/device-mgt/admin/policies/update</path>
@@ -143,6 +185,13 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>Edit User policy</name>
+        <path>/device-mgt/user/policies/update</path>
+        <url>/devices/types</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>View device</name>
         <path>/device-mgt/admin/devices/view</path>
@@ -151,7 +200,7 @@
     </Permission>
 
     <Permission>
-        <name>View device</name>
+        <name>View user device</name>
         <path>/device-mgt/user/devices/view</path>
         <url>/devices/view</url>
         <method>GET</method>
@@ -173,12 +222,19 @@
     </Permission>
 
     <Permission>
-        <name>List devices</name>
+        <name>Devices Count All</name>
         <path>/device-mgt/admin/devices/list</path>
         <url>/devices/count</url>
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>Device Count</name>
+        <path>/device-mgt/user/devices/list</path>
+        <url>/devices/user/*/count</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>List devices</name>
         <path>/device-mgt/admin/devices/list</path>
@@ -501,19 +557,12 @@
     </Permission>
 
     <Permission>
-        <name>List devices</name>
+        <name>List user devices</name>
         <path>/device-mgt/user/devices/list</path>
         <url>/users/devices</url>
         <method>GET</method>
     </Permission>
 
-    <Permission>
-        <name>List devices</name>
-        <path>/device-mgt/admin/devices/list</path>
-        <url>/users/devices</url>
-        <method>GET</method>
-    </Permission>
-
     <Permission>
         <name>View user</name>
         <path>/device-mgt/admin/users/view</path>
@@ -854,143 +903,185 @@
 
     <!-- Group related APIs -->
     <Permission>
-        <name>Group Management</name>
+        <name>Group Management Admin</name>
         <path>/device-mgt/admin/groups</path>
+        <url>/</url>
+        <method>GET</method>
+    </Permission>
+
+    <Permission>
+        <name>Group Management User</name>
+        <path>/device-mgt/user/groups</path>
+        <url>/</url>
+        <method>GET</method>
+    </Permission>
+
+    <Permission>
+        <name>Add Group</name>
+        <path>/device-mgt/user/groups/add</path>
         <url>/groups</url>
         <method>POST</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*</url>
+        <name>Group update</name>
+        <path>/device-mgt/user/groups/update</path>
+        <url>/groups/owner/*/name/*</url>
         <method>PUT</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*</url>
+        <name>Group Delete</name>
+        <path>/device-mgt/user/groups/delete</path>
+        <url>/groups/owner/*/name/*</url>
         <method>DELETE</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
+        <name>List All Groups</name>
+        <path>/device-mgt/admin/groups/list</path>
         <url>/groups</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
+        <name>List Groups</name>
+        <path>/device-mgt/user/groups/list</path>
         <url>/groups/user/*</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*</url>
+        <name>List Groups</name>
+        <path>/device-mgt/user/groups/list</path>
+        <url>/groups/user/*/all</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/search</url>
+        <name>View Group</name>
+        <path>/device-mgt/user/groups/view</path>
+        <url>/groups/owner/*/name/*</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/user/*/all</url>
+        <name>Search Group User</name>
+        <path>/device-mgt/user/groups/list</path>
+        <url>/groups/user/*/search</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
+        <name>All Group Count</name>
+        <path>/device-mgt/admin/groups/list</path>
+        <url>/groups/count</url>
+        <method>GET</method>
+    </Permission>
+
+    <Permission>
+        <name>Group Count</name>
+        <path>/device-mgt/user/groups/list</path>
         <url>/groups/user/*/count</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/share</url>
+        <name>Group Share</name>
+        <path>/device-mgt/user/groups/share</path>
+        <url>/groups/owner/*/name/*/share</url>
         <method>PUT</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/unshare</url>
+        <name>Group Unshare</name>
+        <path>/device-mgt/user/groups/unshare</path>
+        <url>/groups/owner/*/name/*/unshare</url>
         <method>PUT</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/share/roles/*/permissions</url>
+        <name>Group Roles</name>
+        <path>/device-mgt/user/groups/roles</path>
+        <url>/groups/owner/*/name/*/share/roles</url>
+        <method>GET</method>
+    </Permission>
+
+    <Permission>
+        <name>Group Permissions</name>
+        <path>/device-mgt/admin/groups/roles/permissions</path>
+        <url>/groups/owner/*/name/*/share/roles/*/permissions</url>
+        <method>GET</method>
+    </Permission>
+
+    <Permission>
+        <name>Group Add Permissions</name>
+        <path>/device-mgt/admin/groups/roles/permissions/add</path>
+        <url>/groups/owner/*/name/*/share/roles/*/permissions</url>
         <method>PUT</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/share/roles/*/permissions</url>
+        <name>Group Delete Permissions</name>
+        <path>/device-mgt/admin/groups/roles/permissions/delete</path>
+        <url>/groups/owner/*/name/*/share/roles/*/permissions</url>
         <method>DELETE</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/share/roles</url>
+        <name>Group Users</name>
+        <path>/device-mgt/user/groups/users</path>
+        <url>/</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/users</url>
+        <name>List Group Users</name>
+        <path>/device-mgt/user/groups/users/list</path>
+        <url>/groups/owner/*/name/*/users</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/devices/all</url>
+        <name>Get Permissions for Group</name>
+        <path>/device-mgt/user/groups/users/permissions</path>
+        <url>/groups/owner/*/name/*/users/*/permissions</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/devices/count</url>
+        <name>Group Devices</name>
+        <path>/device-mgt/user/groups/devices</path>
+        <url>/</url>
         <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/devices/*/*</url>
-        <method>PUT</method>
+        <name>List Group Devices</name>
+        <path>/device-mgt/user/groups/devices/list</path>
+        <url>/groups/owner/*/name/*/devices/all</url>
+        <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/devices/*/*</url>
-        <method>DELETE</method>
+        <name>Group Devices Count</name>
+        <path>/device-mgt/user/groups/devices/count</path>
+        <url>/groups/owner/*/name/*/devices/count</url>
+        <method>GET</method>
     </Permission>
 
     <Permission>
-        <name>Group Management</name>
-        <path>/device-mgt/admin/groups</path>
-        <url>/groups/*/*/users/*/permissions</url>
-        <method>GET</method>
+        <name>Add Device to Group</name>
+        <path>/device-mgt/user/groups/devices/add</path>
+        <url>/groups/owner/*/name/*/devices/*/*</url>
+        <method>PUT</method>
+    </Permission>
+
+    <Permission>
+        <name>Remove Device from Group</name>
+        <path>/device-mgt/user/groups/devices/remove</path>
+        <url>/groups/owner/*/name/*/devices/*/*</url>
+        <method>DELETE</method>
     </Permission>
     <!-- End of Group related APIs -->
 
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag
deleted file mode 100644
index 5795fb9df5..0000000000
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag
+++ /dev/null
@@ -1,133 +0,0 @@
-<%
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-var uri = request.getRequestURI();
-var uriMatcher = new URIMatcher(String(uri));
-
-var log = new Log("apis/group-api.jag");
-
-var constants = require("/app/modules/constants.js");
-
-var utility = require("/app/modules/utility.js").utility;
-var devicemgtProps = require('/app/conf/devicemgt-props.js').config();
-var responseProcessor = require('utils').response;
-
-var deviceCloudService = devicemgtProps["httpsURL"] + "/common/group_manager";
-
-var user = session.get(constants.USER_SESSION_KEY);
-
-var groupModule = require("/app/modules/group.js").groupModule;
-
-var result, endPoint, data, groupId, group, role;
-
-if (!user) {
-    response = responseProcessor.buildErrorResponse(response, 401, "Unauthorized");
-} else {
-
-    if (uriMatcher.match("/{context}/api/group/add")) {
-        group = request.getContent();
-        result = groupModule.addGroup(group);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/update")) {
-        groupId = uriMatcher.elements().groupId;
-        group = request.getContent();
-        result = groupModule.updateGroup(groupId, group);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/remove")) {
-        groupId = uriMatcher.elements().groupId;
-        result = groupModule.removeGroup(groupId);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}")) {
-        groupId = uriMatcher.elements().groupId;
-        result = groupModule.getGroup(groupId);
-
-    } else if (uriMatcher.match("/{context}/api/group/name/{groupName}")) {
-        var groupName = uriMatcher.elements().groupName;
-        result = groupModule.findGroups(groupName);
-
-    } else if (uriMatcher.match("/{context}/api/group/all")) {
-        result = groupModule.getGroups();
-
-    } else if (uriMatcher.match("/{context}/api/group/all/count")) {
-        result = groupModule.getGroupCount();
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/share")) {
-        groupId = uriMatcher.elements().groupId;
-        var shareUser = request.getContent()["shareUser"];
-        role = request.getContent()["role"];
-        result = groupModule.shareGroup(groupId, shareUser, role);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/unshare")) {
-        groupId = uriMatcher.elements().groupId;
-        var unShareUser = request.getContent()["unShareUser"];
-        role = request.getContent()["role"];
-        result = groupModule.unshareGroup(groupId, unShareUser, role);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/role/add")) {
-        groupId = uriMatcher.elements().groupId;
-        var permissions = request.getContent()["permissions"];
-        role = request.getContent()["role"];
-        result = groupModule.addRole(groupId, role, permissions);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/role/delete")) {
-        groupId = uriMatcher.elements().groupId;
-        role = request.getContent()["role"];
-        endPoint = deviceCloudService + "/group/id/" + groupId + "/role/" + role;
-        result = groupModule.deleteRole(groupId, role);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/role/all")) {
-        groupId = uriMatcher.elements().groupId;
-        result = groupModule.getGroupRoles(groupId);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/{userId}/role/all")) {
-        groupId = uriMatcher.elements().groupId;
-        var userId = uriMatcher.elements().userId;
-        result = groupModule.getUserRoles(groupId, userId);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/{userId}/rolemapping")) {
-        groupId = uriMatcher.elements().groupId;
-        userId = uriMatcher.elements().userId;
-        result = groupModule.getRoleMapping(groupId, userId);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/{userId}/roleupdate")) {
-        groupId = uriMatcher.elements().groupId;
-        userId = uriMatcher.elements().userId;
-        var roleMap = request.getContent();
-        result = groupModule.setRoleMapping(groupId, userId, roleMap);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/user/all")) {
-        groupId = uriMatcher.elements().groupId;
-        result = groupModule.getUsers(groupId);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/device/all")) {
-        groupId = uriMatcher.elements().groupId;
-        result = groupModule.getDevices(groupId);
-
-    } else if (uriMatcher.match("/{context}/api/group/id/{groupId}/assign")) {
-        groupId = uriMatcher.elements().groupId;
-        var deviceId = request.getContent()["deviceId"];
-        var deviceType = request.getContent()["deviceType"];
-        result = groupModule.assignDevice(groupId, deviceId, deviceType);
-    }
-}
-// returning the result.
-if (result) {
-    print(result);
-}
-%>
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
index 2a22b1c987..2aa4bc8f62 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
@@ -28,13 +28,6 @@ var userModule = require("/app/modules/user.js")["userModule"];
 var utility = require("/app/modules/utility.js")["utility"];
 
 var permissions = {
-    '/permission/admin/device-mgt/devices': ['ui.execute'],
-    '/permission/admin/device-mgt/operations': ['ui.execute'],
-    '/permission/admin/device-mgt/policies': ['ui.execute'],
-    '/permission/admin/device-mgt/user': ['ui.execute'],
-    '/permission/admin/device-mgt/users': ['ui.execute'],
-    '/permission/admin/device-mgt/admin/devices': ['ui.execute'],
-    '/permission/admin/device-mgt/admin/groups': ['ui.execute'],
-    '/permission/admin/device-mgt/admin/policies': ['ui.execute']
+    '/permission/admin/device-mgt/user': ['ui.execute']
 };
 userModule.addRole("devicemgt-user", ["admin"], permissions);
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js
index 1c1139b3aa..a26e64de9c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js
@@ -632,7 +632,13 @@ var userModule = function () {
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
             permissions["LIST_DEVICES"] = true;
         }
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/devices/list")) {
+            permissions["LIST_OWN_DEVICES"] = true;
+        }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/groups/list")) {
+            permissions["LIST_ALL_GROUPS"] = true;
+        }
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/list")) {
             permissions["LIST_GROUPS"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/list")) {
@@ -642,9 +648,12 @@ var userModule = function () {
             permissions["LIST_ROLES"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/list")) {
+            permissions["LIST_ALL_POLICIES"] = true;
+        }
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/list")) {
             permissions["LIST_POLICIES"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/groups/add")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/add")) {
             permissions["ADD_GROUP"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/add")) {
@@ -656,7 +665,7 @@ var userModule = function () {
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/add")) {
             permissions["ADD_ROLE"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/add")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/add")) {
             permissions["ADD_POLICY"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/priority")) {
@@ -668,9 +677,6 @@ var userModule = function () {
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/platform-configs/view")) {
             permissions["TENANT_CONFIGURATION"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/devices/list")) {
-            permissions["LIST_OWN_DEVICES"] = true;
-        }
 
         return permissions;
     };
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/devices.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/devices.hbs
index e4663a57ba..20edeaf190 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/devices.hbs
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/devices.hbs
@@ -59,9 +59,9 @@
         <div class="wr-hidden-operations wr-advance-operations"></div>
         <div class="col-md-12 wr-page-content">
             <div>
+                <span id="permission" data-permission="{{permissions.list}}"></span>
                 {{unit "cdmf.unit.device.operation-mod"}}
                 {{#if deviceCount}}
-                    <span id="permission" data-permission="{{permissions.list}}"></span>
                     <div id="loading-content" class="col-centered">
                         <i class="fw fw-settings fw-spin fw-2x"></i>
                         &nbsp;&nbsp;&nbsp;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/public/js/listing.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/public/js/listing.js
index 767c37f684..8e19a542d5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/public/js/listing.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/public/js/listing.js
@@ -383,18 +383,21 @@ function loadGroupedDevices(groupId) {
 }
 
 function initPage() {
-    var groupId = getParameterByName('groupId');
-    invokerUtil.get(
-        "/devicemgt_admin/devices/count",
+    var deviceListing = $("#device-listing");
+    var currentUser = deviceListing.data("currentUser");
+    var serviceURL;
+    if ($.hasPermission("LIST_DEVICES")) {
+        serviceURL = "/devicemgt_admin/devices/count";
+    } else if ($.hasPermission("LIST_OWN_DEVICES")) {
+        //Get authenticated users devices
+        serviceURL = "/devicemgt_admin/devices/user/"+currentUser+"/count";
+    }
+    invokerUtil.get(serviceURL,
         function (data) {
             if (data) {
                 data = JSON.parse(data);
                 if (Number(data) > 0) {
-                   if (groupId) {
-                        loadGroupedDevices(groupId);
-                   } else {
-                        loadDevices();
-                   }
+                    loadDevices();
                 } else {
                     $("#loading-content").remove();
                     $("#device-listing-status-msg").text("No enrolled devices found.");
@@ -411,20 +414,20 @@ function initPage() {
  * DOM ready functions.
  */
 $(document).ready(function () {
-
-    initPage();
-
     /* Adding selected class for selected devices */
     $(deviceCheckbox).each(function () {
         addDeviceSelectedClass(this);
     });
 
-    var i;
     var permissionList = $("#permission").data("permission");
-    for (i = 0; i < permissionList.length; i++) {
-        $.setPermission(permissionList[i]);
+    for (var key in permissionList) {
+        if (permissionList.hasOwnProperty(key)){
+            $.setPermission(key);
+        }
     }
 
+    initPage();
+
     /* for device list sorting drop down */
     $(".ctrl-filter-type-switcher").popover({
         html : true,
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js
index 3bc47b0aff..2ba4f0cd35 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js
@@ -271,6 +271,7 @@ function attachEvents() {
 
         $("a#remove-group-yes-link").click(function () {
             var successCallback = function (data) {
+                data = JSON.parse(data);
                 if (data.status == 200) {
                     $(modalPopupContent).html($('#remove-group-200-content').html());
                     setTimeout(function () {
@@ -282,7 +283,7 @@ function attachEvents() {
                 }
             };
 
-            invokerUtil.delete("/devicemgt_admin/groups/" + groupOwner + "/" + groupName,
+            invokerUtil.delete("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName,
                                successCallback, function (message) {
                         displayErrors(message.content);
                     });
@@ -315,6 +316,7 @@ function attachEvents() {
             var group = {"name": newGroupName, "description": newGroupDescription, "owner": groupOwner};
 
             var successCallback = function (data) {
+                data = JSON.parse(data);
                 if (data.status == 200) {
                     $(modalPopupContent).html($('#edit-group-200-content').html());
                     $("h4[data-groupid='" + groupId + "']").html(newGroupName);
@@ -326,7 +328,7 @@ function attachEvents() {
                 }
             };
 
-            invokerUtil.put("/devicemgt_admin/groups/" + groupOwner + "/" + groupName,
+            invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName, group,
                             successCallback, function (message) {
                         displayErrors(message.content);
                     });
@@ -343,6 +345,7 @@ function getAllRoles(groupName, groupOwner, selectedUser) {
     $('#user-roles').html('<div style="height:100px" data-state="loading" data-loading-text="Loading..." data-loading-style="icon-only" data-loading-inverse="true"></div>');
     $("a#share-group-yes-link").hide();
     var successCallback = function (data) {
+        data = JSON.parse(data);
         if (data.status == 200) {
             if (data.data.length > 0) {
                 generateRoleMap(groupName, groupOwner, selectedUser, data.data);
@@ -354,7 +357,7 @@ function getAllRoles(groupName, groupOwner, selectedUser) {
         }
     };
 
-    invokerUtil.get("/devicemgt_admin/groups/" + groupOwner + "/" + groupName + "/share/roles",
+    invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles",
                     successCallback, function (message) {
                 displayErrors(message.content);
             });
@@ -366,6 +369,7 @@ function getAllRoles(groupName, groupOwner, selectedUser) {
 
 function generateRoleMap(groupName, groupOwner, selectedUser, allRoles) {
     var successCallback = function (data) {
+        data = JSON.parse(data);
         if (data.status == 200) {
             var userRoles = data.data;
             var roleMap = [];
@@ -407,7 +411,7 @@ function generateRoleMap(groupName, groupOwner, selectedUser, allRoles) {
         }
     };
 
-    invokerUtil.get("/devicemgt_admin/groups/" + groupOwner + "/" + groupName + "/share/roles?userName=" + selectedUser,
+    invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser,
                     successCallback, function (message) {
                 displayErrors(message.content);
             });
@@ -419,6 +423,7 @@ function generateRoleMap(groupName, groupOwner, selectedUser, allRoles) {
 
 function updateGroupShare(groupName, groupOwner, selectedUser, role) {
     var successCallback = function (data) {
+        data = JSON.parse(data);
         var status = data.status;
         if (status == 200) {
             $(modalPopupContent).html($('#share-group-200-content').html());
@@ -431,7 +436,7 @@ function updateGroupShare(groupName, groupOwner, selectedUser, role) {
         }
     };
 
-    invokerUtil.put("/devicemgt_admin/groups/" + groupOwner + "/" + groupName + "/share/roles?userName=" + selectedUser,
+    invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser,
                     role, successCallback, function (message) {
                 displayErrors(message.content);
             });