diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java index f4a4c52c366..a2b90633ea3 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java @@ -344,84 +344,8 @@ public interface CertificateManagementAdminService { defaultValue = "12438035315552875930") @PathParam("serialNumber") String serialNumber); -// /** -// * Verify IOS Certificate for the API security filter -// * -// * @param certificate to be verified as a String -// * @return Status of the certificate verification. -// */ -// @POST -// @Path("/verify/ios") -// @ApiOperation( -// consumes = MediaType.APPLICATION_JSON, -// produces = MediaType.APPLICATION_JSON, -// httpMethod = "POST", -// value = "Verify IOS SSL certificate", -// notes = "Verify IOS Certificate for the API security filter.\n", -// tags = "Certificate Management") -// @ApiResponses( -// value = { -// @ApiResponse( -// code = 200, -// message = "Return the status of the IOS certificate verification.", -// responseHeaders = { -// @ResponseHeader( -// name = "Content-Type", -// description = "The content type of the body")}), -// @ApiResponse( -// code = 400, -// message = "Bad Request. \n Invalid request or validation error.", -// response = ErrorResponse.class) -// }) -// Response verifyIOSCertificate( -// @ApiParam( -// name = "certificate", -// value = "The properties to verify certificate. It includes the following: \n" + -// "serial: The unique ID of the certificate. (optional) \n" + -// "pem: mdm-signature of the certificate", -// required = true) EnrollmentCertificate certificate); -// -// /** -// * Verify Android Certificate for the API security filter -// * -// * @param certificate to be verified as a String -// * @return Status of the certificate verification. -// */ -// @POST -// @Path("/verify/android") -// @ApiOperation( -// consumes = MediaType.APPLICATION_JSON, -// produces = MediaType.APPLICATION_JSON, -// httpMethod = "POST", -// value = "Verify Android SSL certificate", -// notes = "Verify Android Certificate for the API security filter.\n", -// tags = "Certificate Management") -// @ApiResponses( -// value = { -// @ApiResponse( -// code = 200, -// message = "Return the status of the Android certificate verification.", -// responseHeaders = { -// @ResponseHeader( -// name = "Content-Type", -// description = "The content type of the body")}), -// @ApiResponse( -// code = 400, -// message = "Bad Request. \n Invalid request or validation error.", -// response = ErrorResponse.class) -// }) -// Response verifyAndroidCertificate( -// @ApiParam( -// name = "certificate", -// value = "The properties to verify certificate. It includes the following: \n" + -// "serial: The unique ID of the certificate. (optional) \n" + -// "pem: pem String of the certificate", -// required = true) EnrollmentCertificate certificate); -// - - /** - * Verify Android Certificate for the API security filter + * Verify Certificate for the API security filter * * @param certificate to be verified as a String * @return Status of the certificate verification. @@ -432,19 +356,20 @@ public interface CertificateManagementAdminService { consumes = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON, httpMethod = "POST", - value = "Verify Android SSL certificate", - notes = "Verify Android Certificate for the API security filter.\n", + value = "Verify SSL certificate", + notes = "Verify Certificate for the API security filter.\n", tags = "Certificate Management", extensions = { - @Extension(properties = { - @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add") - }) + @Extension(properties = { + @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:verify") }) + } + ) @ApiResponses( value = { @ApiResponse( code = 200, - message = "Return the status of the Android certificate verification.", + message = "Return the status of the certificate verification.", responseHeaders = { @ResponseHeader( name = "Content-Type", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java index ca9be507a6e..2938b7bb961 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java @@ -79,6 +79,12 @@ import javax.ws.rs.core.Response; key = "perm:devices:details", permissions = {"/device-mgt/devices/owning-device/view"} ), + @Scope( + name = "Update the device specified by device id", + description = "Update the device specified by device id", + key = "perm:devices:update", + permissions = {"/device-mgt/devices/owning-device/view"} + ), @Scope( name = "Delete the device specified by device id", description = "Delete the device specified by device id", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java index 7edf7a75560..8656456f1fe 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java @@ -18,27 +18,36 @@ */ package org.wso2.carbon.device.mgt.jaxrs.service.api; -import io.swagger.annotations.SwaggerDefinition; -import io.swagger.annotations.Info; -import io.swagger.annotations.ExtensionProperty; -import io.swagger.annotations.Extension; -import io.swagger.annotations.Tag; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; +import io.swagger.annotations.Extension; +import io.swagger.annotations.ExtensionProperty; +import io.swagger.annotations.Info; import io.swagger.annotations.ResponseHeader; +import io.swagger.annotations.SwaggerDefinition; +import io.swagger.annotations.Tag; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.apimgt.annotations.api.Scopes; +import org.wso2.carbon.device.mgt.common.policy.mgt.Policy; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.util.Constants; -import org.wso2.carbon.device.mgt.common.policy.mgt.Policy; import javax.validation.Valid; -import javax.ws.rs.*; +import javax.validation.constraints.Size; +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.HeaderParam; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.util.List; @@ -118,6 +127,12 @@ import java.util.List; description = "Updating the Policy Priorities", key = "perm:policies:priorities", permissions = {"/device-mgt/policies/manage"} + ), + @Scope( + name = "Fetching the Effective Policy", + description = "Fetching the Effective Policy", + key = "perm:policies:effective-policy", + permissions = {"/device-mgt/policies/view"} ) } ) @@ -605,6 +620,69 @@ public interface PolicyManagementService { @GET @Path("/effective-policy/{deviceType}/{deviceId}") - Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType); - + @ApiOperation( + consumes = MediaType.APPLICATION_JSON, + produces = MediaType.APPLICATION_JSON, + httpMethod = "GET", + value = "Getting the Effective Policy", + notes = "Retrieve the effective policy of a device using this API.", + tags = "Device Policy Management", + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:effective-policy") + }) + } + ) + @ApiResponses( + value = { + @ApiResponse( + code = 200, + message = "OK. \n Successfully fetched the policy.", + response = Policy.class, + responseHeaders = { + @ResponseHeader( + name = "Content-Type", + description = "The content type of the body"), + @ResponseHeader( + name = "ETag", + description = "Entity Tag of the response resource.\n" + + "Used by caches, or in conditional requests."), + @ResponseHeader( + name = "Last-Modified", + description = "Date and time the resource was last modified.\n" + + "Used by caches, or in conditional requests."), + } + ), + @ApiResponse( + code = 304, + message = "Not Modified. \n Empty body because the client already has the latest version of the requested resource.\n"), + @ApiResponse( + code = 404, + message = "Not Found. \n A specified policy was not found.", + response = ErrorResponse.class), + @ApiResponse( + code = 406, + message = "Not Acceptable.\n The requested media type is not supported."), + @ApiResponse( + code = 500, + message = "Internal Server Error. \n Server error occurred while fetching the " + + "policy.", + response = ErrorResponse.class) + }) + Response getEffectivePolicy( + @ApiParam( + name = "deviceType", + value = "The device type, such as ios, android or windows.", + required = true, + allowableValues = "android, ios, windows") + @PathParam("deviceType") + @Size(max = 45) + String deviceType, + @ApiParam( + name = "deviceId", + value = "The device identifier of the device you want ot get details.", + required = true) + @PathParam("deviceId") + @Size(max = 45) + String deviceId); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java index 1b9acd0c65b..ff3de73d80a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java @@ -771,11 +771,10 @@ public interface UserManagementService { value = "Sending Enrollment Invitations to email address", notes = "Send the a mail inviting recipients to enroll devices.", tags = "User Management", - authorizations = { - @Authorization( - value = "permission", - scopes = {@AuthorizationScope(scope = "/device-mgt/users/invite", description = "Invite Users")} - ) + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:send-invitation") + }) } ) @ApiResponses(value = { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java index 76718d63810..7c1fe8e407c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java @@ -376,7 +376,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService { @GET @Path("/effective-policy/{deviceType}/{deviceId}") @Override - public Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType) { + public Response getEffectivePolicy(@PathParam("deviceType") String deviceType, @PathParam("deviceId") String deviceId) { PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService(); final Policy policy; try { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json index 380f4f5bd11..573d973b3a7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json @@ -140,6 +140,7 @@ "perm:admin:certificates:details", "perm:admin:certificates:view", "perm:admin:certificates:add", + "perm:admin:certificates:verify", "perm:admin" ], "isOAuthEnabled" : true, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js index 1365fed2673..6ac07ce87c0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js @@ -28,6 +28,7 @@ var handlers = function () { var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"]; var constants = require("/app/modules/constants.js"); var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; + var utility = require("/app/modules/utility.js")["utility"]; var publicMethods = {}; var privateMethods = {}; @@ -49,6 +50,7 @@ var handlers = function () { var tokenData; // tokenPair will include current access token as well as current refresh token var arrayOfScopes = devicemgtProps["scopes"]; + arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList()); var stringOfScopes = ""; arrayOfScopes.forEach(function (entry) { stringOfScopes += entry + " "; @@ -78,19 +80,20 @@ var handlers = function () { publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) { if (!username || !samlToken) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + - "saml grant type. Either username of logged in user, samlToken or both are missing " + - "as input - setupTokenPairByPasswordGrantType(x, y)"); + "saml grant type. Either username of logged in user, samlToken or both are missing " + + "as input - setupTokenPairBySamlGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); if (!encodedClientAppCredentials) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " + - "by saml grant type. Encoded client credentials are " + - "missing - setupTokenPairByPasswordGrantType(x, y)"); + "by saml grant type. Encoded client credentials are " + + "missing - setupTokenPairBySamlGrantType(x, y)"); } else { var tokenData; var arrayOfScopes = devicemgtProps["scopes"]; + arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList()); var stringOfScopes = ""; arrayOfScopes.forEach(function (entry) { stringOfScopes += entry + " "; @@ -98,11 +101,11 @@ var handlers = function () { // accessTokenPair will include current access token as well as current refresh token tokenData = tokenUtil. - getTokenPairAndScopesBySAMLGrantType(samlToken, encodedClientAppCredentials, stringOfScopes); + getTokenPairAndScopesBySAMLGrantType(samlToken, encodedClientAppCredentials, stringOfScopes); if (!tokenData) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " + - "pair by password grant type. Error in token " + - "retrieval - setupTokenPairByPasswordGrantType(x, y)"); + "pair by password grant type. Error in token " + + "retrieval - setupTokenPairBySamlGrantType(x, y)"); } else { var tokenPair = {}; tokenPair["accessToken"] = tokenData["accessToken"]; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js index 3b96ff00561..49b1a0d5b11 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js @@ -125,5 +125,33 @@ utility = function () { return null; }; + publicMethods.getDeviceTypesScopesList = function () { + var dirs = new File("/app/units/").listFiles(); + var scopesList = []; + for (var i = 0; i < dirs.length; i++) { + var unitName = dirs[i].getName(); + if (unitName.match(/^cdmf\.unit\.device\.type\..*\.type-view$/g)) { + var deviceTypeConfigFile = new File("/app/units/" + unitName + "/private/config.json"); + if (deviceTypeConfigFile.isExists()) { + try { + deviceTypeConfigFile.open("r"); + var config = deviceTypeConfigFile.readAll(); + config = config.replace("%https.ip%", server.address("https")); + config = config.replace("%http.ip%", server.address("http")); + var deviceTypeConfig = parse(config); + if (deviceTypeConfig.deviceType && deviceTypeConfig.deviceType.scopes) { + scopesList = scopesList.concat(deviceTypeConfig.deviceType.scopes); + } + } catch (err) { + log.error("Error while reading device config file for `" + deviceType + "`: " + err); + } finally { + deviceTypeConfigFile.close(); + } + } + } + } + return scopesList; + }; + return publicMethods; }();