Merge branch 'feature/get-permissions' into 'master'

Create an endpoint to get permissions of a given user

Closes product-iots#353

See merge request entgra/carbon-device-mgt!482
reporting
Dharmakeerthi Lasantha 5 years ago
commit e45d108ce1

@ -0,0 +1,41 @@
/*
* Copyright (c) 2020, Entgra (pvt) Ltd. (http://entgra.io) All Rights Reserved.
*
* Entgra (pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.beans;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import java.io.Serializable;
import java.util.List;
@ApiModel(value = "Permission List")
public class PermissionList implements Serializable {
private List<String> permissions;
@ApiModelProperty(value = "Returns the list of permissions")
@JsonProperty("permissions")
public List<String> getList() {
return permissions;
}
public void setList(List<String> roles) {
this.permissions = roles;
}
}

@ -57,6 +57,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation; import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PermissionList;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
@ -164,6 +165,12 @@ import java.util.List;
description = "Get activities", description = "Get activities",
key = "perm:get-activity", key = "perm:get-activity",
permissions = {"/device-mgt/devices/owning-device/view"} permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting the Permissions of the User",
description = "Getting the Permissions of the User",
key = "perm:user:permission-view",
permissions = {"/login"}
) )
} }
) )
@ -1168,4 +1175,50 @@ public interface UserManagementService {
required = true, required = true,
defaultValue = "admin") defaultValue = "admin")
@PathParam("username") String username); @PathParam("username") String username);
@GET
@Path("/current-user/permissions")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting the permission details of the current user",
notes = "A user may granted more than one permission in IoTS. Using this REST API "
+ "you can get the permission/permission the current user has granted. ",
tags = "User Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:user:permission-view")
})
}
)
@ApiResponses(value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the list of permissions the user "
+ "has granted.",
response = PermissionList.class,
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource was last modified.\n" +
"Used by caches, or in conditional requests."),
}),
@ApiResponse(
code = 404,
message = "Not Found. \n The specified resource does not exist.\n",
response = ErrorResponse.class),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while fetching the "
+ "list of roles assigned to the specified user.",
response = ErrorResponse.class)
})
Response getPermissionsOfUser();
} }

@ -257,7 +257,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
// Get the permission nodes and hand picking only device management and login perms // Get the permission nodes and hand picking only device management and login perms
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm); final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
List<String> permList = new ArrayList<>(); List<String> permList = new ArrayList<>();
this.iteratePermissions(rolePermissions, permList); DeviceMgtAPIUtils.iteratePermissions(rolePermissions, permList);
roleInfo.setPermissionList(rolePermissions); roleInfo.setPermissionList(rolePermissions);
String[] permListAr = new String[permList.size()]; String[] permListAr = new String[permList.size()];
roleInfo.setPermissions(permList.toArray(permListAr)); roleInfo.setPermissions(permList.toArray(permListAr));
@ -278,24 +278,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
} }
} }
private List<String> iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
//To prevent NullPointer exceptions
if (uiPermissionNode == null) {
return list;
}
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
if (permissionNode != null) {
list.add(permissionNode.getResourcePath());
if (permissionNode.getNodeList() != null
&& permissionNode.getNodeList().length > 0) {
iteratePermissions(permissionNode, list);
}
}
}
return list;
}
private List<String> getAuthorizedPermissions(UIPermissionNode uiPermissionNode, List<String> list) { private List<String> getAuthorizedPermissions(UIPermissionNode uiPermissionNode, List<String> list) {
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) { for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
if (permissionNode.isSelected()) { if (permissionNode.isSelected()) {

@ -40,6 +40,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpStatus; import org.apache.http.HttpStatus;
import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder; import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException; import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
@ -57,6 +58,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation; import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PermissionList;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException; import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
@ -74,6 +76,9 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.UserCoreConstants; import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.mgt.UserRealmProxy;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.user.mgt.common.UserAdminException;
import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
@ -1029,6 +1034,48 @@ public class UserManagementServiceImpl implements UserManagementService {
} }
} }
@GET
@Override
@Path("/current-user/permissions")
public Response getPermissionsOfUser() {
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
String message = "User by username: " + username + " does not exist for permission retrieval.";
log.error(message);
return Response.status(Response.Status.NOT_FOUND)
.entity(new ErrorResponse.ErrorResponseBuilder().setMessage(message).build()).build();
}
// Get a list of roles which the user assigned to
List<String> roles = getFilteredRoles(userStoreManager, username);
List<String> permissions = new ArrayList<>();
UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
// Get permissions for each role
for (String roleName : roles) {
try {
permissions.addAll(getPermissionsListFromRole(roleName, userRealm, tenantId));
} catch (UserAdminException e) {
String message = "Error occurred while retrieving the permissions of role '" + roleName + "'";
log.error(message, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse.ErrorResponseBuilder().setMessage(message).build())
.build();
}
}
PermissionList permissionList = new PermissionList();
permissionList.setList(permissions);
return Response.status(Response.Status.OK).entity(permissionList).build();
} catch (UserStoreException e) {
String message = "Error occurred while trying to retrieve roles of the user '" + username + "'";
log.error(message, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse.ErrorResponseBuilder().setMessage(message).build())
.build();
}
}
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress, private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress,
boolean isFresh) { boolean isFresh) {
Map<String, String> defaultUserClaims = new HashMap<>(); Map<String, String> defaultUserClaims = new HashMap<>();
@ -1174,4 +1221,30 @@ public class UserManagementServiceImpl implements UserManagementService {
private boolean skipSearch(List<String> commonUsers) { private boolean skipSearch(List<String> commonUsers) {
return commonUsers != null && commonUsers.size() == 0; return commonUsers != null && commonUsers.size() == 0;
} }
/**
* Returns a list of permissions of a given role
* @param roleName name of the role
* @param tenantId the user's tenetId
* @param userRealm user realm of the tenant
* @return list of permissions
* @throws UserAdminException If unable to get the permissions
*/
private static List<String> getPermissionsListFromRole(String roleName, UserRealm userRealm, int tenantId)
throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore;
try {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
} catch (ClassCastException e) {
String message = "Provided UserRealm object is not an instance of org.wso2.carbon.user.core.UserRealm";
log.error(message, e);
throw new UserAdminException(message, e);
}
UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
List<String> permissionsList = new ArrayList<>();
final UIPermissionNode rolePermissions = userRealmProxy.getRolePermissions(roleName, tenantId);
DeviceMgtAPIUtils.iteratePermissions(rolePermissions, permissionsList);
return permissionsList;
}
} }

@ -82,6 +82,7 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager; import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import javax.cache.Cache; import javax.cache.Cache;
import javax.cache.Caching; import javax.cache.Caching;
@ -781,4 +782,27 @@ public class DeviceMgtAPIUtils {
typeVersion.setVersionStatus(deviceTypeVersion.getVersionStatus()); typeVersion.setVersionStatus(deviceTypeVersion.getVersionStatus());
return typeVersion; return typeVersion;
} }
/**
* Extract permissions from a UiPermissionNode using recursions
* @param uiPermissionNode an UiPermissionNode Object to extract permissions
* @param list provided list to add permissions
*/
public static void iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
// To prevent NullPointer exceptions
if (uiPermissionNode == null) {
return;
}
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
if (permissionNode != null) {
if(permissionNode.isSelected()){
list.add(permissionNode.getResourcePath());
}
if (permissionNode.getNodeList() != null
&& permissionNode.getNodeList().length > 0) {
iteratePermissions(permissionNode, list);
}
}
}
}
} }

@ -145,6 +145,7 @@
<Scope>perm:devices:permanent-delete</Scope> <Scope>perm:devices:permanent-delete</Scope>
<Scope>perm:android:manage-configuration</Scope> <Scope>perm:android:manage-configuration</Scope>
<Scope>perm:android:view-configuration</Scope> <Scope>perm:android:view-configuration</Scope>
<Scope>perm:user:permission-view</Scope>
</Scopes> </Scopes>
<SSOConfiguration> <SSOConfiguration>
<Issuer>device-mgt</Issuer> <Issuer>device-mgt</Issuer>

Loading…
Cancel
Save