diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
index 33a1c9454..9aafb4eea 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
@@ -16,9 +16,6 @@
package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants;
-import org.wso2.carbon.CarbonConstants;
-import org.wso2.carbon.user.api.Permission;
-
public class AndroidSenseConstants {
public final static String DEVICE_TYPE = "android_sense";
@@ -47,26 +44,9 @@ public class AndroidSenseConstants {
public static final String SCOPE = "scope";
- public static Permission[] permissions;
-
- static {
-
- Permission enroll = new Permission("/permission/admin/device-mgt/devices/enroll", CarbonConstants
- .UI_PERMISSION_ACTION);
- Permission disEnroll = new Permission("/permission/admin/device-mgt/devices/disenroll", CarbonConstants
- .UI_PERMISSION_ACTION);
- Permission owningDevice = new Permission("/permission/admin/device-mgt/devices/owning-device",
- CarbonConstants.UI_PERMISSION_ACTION);
- Permission groups = new Permission("/permission/admin/device-mgt/groups", CarbonConstants.UI_PERMISSION_ACTION);
- Permission notifications = new Permission("/permission/admin/device-mgt/notifications", CarbonConstants
- .UI_PERMISSION_ACTION);
- Permission policies = new Permission("/permission/admin/device-mgt/policies", CarbonConstants
- .UI_PERMISSION_ACTION);
- Permission subscribe = new Permission("/permission/admin/manage/api/subscribe", CarbonConstants
- .UI_PERMISSION_ACTION);
-
- permissions = new Permission[]{enroll, disEnroll, owningDevice, groups, notifications, policies, subscribe};
+ public static final String PERM_ENROLL_ANDROID_SENSE = "/permission/admin/device-mgt/devices/enroll/android-sense";
+ public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
- }
+ public static final String ROLE_NAME = "internal/devicemgt-user";
}
diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/AndroidSensePermissionUpdateListener.java
similarity index 65%
rename from components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java
rename to components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/AndroidSensePermissionUpdateListener.java
index dd073d265..4cb0ccc9e 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/AndroidSensePermissionUpdateListener.java
@@ -17,10 +17,11 @@ package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.AndroidSenseServiceImpl;
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants.AndroidSenseConstants;
import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
@@ -28,11 +29,9 @@ import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
-public class PermissionUpdateListener implements ServletContextListener {
+public class AndroidSensePermissionUpdateListener implements ServletContextListener {
- private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class);
-
- private static final String ROLE_NAME = "internal/devicemgt-user";
+ private static Log log = LogFactory.getLog(AndroidSensePermissionUpdateListener.class);
@Override
public void contextInitialized(ServletContextEvent servletContextEvent) {
@@ -40,16 +39,16 @@ public class PermissionUpdateListener implements ServletContextListener {
UserStoreManager userStoreManager = getUserStoreManager();
try {
if (userStoreManager != null) {
- if (!userStoreManager.isExistingRole(ROLE_NAME)) {
- userStoreManager.addRole(ROLE_NAME, null, AndroidSenseConstants.permissions);
+ if (!userStoreManager.isExistingRole(AndroidSenseConstants.ROLE_NAME)) {
+ userStoreManager.addRole(AndroidSenseConstants.ROLE_NAME, null, getPermissions());
} else {
- getAuthorizationManager().authorizeRole(ROLE_NAME,
- "/permission/admin/device-mgt/devices/enroll/android-sense", "ui.execute");
- getAuthorizationManager().authorizeRole(ROLE_NAME,
- "/permission/admin/device-mgt/devices/owning-device/view", "ui.execute");
+ getAuthorizationManager().authorizeRole(AndroidSenseConstants.ROLE_NAME,
+ AndroidSenseConstants.PERM_ENROLL_ANDROID_SENSE, CarbonConstants.UI_PERMISSION_ACTION);
+ getAuthorizationManager().authorizeRole(AndroidSenseConstants.ROLE_NAME,
+ AndroidSenseConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
}
} } catch (UserStoreException e) {
- //
+ log.error("Error while creating a role and adding a user for Android Sense.", e);
}
}
@@ -101,25 +100,14 @@ public class PermissionUpdateListener implements ServletContextListener {
return authorizationManager;
}
+ private Permission[] getPermissions() {
+
+ Permission androidSense = new Permission(AndroidSenseConstants.PERM_ENROLL_ANDROID_SENSE,
+ CarbonConstants.UI_PERMISSION_ACTION);
+ Permission view = new Permission(AndroidSenseConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
+ .UI_PERMISSION_ACTION);
-// public static void registerApiAccessRoles(String user) {
-// UserStoreManager userStoreManager = null;
-// try {
-// userStoreManager = getUserStoreManager();
-// String[] userList = new String[]{user};
-// if (userStoreManager != null) {
-// String rolesOfUser[] = userStoreManager.getRoleListOfUser(user);
-// if (!userStoreManager.isExistingRole(Constants.DEFAULT_ROLE_NAME)) {
-// userStoreManager.addRole(Constants.DEFAULT_ROLE_NAME, userList, Constants.DEFAULT_PERMISSION);
-// } else if (rolesOfUser != null && Arrays.asList(rolesOfUser).contains(Constants.DEFAULT_ROLE_NAME)) {
-// return;
-// } else {
-// userStoreManager.updateUserListOfRole(Constants.DEFAULT_ROLE_NAME, new String[0], userList);
-// }
-// }
-// } catch (UserStoreException e) {
-// log.error("Error while creating a role and adding a user for virtual_firealarm.", e);
-// }
-// }
+ return new Permission[]{androidSense, view};
+ }
}
diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml
index f23e42e69..28b3d23f3 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml
@@ -32,6 +32,6 @@
- org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.PermissionUpdateListener
+ org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.AndroidSensePermissionUpdateListener
diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk
index 4a7aa4432..17ef42814 100644
Binary files a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk and b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/public/asset/androidsense.apk differ
diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java
index 4f3a042c9..9ebed9991 100644
--- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java
+++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/constants/ArduinoConstants.java
@@ -29,4 +29,9 @@ public class ArduinoConstants {
public static final String SCOPE = "scope";
+ public static final String PERM_ENROLL_ARDUINO = "/permission/admin/device-mgt/devices/enroll/arduino";
+ public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
+
+ public static final String ROLE_NAME = "internal/devicemgt-user";
+
}
diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/listener/ArduinoPermissionUpdateListener.java b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/listener/ArduinoPermissionUpdateListener.java
new file mode 100644
index 000000000..353cdde5d
--- /dev/null
+++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/listener/ArduinoPermissionUpdateListener.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wso2.carbon.device.mgt.iot.arduino.service.impl.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.iot.arduino.service.impl.constants.ArduinoConstants;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.Permission;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+public class ArduinoPermissionUpdateListener implements ServletContextListener {
+
+ private static Log log = LogFactory.getLog(ArduinoPermissionUpdateListener.class);
+
+ @Override
+ public void contextInitialized(ServletContextEvent servletContextEvent) {
+
+ UserStoreManager userStoreManager = getUserStoreManager();
+ try {
+ if (userStoreManager != null) {
+ if (!userStoreManager.isExistingRole(ArduinoConstants.ROLE_NAME)) {
+ userStoreManager.addRole(ArduinoConstants.ROLE_NAME, null, getPermissions());
+ } else {
+ getAuthorizationManager().authorizeRole(ArduinoConstants.ROLE_NAME,
+ ArduinoConstants.PERM_ENROLL_ARDUINO, CarbonConstants.UI_PERMISSION_ACTION);
+ getAuthorizationManager().authorizeRole(ArduinoConstants.ROLE_NAME,
+ ArduinoConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
+ }
+ } } catch (UserStoreException e) {
+ log.error("Error while creating a role and adding a user for Arduino.", e);
+ }
+ }
+
+ @Override
+ public void contextDestroyed(ServletContextEvent servletContextEvent) {
+
+ }
+
+ public static UserStoreManager getUserStoreManager() {
+ RealmService realmService;
+ UserStoreManager userStoreManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
+ realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return userStoreManager;
+ }
+
+ public static AuthorizationManager getAuthorizationManager() {
+ RealmService realmService;
+ AuthorizationManager authorizationManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return authorizationManager;
+ }
+
+ private Permission[] getPermissions() {
+
+ Permission androidSense = new Permission(ArduinoConstants.PERM_ENROLL_ARDUINO,
+ CarbonConstants.UI_PERMISSION_ACTION);
+ Permission view = new Permission(ArduinoConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
+ .UI_PERMISSION_ACTION);
+
+ return new Permission[]{androidSense, view};
+ }
+
+}
diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml
index 96122464a..660a6968b 100644
--- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml
@@ -31,4 +31,8 @@
true
+
+ org.wso2.carbon.device.mgt.iot.arduino.service.impl.listener.ArduinoPermissionUpdateListener
+
+
\ No newline at end of file
diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java
index 00919d6f6..5936cfb35 100644
--- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java
+++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/constants/RaspberrypiConstants.java
@@ -35,4 +35,9 @@ public class RaspberrypiConstants {
public static final String SCOPE = "scope";
+ public static final String PERM_ENROLL_RASPBERRYPI = "/permission/admin/device-mgt/devices/enroll/raspberrypi";
+ public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
+
+ public static final String ROLE_NAME = "internal/devicemgt-user";
+
}
diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/listener/RaspberryPIPermissionUpdateListener.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/listener/RaspberryPIPermissionUpdateListener.java
new file mode 100644
index 000000000..20b8daee8
--- /dev/null
+++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/listener/RaspberryPIPermissionUpdateListener.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.constants.RaspberrypiConstants;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.Permission;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+public class RaspberryPIPermissionUpdateListener implements ServletContextListener {
+
+ private static Log log = LogFactory.getLog(RaspberryPIPermissionUpdateListener.class);
+
+ @Override
+ public void contextInitialized(ServletContextEvent servletContextEvent) {
+
+ UserStoreManager userStoreManager = getUserStoreManager();
+ try {
+ if (userStoreManager != null) {
+ if (!userStoreManager.isExistingRole(RaspberrypiConstants.ROLE_NAME)) {
+ userStoreManager.addRole(RaspberrypiConstants.ROLE_NAME, null, getPermissions());
+ } else {
+ getAuthorizationManager().authorizeRole(RaspberrypiConstants.ROLE_NAME,
+ RaspberrypiConstants.PERM_ENROLL_RASPBERRYPI, CarbonConstants.UI_PERMISSION_ACTION);
+ getAuthorizationManager().authorizeRole(RaspberrypiConstants.ROLE_NAME,
+ RaspberrypiConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
+ }
+ } } catch (UserStoreException e) {
+ log.error("Error while creating a role and adding a user for Raspberry PI.", e);
+ }
+ }
+
+ @Override
+ public void contextDestroyed(ServletContextEvent servletContextEvent) {
+
+ }
+
+ public static UserStoreManager getUserStoreManager() {
+ RealmService realmService;
+ UserStoreManager userStoreManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
+ realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return userStoreManager;
+ }
+
+ public static AuthorizationManager getAuthorizationManager() {
+ RealmService realmService;
+ AuthorizationManager authorizationManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return authorizationManager;
+ }
+
+ private Permission[] getPermissions() {
+
+ Permission androidSense = new Permission(RaspberrypiConstants.PERM_ENROLL_RASPBERRYPI,
+ CarbonConstants.UI_PERMISSION_ACTION);
+ Permission view = new Permission(RaspberrypiConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
+ .UI_PERMISSION_ACTION);
+
+ return new Permission[]{androidSense, view};
+ }
+
+}
diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml
index e6b97eaed..301e2a3a8 100644
--- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml
@@ -31,4 +31,8 @@
true
+
+ org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.listener.RaspberryPIPermissionUpdateListener
+
+
\ No newline at end of file
diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java
index 204ede004..31a140efe 100644
--- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java
+++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/constants/VirtualFireAlarmConstants.java
@@ -81,4 +81,9 @@ public class VirtualFireAlarmConstants {
public static final String MQTT_ADAPTER_TOPIC_PROPERTY_NAME = "mqtt.adapter.topic";
public static final String APIM_APPLICATION_TOKEN_VALIDITY_PERIOD = "3600";
+
+ public static final String PERM_ENROLL_FIRE_ALARM = "/permission/admin/device-mgt/devices/enroll/firealarm";
+ public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
+
+ public static final String ROLE_NAME = "internal/devicemgt-user";
}
diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/listener/VirtualFireAlarmPermissionUpdateListener.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/listener/VirtualFireAlarmPermissionUpdateListener.java
new file mode 100644
index 000000000..829868010
--- /dev/null
+++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/listener/VirtualFireAlarmPermissionUpdateListener.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.constants.VirtualFireAlarmConstants;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.Permission;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+public class VirtualFireAlarmPermissionUpdateListener implements ServletContextListener {
+
+ private static Log log = LogFactory.getLog(VirtualFireAlarmPermissionUpdateListener.class);
+
+ @Override
+ public void contextInitialized(ServletContextEvent servletContextEvent) {
+
+ UserStoreManager userStoreManager = getUserStoreManager();
+ try {
+ if (userStoreManager != null) {
+ if (!userStoreManager.isExistingRole(VirtualFireAlarmConstants.ROLE_NAME)) {
+ userStoreManager.addRole(VirtualFireAlarmConstants.ROLE_NAME, null, getPermissions());
+ } else {
+ getAuthorizationManager().authorizeRole(VirtualFireAlarmConstants.ROLE_NAME,
+ VirtualFireAlarmConstants.PERM_ENROLL_FIRE_ALARM, CarbonConstants.UI_PERMISSION_ACTION);
+ getAuthorizationManager().authorizeRole(VirtualFireAlarmConstants.ROLE_NAME,
+ VirtualFireAlarmConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
+ }
+ } } catch (UserStoreException e) {
+ log.error("Error while creating a role and adding a user for Raspberry PI.", e);
+ }
+ }
+
+ @Override
+ public void contextDestroyed(ServletContextEvent servletContextEvent) {
+
+ }
+
+ public static UserStoreManager getUserStoreManager() {
+ RealmService realmService;
+ UserStoreManager userStoreManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
+ realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return userStoreManager;
+ }
+
+ public static AuthorizationManager getAuthorizationManager() {
+ RealmService realmService;
+ AuthorizationManager authorizationManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return authorizationManager;
+ }
+
+ private Permission[] getPermissions() {
+
+ Permission androidSense = new Permission(VirtualFireAlarmConstants.PERM_ENROLL_FIRE_ALARM,
+ CarbonConstants.UI_PERMISSION_ACTION);
+ Permission view = new Permission(VirtualFireAlarmConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
+ .UI_PERMISSION_ACTION);
+
+ return new Permission[]{androidSense, view};
+ }
+
+}
diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml
index 4337c5720..6f59c5a7c 100644
--- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml
@@ -27,6 +27,8 @@
true
-
+
+ org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.listener.VirtualFireAlarmPermissionUpdateListener
+
\ No newline at end of file