From 1844db87d8ab85dafc75cc3a046d6c1af255b108 Mon Sep 17 00:00:00 2001 From: Nishan Sangeeth Date: Wed, 28 Jun 2023 16:00:53 +0000 Subject: [PATCH] Improve app visibility restricting functionality Co-authored-by: Nishan Sangeeth Co-committed-by: Nishan Sangeeth --- .../common/services/ApplicationManager.java | 5 ++ .../mgt/core/impl/ApplicationManagerImpl.java | 52 ++++++++++++++++++- .../application/mgt/core/util/APIUtil.java | 18 +++++++ .../application/mgt/core/util/Constants.java | 3 +- .../impl/RoleManagementServiceImpl.java | 23 ++++---- .../device/mgt/api/jaxrs/util/Constants.java | 1 + 6 files changed, 91 insertions(+), 11 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java index f7655b566b..f0e2d040ff 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java @@ -29,6 +29,11 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category; import io.entgra.device.mgt.core.application.mgt.common.response.Tag; import io.entgra.device.mgt.core.application.mgt.common.wrapper.*; import io.entgra.device.mgt.core.device.mgt.common.Base64File; +<<<<<<< HEAD +======= +import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +>>>>>>> 3616245ae6 (Improve app visibility restricting functionality) import org.apache.cxf.jaxrs.ext.multipart.Attachment; import java.util.List; diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java index e2bfb9902c..fba517f148 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java @@ -19,6 +19,16 @@ package io.entgra.device.mgt.core.application.mgt.core.impl; import io.entgra.device.mgt.core.application.mgt.common.*; +import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException; +import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; +import org.json.JSONObject; +import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; +import io.entgra.device.mgt.core.application.mgt.common.ApplicationInstaller; +import io.entgra.device.mgt.core.application.mgt.common.DeviceTypes; +import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger; +import io.entgra.device.mgt.core.application.mgt.common.Pagination; import io.entgra.device.mgt.core.application.mgt.common.config.RatingConfiguration; import io.entgra.device.mgt.core.application.mgt.common.dto.*; import io.entgra.device.mgt.core.application.mgt.common.exception.*; @@ -57,6 +67,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; +import javax.ws.rs.core.Response; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -1669,6 +1680,31 @@ public class ApplicationManagerImpl implements ApplicationManager { } } + /** + * Check whether valid metaData value or not + * + * @return true or false + * @throws MetadataManagementException If it is unable to load metaData + */ + private boolean isUserAbleToViewAllRoles() throws MetadataManagementException { + List allMetadata; + allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata(); + if (allMetadata != null && !allMetadata.isEmpty()) { + for(Metadata metadata : allMetadata){ + if(Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())){ + String metaValue = metadata.getMetaValue(); + if (metaValue != null) { + JSONObject jsonObject; + jsonObject = new JSONObject(metaValue); + boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES); + return isUserAbleToViewAllRoles; + } + } + } + } + return false; + } + /** * Get assigned role list of the given user. * @@ -3442,7 +3478,8 @@ public class ApplicationManagerImpl implements ApplicationManager { } @Override - public void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException { + public void validateAppCreatingRequest(T param) + throws ApplicationManagementException, RequestValidatingException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); int deviceTypeId = -1; @@ -3614,6 +3651,15 @@ public class ApplicationManagerImpl implements ApplicationManager { log.error(msg); throw new ApplicationManagementException(msg); } + if (!isUserAbleToViewAllRoles()) { + if (!hasUserRole(unrestrictedRoles, userName)) { + String msg = "You are trying to restrict the visibility of the application for a role set, but " + + "in order to perform the action at least one role should be assigned to user: " + + userName; + log.error(msg); + throw new BadRequestException(msg); + } + } } Filter filter = new Filter(); @@ -3665,6 +3711,10 @@ public class ApplicationManagerImpl implements ApplicationManager { String msg = "Error occurred when validating the unrestricted roles given for the web clip"; log.error(msg, e); throw new ApplicationManagementException(msg, e); + } catch (MetadataManagementException e) { + String msg = "Error occurred while retrieving metadata list"; + log.error(msg, e); + throw new ApplicationManagementException(msg, e); } finally { ConnectionManagerUtil.closeDBConnection(); } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java index 40b0762380..8c3ccbc8bf 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java @@ -40,6 +40,7 @@ import io.entgra.device.mgt.core.application.mgt.core.internal.DataHolder; import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService; import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException; import io.entgra.device.mgt.core.device.mgt.core.dto.DeviceType; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -64,6 +65,7 @@ public class APIUtil { private static volatile SubscriptionManager subscriptionManager; private static volatile ReviewManager reviewManager; private static volatile AppmDataHandler appmDataHandler; + private static volatile MetadataManagementService metadataManagementService; public static SPApplicationManager getSPApplicationManager() { if (SPApplicationManager == null) { @@ -516,4 +518,20 @@ public class APIUtil { .getAppHashValue() + Constants.FORWARD_SLASH; return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName(); } + + public static MetadataManagementService getMetadataManagementService() { + if (metadataManagementService == null) { + synchronized (APIUtil.class) { + if (metadataManagementService == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + metadataManagementService = (MetadataManagementService) ctx.getOSGiService( + MetadataManagementService.class, null); + if (metadataManagementService == null) { + throw new IllegalStateException("Metadata Management service not initialized."); + } + } + } + } + return metadataManagementService; + } } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java index 5864242acf..efd848cdb1 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java @@ -70,7 +70,8 @@ public class Constants { public static final String ANY = "ANY"; public static final String DEFAULT_PCK_NAME = "default.app.com"; public static final String ALL = "ALL"; - + public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES"; + public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles"; public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id="; public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id"; diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 7f5078d8a6..03a66c383e 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -110,8 +110,10 @@ public class RoleManagementServiceImpl implements RoleManagementService { @QueryParam("filter") String filter, @QueryParam("user-store") String userStore, @HeaderParam("If-Modified-Since") String ifModifiedSince, - @QueryParam("offset") int offset, @QueryParam("limit") int limit, - @QueryParam("username") String username, @QueryParam("domain") String domain, + @QueryParam("offset") int offset, + @QueryParam("limit") int limit, + @QueryParam("username") String username, + @QueryParam("domain") String domain, @PathParam("metaKey") String metaKey) { RequestValidationUtil.validatePaginationParameters(offset, limit); if (limit == 0){ @@ -128,13 +130,13 @@ public class RoleManagementServiceImpl implements RoleManagementService { String metaValue = metadata.getMetaValue(); JSONParser parser = new JSONParser(); JSONObject jsonObject = (JSONObject) parser.parse(metaValue); - boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles"); + boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES); if (decision) { - if(userStore == null || "".equals(userStore)){ + if (userStore == null || "".equals(userStore)){ userStore = PRIMARY_USER_STORE; } - try{ - visibleRoles =getRolesFromUserStore(filter, userStore); + try { + visibleRoles = getRolesFromUserStore(filter, userStore); visibleRoleList.setList(visibleRoles); visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit); @@ -148,7 +150,8 @@ public class RoleManagementServiceImpl implements RoleManagementService { new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } else { - try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + try { + UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); if (!userStoreManager.isExistingUser(username)) { if (log.isDebugEnabled()) { log.debug("User by username: " + username + " does not exist for role retrieval."); @@ -159,7 +162,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username)); return Response.status(Response.Status.OK).entity(visibleRoleList).build(); - }catch (UserStoreException e) { + } catch (UserStoreException e) { String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'"; log.error(msg, e); return Response.serverError().entity( @@ -171,7 +174,9 @@ public class RoleManagementServiceImpl implements RoleManagementService { log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (ParseException e) { - throw new RuntimeException(e); + String msg = "Error occurred while parsing JSON metadata: " + e.getMessage(); + log.error(msg, e); + return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java index c9ad2e182e..02d332baf2 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java @@ -38,6 +38,7 @@ public class Constants { public static final int DEFAULT_PAGE_LIMIT = 50; public static final String FORWARD_SLASH = "/"; public static final String ANDROID = "android"; + public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles"; public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." + "core.polcy.AndroidPolicyPayloadValidator"; public static final String IOS = "ios";