Fix logic issue with user authorization validation for groups

Co-authored-by: Charitha Goonetilleke <charitha@entgra.io>
Co-committed-by: Charitha Goonetilleke <charitha@entgra.io>
apim420-master^2
Charitha Goonetilleke 3 months ago committed by Lasantha Dharmakeerthi
parent 152b1ad929
commit 5a12dc7601

@ -73,21 +73,24 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService() UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(getTenantId()); .getTenantUserRealm(getTenantId());
String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username); String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username);
boolean isAuthorized = true; boolean isAuthorized;
for (String groupPermission : groupPermissions) { for (String groupPermission : groupPermissions) {
isAuthorized = false;
for (String role : userRoles) { for (String role : userRoles) {
if (!userRealm.getAuthorizationManager(). if (userRealm.getAuthorizationManager().
isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) { isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) {
isAuthorized = false; isAuthorized = true;
break; break;
} }
} }
if (!isAuthorized) {
return false;
}
} }
return isAuthorized; return true;
} catch (UserStoreException e) { } catch (UserStoreException e) {
throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " + throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " +
groupId + " for the user : " + groupId + " for the user : " + username, e);
username, e);
} }
} }
} }

Loading…
Cancel
Save