@ -20,6 +20,7 @@ package org.wso2.carbon.device.application.mgt.core.impl;
import org.apache.commons.logging.Log ;
import org.apache.commons.logging.LogFactory ;
import org.wso2.carbon.CarbonConstants ;
import org.wso2.carbon.context.PrivilegedCarbonContext ;
import org.wso2.carbon.device.application.mgt.common.Application ;
import org.wso2.carbon.device.application.mgt.common.ApplicationList ;
@ -38,16 +39,21 @@ import org.wso2.carbon.device.application.mgt.core.dao.common.DAOFactory;
import org.wso2.carbon.device.application.mgt.core.exception.ApplicationManagementDAOException ;
import org.wso2.carbon.device.application.mgt.core.exception.NotFoundException ;
import org.wso2.carbon.device.application.mgt.core.exception.ValidationException ;
import org.wso2.carbon.device.application.mgt.core.internal.DataHolder ;
import org.wso2.carbon.device.application.mgt.core.util.ConnectionManagerUtil ;
import org.wso2.carbon.device.application.mgt.core.util.HelperUtil ;
import org.wso2.carbon.user.api.UserRealm ;
import org.wso2.carbon.user.api.UserStoreException ;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils ;
import java.util.ArrayList ;
import java.util.Date ;
import java.util.List ;
public class ApplicationManagerImpl implements ApplicationManager {
private static final Log log = LogFactory . getLog ( ApplicationManagerImpl . class ) ;
p ublic static final String CREATED = "CREATED" ;
p rivate static final String CREATED = "CREATED" ;
@Override
public Application createApplication ( Application application ) throws ApplicationManagementException {
@ -154,21 +160,45 @@ public class ApplicationManagerImpl implements ApplicationManager {
public ApplicationList getApplications ( Filter filter ) throws ApplicationManagementException {
try {
ConnectionManagerUtil . open Connection( ) ;
ConnectionManagerUtil . open DB Connection( ) ;
ApplicationDAO applicationDAO = DAOFactory . getApplicationDAO ( ) ;
return applicationDAO . getApplications ( filter ) ;
} finally {
ConnectionManagerUtil . close Connection( ) ;
ConnectionManagerUtil . close DB Connection( ) ;
}
}
@Override
public void changeLifecycle ( String applicationUUID , String lifecycleIdentifier ) throws ApplicationManagementException {
public void changeLifecycle ( String applicationUUID , String lifecycleIdentifier ) throws
ApplicationManagementException {
boolean isAvailableNextState = false ;
String userName = PrivilegedCarbonContext . getThreadLocalCarbonContext ( ) . getUsername ( ) ;
List < LifecycleStateTransition > nextLifeCycles = getLifeCycleStates ( applicationUUID ) ;
for ( LifecycleStateTransition lifecycleStateTransition : nextLifeCycles ) {
if ( log . isDebugEnabled ( ) ) {
log . debug ( "Lifecycle state of the application " + applicationUUID + " can be changed to"
+ lifecycleStateTransition . getNextState ( ) ) ;
}
if ( lifecycleStateTransition . getNextState ( ) . equalsIgnoreCase ( lifecycleIdentifier ) ) {
isAvailableNextState = true ;
break ;
}
}
if ( ! isAvailableNextState ) {
throw new ApplicationManagementException ( "User " + userName + " does not have the permission to change "
+ "the lifecycle state of the application " + applicationUUID + " to lifecycle state "
+ lifecycleIdentifier ) ;
}
try {
ConnectionManagerUtil . openDBConnection ( ) ;
ConnectionManagerUtil . beginDBTransa ction( ) ;
ApplicationDAO applicationDAO = DAOFactory . getApplicationDAO ( ) ;
applicationDAO . changeLifecycle ( applicationUUID , lifecycleIdentifier ) ;
applicationDAO . changeLifecycle ( applicationUUID , lifecycleIdentifier , userName ) ;
ConnectionManagerUtil . commitDBTransaction ( ) ;
} catch ( ApplicationManagementDAOException e ) {
ConnectionManagerUtil . rollbackDBTransaction ( ) ;
throw e ;
} finally {
ConnectionManagerUtil . closeDBConnection ( ) ;
}
@ -177,15 +207,109 @@ public class ApplicationManagerImpl implements ApplicationManager {
@Override
public List < LifecycleStateTransition > getLifeCycleStates ( String applicationUUID )
throws ApplicationManagementException {
try {
int tenantId = PrivilegedCarbonContext . getThreadLocalCarbonContext ( ) . getTenantId ( true ) ;
String userName = PrivilegedCarbonContext . getThreadLocalCarbonContext ( ) . getUsername ( ) ;
boolean isAdminOrApplicationOwner = isApplicationOwnerOrAdmin ( applicationUUID , userName , tenantId ) ;
if ( log . isDebugEnabled ( ) ) {
log . debug ( "User " + userName + " in tenant " + tenantId + " is an Admin or Application owner of the "
+ "application " + applicationUUID ) ;
}
try {
ConnectionManagerUtil . openDBConnection ( ) ;
return DAOFactory . getApplicationDAO ( ) . getNextLifeCycleStates ( applicationUUID , tenantId ) ;
List < LifecycleStateTransition > transitions = DAOFactory . getApplicationDAO ( )
. getNextLifeCycleStates ( applicationUUID , tenantId ) ;
List < LifecycleStateTransition > filteredTransitions = new ArrayList < > ( ) ;
if ( log . isDebugEnabled ( ) ) {
log . debug ( "Lifecycle of the application with UUID : " + applicationUUID + " can be changed to "
+ transitions . size ( ) + ". The number may vary according to the permission level of user : "
+ userName + " of tenant " + tenantId ) ;
}
for ( LifecycleStateTransition transition : transitions ) {
String permission = transition . getPermission ( ) ;
if ( permission ! = null ) {
if ( log . isDebugEnabled ( ) ) {
log . debug ( "In order to make the state change to " + transition . getNextState ( ) + " permission "
+ permission + " is required" ) ;
}
if ( isAuthorized ( userName , tenantId , permission ) ) {
filteredTransitions . add ( transition ) ;
} else {
if ( log . isDebugEnabled ( ) ) {
log . debug ( "User " + userName + " does not have the permission " + permission + " to "
+ "change the life-cycle state to " + transition . getNextState ( ) + " of the "
+ "application " + applicationUUID ) ;
}
}
} else if ( isAdminOrApplicationOwner ) {
filteredTransitions . add ( transition ) ;
}
}
if ( log . isDebugEnabled ( ) ) {
log . debug ( "User " + userName + " can do " + filteredTransitions . size ( ) + " life-cyle state changes "
+ "currently on application with the UUID " + applicationUUID ) ;
}
return filteredTransitions ;
} catch ( UserStoreException e ) {
throw new ApplicationManagementException (
"Userstore exception while checking whether user " + userName + " from tenant " + tenantId
+ " is authorized to do a life-cycle status change in an application " , e ) ;
} finally {
ConnectionManagerUtil . closeDBConnection ( ) ;
}
}
@Override
public Application getApplication ( String uuid ) throws ApplicationManagementException {
try {
ConnectionManagerUtil . openDBConnection ( ) ;
return DAOFactory . getApplicationDAO ( ) . getApplication ( uuid ) ;
} finally {
ConnectionManagerUtil . closeDBConnection ( ) ;
}
}
/ * *
* To check whether current user is application owner or admin .
*
* @param applicationUUID UUID of the Application .
* @return true if the current user is application owner or admin , unless false .
* @throws ApplicationManagementException Application Management Exception .
* /
private boolean isApplicationOwnerOrAdmin ( String applicationUUID , String userName , int tenantId )
throws ApplicationManagementException {
try {
if ( isAuthorized ( userName , tenantId , CarbonConstants . UI_ADMIN_PERMISSION_COLLECTION ) ) {
return true ;
}
} catch ( UserStoreException e ) {
throw new ApplicationManagementException ( "Userstore exception while checking whether user is an admin" , e ) ;
} try {
ConnectionManagerUtil . openDBConnection ( ) ;
Application application = DAOFactory . getApplicationDAO ( ) . getApplication ( applicationUUID ) ;
return application . getUser ( ) . getUserName ( ) . equals ( userName )
& & application . getUser ( ) . getTenantId ( ) = = tenantId ;
} finally {
ConnectionManagerUtil . closeDBConnection ( ) ;
}
}
/ * *
* To check whether current user has the permission to do some secured operation .
*
* @param username Name of the User .
* @param tenantId ID of the tenant .
* @param permission Permission that need to be checked .
* @return true if the current user has the permission , otherwise false .
* @throws UserStoreException UserStoreException
* /
private boolean isAuthorized ( String username , int tenantId , String permission ) throws UserStoreException {
UserRealm userRealm = DataHolder . getInstance ( ) . getRealmService ( ) . getTenantUserRealm ( tenantId ) ;
return userRealm ! = null & & userRealm . getAuthorizationManager ( ) ! = null & & userRealm . getAuthorizationManager ( )
. isUserAuthorized ( MultitenantUtils . getTenantAwareUsername ( username ) ,
permission , CarbonConstants . UI_PERMISSION_ACTION ) ;
}
/ * *
* To validate the application
*
@ -210,7 +334,5 @@ public class ApplicationManagerImpl implements ApplicationManager {
if ( application . getPlatform ( ) = = null | | application . getPlatform ( ) . getIdentifier ( ) = = null ) {
throw new ValidationException ( "Platform identifier cannot be empty" ) ;
}
}
}