Change JSON object return methods:Scopes

admin-role-isssue
Pasindu Rupasinghe 1 year ago
parent 1eda7bd237
commit 565a7614ad

@ -35,7 +35,7 @@ import java.util.List;
public interface PublisherRESTAPIServices {
JSONObject getScopes(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo)
Scope[] getScopes(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo)
throws APIServicesException, BadRequestException, UnexpectedResponseException;
boolean isSharedScopeNameExists(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo, String key)
@ -107,7 +107,7 @@ public interface PublisherRESTAPIServices {
String uuid, String documentID)
throws APIServicesException, BadRequestException, UnexpectedResponseException;
io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Documentation addDocumentation(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
Documentation addDocumentation(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
String uuid, Documentation documentation)
throws APIServicesException, BadRequestException, UnexpectedResponseException;

@ -55,7 +55,7 @@ public class PublisherRESTAPIServicesImpl implements PublisherRESTAPIServices {
+ Constants.COLON + port;
@Override
public JSONObject getScopes(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo)
public Scope[] getScopes(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo)
throws APIServicesException, BadRequestException, UnexpectedResponseException {
String getAllScopesUrl = endPointPrefix + Constants.GET_ALL_SCOPES;
@ -69,8 +69,8 @@ public class PublisherRESTAPIServicesImpl implements PublisherRESTAPIServices {
try {
Response response = client.newCall(request).execute();
if (HttpStatus.SC_OK == response.code()) {
JSONObject jsonObject = new JSONObject(response.body().string());
return jsonObject;
JSONArray scopeList = (JSONArray) new JSONObject(response.body().string()).get("list");
return gson.fromJson(scopeList.toString(), Scope[].class);
} else if (HttpStatus.SC_UNAUTHORIZED == response.code()) {
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
AccessTokenInfo refreshedAccessToken = apiApplicationServices.
@ -144,16 +144,16 @@ public class PublisherRESTAPIServicesImpl implements PublisherRESTAPIServices {
String addNewSharedScopeEndPoint = endPointPrefix + Constants.SCOPE_API_ENDPOINT;
JSONArray bindings = new JSONArray();
for (String str : scope.getRoles()) {
for (String str : scope.getBindings()) {
bindings.put(str);
}
JSONObject payload = new JSONObject();
payload.put("name", scope.getKey());
payload.put("displayName", scope.getName());
payload.put("description", scope.getDescription());
payload.put("bindings", bindings);
payload.put("usageCount", scope.getUsageCount());
payload.put("name", (scope.getName() != null ? scope.getName() : ""));
payload.put("displayName", (scope.getDisplayName() != null ? scope.getDisplayName() : ""));
payload.put("description", (scope.getDescription() != null ? scope.getDescription() : ""));
payload.put("bindings", (bindings != null ? bindings : ""));
payload.put("usageCount", (scope.getUsageCount() != 0 ? scope.getUsageCount() : 0));
RequestBody requestBody = RequestBody.create(JSON, payload.toString());
Request request = new Request.Builder()
@ -196,16 +196,16 @@ public class PublisherRESTAPIServicesImpl implements PublisherRESTAPIServices {
String updateScopeUrl = endPointPrefix + Constants.SCOPE_API_ENDPOINT + scope.getId();
JSONArray bindings = new JSONArray();
for (String str : scope.getRoles()) {
for (String str : scope.getBindings()) {
bindings.put(str);
}
JSONObject payload = new JSONObject();
payload.put("name", scope.getKey());
payload.put("displayName", scope.getName());
payload.put("description", scope.getDescription());
payload.put("bindings", bindings);
payload.put("usageCount", scope.getUsageCount());
payload.put("name", (scope.getName() != null ? scope.getName() : ""));
payload.put("displayName", (scope.getDisplayName() != null ? scope.getDisplayName() : ""));
payload.put("description", (scope.getDescription() != null ? scope.getDescription() : ""));
payload.put("bindings", (bindings != null ? bindings : ""));
payload.put("usageCount", (scope.getUsageCount() != 0 ? scope.getUsageCount() : 0));
RequestBody requestBody = RequestBody.create(JSON, payload.toString());
Request request = new Request.Builder()
@ -453,7 +453,7 @@ public class PublisherRESTAPIServicesImpl implements PublisherRESTAPIServices {
" \"endpointConfig\": " + api.getEndpointConfig().toString() + ",\n" +
" \"endpointImplementationType\": \"ENDPOINT\",\n" +
" \"scopes\": " + api.getScopes().toString() + ",\n" +
" \"operations\": " + (api.getOperations() != null? api.getOperations().toString() : null) + ",\n" +
" \"operations\": " + (api.getOperations() != null ? api.getOperations().toString() : null) + ",\n" +
" \"threatProtectionPolicies\": null,\n" +
" \"categories\": [],\n" +
" \"keyManagers\": " + gson.toJson(api.getKeyManagers()) + ",\n" +
@ -632,7 +632,7 @@ public class PublisherRESTAPIServicesImpl implements PublisherRESTAPIServices {
@Override
public boolean deleteApiSpecificMediationPolicy(APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
String uuid, Mediation mediation)
String uuid, Mediation mediation)
throws APIServicesException, BadRequestException, UnexpectedResponseException {
String deleteApiMediationEndPOint = endPointPrefix + Constants.API_ENDPOINT + uuid + "/mediation-policies/" + mediation.getUuid();

@ -18,25 +18,29 @@
package io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo;
import java.io.Serializable;
import java.util.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Set;
import java.util.HashSet;
public class Scope implements Serializable{
private static final long serialVersionUID = 1L;
String key;
String id;
String name;
List<String> roles;
String displayName;
String description;
String id;
List<String> bindings;
int usageCount;
public String getKey() {
return key;
public String getDisplayName() {
return displayName;
}
public void setKey(String key) {
this.key = key;
public void setDisplayName(String displayName) {
this.displayName = displayName;
}
public String getName() {
@ -47,12 +51,12 @@ public class Scope implements Serializable{
this.name = name;
}
public List<String> getRoles() {
return roles;
public List<String> getBindings() {
return bindings;
}
public void setRoles(List<String> roles) {
this.roles = removeDuplicatesFromRoleString(roles);
public void setBindings(List<String> bindings) {
this.bindings = removeDuplicatesFromRoleString(bindings);
}
public String getDescription() {
@ -87,15 +91,15 @@ public class Scope implements Serializable{
Scope scope = (Scope) o;
if (id != null ? !id.equals(scope.id) : scope.id != null) return false;
if (!key.equals(scope.key)) return false;
if (!name.equals(scope.name)) return false;
if (roles != null ? !roles.equals(scope.roles) : scope.roles != null) return false;
if (!displayName.equals(scope.displayName)) return false;
if (bindings != null ? !bindings.equals(scope.bindings) : scope.bindings != null) return false;
return description != null ? description.equals(scope.description) : scope.description == null;
}
@Override
public int hashCode() {
return Objects.hash(key, name, roles, description, id);
return Objects.hash(name, displayName, bindings, description, id);
}
private static List<String> removeDuplicatesFromRoleString(List<String> roles) {

@ -100,7 +100,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
public static final String SUBSCRIPTION_TO_CURRENT_TENANT = "CURRENT_TENANT";
public static final String API_GLOBAL_VISIBILITY = "PUBLIC";
public static final String API_PRIVATE_VISIBILITY = "PRIVATE";
private static final String ADMIN_ROLE_KEY = ",admin";
private static final String ADMIN_ROLE_KEY = "admin";
private static final Log log = LogFactory.getLog(APIPublisherServiceImpl.class);
@ -184,10 +184,12 @@ public class APIPublisherServiceImpl implements APIPublisherService {
if (!publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo,
apiScope.getKey())) {
Scope scope = new Scope();
scope.setName(apiScope.getName());
scope.setDisplayName(apiScope.getName());
scope.setDescription(apiScope.getDescription());
scope.setKey(apiScope.getKey());
scope.setRoles(apiScope.getRoles() + ADMIN_ROLE_KEY);
scope.setName(apiScope.getKey());
List<String> bindings = apiScope.getRoles();
bindings.add(ADMIN_ROLE_KEY);
scope.setBindings(bindings);
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
}
}
@ -257,10 +259,12 @@ public class APIPublisherServiceImpl implements APIPublisherService {
} else {
// if new scope add as shared scope
Scope scope = new Scope();
scope.setName(apiScope.getName());
scope.setName(apiScope.getKey());
scope.setDescription(apiScope.getDescription());
scope.setKey(apiScope.getKey());
scope.setRoles(apiScope.getRoles() + ADMIN_ROLE_KEY);
scope.setDisplayName(apiScope.getName());
List<String> bindings = apiScope.getRoles();
bindings.add(ADMIN_ROLE_KEY);
scope.setBindings(bindings);
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
}
@ -278,10 +282,12 @@ public class APIPublisherServiceImpl implements APIPublisherService {
for (ApiScope apiScope : scopesToMoveAsSharedScopes) {
Scope scope = new Scope();
scope.setName(apiScope.getName());
scope.setName(apiScope.getKey());
scope.setDescription(apiScope.getDescription());
scope.setKey(apiScope.getKey());
scope.setRoles(apiScope.getRoles() + ADMIN_ROLE_KEY);
scope.setDisplayName(apiScope.getName());
List<String> bindings = apiScope.getRoles();
bindings.add(ADMIN_ROLE_KEY);
scope.setBindings(bindings);
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
}
}
@ -458,10 +464,15 @@ public class APIPublisherServiceImpl implements APIPublisherService {
for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) {
//todo check whether scope is available or not
ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
scope.setName(scopeMapping.getName());
String[] roles = scopeMapping.getDefaultRoles().split(",");
List<String> bindings = Arrays.asList(roles);
bindings.add(ADMIN_ROLE_KEY);
scope.setName(scopeMapping.getKey());
scope.setDescription(scopeMapping.getName());
scope.setKey(scopeMapping.getKey());
scope.setRoles(scopeMapping.getDefaultRoles() + ADMIN_ROLE_KEY);
scope.setDisplayName(scopeMapping.getName());
scope.setBindings(bindings);
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
}
} catch (BadRequestException | UnexpectedResponseException | APIServicesException e) {
@ -497,7 +508,6 @@ public class APIPublisherServiceImpl implements APIPublisherService {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
try {
String fileName =
@ -543,11 +553,11 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
Scope scope = new Scope();
scope.setName(
scope.setDisplayName(
scopeMapping[0] != null ? StringUtils.trim(scopeMapping[0]) : StringUtils.EMPTY);
scope.setDescription(
scopeMapping[1] != null ? StringUtils.trim(scopeMapping[1]) : StringUtils.EMPTY);
scope.setKey(
scope.setName(
scopeMapping[2] != null ? StringUtils.trim(scopeMapping[2]) : StringUtils.EMPTY);
// scope.setPermissions(
// scopeMapping[3] != null ? StringUtils.trim(scopeMapping[3]) : StringUtils.EMPTY);
@ -562,30 +572,24 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
}
}
scope.setRoles(rolesList);
//Set scope id which related to the scope key
JSONArray scopeList = (JSONArray) scopeObject.get("list");
for (int i = 0; i < scopeList.length(); i++) {
JSONObject scopeObj = scopeList.getJSONObject(i);
if (scopeObj.getString("name").equals(StringUtils.trim(scopeMapping[2]))) {
scope.setId(scopeObj.getString("id"));
scope.setUsageCount(scopeObj.getInt("usageCount"));
// Including already existing roles
JSONArray existingRolesArray = (JSONArray) scopeObj.get("bindings");
for (int j = 0; j < existingRolesArray.length(); j++) {
rolesList.add(existingRolesArray.getString(j));
}
//Set scope details which related to the scope key
Scope[] scopes = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
for (int i = 0; i < scopes.length; i++) {
Scope relatedScope = scopes[i];
if (relatedScope.getName().equals(scopeMapping[2].toString())) {
scope.setId(relatedScope.getId());
scope.setUsageCount(relatedScope.getUsageCount());
//Including already existing roles
rolesList.addAll(relatedScope.getBindings());
}
}
scope.setRoles(rolesList);
scope.setBindings(rolesList);
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getName())) {
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
} else {
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
log.warn(scope.getKey() + " not available as shared scope");
log.warn(scope.getName() + " not available as shared scope");
}
}
for (String role : rolePermissions.keySet()) {
@ -598,12 +602,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
} catch (IOException | DirectoryIteratorException ex) {
log.error("failed to read scopes from file.", ex);
} catch (APIServicesException | BadRequestException e) {
String errorMsg = "Error while calling APIs";
log.error(errorMsg, e);
throw new APIManagerPublisherException(e);
}
}
} catch (APIServicesException e) {
String errorMsg = "Error while processing Publisher REST API response";
@ -639,13 +638,14 @@ public class APIPublisherServiceImpl implements APIPublisherService {
try {
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
Scope[] scopeList = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping();
if (permissions.length != 0) {
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, permissions, permScopeMap, false);
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeList, permissions, permScopeMap, false);
}
if (removedPermissions.length != 0) {
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, removedPermissions, permScopeMap, true);
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeList, removedPermissions, permScopeMap, true);
}
try {
@ -677,7 +677,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
* @param publisherRESTAPIServices {@link PublisherRESTAPIServices}
* @param apiApplicationKey {@link APIApplicationKey}
* @param accessTokenInfo {@link AccessTokenInfo}
* @param scopeObject scope object returning from APIM
* @param scopeList scope list returning from APIM
* @param permissions List of permissions
* @param permScopeMap Permission Scope map
* @param removingPermissions if list of permissions has to be removed from the role send true, otherwise sends false.
@ -685,7 +685,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
*/
private void updateScopes (String roleName, PublisherRESTAPIServices publisherRESTAPIServices,
APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
JSONObject scopeObject, String[] permissions, Map<String, String> permScopeMap, boolean removingPermissions )
Scope[] scopeList, String[] permissions, Map<String, String> permScopeMap, boolean removingPermissions )
throws APIManagerPublisherException {
for (String permission : permissions) {
String scopeValue = permScopeMap.get(permission);
@ -696,22 +696,21 @@ public class APIPublisherServiceImpl implements APIPublisherService {
throw new APIManagerPublisherException(msg);
}
JSONArray scopeList = (JSONArray) scopeObject.get("list");
for (int i = 0; i < scopeList.length(); i++) {
JSONObject scopeObj = scopeList.getJSONObject(i);
if (scopeObj.getString("name").equals(scopeValue)) {
for (int i = 0; i < scopeList.length; i++) {
Scope scopeObj = scopeList[i];
if (scopeObj.getName().equals(scopeValue)) {
Scope scope = new Scope();
scope.setName(scopeObj.getString("name"));
scope.setKey(scopeObj.getString("name"));
scope.setDescription(scopeObj.getString("description"));
scope.setId(scopeObj.getString("id"));
scope.setName(scopeObj.getName());
scope.setDisplayName(scopeObj.getDisplayName());
scope.setDescription(scopeObj.getDescription());
scope.setId(scopeObj.getId());
// Including already existing roles
JSONArray existingRolesArray = (JSONArray) scopeObj.get("bindings");
List<String> existingRoleList = new ArrayList<String>();
List<String> existingRoleList = new ArrayList<>();
existingRoleList.addAll(scopeObj.getBindings());
for (int j = 0; j < existingRolesArray.length(); j++) {
existingRoleList.add((String) existingRolesArray.get(j));
if (!existingRoleList.contains(roleName)) {
existingRoleList.add(roleName);
}
if (removingPermissions) {
@ -721,14 +720,14 @@ public class APIPublisherServiceImpl implements APIPublisherService {
existingRoleList.add(roleName);
}
}
scope.setRoles(String.join(",", existingRoleList));
scope.setBindings(existingRoleList);
try {
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getName())) {
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
} else {
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
log.warn(scope.getKey() + " not available as shared scope");
log.warn(scope.getName() + " not available as shared scope");
}
} catch (APIServicesException | BadRequestException | UnexpectedResponseException e) {
log.error("Error occurred while updating role scope mapping via APIM REST endpoint.", e);

Loading…
Cancel
Save