diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java index 46b4db6b7e..951d7b12a5 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java @@ -136,7 +136,6 @@ public class AnnotationProcessor { try { apiResourceConfig = processAPIAnnotation(apiAnno); - // All the apis should map to same root "/" String rootContext = servletContext.getContextPath(); pathClazz = (Class) classLoader.loadClass(Path.class.getName()); pathClazzMethods = pathClazz.getMethods(); @@ -146,7 +145,11 @@ public class AnnotationProcessor { if (rootContectAnno != null) { subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING); if (subContext != null && !subContext.isEmpty()) { - rootContext = rootContext + "/" + subContext; + if (subContext.trim().startsWith("/")) { + rootContext = rootContext + subContext; + } else { + rootContext = rootContext + "/" + subContext; + } } else { subContext = ""; } @@ -215,20 +218,23 @@ public class AnnotationProcessor { */ private List getApiResources(String resourceRootContext, String apiRootContext, Method[] annotatedMethods) throws Throwable { - List resourceList; - resourceList = new ArrayList(); + List resourceList = new ArrayList<>(); + String subCtx = null; for (Method method : annotatedMethods) { - Annotation methodContextAnno = method.getAnnotation(pathClazz); - if (methodContextAnno != null) { - String subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING); - APIResource resource = new APIResource(); - resource.setUriTemplate(makeContextURLReady(apiRootContext + subCtx)); - - resource.setUri(APIPublisherUtil.getServerBaseUrl() + makeContextURLReady( - resourceRootContext) + makeContextURLReady(subCtx)); + Annotation[] annotations = method.getDeclaredAnnotations(); + APIResource resource = new APIResource(); + + if (isHttpMethodAvailable(annotations)) { + Annotation methodContextAnno = method.getAnnotation(pathClazz); + if (methodContextAnno != null) { + subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING); + } + resource.setUriTemplate(makeContextURLReady(apiRootContext) + makeContextURLReady(subCtx)); + + resource.setUri(APIPublisherUtil.getServerBaseUrl() + makeContextURLReady(resourceRootContext) + + makeContextURLReady(subCtx)); resource.setAuthType(AUTH_TYPE); - Annotation[] annotations = method.getDeclaredAnnotations(); for (int i = 0; i < annotations.length; i++) { processHTTPMethodAnnotation(resource, annotations[i]); if (annotations[i].annotationType().getName().equals(Consumes.class.getName())) { @@ -260,6 +266,7 @@ public class AnnotationProcessor { } resourceList.add(resource); } + subCtx = null; } return resourceList; } @@ -288,6 +295,23 @@ public class AnnotationProcessor { } } + private boolean isHttpMethodAvailable(Annotation[] annotations) { + for (Annotation annotation : annotations) { + if (annotation.annotationType().getName().equals(GET.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(POST.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(DELETE.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(PUT.class.getName())) { + return true; + } + } + return false; + } + /** * Append '/' to the context and make it URL ready * diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml index 1600c4f62d..ced2b64f42 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml @@ -237,6 +237,10 @@ servlet-api provided + + org.wso2.carbon.devicemgt + org.wso2.carbon.apimgt.annotations + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Certificate.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Certificate.java index c7f1e4ff04..3ab6537276 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Certificate.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Certificate.java @@ -19,6 +19,8 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse; import org.wso2.carbon.device.mgt.common.PaginationResult; import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException; @@ -31,6 +33,9 @@ import javax.ws.rs.core.Response; /** * All the certificate related tasks such as saving certificates, can be done through this endpoint. */ +@API(name = "Certificate", version = "1.0.0", context = "/certificates", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Api(value = "Certificate", description = "Certificate related tasks such as saving certificates, " + "can be done through this API") @SuppressWarnings("NonJaxWsWebServices") @@ -58,6 +63,7 @@ public interface Certificate { @ApiResponse(code = 200, message = "Added successfully"), @ApiResponse(code = 500, message = "Error occurred while saving the certificate") }) + @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"}) Response saveCertificate(@HeaderParam("Accept") String acceptHeader, @ApiParam(name = "enrollmentCertificates", value = "certificate with serial, " + "pem and tenant id", required = true) EnrollmentCertificate[] @@ -83,6 +89,7 @@ public interface Certificate { @ApiResponse(code = 400, message = "Notification status updated successfully"), @ApiResponse(code = 500, message = "Error occurred while converting PEM file to X509Certificate") }) + @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"}) Response getCertificate(@HeaderParam("Accept") String acceptHeader, @ApiParam(name = "serialNumber", value = "Provide the serial number of the " + "certificate that you wish to get the details of", required = true) @@ -113,6 +120,7 @@ public interface Certificate { @ApiResponse(code = 400, message = "Invalid length value"), @ApiResponse(code = 500, message = "Error occurred while fetching all certificates") }) + @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"}) Response getAllCertificates(@HeaderParam("Accept") String acceptHeader, @ApiParam(name = "start", value = "Provide the starting pagination index as the value", required = true) @@ -135,6 +143,7 @@ public interface Certificate { @ApiResponse(code = 400, message = "Invalid start index"), @ApiResponse(code = 500, message = "Error when deleting the certificate" ) }) + @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"}) Response removeCertificate(@HeaderParam("Accept") String acceptHeader, @ApiParam(name = "serialNumber", value = "Provide the serial number of the " + "certificate that you wish to delete", required = true) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Configuration.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Configuration.java index 5ae44a5162..798d4766f8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Configuration.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Configuration.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.common.configuration.mgt.TenantConfiguration; import javax.ws.rs.*; @@ -29,6 +30,9 @@ import javax.ws.rs.core.Response; * General Tenant Configuration REST-API implementation. * All end points support JSON, XMl with content negotiation. */ +@API(name = "Configuration", version = "1.0.0", context = "/configuration", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/configuration") @Api(value = "Configuration", description = "General Tenant Configuration management capabilities are exposed " + "through this API") @@ -48,6 +52,7 @@ public interface Configuration { @ApiResponse(code = 201, message = "Tenant configuration saved successfully"), @ApiResponse(code = 500, message = "Error occurred while saving the tenant configuration") }) + @Permission(scope = "configuration-modify", permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"}) Response saveTenantConfiguration(@ApiParam(name = "configuration", value = "The required properties to " + "update the platform configurations the as the value", required = true) TenantConfiguration configuration); @@ -64,6 +69,7 @@ public interface Configuration { @ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 500, message = "Error occurred while retrieving the tenant configuration") }) + @Permission(scope = "configuration-view", permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"}) Response getConfiguration(); @PUT @@ -77,6 +83,7 @@ public interface Configuration { @ApiResponse(code = 201, message = "Tenant configuration updated successfully"), @ApiResponse(code = 500, message = "Error occurred while updating the tenant configuration") }) + @Permission(scope = "configuration-modify", permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"}) Response updateConfiguration(@ApiParam(name = "configuration", value = "The required properties to update" + " the platform configurations the as the value", required = true) TenantConfiguration configuration); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Device.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Device.java index 569df1cac1..1e1355d6a8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Device.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Device.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.core.dto.DeviceType; @@ -29,6 +30,9 @@ import javax.ws.rs.core.Response; /** * Device related operations such as get all the available devices, etc. */ +@API(name = "Configuration", version = "1.0.0", context = "/devices", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/devices") @Api(value = "Device", description = "Device related operations such as get all the available devices, etc.") @SuppressWarnings("NonJaxWsWebServices") @@ -55,6 +59,7 @@ public interface Device { @ApiResponse(code = 200, message = "List of Devices"), @ApiResponse(code = 500, message = "Error occurred while fetching the device list") }) + @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) Response getAllDevices(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or" + " windows", required = true) @QueryParam("type") String type, @ApiParam(name = "user", value = "Get the details of the devices registered to a " @@ -86,6 +91,9 @@ public interface Device { @GET @Path("view") @Produces({ MediaType.APPLICATION_JSON }) + @Permission(scope = "device-view", permissions = { + "/permission/admin/device-mgt/admin/devices/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getDevice(@QueryParam("type") String type, @QueryParam("id") String id); /** @@ -96,6 +104,9 @@ public interface Device { */ @GET @Path("user/{user}") + @Permission(scope = "device-view-own", permissions = { + "/permission/admin/device-mgt/user/devices/list", + "/permission/admin/device-mgt/admin/devices/list"}) Response getDeviceOfUser(@PathParam("user") String user); /** @@ -106,6 +117,9 @@ public interface Device { */ @GET @Path("user/{user}/count") + @Permission(scope = "device-count-own", permissions = { + "/permission/admin/device-mgt/user/devices/list", + "/permission/admin/device-mgt/admin/devices/list"}) Response getDeviceCountOfUser(@PathParam("user") String user); /** @@ -124,6 +138,7 @@ public interface Device { @ApiResponse(code = 200, message = "Device count"), @ApiResponse(code = 500, message = "Error occurred while fetching the device count") }) + @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) Response getDeviceCount(); /** @@ -135,6 +150,7 @@ public interface Device { */ @GET @Path("name/{name}/{tenantDomain}") + @ApiOperation( httpMethod = "GET", value = "Get the device details of a specific device via the REST API", @@ -145,11 +161,12 @@ public interface Device { @ApiResponse(code = 200, message = "List of devices"), @ApiResponse(code = 500, message = "Error occurred while fetching the devices list of device name") }) - Response getDevicesByName(@ApiParam(name = "name", value = "The name of the device or windows", - required = true) @PathParam("name") String deviceName, + @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) + Response getDevicesByName(@ApiParam(name = "name", value = "The name of the device or windows", required = true) + @PathParam("name") String deviceName, @ApiParam(name = "tenantDomain", value = "Tenant domain name. The default " + "tenant domain of WSO2 EMM is carbon.super", required = true) - @PathParam("tenantDomain") String tenantDomain); + @PathParam("tenantDomain") String tenantDomain); /** * Get the list of available device types. @@ -168,6 +185,7 @@ public interface Device { @ApiResponses(value = { @ApiResponse(code = 200, message = "List of devices based on the type"), @ApiResponse(code = 500, message = "Error occurred while fetching the list of device types") }) + @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) Response getDeviceTypes(); /** @@ -177,6 +195,8 @@ public interface Device { */ @PUT @Path("type/{type}/id/{deviceId}") + @Permission(scope = "device-modify", permissions = { + "/permission/admin/device-mgt/user/devices/modify", "/permission/admin/device-mgt/admin/devices/modify"}) Response updateDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId, org.wso2.carbon.device.mgt.common.Device updatedDevice); @@ -187,6 +207,8 @@ public interface Device { */ @DELETE @Path("type/{type}/id/{deviceId}") + @Permission(scope = "device-modify", permissions = { + "/permission/admin/device-mgt/user/devices/modify", "/permission/admin/device-mgt/admin/devices/modify"}) Response disenrollDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceInformation.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceInformation.java index 0d20230610..7246aaaefa 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceInformation.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceInformation.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.common.device.details.DeviceInfo; import org.wso2.carbon.device.mgt.common.device.details.DeviceLocation; @@ -31,6 +32,9 @@ import javax.ws.rs.core.Response; /** * Device information related operations. */ +@API(name = "Device Information", version = "1.0.0", context = "/information", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/information") @Api(value = "DeviceInformation", description = "Device information related operations can be found here.") @SuppressWarnings("NonJaxWsWebServices") @@ -50,6 +54,7 @@ public interface DeviceInformation { @ApiResponse(code = 400, message = ""), @ApiResponse(code = 500, message = "Internal Server Error") }) + @Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) Response getDeviceInfo(@ApiParam(name = "type", value = "Provide the device type, such as ios, android " + "or windows", required = true) @PathParam("type") String type, @ApiParam(name = "id", value = "Provide the device identifier", required = true) @@ -70,6 +75,7 @@ public interface DeviceInformation { @ApiResponse(code = 400, message = ""), @ApiResponse(code = 500, message = "Internal Server Error") }) + @Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) Response getDeviceLocation(@ApiParam(name = "type", value = "Provide the device type, such as ios, " + "android or windows", required = true) @PathParam("type") String type, @ApiParam(name = "id", value = "Provide the device identifier", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceNotification.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceNotification.java index 7941ac81c8..e627547df4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceNotification.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceNotification.java @@ -18,21 +18,11 @@ package org.wso2.carbon.device.mgt.jaxrs.api; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import io.swagger.annotations.ApiParam; -import io.swagger.annotations.ApiResponse; -import io.swagger.annotations.ApiResponses; +import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; -import org.wso2.carbon.device.mgt.jaxrs.api.util.ResponsePayload; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; +import javax.ws.rs.*; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -40,6 +30,9 @@ import javax.ws.rs.core.Response; * DeviceNotification management REST-API implementation. * All end points support JSON, XMl with content negotiation. */ +@API(name = "Device Notification", version = "1.0.0", context = "/notifications", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Api(value = "DeviceNotification", description = "Device notification related operations can be found here.") @SuppressWarnings("NonJaxWsWebServices") @Path("/notifications") @@ -62,6 +55,9 @@ public interface DeviceNotification { responseContainer = "List"), @ApiResponse(code = 500, message = "Error occurred while retrieving the notification list") }) + @Permission(scope = "device-notification-view", permissions = { + "/permission/admin/device-mgt/admin/notifications/view", + "/permission/admin/device-mgt/user/notifications/view"}) Response getNotifications(); @GET @@ -80,6 +76,9 @@ public interface DeviceNotification { responseContainer = "List"), @ApiResponse(code = 500, message = "Error occurred while retrieving the notification list") }) + @Permission(scope = "device-notification-view", permissions = { + "/permission/admin/device-mgt/admin/notifications/view", + "/permission/admin/device-mgt/user/notifications/view"}) Response getNotificationsByStatus(@ApiParam(name = "status", value = "Provide the notification status as" + " the value for {status}", required = true) @PathParam("status") Notification.Status status); @@ -97,6 +96,8 @@ public interface DeviceNotification { @ApiResponse(code = 201, message = "Notification status updated successfully"), @ApiResponse(code = 500, message = "Error occurred while updating notification status") }) + @Permission(scope = "device-notification-modify", + permissions = {"/permission/admin/device-mgt/admin/notifications/modify"}) Response updateNotificationStatus(@ApiParam(name = "id", value = "Provide the ID of the notification" + " you wish you update", required = true) @PathParam("id") int id, @ApiParam(name = "status", value = "Provide the notification status as" @@ -114,6 +115,8 @@ public interface DeviceNotification { @ApiResponse(code = 201, message = "NNotification has added successfully"), @ApiResponse(code = 500, message = "Error occurred while updating notification status") }) + @Permission(scope = "device-notification-modify", + permissions = {"/permission/admin/device-mgt/admin/notifications/modify"}) Response addNotification(Notification notification); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceSearch.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceSearch.java index 38ea427db5..28ba46d9ff 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceSearch.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceSearch.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.common.device.details.DeviceWrapper; import org.wso2.carbon.device.mgt.common.search.SearchContext; @@ -30,6 +31,9 @@ import javax.ws.rs.core.Response; /** * Device search related operations such as getting device information. */ +@API(name = "Device Search", version = "1.0.0", context = "/search", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/search") @Api(value = "DeviceSearch", description = "Device searching related operations can be found here.") @SuppressWarnings("NonJaxWsWebServices") @@ -47,6 +51,7 @@ public interface DeviceSearch { @ApiResponse(code = 200, message = "OK", response = DeviceWrapper.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Error occurred while searching the device information") }) + @Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/list"}) Response getFilteredDeviceInfo(@ApiParam(name = "enrollmentCertificates", value = "List of search conditions", required = true) SearchContext searchContext); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Feature.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Feature.java index 5d85d40d4e..77869cc2d9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Feature.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Feature.java @@ -19,19 +19,18 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; +import javax.ws.rs.*; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; /** * Features */ +@API(name = "Device Search", version = "1.0.0", context = "/features", tags = {"devicemgt_admin"}) +// Below Api is for swagger annotations @Api(value = "Feature", description = "Feature management related operations can be found here.") @SuppressWarnings("NonJaxWsWebServices") @Path("/features") @@ -59,6 +58,8 @@ public interface Feature { @ApiResponses(value = { @ApiResponse(code = 200, message = "List of Features"), @ApiResponse(code = 500, message = "Error occurred while retrieving the list of features" + ".") }) + @Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getFeatures(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or windows", required = true) @PathParam("type") String type); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java index 3f50b33596..899d1800f8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java @@ -19,6 +19,8 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.Api; +import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; @@ -35,80 +37,93 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; import java.util.List; +@API(name = "Group", version = "1.0.0", context = "/groups", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/groups") @Api(value = "Group", description = "Group related operations such as get all the available groups, etc.") @SuppressWarnings("NonJaxWsWebServices") public interface Group { + @GET + @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) + Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length); + @POST @Consumes("application/json") + @Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/user/groups/add"}) Response createGroup(DeviceGroup group); + @Path("/owner/{owner}/name/{groupName}") + @GET + @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/view"}) + Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner); + @Path("/owner/{owner}/name/{groupName}") @PUT @Consumes("application/json") @Produces("application/json") + @Permission(scope = "group-modify", permissions = {"/permission/admin/device-mgt/user/groups/update"}) Response updateGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner, DeviceGroup deviceGroup); @Path("/owner/{owner}/name/{groupName}") @DELETE + @Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/user/groups/remove"}) Response deleteGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner); - @GET - @Produces("application/json") - Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length); + @Path("/all") @GET @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response getAllGroups(); @Path("/user/{user}") @GET @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response getGroups(@PathParam("user") String userName, @QueryParam("start") int startIndex, @QueryParam("length") int length); - @Path("/user/{user}/all") - @GET - @Produces("application/json") - Response getGroups(@PathParam("user") String userName); - - @Path("/owner/{owner}/name/{groupName}") - @GET - @Produces("application/json") - Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner); - @Path("/user/{user}/search") @GET @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response findGroups(@QueryParam("groupName") String groupName, @PathParam("user") String user); @Path("/user/{user}/all") @GET @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response getGroups(@PathParam("user") String userName, @QueryParam("permission") String permission); @Path("/count") @GET @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response getAllGroupCount(); @Path("/user/{user}/count") @GET @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response getGroupCount(@PathParam("user") String userName); @Path("/owner/{owner}/name/{groupName}/share") @PUT @Produces("application/json") + @Permission(scope = "group-share", permissions = {"/permission/admin/device-mgt/user/groups/share"}) Response shareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner, @FormParam("shareUser") String shareUser, @FormParam("roleName") String sharingRole); @Path("/owner/{owner}/name/{groupName}/unshare") @PUT @Produces("application/json") + @Permission(scope = "group-share", permissions = {"/permission/admin/device-mgt/user/groups/unshare"}) Response unShareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner, @FormParam("unShareUser") String unShareUser, @FormParam("roleName") String sharingRole); @@ -116,58 +131,68 @@ public interface Group { @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions") @PUT @Produces("application/json") + @Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/admin/groups/roles/permissions/add"}) Response addSharing(@QueryParam("shareUser") String shareUser, @PathParam("groupName") String groupName, @PathParam("owner") String owner, @PathParam("roleName") String roleName, String[] permissions); @DELETE @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions") @Produces("application/json") + @Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/admin/groups/roles/permissions/remove"}) Response removeSharing(@QueryParam("userName") String userName, @PathParam("groupName") String groupName, @PathParam("owner") String owner, @PathParam("roleName") String roleName); @GET @Path("/owner/{owner}/name/{groupName}/share/roles") @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"}) Response getRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner, @QueryParam("userName") String userName); @PUT @Path("/owner/{owner}/name/{groupName}/user/{userName}/share/roles") @Produces("application/json") + @Permission(scope = "group-modify", permissions = {"/permission/admin/device-mgt/admin/groups/roles"}) Response setRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner, @PathParam("userName") String userName, List selectedRoles); @GET @Path("/owner/{owner}/name/{groupName}/users") @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"}) Response getUsers(@PathParam("groupName") String groupName, @PathParam("owner") String owner); @GET @Path("/owner/{owner}/name/{groupName}/devices") @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"}) Response getDevices(@PathParam("groupName") String groupName, @PathParam("owner") String owner, @QueryParam("start") int startIdx, @QueryParam("length") int length); @GET @Path("/owner/{owner}/name/{groupName}/devices/count") @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/devices/count"}) Response getDeviceCount(@PathParam("groupName") String groupName, @PathParam("owner") String owner); @POST @Path("/owner/{owner}/name/{groupName}/devices") @Produces("application/json") + @Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/user/groups/devices/add"}) Response addDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner, DeviceIdentifier deviceIdentifier); @DELETE @Path("/owner/{owner}/name/{groupName}/devices/{deviceType}/{deviceId}") @Produces("application/json") + @Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/user/groups/devices/remove"}) Response removeDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner, @PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType); @GET @Path("/owner/{owner}/name/{groupName}/users/{userName}/permissions") @Produces("application/json") + @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/roles/permissions"}) Response getPermissions(@PathParam("userName") String userName, @PathParam("groupName") String groupName, @PathParam("owner") String owner); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/License.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/License.java index f8884e818c..9b89707821 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/License.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/License.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.Api; +import org.wso2.carbon.apimgt.annotations.api.*; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; @@ -27,6 +28,9 @@ import javax.ws.rs.core.Response; /** * This class represents license related operations. */ +@API(name = "License", version = "1.0.0", context = "/license", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Api(value = "License") @Path("/license") @SuppressWarnings("NonJaxWsWebServices") @@ -42,6 +46,8 @@ public interface License { @GET @Path("{deviceType}/{languageCode}") @Produces({ MediaType.APPLICATION_JSON }) + @Permission(scope = "license-view", permissions = {"/permission/admin/device-mgt/admin/device/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getLicense(@PathParam("deviceType") String deviceType, @PathParam("languageCode") String languageCode); @@ -54,6 +60,7 @@ public interface License { */ @POST @Path("{deviceType}") + @Permission(scope = "license-add", permissions = {"/permission/admin/device-mgt/admin/devices/view"}) Response addLicense(@PathParam("deviceType") String deviceType, org.wso2.carbon.device.mgt.common.license.mgt.License license); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Operation.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Operation.java index baefe95816..4fe9b6e24b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Operation.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Operation.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.common.app.mgt.Application; import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException; import org.wso2.carbon.device.mgt.jaxrs.api.context.DeviceOperationContext; @@ -31,12 +32,18 @@ import javax.ws.rs.core.Response; /** * */ +@API(name = "Operation", version = "1.0.0", context = "/operations", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/operations") @Api(value = "Operation", description = "Operation management related operations can be found here.") public interface Operation { /* @deprecated */ @GET + @Permission(scope = "operation-view", permissions = { + "/permission/admin/device-mgt/admin/devices/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getAllOperations(); @GET @@ -56,6 +63,9 @@ public interface Operation { @ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."), @ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " + "device.")}) + @Permission(scope = "operation-view", permissions = { + "/permission/admin/device-mgt/admin/devices/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " + "Example: ios, android or windows.", required = true) @PathParam("type") String type, @@ -85,6 +95,9 @@ public interface Operation { @ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."), @ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " + "device.")}) + @Permission(scope = "operation-view", permissions = { + "/permission/admin/device-mgt/admin/devices/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getAllDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " + "Example: ios, android or windows.", required = true) @PathParam("type") String type, @@ -93,6 +106,8 @@ public interface Operation { /* @deprecated */ @POST + @Permission(scope = "operation-modify", permissions = { + "/permission/admin/device-mgt/admin/devices/add"}) Response addOperation(DeviceOperationContext operationContext); @GET @@ -108,6 +123,9 @@ public interface Operation { @ApiResponses(value = {@ApiResponse(code = 200, message = "List of installed application details of a device.", response = Application.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Error occurred while fetching the apps of the device" + ".")}) + @Permission(scope = "operation-view", permissions = { + "/permission/admin/device-mgt/admin/devices/view", + "/permission/admin/device-mgt/user/devices/view"}) Response getInstalledApps(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " + "Example: ios, android or windows.", required = true) @PathParam("type") String type, @@ -116,6 +134,8 @@ public interface Operation { @POST @Path("installApp/{tenantDomain}") + @Permission(scope = "operation-install", + permissions = {"/permission/admin/device-mgt/admin/operations/applications/install-applications"}) @ApiOperation( consumes = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML, produces = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML, @@ -143,6 +163,8 @@ public interface Operation { notes = "Uninstall a selected application from a device.") @ApiResponses(value = {@ApiResponse(code = 200, message = "Operation was successfully added to the queue."), @ApiResponse(code = 500, message = "Error occurred while saving the operation.")}) + @Permission(scope = "operation-uninstall", + permissions = {"/permission/admin/device-mgt/admin/operations/applications/uninstall-applications"}) Response uninstallApplication(@ApiParam(name = "applicationWrapper", value = "Details about the application and" + " the users and roles it should be " + "uninstalled.", @@ -163,6 +185,7 @@ public interface Operation { notes = "This will return the operation details including the responses from the devices") @ApiResponses(value = {@ApiResponse(code = 200, message = "Activity details provided successfully.."), @ApiResponse(code = 500, message = "Error occurred while fetching the activity for the supplied id.")}) + @Permission(scope = "operation-view", permissions = {"/permission/admin/device-mgt/admin/devices/view"}) Response getActivity(@ApiParam(name = "id", value = "Provide activity id {id} as ACTIVITY_(number)", required = true) @PathParam("id") String id) throws MDMAPIException; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Policy.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Policy.java index 7189cff0e4..b01fb2f0cf 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Policy.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Policy.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; @@ -28,6 +29,9 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.util.List; +@API(name = "Policy", version = "1.0.0", context = "/policies", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/policies") @Api(value = "Policy", description = "Policy management related operations can be found here.") public interface Policy { @@ -45,6 +49,7 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."), @ApiResponse(code = 500, message = "Policy Management related error occurred when " + "adding the policy")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"}) Response addPolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.", required = true) PolicyWrapper policyWrapper); @@ -62,6 +67,7 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."), @ApiResponse(code = 500, message = "Policy Management related error occurred when " + "adding the policy")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"}) Response addActivePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.", required = true) PolicyWrapper policyWrapper); @@ -79,6 +85,7 @@ public interface Policy { response = org.wso2.carbon.policy.mgt.common.Policy.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Policy Management related error occurred when " + "fetching the policies.")}) + @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"}) Response getAllPolicies(); @GET @@ -94,6 +101,7 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched policy details."), @ApiResponse(code = 500, message = "Policy Management related error occurred when " + "fetching the policies.")}) + @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"}) Response getPolicy(@ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.", required = true) @PathParam("id") int policyId); @@ -108,6 +116,7 @@ public interface Policy { response = int.class) @ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched the policy count."), @ApiResponse(code = 500, message = "Error while Fetching the policy count.")}) + @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"}) Response getPolicyCount(); @PUT @@ -122,6 +131,7 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 201, message = "Policy has been updated successfully."), @ApiResponse(code = 500, message = "Policy Management related exception in policy " + "update")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"}) Response updatePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.", required = true) PolicyWrapper policyWrapper, @ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.", @@ -141,6 +151,7 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 200, message = "Policy Priorities successfully updated."), @ApiResponse(code = 400, message = "Policy priorities did not update."), @ApiResponse(code = 500, message = "Error in updating policy priorities.")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"}) Response updatePolicyPriorities(@ApiParam(name = "priorityUpdatedPolicies", value = "List of policy update details..", required = true) List priorityUpdatedPolicies); @@ -158,6 +169,7 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deleted."), @ApiResponse(code = 400, message = "Policy does not exist."), @ApiResponse(code = 500, message = "Error in deleting policies.")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/remove"}) Response bulkRemovePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deleted.", required = true) List policyIds); @@ -173,6 +185,9 @@ public interface Policy { "in the inactive state to the active state.") @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully activated."), @ApiResponse(code = 500, message = "Error in activating policies.")}) + @Permission(scope = "policy-modify", permissions = { + "/permission/admin/device-mgt/admin/policies/update", + "/permission/admin/device-mgt/admin/policies/add"}) Response activatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be activated.", required = true) List policyIds); @@ -188,6 +203,9 @@ public interface Policy { "is in the active state to the inactive state.") @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deactivated."), @ApiResponse(code = 500, message = "Error in deactivating policies.")}) + @Permission(scope = "policy-modify", permissions = { + "/permission/admin/device-mgt/admin/policies/update", + "/permission/admin/device-mgt/admin/policies/add"}) Response inactivatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deactivated.", required = true) List policyIds) throws MDMAPIException; @@ -206,6 +224,7 @@ public interface Policy { " you need to apply the changes to push the policy changes to the existing devices.") @ApiResponses(value = {@ApiResponse(code = 200, message = "Changes have been successfully updated."), @ApiResponse(code = 500, message = "Error in updating policies.")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"}) Response applyChanges(); @GET @@ -223,23 +242,28 @@ public interface Policy { @ApiResponses(value = {@ApiResponse(code = 200, message = "Policy monitoring service started successfully."), @ApiResponse(code = 500, message = "Policy Management related exception when starting " + "monitoring service.")}) + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"}) Response startTaskService(@ApiParam(name = "milliseconds", value = "Policy monitoring frequency in milliseconds.", required = true) @PathParam("milliseconds") int monitoringFrequency); @GET @Path("update-task/{milliseconds}") + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"}) Response updateTaskService(@PathParam("milliseconds") int monitoringFrequency); @GET @Path("stop-task") + @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"}) Response stopTaskService(); @GET @Path("{type}/{id}") + @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"}) Response getComplianceDataOfDevice(@PathParam("type") String type, @PathParam("id") String id); @GET @Path("{type}/{id}/active-policy") + @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"}) @ApiOperation( consumes = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Profile.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Profile.java index 7762048499..788980ba57 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Profile.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Profile.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.Api; +import org.wso2.carbon.apimgt.annotations.api.*; import javax.ws.rs.DELETE; import javax.ws.rs.POST; @@ -29,20 +30,26 @@ import javax.ws.rs.core.Response; /** * These end points provide profile related operations. */ +@API(name = "Profile", version = "1.0.0", context = "/profiles", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Api(value = "Profile") @Path("/profiles") @SuppressWarnings("NonJaxWsWebServices") public interface Profile { @POST + @Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/add"}) Response addProfile(org.wso2.carbon.policy.mgt.common.Profile profile); @POST @Path("{id}") + @Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/update"}) Response updateProfile(org.wso2.carbon.policy.mgt.common.Profile profile, @PathParam("id") String profileId); @DELETE @Path("{id}") + @Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/remove"}) Response deleteProfile(@PathParam("id") int profileId); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Role.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Role.java index a9cc10cf83..f88d004b41 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Role.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Role.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleWrapper; import org.wso2.carbon.user.mgt.common.UIPermissionNode; @@ -27,6 +28,9 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.util.List; +@API(name = "Role", version = "1.0.0", context = "/roles", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/roles") @Api(value = "Role", description = "Role management related operations can be found here.") public interface Role { @@ -43,6 +47,11 @@ public interface Role { response = String.class) @ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"), @ApiResponse(code = 500, message = "Error occurred while fetching the role list.") }) + @Permission(scope = "roles-view", permissions = { + "/permission/admin/device-mgt/admin/roles/list", + "/permission/admin/device-mgt/admin/users/view", + "/permission/admin/device-mgt/admin/policies/add", + "/permission/admin/device-mgt/admin/policies/update"}) Response getAllRoles(); @GET @@ -58,6 +67,9 @@ public interface Role { response = String.class) @ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"), @ApiResponse(code = 500, message = "Error occurred while fetching the role list.") }) + @Permission(scope = "roles-view", permissions = { + "/permission/admin/device-mgt/admin/users/add", + "/permission/admin/device-mgt/admin/roles/list"}) Response getRolesOfUserStore(@ApiParam(name = "userStore", value = "Provide the name of the UserStore you wish to get the" + " details from ", required = true) @PathParam("userStore") String userStore); @@ -79,6 +91,9 @@ public interface Role { @ApiResponses(value = { @ApiResponse(code = 200, message = "List of matching roles"), @ApiResponse(code = 500, message = "Error occurred while fetching the matching role list" + ".") }) + @Permission(scope = "roles-view", permissions = { + "/permission/admin/device-mgt/admin/users/add", + "/permission/admin/device-mgt/admin/roles/list"}) Response getMatchingRoles(@ApiParam(name = "filter", value = "Provide a character or a few characters in the" + " role name.", required = true) @QueryParam("filter") String filter); @@ -99,6 +114,7 @@ public interface Role { @ApiResponses(value = { @ApiResponse(code = 200, message = "Permission details of a role"), @ApiResponse(code = 500, message = "Error occurred while fetching the permission " + "details of a role.") }) + @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"}) Response getPermissions(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " + "permission details.", required = true) @QueryParam("rolename") String roleName); @@ -115,6 +131,7 @@ public interface Role { response = RoleWrapper.class) @ApiResponses(value = { @ApiResponse(code = 200, message = "Details of a role."), @ApiResponse(code = 500, message = "Error occurred while retrieving the user role.") }) + @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"}) Response getRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " + "details.", required = true) @QueryParam("rolename") String roleName); @@ -129,6 +146,7 @@ public interface Role { notes = "You are able to add a new role to WSO2 EMM using the REST API.") @ApiResponses(value = { @ApiResponse(code = 200, message = "Added the role."), @ApiResponse(code = 500, message = "Error occurred while adding the user role.") }) + @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"}) Response addRole(@ApiParam(name = "roleWrapper", value = "Role and permission details.", required = true) RoleWrapper roleWrapper); @@ -144,6 +162,7 @@ public interface Role { @ApiResponses(value = { @ApiResponse(code = 200, message = "Updated the role."), @ApiResponse(code = 500, message = "Error occurred while updating the user role details" + ".") }) + @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"}) Response updateRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.", required = true) @QueryParam("rolename") String roleName, @ApiParam(name = "roleWrapper", value = "Role and permission details.", @@ -161,6 +180,7 @@ public interface Role { @ApiResponses(value = { @ApiResponse(code = 200, message = "Deleted the role."), @ApiResponse(code = 500, message = "Error occurred while deleting the user role details" + ".") }) + @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"}) Response deleteRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to delete.", required = true) @QueryParam("rolename") String roleName); @@ -180,6 +200,7 @@ public interface Role { "role using this API.") @ApiResponses(value = { @ApiResponse(code = 200, message = "Added Users to a Role."), @ApiResponse(code = 500, message = "Error occurred while saving the users of the role.") }) + @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"}) Response updateUsers(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.", required = true) @QueryParam("rolename") String roleName, @ApiParam(name = "userList", value = "Provide the names of the users you will to update.", @@ -196,6 +217,7 @@ public interface Role { notes = "Get the number of roles in WSO2 EMM.") @ApiResponses(value = { @ApiResponse(code = 200, message = "Retrieved the role count."), @ApiResponse(code = 500, message = "Error occurred while retrieving the role count.") }) + @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/list"}) Response getRoleCount(); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/User.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/User.java index 7ac2eeab7f..12ec1840fe 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/User.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/User.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api; import io.swagger.annotations.*; import org.apache.axis2.databinding.types.soapencoding.Integer; +import org.wso2.carbon.apimgt.annotations.api.*; import org.wso2.carbon.device.mgt.jaxrs.beans.UserCredentialWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.UserWrapper; @@ -31,6 +32,9 @@ import java.util.List; /** * This represents the JAX-RS services of User related functionality. */ +@API(name = "User", version = "1.0.0", context = "/users", tags = {"devicemgt_admin"}) + +// Below Api is for swagger annotations @Path("/users") @Api(value = "User", description = "User management related operations can be found here.") public interface User { @@ -48,6 +52,7 @@ public interface User { @ApiResponse(code = 201, message = "Created"), @ApiResponse(code = 500, message = "Exception in trying to add user by username: 'username'") }) + @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"}) Response addUser(@ApiParam(name = "userWrapper", value = "Includes the required properties to add a user" + " as the value", required = true) UserWrapper userWrapper); @@ -66,6 +71,7 @@ public interface User { @ApiResponse(code = 400, message = "User by username: 'username' does not exist"), @ApiResponse(code = 500, message = "Exception in trying to retrieve user by username: 'username'") }) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"}) Response getUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to get the" + " details of as the value", required = true) @QueryParam("username") String username); @@ -86,6 +92,7 @@ public interface User { + "request made to update user was refused"), @ApiResponse(code = 500, message = "Exception in trying to update user by username: 'username'") }) + @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"}) Response updateUser(@ApiParam(name = "userWrapper", value = "Provide the name of the user you wish to get" + " the details of as the value", required = true) UserWrapper userWrapper, @ApiParam(name = "username", value = "Provide the name of the user you wish to get " @@ -106,6 +113,7 @@ public interface User { @ApiResponse(code = 400, message = "User by username: 'username' does not exist for removal"), @ApiResponse(code = 500, message = "Exception in trying to remove user by username: 'username'") }) + @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"}) Response removeUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to delete" + " as the value for {username}", required = true) @QueryParam("username") String username); @@ -126,6 +134,7 @@ public interface User { @ApiResponse(code = 400, message = "User by username: 'username' does not exist for role retrieval"), @ApiResponse(code = 500, message = "Exception in trying to retrieve roles for user by username: 'username'") }) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"}) Response getRolesOfUser(@ApiParam(name = "username", value = "Provide the user name of the user you wish to get" + " the role details", required = true) @QueryParam("username") String username); @@ -143,11 +152,13 @@ public interface User { @ApiResponse(code = 201, message = "All users were successfully retrieved"), @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") }) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) Response getAllUsers(); @GET @Path("{filter}") @Produces({MediaType.APPLICATION_JSON}) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) Response getMatchingUsers(@PathParam("filter") String filter); @GET @@ -167,6 +178,7 @@ public interface User { + " user count: 'count'"), @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") }) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) Response getAllUsersByUsername(@ApiParam(name = "username", value = "Provide any user detail of the user" + " as the value for {username} to retrieve the user details, such " + "as email address, first name or last name", required = true) @@ -190,6 +202,7 @@ public interface User { + " user count: 'count'"), @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") }) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) Response getAllUserNamesByUsername(@ApiParam(name = "username", value = "Provide a character or a few " + "character in the user name as the value for {username}", required = true) @QueryParam("username") String userName); @@ -207,6 +220,7 @@ public interface User { @ApiResponse(code = 200, message = "Email invitation was successfully sent to user"), @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") }) + @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/invite"}) Response inviteExistingUsersToEnrollDevice(@ApiParam(name = "usernames", value = "List of the users to be" + " invited as the ", required = true) List usernames); @@ -226,6 +240,9 @@ public interface User { @ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 500, message = "Device management error") }) + @Permission(scope = "user-view", permissions = { + "/permission/admin/device-mgt/user/devices/list", + "/permission/admin/device-mgt/admin/devices/list"}) Response getAllDeviceOfUser(@ApiParam(name = "username", value = "Provide the name of the user you wish " + "to get the details", required = true) @QueryParam("username") String username, @@ -247,11 +264,13 @@ public interface User { @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users that exist" + " within the current tenant") }) + @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) Response getUserCount(); @PUT @Path("{roleName}/users") @Produces({MediaType.APPLICATION_JSON}) + @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"}) Response updateRoles(@PathParam("roleName") String roleName, List userList); @POST @@ -272,6 +291,7 @@ public interface User { + " Character Encoding is not supported"), @ApiResponse(code = 500, message = "Internal Server Error") }) + @Permission(scope = "user-modify", permissions = {"/permission/admin/login"}) Response resetPassword(@ApiParam(name = "credentials", value = "Include the required properties to change" + " the user password as value", required = true) UserCredentialWrapper credentials); @@ -297,6 +317,7 @@ public interface User { + " Character Encoding is not supported"), @ApiResponse(code = 500, message = "Internal Server Error") }) + @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/password-reset"}) Response resetPasswordByAdmin(@ApiParam(name = "credentials", value = "Include the required properties " + "to change a user password as value", required = true) UserCredentialWrapper credentials); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/GroupImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/GroupImpl.java index ebe9228c31..14c6323818 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/GroupImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/GroupImpl.java @@ -174,25 +174,6 @@ public class GroupImpl implements Group { } } - @Override - @Path("/user/{user}/all") - @GET - @Produces("application/json") - public Response getGroups(@PathParam("user") String userName) { - try { - List deviceGroups = DeviceMgtAPIUtils.getGroupManagementProviderService() - .getGroups(userName); - if (deviceGroups.size() > 0) { - return Response.status(Response.Status.OK).entity(deviceGroups).build(); - } else { - return Response.status(Response.Status.NOT_FOUND).build(); - } - } catch (GroupManagementException e) { - log.error(e.getMessage(), e); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); - } - } - @Override @Path("/owner/{owner}/name/{groupName}") @GET diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml index ca4664f9cb..4fd0ac4386 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml @@ -936,13 +936,13 @@ get certificate in the database - /device-mgt/android/certificate/Get + /device-mgt/android/certificate/view /certificates/* GET - get certificate in the database - /device-mgt/android/certificate/Get + Remove certificate in the database + /device-mgt/android/certificate/remove /certificates/* DELETE @@ -979,7 +979,7 @@ Group Delete - /device-mgt/user/groups/delete + /device-mgt/user/groups/remove /groups/owner/*/name/* DELETE @@ -1084,7 +1084,7 @@ Group Delete Permissions - /device-mgt/admin/groups/roles/permissions/delete + /device-mgt/admin/groups/roles/permissions/remove /groups/owner/*/name/*/share/roles/*/permissions DELETE diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml index 6ee1d3216e..406c03fac7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml @@ -70,6 +70,16 @@ true + + + managed-api-enabled + true + + + managed-api-owner + admin + + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index e7179b0d79..91c1b966f7 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -98,7 +98,6 @@ public class JWTAuthenticator implements WebappAuthenticator { //Get the filesystem keystore default primary certificate JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); - //https://wso2.org/jira/browse/APIMANAGER-4504 need to change this to jwsObject.verify(verifier) if (jwsObject.verify(verifier)) { username = MultitenantUtils.getTenantAwareUsername(username); if (tenantId == -1) {