fix: group assigned role issue

1 year ago · 6d012bc614
parent aecc106f95
commit 6d012bc614
2 changed files with 33 additions and 5 deletions
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
@ -29,6 +29,7 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistExc
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import io.entgra.device.mgt.core.device.mgt.common.Device;
 import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
@ -48,6 +49,8 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestV
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
 import io.entgra.device.mgt.core.policy.mgt.common.PolicyAdministratorPoint;
 import io.entgra.device.mgt.core.policy.mgt.common.PolicyManagementException;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;

 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
@ -56,6 +59,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;

 public class GroupManagementServiceImpl implements GroupManagementService {
@ -109,8 +113,18 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            request.setGroupName(name);
            request.setOwner(owner);
            request.setDepth(depth);
-            PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
-                    .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+            UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
+            String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
+            boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
+            PaginationResult deviceGroupsResult;
+            if (hasAdminRole) {
+                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+                        .getGroupsWithHierarchy(null, request, requireGroupProps);
+            } else{
+                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+                        .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+            }
            DeviceGroupList deviceGroupList = new DeviceGroupList();
            deviceGroupList.setList(deviceGroupsResult.getData());
            deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@ -119,6 +133,10 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            String error = "Error occurred while retrieving groups with hierarchy.";
            log.error(error, e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while getting user realm.";
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
        }
    }

--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
@ -31,8 +31,11 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupManagementAdminService;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
+import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;

 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
@ -41,6 +44,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
+import java.util.Arrays;

 public class GroupManagementAdminServiceImpl implements GroupManagementAdminService {

@ -101,17 +105,19 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
            request.setOwner(owner);
            request.setStatus(status);
            request.setDepth(depth);
+            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+            UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
+            String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
            boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser);
-
+            boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
            PaginationResult deviceGroupsResult;
-            if (StringUtils.isBlank(currentUser) || isAdmin) {
+            if (StringUtils.isBlank(currentUser) || isAdmin || hasAdminRole) {
                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
                        .getGroupsWithHierarchy(null, request, requireGroupProps);
            } else {
                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
                        .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
            }
-
            DeviceGroupList deviceGroupList = new DeviceGroupList();
            deviceGroupList.setList(deviceGroupsResult.getData());
            deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@ -120,6 +126,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
            String error = "Error occurred while retrieving groups with hierarchy.";
            log.error(error, e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while getting user realm.";
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
        }
    }