diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java index 33a1c9454..9aafb4eea 100644 --- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java +++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java @@ -16,9 +16,6 @@ package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants; -import org.wso2.carbon.CarbonConstants; -import org.wso2.carbon.user.api.Permission; - public class AndroidSenseConstants { public final static String DEVICE_TYPE = "android_sense"; @@ -47,26 +44,9 @@ public class AndroidSenseConstants { public static final String SCOPE = "scope"; - public static Permission[] permissions; - - static { - - Permission enroll = new Permission("/permission/admin/device-mgt/devices/enroll", CarbonConstants - .UI_PERMISSION_ACTION); - Permission disEnroll = new Permission("/permission/admin/device-mgt/devices/disenroll", CarbonConstants - .UI_PERMISSION_ACTION); - Permission owningDevice = new Permission("/permission/admin/device-mgt/devices/owning-device", - CarbonConstants.UI_PERMISSION_ACTION); - Permission groups = new Permission("/permission/admin/device-mgt/groups", CarbonConstants.UI_PERMISSION_ACTION); - Permission notifications = new Permission("/permission/admin/device-mgt/notifications", CarbonConstants - .UI_PERMISSION_ACTION); - Permission policies = new Permission("/permission/admin/device-mgt/policies", CarbonConstants - .UI_PERMISSION_ACTION); - Permission subscribe = new Permission("/permission/admin/manage/api/subscribe", CarbonConstants - .UI_PERMISSION_ACTION); - - permissions = new Permission[]{enroll, disEnroll, owningDevice, groups, notifications, policies, subscribe}; + public static final String PERM_ENROLL_ANDROID_SENSE = "/permission/admin/device-mgt/devices/enroll/android-sense"; + public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view"; - } + public static final String ROLE_NAME = "internal/devicemgt-user"; } diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/AndroidSensePermissionUpdateListener.java similarity index 65% rename from components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java rename to components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/AndroidSensePermissionUpdateListener.java index dd073d265..4cb0ccc9e 100644 --- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java +++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/AndroidSensePermissionUpdateListener.java @@ -17,10 +17,11 @@ package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.AndroidSenseServiceImpl; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants.AndroidSenseConstants; import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.core.service.RealmService; @@ -28,11 +29,9 @@ import org.wso2.carbon.user.core.service.RealmService; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; -public class PermissionUpdateListener implements ServletContextListener { +public class AndroidSensePermissionUpdateListener implements ServletContextListener { - private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class); - - private static final String ROLE_NAME = "internal/devicemgt-user"; + private static Log log = LogFactory.getLog(AndroidSensePermissionUpdateListener.class); @Override public void contextInitialized(ServletContextEvent servletContextEvent) { @@ -40,16 +39,16 @@ public class PermissionUpdateListener implements ServletContextListener { UserStoreManager userStoreManager = getUserStoreManager(); try { if (userStoreManager != null) { - if (!userStoreManager.isExistingRole(ROLE_NAME)) { - userStoreManager.addRole(ROLE_NAME, null, AndroidSenseConstants.permissions); + if (!userStoreManager.isExistingRole(AndroidSenseConstants.ROLE_NAME)) { + userStoreManager.addRole(AndroidSenseConstants.ROLE_NAME, null, getPermissions()); } else { - getAuthorizationManager().authorizeRole(ROLE_NAME, - "/permission/admin/device-mgt/devices/enroll/android-sense", "ui.execute"); - getAuthorizationManager().authorizeRole(ROLE_NAME, - "/permission/admin/device-mgt/devices/owning-device/view", "ui.execute"); + getAuthorizationManager().authorizeRole(AndroidSenseConstants.ROLE_NAME, + AndroidSenseConstants.PERM_ENROLL_ANDROID_SENSE, CarbonConstants.UI_PERMISSION_ACTION); + getAuthorizationManager().authorizeRole(AndroidSenseConstants.ROLE_NAME, + AndroidSenseConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION); } } } catch (UserStoreException e) { - // + log.error("Error while creating a role and adding a user for Android Sense.", e); } } @@ -101,25 +100,14 @@ public class PermissionUpdateListener implements ServletContextListener { return authorizationManager; } + private Permission[] getPermissions() { + + Permission androidSense = new Permission(AndroidSenseConstants.PERM_ENROLL_ANDROID_SENSE, + CarbonConstants.UI_PERMISSION_ACTION); + Permission view = new Permission(AndroidSenseConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants + .UI_PERMISSION_ACTION); -// public static void registerApiAccessRoles(String user) { -// UserStoreManager userStoreManager = null; -// try { -// userStoreManager = getUserStoreManager(); -// String[] userList = new String[]{user}; -// if (userStoreManager != null) { -// String rolesOfUser[] = userStoreManager.getRoleListOfUser(user); -// if (!userStoreManager.isExistingRole(Constants.DEFAULT_ROLE_NAME)) { -// userStoreManager.addRole(Constants.DEFAULT_ROLE_NAME, userList, Constants.DEFAULT_PERMISSION); -// } else if (rolesOfUser != null && Arrays.asList(rolesOfUser).contains(Constants.DEFAULT_ROLE_NAME)) { -// return; -// } else { -// userStoreManager.updateUserListOfRole(Constants.DEFAULT_ROLE_NAME, new String[0], userList); -// } -// } -// } catch (UserStoreException e) { -// log.error("Error while creating a role and adding a user for virtual_firealarm.", e); -// } -// } + return new Permission[]{androidSense, view}; + } } diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml index f23e42e69..28b3d23f3 100644 --- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml @@ -32,6 +32,6 @@ - org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.PermissionUpdateListener + org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.AndroidSensePermissionUpdateListener diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk index 4a7aa4432..17ef42814 100644 Binary files a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk and b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk differ diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java index 4f3a042c9..9ebed9991 100644 --- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java @@ -29,4 +29,9 @@ public class ArduinoConstants { public static final String SCOPE = "scope"; + public static final String PERM_ENROLL_ARDUINO = "/permission/admin/device-mgt/devices/enroll/arduino"; + public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view"; + + public static final String ROLE_NAME = "internal/devicemgt-user"; + } diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/listener/ArduinoPermissionUpdateListener.java b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/listener/ArduinoPermissionUpdateListener.java new file mode 100644 index 000000000..353cdde5d --- /dev/null +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/listener/ArduinoPermissionUpdateListener.java @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wso2.carbon.device.mgt.iot.arduino.service.impl.listener; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.iot.arduino.service.impl.constants.ArduinoConstants; +import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.Permission; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; + +import javax.servlet.ServletContextEvent; +import javax.servlet.ServletContextListener; + +public class ArduinoPermissionUpdateListener implements ServletContextListener { + + private static Log log = LogFactory.getLog(ArduinoPermissionUpdateListener.class); + + @Override + public void contextInitialized(ServletContextEvent servletContextEvent) { + + UserStoreManager userStoreManager = getUserStoreManager(); + try { + if (userStoreManager != null) { + if (!userStoreManager.isExistingRole(ArduinoConstants.ROLE_NAME)) { + userStoreManager.addRole(ArduinoConstants.ROLE_NAME, null, getPermissions()); + } else { + getAuthorizationManager().authorizeRole(ArduinoConstants.ROLE_NAME, + ArduinoConstants.PERM_ENROLL_ARDUINO, CarbonConstants.UI_PERMISSION_ACTION); + getAuthorizationManager().authorizeRole(ArduinoConstants.ROLE_NAME, + ArduinoConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION); + } + } } catch (UserStoreException e) { + log.error("Error while creating a role and adding a user for Arduino.", e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent servletContextEvent) { + + } + + public static UserStoreManager getUserStoreManager() { + RealmService realmService; + UserStoreManager userStoreManager; + try { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + if (realmService == null) { + String msg = "Realm service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + int tenantId = ctx.getTenantId(); + userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager(); + realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving current user store manager"; + log.error(msg, e); + throw new IllegalStateException(msg); + } + return userStoreManager; + } + + public static AuthorizationManager getAuthorizationManager() { + RealmService realmService; + AuthorizationManager authorizationManager; + try { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + if (realmService == null) { + String msg = "Realm service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + int tenantId = ctx.getTenantId(); + authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving current user store manager"; + log.error(msg, e); + throw new IllegalStateException(msg); + } + return authorizationManager; + } + + private Permission[] getPermissions() { + + Permission androidSense = new Permission(ArduinoConstants.PERM_ENROLL_ARDUINO, + CarbonConstants.UI_PERMISSION_ACTION); + Permission view = new Permission(ArduinoConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants + .UI_PERMISSION_ACTION); + + return new Permission[]{androidSense, view}; + } + +} diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml index 96122464a..660a6968b 100644 --- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml @@ -31,4 +31,8 @@ true + + org.wso2.carbon.device.mgt.iot.arduino.service.impl.listener.ArduinoPermissionUpdateListener + + \ No newline at end of file diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java index 00919d6f6..5936cfb35 100644 --- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java @@ -35,4 +35,9 @@ public class RaspberrypiConstants { public static final String SCOPE = "scope"; + public static final String PERM_ENROLL_RASPBERRYPI = "/permission/admin/device-mgt/devices/enroll/raspberrypi"; + public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view"; + + public static final String ROLE_NAME = "internal/devicemgt-user"; + } diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/listener/RaspberryPIPermissionUpdateListener.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/listener/RaspberryPIPermissionUpdateListener.java new file mode 100644 index 000000000..20b8daee8 --- /dev/null +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/listener/RaspberryPIPermissionUpdateListener.java @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.listener; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.constants.RaspberrypiConstants; +import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.Permission; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; + +import javax.servlet.ServletContextEvent; +import javax.servlet.ServletContextListener; + +public class RaspberryPIPermissionUpdateListener implements ServletContextListener { + + private static Log log = LogFactory.getLog(RaspberryPIPermissionUpdateListener.class); + + @Override + public void contextInitialized(ServletContextEvent servletContextEvent) { + + UserStoreManager userStoreManager = getUserStoreManager(); + try { + if (userStoreManager != null) { + if (!userStoreManager.isExistingRole(RaspberrypiConstants.ROLE_NAME)) { + userStoreManager.addRole(RaspberrypiConstants.ROLE_NAME, null, getPermissions()); + } else { + getAuthorizationManager().authorizeRole(RaspberrypiConstants.ROLE_NAME, + RaspberrypiConstants.PERM_ENROLL_RASPBERRYPI, CarbonConstants.UI_PERMISSION_ACTION); + getAuthorizationManager().authorizeRole(RaspberrypiConstants.ROLE_NAME, + RaspberrypiConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION); + } + } } catch (UserStoreException e) { + log.error("Error while creating a role and adding a user for Raspberry PI.", e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent servletContextEvent) { + + } + + public static UserStoreManager getUserStoreManager() { + RealmService realmService; + UserStoreManager userStoreManager; + try { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + if (realmService == null) { + String msg = "Realm service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + int tenantId = ctx.getTenantId(); + userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager(); + realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving current user store manager"; + log.error(msg, e); + throw new IllegalStateException(msg); + } + return userStoreManager; + } + + public static AuthorizationManager getAuthorizationManager() { + RealmService realmService; + AuthorizationManager authorizationManager; + try { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + if (realmService == null) { + String msg = "Realm service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + int tenantId = ctx.getTenantId(); + authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving current user store manager"; + log.error(msg, e); + throw new IllegalStateException(msg); + } + return authorizationManager; + } + + private Permission[] getPermissions() { + + Permission androidSense = new Permission(RaspberrypiConstants.PERM_ENROLL_RASPBERRYPI, + CarbonConstants.UI_PERMISSION_ACTION); + Permission view = new Permission(RaspberrypiConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants + .UI_PERMISSION_ACTION); + + return new Permission[]{androidSense, view}; + } + +} diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml index e6b97eaed..301e2a3a8 100644 --- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml @@ -31,4 +31,8 @@ true + + org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.listener.RaspberryPIPermissionUpdateListener + + \ No newline at end of file diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java index 204ede004..31a140efe 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java @@ -81,4 +81,9 @@ public class VirtualFireAlarmConstants { public static final String MQTT_ADAPTER_TOPIC_PROPERTY_NAME = "mqtt.adapter.topic"; public static final String APIM_APPLICATION_TOKEN_VALIDITY_PERIOD = "3600"; + + public static final String PERM_ENROLL_FIRE_ALARM = "/permission/admin/device-mgt/devices/enroll/firealarm"; + public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view"; + + public static final String ROLE_NAME = "internal/devicemgt-user"; } diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/listener/VirtualFireAlarmPermissionUpdateListener.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/listener/VirtualFireAlarmPermissionUpdateListener.java new file mode 100644 index 000000000..829868010 --- /dev/null +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/listener/VirtualFireAlarmPermissionUpdateListener.java @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.listener; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.constants.VirtualFireAlarmConstants; +import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.Permission; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; + +import javax.servlet.ServletContextEvent; +import javax.servlet.ServletContextListener; + +public class VirtualFireAlarmPermissionUpdateListener implements ServletContextListener { + + private static Log log = LogFactory.getLog(VirtualFireAlarmPermissionUpdateListener.class); + + @Override + public void contextInitialized(ServletContextEvent servletContextEvent) { + + UserStoreManager userStoreManager = getUserStoreManager(); + try { + if (userStoreManager != null) { + if (!userStoreManager.isExistingRole(VirtualFireAlarmConstants.ROLE_NAME)) { + userStoreManager.addRole(VirtualFireAlarmConstants.ROLE_NAME, null, getPermissions()); + } else { + getAuthorizationManager().authorizeRole(VirtualFireAlarmConstants.ROLE_NAME, + VirtualFireAlarmConstants.PERM_ENROLL_FIRE_ALARM, CarbonConstants.UI_PERMISSION_ACTION); + getAuthorizationManager().authorizeRole(VirtualFireAlarmConstants.ROLE_NAME, + VirtualFireAlarmConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION); + } + } } catch (UserStoreException e) { + log.error("Error while creating a role and adding a user for Raspberry PI.", e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent servletContextEvent) { + + } + + public static UserStoreManager getUserStoreManager() { + RealmService realmService; + UserStoreManager userStoreManager; + try { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + if (realmService == null) { + String msg = "Realm service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + int tenantId = ctx.getTenantId(); + userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager(); + realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving current user store manager"; + log.error(msg, e); + throw new IllegalStateException(msg); + } + return userStoreManager; + } + + public static AuthorizationManager getAuthorizationManager() { + RealmService realmService; + AuthorizationManager authorizationManager; + try { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + if (realmService == null) { + String msg = "Realm service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + int tenantId = ctx.getTenantId(); + authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving current user store manager"; + log.error(msg, e); + throw new IllegalStateException(msg); + } + return authorizationManager; + } + + private Permission[] getPermissions() { + + Permission androidSense = new Permission(VirtualFireAlarmConstants.PERM_ENROLL_FIRE_ALARM, + CarbonConstants.UI_PERMISSION_ACTION); + Permission view = new Permission(VirtualFireAlarmConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants + .UI_PERMISSION_ACTION); + + return new Permission[]{androidSense, view}; + } + +} diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml index 4337c5720..6f59c5a7c 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml @@ -27,6 +27,8 @@ true - + + org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.listener.VirtualFireAlarmPermissionUpdateListener + \ No newline at end of file