Implemented permission-scope mapping for IoTs

8 years ago · 36ee55f493
parent dd353e1bfb
commit 36ee55f493
6 changed files with 66 additions and 29 deletions
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
@ -134,6 +134,7 @@ public class AnnotationProcessor {
                                try {
                                    clazz = classLoader.loadClass(className);
                                    Annotation swaggerDefinition = clazz.getAnnotation(apiClazz);
+                                    Annotation Scopes = clazz.getAnnotation(scopesClass);
                                    List<APIResource> resourceList;
                                    if (swaggerDefinition != null) {
                                        if (log.isDebugEnabled()) {
@ -141,7 +142,9 @@ public class AnnotationProcessor {
                                        }
                                        try {
                                            apiResourceConfig = processAPIAnnotation(swaggerDefinition);
-                                            apiScopes = processAPIScopes(swaggerDefinition);
+                                            if (Scopes != null) {
+                                                apiScopes = processAPIScopes(Scopes);
+                                            }
                                            if(apiResourceConfig != null){
                                                String rootContext = servletContext.getContextPath();
                                                pathClazzMethods = pathClazz.getMethods();
@ -214,7 +217,7 @@ public class AnnotationProcessor {
                aggregatedPermissions.append(permission);
                aggregatedPermissions.append(" ");
            }
-            scope.setRoles(aggregatedPermissions.toString());
+            scope.setRoles(aggregatedPermissions.toString().trim());
            scopes.put(scope.getKey(), scope);
        }
        return scopes;
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
@ -19,9 +19,12 @@
 package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;

 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;

 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@ -49,6 +52,16 @@ import javax.ws.rs.core.Response;
@Api(value = "Application Management Administrative Service", description = "This an  API intended to be used by " +
        "'internal' components to log in as an admin user and do a selected number of operations. " +
        "Further, this is strictly restricted to admin users only ")
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "Manage application",
+                        description = "",
+                        key = "cdmf:manage-application",
+                        permissions = {"/device-mgt/applications/manage"}
+                )
+        }
+)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
 public interface ApplicationManagementAdminService {
@ -63,12 +76,10 @@ public interface ApplicationManagementAdminService {
            notes = "This is an internal API that can be used to install an application on a device.",
            response = Activity.class,
            tags = "Application Management Administrative Service",
-            authorizations = {
-                    @Authorization(
-                            value="permission",
-                            scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description
-                                    = "Install/Uninstall applications") }
-                    )
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
+                    })
            }
    )
    @ApiResponses(value = {
@ -109,12 +120,10 @@ public interface ApplicationManagementAdminService {
            notes = "This is an internal API that can be used to uninstall an application.",
            response = Activity.class,
            tags = "Application Management Administrative Service",
-            authorizations = {
-                    @Authorization(
-                            value="permission",
-                            scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description
-                                    = "Install/Uninstall applications") }
-                    )
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
+                    })
            }
    )
    @ApiResponses(value = {
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
@ -31,8 +31,11 @@ import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.ResponseHeader;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;

 import javax.validation.constraints.Size;
 import javax.ws.rs.*;
@ -60,6 +63,16 @@ import javax.ws.rs.core.Response;
        "Further, this is strictly restricted to admin users only ")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "Manage device",
+                        description = "",
+                        key = "cdmf:manage-own-device",
+                        permissions = {"/device-mgt/devices/owning-device/view"}
+                )
+        }
+)
 public interface DeviceManagementAdminService {

    @GET
@ -71,12 +84,10 @@ public interface DeviceManagementAdminService {
            response = Device.class,
            responseContainer = "List",
            tags = "Device Management Administrative Service",
-            authorizations = {
-                    @Authorization(
-                            value="permission",
-                            scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", description
-                                    = "View Devices") }
-                    )
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-own-device")
+                    })
            }
    )
    @ApiResponses(value = {
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
@ -33,8 +33,11 @@ import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.ResponseHeader;
 import org.apache.axis2.transport.http.HTTPConstants;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;

 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
@ -61,6 +64,16 @@ import javax.ws.rs.core.Response;
@Api(value = "Group Management Administrative Service", description = "This an  API intended to be used by " +
        "'internal' components to log in as an admin user and do a selected number of operations. " +
        "Further, this is strictly restricted to admin users only ")
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "View groups",
+                        description = "",
+                        key = "cdmf:view-groups",
+                        permissions = {"/device-mgt/admin/groups/view"}
+                )
+        }
+)
 public interface GroupManagementAdminService {

    @GET
@ -70,12 +83,10 @@ public interface GroupManagementAdminService {
            value = "Get the list of groups.",
            notes = "Returns all groups enrolled with the system.",
            tags = "Device Group Management",
-            authorizations = {
-                    @Authorization(
-                            value="permission",
-                            scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description
-                                    = "View Groups") }
-                    )
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:view-groups")
+                    })
            }
    )
    @ApiResponses(value = {
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
@ -150,7 +150,10 @@ public class AnnotationProcessor {
                                try {
                                    clazz = classLoader.loadClass(className);
                                    Annotation apiAnno = clazz.getAnnotation(apiClazz);
-                                    apiScopes = processAPIScopes(apiAnno);
+                                    Annotation scopesAnno = clazz.getAnnotation(scopesClass);
+                                    if (scopesAnno != null) {
+                                        apiScopes = processAPIScopes(scopesAnno);
+                                    }
                                    List<Permission> resourceList;
                                    if (apiAnno != null) {
                                        if (log.isDebugEnabled()) {
--- a/pom.xml
+++ b/pom.xml
@ -1812,7 +1812,7 @@

        <!-- Carbon Identity -->
        <carbon.identity.framework.version>5.2.2</carbon.identity.framework.version>
-        <identity.inbound.auth.oauth.version>5.2.7</identity.inbound.auth.oauth.version>
+        <identity.inbound.auth.oauth.version>5.1.1</identity.inbound.auth.oauth.version>
        <identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version>

        <!-- Carbon Multi-tenancy -->
@ -1837,7 +1837,7 @@
 	    <commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range>

        <!-- Carbon API Management -->
-        <carbon.api.mgt.version>6.1.2-SNAPSHOT</carbon.api.mgt.version>
+        <carbon.api.mgt.version>6.0.6-SNAPSHOT</carbon.api.mgt.version>
        <carbon.api.mgt.version.range>(5.0.0,7.0.0]</carbon.api.mgt.version.range>

        <!-- Carbon Analytics Commons -->