Merge branch 'master' of https://github.com/wso2/carbon-device-mgt into das-ext

revert-70aa11f8
ayyoob 9 years ago
commit 442f8c38fe

@ -22,14 +22,15 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
import org.wso2.carbon.device.mgt.common.PaginationResult; import org.wso2.carbon.device.mgt.common.PaginationResult;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyEixistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyEixistException;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser; import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
import org.wso2.carbon.device.mgt.jaxrs.api.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.api.util.DeviceMgtAPIUtils;
import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
@ -42,26 +43,13 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.util.Arrays;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
public class Group { public class Group {
private static final String DEFAULT_ADMIN_ROLE = "admin";
private static final String DEFAULT_OPERATOR_ROLE = "invoke-device-operations";
private static final String DEFAULT_STATS_MONITOR_ROLE = "view-statistics";
private static final String DEFAULT_VIEW_POLICIES = "view-policies";
private static final String DEFAULT_MANAGE_POLICIES = "mange-policies";
private static final String DEFAULT_VIEW_EVENTS = "view-events";
private static final String[] DEFAULT_ADMIN_PERMISSIONS = {"/permission/device-mgt/admin/groups",
"/permission/device-mgt/user/groups"};
private static final String[] DEFAULT_OPERATOR_PERMISSIONS = {"/permission/device-mgt/user/groups/device_operation"};
private static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS = {"/permission/device-mgt/user/groups/device_monitor"};
private static final String[] DEFAULT_MANAGE_POLICIES_PERMISSIONS = {"/permission/device-mgt/user/groups/device_policies/add"};
private static final String[] DEFAULT_VIEW_POLICIES_PERMISSIONS = {"/permission/device-mgt/user/groups/device_policies/view"};
private static final String[] DEFAULT_VIEW_EVENTS_PERMISSIONS = {"/permission/device-mgt/user/groups/device_events"};
private static Log log = LogFactory.getLog(Group.class); private static Log log = LogFactory.getLog(Group.class);
@POST @POST
@ -76,18 +64,18 @@ public class Group {
group.setDateOfLastUpdate(new Date().getTime()); group.setDateOfLastUpdate(new Date().getTime());
try { try {
GroupManagementProviderService groupManagementService = DeviceMgtAPIUtils.getGroupManagementProviderService(); GroupManagementProviderService groupManagementService = DeviceMgtAPIUtils.getGroupManagementProviderService();
groupManagementService.createGroup(group, DEFAULT_ADMIN_ROLE, DEFAULT_ADMIN_PERMISSIONS); groupManagementService.createGroup(group, DeviceGroupConstants.Roles.DEFAULT_ADMIN_ROLE, DeviceGroupConstants.Permissions.DEFAULT_ADMIN_PERMISSIONS);
groupManagementService.addGroupSharingRole(owner, group.getName(), owner, groupManagementService.addGroupSharingRole(owner, group.getName(), owner,
DEFAULT_OPERATOR_ROLE, DeviceGroupConstants.Roles.DEFAULT_OPERATOR_ROLE,
DEFAULT_OPERATOR_PERMISSIONS); DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_STATS_MONITOR_ROLE, groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_STATS_MONITOR_ROLE,
DEFAULT_STATS_MONITOR_PERMISSIONS); DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS);
groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_VIEW_POLICIES, groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_VIEW_POLICIES,
DEFAULT_VIEW_POLICIES_PERMISSIONS); DeviceGroupConstants.Permissions.DEFAULT_VIEW_POLICIES_PERMISSIONS);
groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_MANAGE_POLICIES, groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_MANAGE_POLICIES,
DEFAULT_MANAGE_POLICIES_PERMISSIONS); DeviceGroupConstants.Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS);
groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_VIEW_EVENTS, groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_VIEW_EVENTS,
DEFAULT_VIEW_EVENTS_PERMISSIONS); DeviceGroupConstants.Permissions.DEFAULT_VIEW_EVENTS_PERMISSIONS);
return Response.status(Response.Status.CREATED).build(); return Response.status(Response.Status.CREATED).build();
} catch (GroupAlreadyEixistException e) { } catch (GroupAlreadyEixistException e) {
return Response.status(Response.Status.CONFLICT).entity(e.getMessage()).build(); return Response.status(Response.Status.CONFLICT).entity(e.getMessage()).build();
@ -275,8 +263,10 @@ public class Group {
if (isShared) { if (isShared) {
return Response.status(Response.Status.OK).build(); return Response.status(Response.Status.OK).build();
} else { } else {
return Response.status(Response.Status.NOT_FOUND).build(); return Response.status(Response.Status.NOT_FOUND).entity("Group not found").build();
} }
} catch (UserDoesNotExistException e) {
return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build();
} catch (GroupManagementException e) { } catch (GroupManagementException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
@ -295,8 +285,10 @@ public class Group {
if (isUnShared) { if (isUnShared) {
return Response.status(Response.Status.OK).build(); return Response.status(Response.Status.OK).build();
} else { } else {
return Response.status(Response.Status.NOT_FOUND).build(); return Response.status(Response.Status.NOT_FOUND).entity("Group not found").build();
} }
} catch (UserDoesNotExistException e) {
return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build();
} catch (GroupManagementException e) { } catch (GroupManagementException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
@ -360,6 +352,34 @@ public class Group {
String[] rolesArray = new String[roles.size()]; String[] rolesArray = new String[roles.size()];
roles.toArray(rolesArray); roles.toArray(rolesArray);
return Response.status(Response.Status.OK).entity(rolesArray).build(); return Response.status(Response.Status.OK).entity(rolesArray).build();
} catch (UserDoesNotExistException e) {
return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build();
} catch (GroupManagementException e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
}
}
@PUT
@Path("/owner/{owner}/name/{groupName}/user/{userName}/share/roles")
@Produces("application/json")
public Response setRoles(@PathParam("groupName") String groupName,
@PathParam("owner") String owner, @PathParam("userName") String userName,
List<String> selectedRoles) {
try {
List<String> allRoles = DeviceMgtAPIUtils.getGroupManagementProviderService().getRoles(groupName, owner);
for (String role : allRoles) {
if (selectedRoles.contains(role)) {
DeviceMgtAPIUtils.getGroupManagementProviderService()
.shareGroup(userName, groupName, owner, role);
} else {
DeviceMgtAPIUtils.getGroupManagementProviderService()
.unshareGroup(userName, groupName, owner, role);
}
}
return Response.status(Response.Status.OK).build();
} catch (UserDoesNotExistException e) {
return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build();
} catch (GroupManagementException e) { } catch (GroupManagementException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
@ -466,6 +486,8 @@ public class Group {
String[] permissions = DeviceMgtAPIUtils.getGroupManagementProviderService() String[] permissions = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getPermissions(userName, groupName, owner); .getPermissions(userName, groupName, owner);
return Response.status(Response.Status.OK).entity(permissions).build(); return Response.status(Response.Status.OK).entity(permissions).build();
} catch (UserDoesNotExistException e) {
return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build();
} catch (GroupManagementException e) { } catch (GroupManagementException e) {
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();

@ -1035,6 +1035,13 @@
<method>GET</method> <method>GET</method>
</Permission> </Permission>
<Permission>
<name>Group Roles</name>
<path>/device-mgt/user/groups/roles</path>
<url>/groups/owner/*/name/*/user/*/share/roles</url>
<method>PUT</method>
</Permission>
<Permission> <Permission>
<name>Group Permissions</name> <name>Group Permissions</name>
<path>/device-mgt/admin/groups/roles/permissions</path> <path>/device-mgt/admin/groups/roles/permissions</path>

@ -28,7 +28,6 @@ import java.util.List;
* accessing the device information and performing MDM operations on devices. * accessing the device information and performing MDM operations on devices.
*/ */
public interface DeviceAccessAuthorizationService { public interface DeviceAccessAuthorizationService {
/** /**
* This method will check whether the currently logged-in user has the access to the device identified by the given * This method will check whether the currently logged-in user has the access to the device identified by the given
* DeviceIdentifier. * DeviceIdentifier.
@ -39,24 +38,77 @@ public interface DeviceAccessAuthorizationService {
*/ */
boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException; boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException;
/**
* This method will check whether the currently logged-in user has the access to the device identified by the given
* DeviceIdentifier.
*
* @param deviceIdentifier - DeviceIdentifier of the device to be checked.
* @param groupPermissions - Group Permissions.
* @return Boolean authorization result.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/
boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String[] groupPermissions)
throws DeviceAccessAuthorizationException;
/** /**
* This method will check whether the currently logged-in user has the access to the devices identified by the given * This method will check whether the currently logged-in user has the access to the devices identified by the given
* DeviceIdentifier list. * DeviceIdentifier list.
* *
* @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization. * @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization.
* @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized
* unauthorized devices. * devices.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/ */
DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers) throws DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers) throws
DeviceAccessAuthorizationException; DeviceAccessAuthorizationException;
/**
* This method will check whether the currently logged-in user has the access to the devices identified by the given
* DeviceIdentifier list.
*
* @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization.
* @param groupPermissions - Group Permissions
* @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized
* devices.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/
DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String[] groupPermissions)
throws DeviceAccessAuthorizationException;
/** /**
* This method will check whether the given user has the access to the device identified by the given * This method will check whether the given user has the access to the device identified by the given
* DeviceIdentifier. * DeviceIdentifier.
* *
* @param deviceIdentifier - DeviceIdentifier of the device to be checked. * @param deviceIdentifier - DeviceIdentifier of the device to be checked.
* @param username - Username of the user to be checked for authorization. * @param username - Username of the user to be checked for authorization.
* @param groupPermissions - Group Permissions
* @return Boolean authorization result.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/
boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username, String[] groupPermissions)
throws DeviceAccessAuthorizationException;
/**
* This method will check whether the given user has the access to the devices identified by the given
* DeviceIdentifier list.
*
* @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization.
* @param username - User name
* @param groupPermissions - Group Permissions
* @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized
* devices.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/
DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username,
String[] groupPermissions) throws
DeviceAccessAuthorizationException;
/**
* This method will check whether the given user has the access to the device identified by the given
* DeviceIdentifier.
*
* @param deviceIdentifier - DeviceIdentifier of the device to be checked.
* @param username - Username of the user to be checked for authorization.
* @return Boolean authorization result. * @return Boolean authorization result.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/ */
@ -68,12 +120,11 @@ public interface DeviceAccessAuthorizationService {
* DeviceIdentifier list. * DeviceIdentifier list.
* *
* @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization. * @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization.
* @param username - Username of the user to be checked for authorization. * @param username - Username of the user to be checked for authorization.
* @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized
* unauthorized devices. * devices.
* @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization.
*/ */
DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username) throws DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username) throws
DeviceAccessAuthorizationException; DeviceAccessAuthorizationException;
} }

@ -0,0 +1,82 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.common.group.mgt;
/**
* Holds Device Group constants and expose to external access
*/
public class DeviceGroupConstants {
public enum RolePermissions {
DEFAULT_ADMIN_ROLE(Roles.DEFAULT_ADMIN_ROLE),
DEFAULT_OPERATOR_ROLE(Roles.DEFAULT_OPERATOR_ROLE),
DEFAULT_STATS_MONITOR_ROLE(Roles.DEFAULT_STATS_MONITOR_ROLE),
DEFAULT_VIEW_POLICIES(Roles.DEFAULT_VIEW_POLICIES),
DEFAULT_MANAGE_POLICIES(Roles.DEFAULT_MANAGE_POLICIES),
DEFAULT_VIEW_EVENTS(Roles.DEFAULT_VIEW_EVENTS);
private String value;
private String[] permissions;
RolePermissions(String value) {
this.value = value;
}
static {
DEFAULT_ADMIN_ROLE.permissions = Permissions.DEFAULT_ADMIN_PERMISSIONS;
DEFAULT_OPERATOR_ROLE.permissions = Permissions.DEFAULT_OPERATOR_PERMISSIONS;
DEFAULT_STATS_MONITOR_ROLE.permissions = Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS;
DEFAULT_VIEW_POLICIES.permissions = Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS;
DEFAULT_MANAGE_POLICIES.permissions = Permissions.DEFAULT_VIEW_POLICIES_PERMISSIONS;
DEFAULT_VIEW_EVENTS.permissions = Permissions.DEFAULT_VIEW_EVENTS_PERMISSIONS;
}
@Override
public String toString(){
return this.value;
}
public String[] getPermissions(){
return permissions;
}
}
public static class Roles {
public static final String DEFAULT_ADMIN_ROLE = "admin";
public static final String DEFAULT_OPERATOR_ROLE = "invoke-device-operations";
public static final String DEFAULT_STATS_MONITOR_ROLE = "view-statistics";
public static final String DEFAULT_VIEW_POLICIES = "view-policies";
public static final String DEFAULT_MANAGE_POLICIES = "mange-policies";
public static final String DEFAULT_VIEW_EVENTS = "view-events";
}
public static class Permissions {
public static final String[] DEFAULT_ADMIN_PERMISSIONS =
{"/permission/device-mgt/admin/groups", "/permission/device-mgt/user/groups"};
public static final String[] DEFAULT_OPERATOR_PERMISSIONS =
{"/permission/device-mgt/user/groups/device_operation"};
public static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS =
{"/permission/device-mgt/user/groups/device_monitor"};
public static final String[] DEFAULT_MANAGE_POLICIES_PERMISSIONS =
{"/permission/device-mgt/user/groups/device_policies/add"};
public static final String[] DEFAULT_VIEW_POLICIES_PERMISSIONS =
{"/permission/device-mgt/user/groups/device_policies/view"};
public static final String[] DEFAULT_VIEW_EVENTS_PERMISSIONS =
{"/permission/device-mgt/user/groups/device_events"};
}
}

@ -1,17 +1,17 @@
/* /*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
* *
* WSO2 Inc. licenses this file to you under the Apache License, * WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except * Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. * in compliance with the License.
* you may obtain a copy of the License at * You may obtain a copy of the License at
* *
* http://www.apache.org/licenses/LICENSE-2.0 * http://www.apache.org/licenses/LICENSE-2.0
* *
* Unless required by applicable law or agreed to in writing, * Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an * software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the * KIND, either express or implied. See the License for the
* specific language governing permissions and limitations * specific language governing permissions and limitations
* under the License. * under the License.
*/ */
@ -21,17 +21,21 @@ package org.wso2.carbon.device.mgt.core.authorization;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.device.mgt.common.*; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
@ -45,18 +49,6 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
private final static String EMM_ADMIN_PERMISSION = "/device-mgt/admin-device-access"; private final static String EMM_ADMIN_PERMISSION = "/device-mgt/admin-device-access";
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
public static final class PermissionMethod {
private PermissionMethod() {
throw new AssertionError();
}
public static final String READ = "read";
public static final String WRITE = "write";
public static final String DELETE = "delete";
public static final String ACTION = "action";
public static final String UI_EXECUTE = "ui.execute";
}
public DeviceAccessAuthorizationServiceImpl() { public DeviceAccessAuthorizationServiceImpl() {
try { try {
this.addAdminPermissionToRegistry(); this.addAdminPermissionToRegistry();
@ -66,158 +58,166 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
} }
@Override @Override
public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username, String[] groupPermissions)
boolean status; throws DeviceAccessAuthorizationException {
String username = this.getUserName();
int tenantId = this.getTenantId(); int tenantId = this.getTenantId();
if (username == null || username.isEmpty()) { if (username == null || username.isEmpty()) {
return !DeviceManagementDataHolder.getInstance().requireDeviceAuthorization(deviceIdentifier.getType()); return false;
} }
try { //check for admin and ownership permissions
//Check for admin users. If the user is an admin user we authorize the access to that device. if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) {
status = isAdminUser(username, tenantId); return true;
} catch (UserStoreException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " + username, e);
} }
//Check for device ownership. If the user is the owner of the device we allow the access. //check for group permissions
if (!status) { try {
try { if (groupPermissions == null || groupPermissions.length == 0) {
Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). return false;
getDevice(deviceIdentifier); }
EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo(); for (String groupPermission : groupPermissions) {
if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { if (!isAuthorizedViaGroup(username, deviceIdentifier, groupPermission)) {
status = true; //if at least one fails, authorization fails
return false;
} }
} catch (DeviceManagementException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " + username, e);
} }
return true;
} catch (GroupManagementException | UserStoreException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " +
username, e);
} }
return status;
} }
@Override @Override
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers) throws public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username)
DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {
boolean status; return isUserAuthorized(deviceIdentifier, username, null);
DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); }
String username = this.getUserName();
@Override
public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String[] groupPermissions)
throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifier, this.getUserName(), groupPermissions);
}
@Override
public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifier, this.getUserName(), null);
}
@Override
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username,
String[] groupPermissions)
throws DeviceAccessAuthorizationException {
int tenantId = this.getTenantId(); int tenantId = this.getTenantId();
if (username == null || username.isEmpty()) { if (username == null || username.isEmpty()) {
return deviceAuthorizationResult; return null;
}
try {
//Check for admin users. If the user is an admin user we authorize the access to that device.
status = isAdminUser(username, tenantId);
} catch (UserStoreException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : " +
username, e);
} }
//Check for device ownership. If the user is the owner of the device we allow the access. DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult();
if (!status) { for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) {
try { //check for admin and ownership permissions
//Get the list of devices of the user if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) {
List<Device> devicesOfUser = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier);
getDevicesOfUser(username); } else {
//Convert device-list to a Map try {
Map<String, String> ownershipData = this.getOwnershipOfDevices(devicesOfUser); if (groupPermissions == null || groupPermissions.length == 0) {
for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { return null;
if (ownershipData.containsKey(deviceIdentifier.getId())) { }
//check for group permissions
boolean isAuthorized = true;
for (String groupPermission : groupPermissions) {
if (!isAuthorizedViaGroup(username, deviceIdentifier, groupPermission)) {
//if at least one failed, authorizations fails and break the loop
isAuthorized = false;
break;
}
}
if (isAuthorized) {
deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier); deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier);
} else { } else {
deviceAuthorizationResult.addUnauthorizedDevice(deviceIdentifier); deviceAuthorizationResult.addUnauthorizedDevice(deviceIdentifier);
} }
} catch (GroupManagementException | UserStoreException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " +
username, e);
} }
} catch (DeviceManagementException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : "
+ username, e);
} }
} else {
deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers);
} }
return deviceAuthorizationResult; return deviceAuthorizationResult;
} }
@Override @Override
public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username) public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username)
throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifiers, username, null);
}
@Override
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers)
throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifiers, this.getUserName(), null);
}
@Override
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String[] groupPermissions)
throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifiers, this.getUserName(), groupPermissions);
}
private boolean isAdminOrDeviceOwner(String username, int tenantId, DeviceIdentifier deviceIdentifier)
throws DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {
boolean status;
int tenantId = this.getTenantId();
if (username == null || username.isEmpty()) {
return false;
}
try { try {
//Check for admin users. If the user is an admin user we authorize the access to that device. //First Check for admin users. If the user is an admin user we authorize the access to that device.
status = isAdminUser(username, tenantId); //Secondly Check for device ownership. If the user is the owner of the device we allow the access.
return (isAdminUser(username, tenantId) || isDeviceOwner(deviceIdentifier, username));
} catch (UserStoreException e) { } catch (UserStoreException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " + username, e); deviceIdentifier.getId() + " for the user : " +
username, e);
} }
//Check for device ownership. If the user is the owner of the device we allow the access. }
if (!status) {
try { private boolean isAuthorizedViaGroup(String username, DeviceIdentifier deviceIdentifier, String groupPermission)
Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). throws GroupManagementException, UserStoreException {
getDevice(deviceIdentifier); List<DeviceGroup> authorizedGroups =
EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo(); DeviceManagementDataHolder.getInstance().getGroupManagementProviderService()
if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { .getGroups(username, groupPermission);
status = true; List<DeviceGroup> groupsWithDevice =
} DeviceManagementDataHolder.getInstance().getGroupManagementProviderService()
} catch (DeviceManagementException e) { .getGroups(deviceIdentifier);
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + for (DeviceGroup group : authorizedGroups) {
deviceIdentifier.getId() + " for the user : " + username, e); if (groupsWithDevice.contains(group)) {
return true;
} }
} }
return status; return false;
} }
@Override private boolean isDeviceOwner(DeviceIdentifier deviceIdentifier, String username)
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username) throws DeviceAccessAuthorizationException {
throws DeviceAccessAuthorizationException {
boolean status;
int tenantId = this.getTenantId();
DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult();
if (username == null || username.isEmpty()) {
return null;
}
try {
//Check for admin users. If the user is an admin user we authorize the access to that device.
status = isAdminUser(username, tenantId);
} catch (UserStoreException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : " +
username, e);
}
//Check for device ownership. If the user is the owner of the device we allow the access. //Check for device ownership. If the user is the owner of the device we allow the access.
if (!status) { try {
try { Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider().
Device device; getDevice(deviceIdentifier);
EnrolmentInfo enrolmentInfo; EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo();
for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) {
device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). return true;
getDevice(deviceIdentifier);
enrolmentInfo = device.getEnrolmentInfo();
if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) {
deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier);
} else {
deviceAuthorizationResult.addUnauthorizedDevice(deviceIdentifier);
}
}
} catch (DeviceManagementException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : "
+ username, e);
} }
} else { } catch (DeviceManagementException e) {
deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers); throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " +
username, e);
} }
return deviceAuthorizationResult; return false;
} }
private boolean isAdminUser(String username, int tenantId) throws UserStoreException { private boolean isAdminUser(String username, int tenantId) throws UserStoreException {
UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId); UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
if (userRealm != null && userRealm.getAuthorizationManager() != null) { if (userRealm != null && userRealm.getAuthorizationManager() != null) {
return userRealm.getAuthorizationManager() return userRealm.getAuthorizationManager()
.isUserAuthorized(removeTenantDomain(username), PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION), .isUserAuthorized(removeTenantDomain(username),
PermissionMethod.UI_EXECUTE); PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION),
PermissionMethod.UI_EXECUTE);
} }
return false; return false;
} }
@ -263,4 +263,16 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
} }
return ownershipData; return ownershipData;
} }
public static final class PermissionMethod {
public static final String READ = "read";
public static final String WRITE = "write";
public static final String DELETE = "delete";
public static final String ACTION = "action";
public static final String UI_EXECUTE = "ui.execute";
private PermissionMethod() {
throw new AssertionError();
}
}
} }

@ -25,6 +25,7 @@ import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
import org.wso2.carbon.device.mgt.core.app.mgt.config.AppManagementConfig; import org.wso2.carbon.device.mgt.core.app.mgt.config.AppManagementConfig;
import org.wso2.carbon.device.mgt.core.config.license.LicenseConfig; import org.wso2.carbon.device.mgt.core.config.license.LicenseConfig;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
import org.wso2.carbon.ntask.core.service.TaskService; import org.wso2.carbon.ntask.core.service.TaskService;
import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
@ -47,6 +48,7 @@ public class DeviceManagementDataHolder {
private ConfigurationContextService configurationContextService; private ConfigurationContextService configurationContextService;
private HashMap<String,Boolean> requireDeviceAuthorization = new HashMap<>(); private HashMap<String,Boolean> requireDeviceAuthorization = new HashMap<>();
private DeviceAccessAuthorizationService deviceAccessAuthorizationService; private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
private GroupManagementProviderService groupManagementProviderService;
private TaskService taskService; private TaskService taskService;
//private EmailSenderService emailSenderService; //private EmailSenderService emailSenderService;
@ -91,6 +93,15 @@ public class DeviceManagementDataHolder {
this.deviceManagerProvider = deviceManagerProvider; this.deviceManagerProvider = deviceManagerProvider;
} }
public GroupManagementProviderService getGroupManagementProviderService() {
return groupManagementProviderService;
}
public void setGroupManagementProviderService(
GroupManagementProviderService groupManagementProviderService) {
this.groupManagementProviderService = groupManagementProviderService;
}
public RegistryService getRegistryService() { public RegistryService getRegistryService() {
if (registryService == null) { if (registryService == null) {
throw new IllegalStateException("Registry service is not initialized properly"); throw new IllegalStateException("Registry service is not initialized properly");

@ -195,6 +195,7 @@ public class DeviceManagementServiceComponent {
/* Registering Group Management Service */ /* Registering Group Management Service */
GroupManagementProviderService groupManagementProvider = new GroupManagementProviderServiceImpl(); GroupManagementProviderService groupManagementProvider = new GroupManagementProviderServiceImpl();
DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(groupManagementProvider);
bundleContext.registerService(GroupManagementProviderService.class.getName(), groupManagementProvider, null); bundleContext.registerService(GroupManagementProviderService.class.getName(), groupManagementProvider, null);
/* Registering Tenant Configuration Management Service */ /* Registering Tenant Configuration Management Service */

@ -25,7 +25,7 @@ import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyEixistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyEixistException;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser; import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser;
import org.wso2.carbon.device.mgt.core.group.mgt.DeviceGroupBuilder; import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException;
import java.util.List; import java.util.List;
@ -77,6 +77,7 @@ public interface GroupManagementProviderService {
/** /**
* Get the device group provided the device group id. * Get the device group provided the device group id.
*
* @param groupId * @param groupId
* @return * @return
* @throws GroupManagementException * @throws GroupManagementException
@ -97,7 +98,7 @@ public interface GroupManagementProviderService {
* Get paginated device groups in tenant * Get paginated device groups in tenant
* *
* @param startIndex for pagination. * @param startIndex for pagination.
* @param rowCount for pagination. * @param rowCount for pagination.
* @return paginated list of groups * @return paginated list of groups
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -106,9 +107,9 @@ public interface GroupManagementProviderService {
/** /**
* Get paginated device groups in tenant * Get paginated device groups in tenant
* *
* @param username of user. * @param username of user.
* @param startIndex for pagination. * @param startIndex for pagination.
* @param rowCount for pagination. * @param rowCount for pagination.
* @return paginated list of groups * @return paginated list of groups
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -148,10 +149,10 @@ public interface GroupManagementProviderService {
* @param owner of the group * @param owner of the group
* @param sharingRole to be shared * @param sharingRole to be shared
* @return is group shared * @return is group shared
* @throws GroupManagementException * @throws GroupManagementException UserDoesNotExistException
*/ */
boolean shareGroup(String username, String groupName, String owner, String sharingRole) boolean shareGroup(String username, String groupName, String owner, String sharingRole)
throws GroupManagementException; throws GroupManagementException, UserDoesNotExistException;
/** /**
* Un share existing group sharing with user specified by role * Un share existing group sharing with user specified by role
@ -161,10 +162,10 @@ public interface GroupManagementProviderService {
* @param owner of the group * @param owner of the group
* @param sharingRole to be un shared * @param sharingRole to be un shared
* @return is group un shared * @return is group un shared
* @throws GroupManagementException * @throws GroupManagementException UserDoesNotExistException
*/ */
boolean unshareGroup(String userName, String groupName, String owner, String sharingRole) boolean unshareGroup(String userName, String groupName, String owner, String sharingRole)
throws GroupManagementException; throws GroupManagementException, UserDoesNotExistException;
/** /**
* Add new sharing role for device group * Add new sharing role for device group
@ -183,9 +184,9 @@ public interface GroupManagementProviderService {
/** /**
* Remove existing sharing role for device group * Remove existing sharing role for device group
* *
* @param groupName of the group * @param groupName of the group
* @param owner of the group * @param owner of the group
* @param roleName to remove * @param roleName to remove
* @return is role removed * @return is role removed
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -194,8 +195,8 @@ public interface GroupManagementProviderService {
/** /**
* Get all sharing roles for device group * Get all sharing roles for device group
* *
* @param groupName of the group * @param groupName of the group
* @param owner of the group * @param owner of the group
* @return list of roles * @return list of roles
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -204,19 +205,20 @@ public interface GroupManagementProviderService {
/** /**
* Get specific device group sharing roles for user * Get specific device group sharing roles for user
* *
* @param userName of the user * @param userName of the user
* @param groupName of the group * @param groupName of the group
* @param owner of the group * @param owner of the group
* @return list of roles * @return list of roles
* @throws GroupManagementException * @throws GroupManagementException UserDoesNotExistException
*/ */
List<String> getRoles(String userName, String groupName, String owner) throws GroupManagementException; List<String> getRoles(String userName, String groupName, String owner)
throws GroupManagementException, UserDoesNotExistException;
/** /**
* Get device group users * Get device group users
* *
* @param groupName of the group * @param groupName of the group
* @param owner of the group * @param owner of the group
* @return list of group users * @return list of group users
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -225,8 +227,8 @@ public interface GroupManagementProviderService {
/** /**
* Get all devices in device group. * Get all devices in device group.
* *
* @param groupName of the group. * @param groupName of the group.
* @param owner of the group. * @param owner of the group.
* @return list of group devices. * @return list of group devices.
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -235,10 +237,10 @@ public interface GroupManagementProviderService {
/** /**
* Get all devices in device group as paginated result. * Get all devices in device group as paginated result.
* *
* @param groupName of the group. * @param groupName of the group.
* @param owner of the group. * @param owner of the group.
* @param startIndex for pagination. * @param startIndex for pagination.
* @param rowCount for pagination. * @param rowCount for pagination.
* @return Paginated list of devices. * @return Paginated list of devices.
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -248,8 +250,8 @@ public interface GroupManagementProviderService {
/** /**
* This method is used to retrieve the device count of a given group. * This method is used to retrieve the device count of a given group.
* *
* @param groupName of the group. * @param groupName of the group.
* @param owner of the group. * @param owner of the group.
* @return returns the device count. * @return returns the device count.
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -258,9 +260,9 @@ public interface GroupManagementProviderService {
/** /**
* Add device to device group. * Add device to device group.
* *
* @param deviceId of the device. * @param deviceId of the device.
* @param groupName of the group. * @param groupName of the group.
* @param owner of the group. * @param owner of the group.
* @return is device added. * @return is device added.
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -269,9 +271,9 @@ public interface GroupManagementProviderService {
/** /**
* Remove device from device group. * Remove device from device group.
* *
* @param deviceId of the device. * @param deviceId of the device.
* @param groupName of the group. * @param groupName of the group.
* @param owner of the group. * @param owner of the group.
* @return is device removed. * @return is device removed.
* @throws GroupManagementException * @throws GroupManagementException
*/ */
@ -280,13 +282,14 @@ public interface GroupManagementProviderService {
/** /**
* Get device group permissions of user. * Get device group permissions of user.
* *
* @param username of the user. * @param username of the user.
* @param groupName of the group. * @param groupName of the group.
* @param owner of the group. * @param owner of the group.
* @return array of permissions. * @return array of permissions.
* @throws GroupManagementException * @throws GroupManagementException UserDoesNotExistException
*/ */
String[] getPermissions(String username, String groupName, String owner) throws GroupManagementException; String[] getPermissions(String username, String groupName, String owner)
throws GroupManagementException, UserDoesNotExistException;
/** /**
* Get device groups of user with permission. * Get device groups of user with permission.
@ -300,6 +303,7 @@ public interface GroupManagementProviderService {
/** /**
* Get the group of device. * Get the group of device.
*
* @param deviceIdentifier * @param deviceIdentifier
* @return * @return
* @throws GroupManagementException * @throws GroupManagementException

@ -41,6 +41,7 @@ import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException;
import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.carbon.user.core.util.UserCoreUtil;
import java.sql.SQLException; import java.sql.SQLException;
@ -379,7 +380,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
*/ */
@Override @Override
public boolean shareGroup(String username, String groupName, String owner, String sharingRole) public boolean shareGroup(String username, String groupName, String owner, String sharingRole)
throws GroupManagementException { throws GroupManagementException, UserDoesNotExistException {
int groupId = getGroupId(groupName, owner); int groupId = getGroupId(groupName, owner);
return modifyGroupShare(username, groupId, sharingRole, true); return modifyGroupShare(username, groupId, sharingRole, true);
} }
@ -389,14 +390,14 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
*/ */
@Override @Override
public boolean unshareGroup(String username, String groupName, String owner, String sharingRole) public boolean unshareGroup(String username, String groupName, String owner, String sharingRole)
throws GroupManagementException { throws GroupManagementException, UserDoesNotExistException {
int groupId = getGroupId(groupName, owner); int groupId = getGroupId(groupName, owner);
return modifyGroupShare(username, groupId, sharingRole, false); return modifyGroupShare(username, groupId, sharingRole, false);
} }
private boolean modifyGroupShare(String username, int groupId, String sharingRole, private boolean modifyGroupShare(String username, int groupId, String sharingRole,
boolean isAddNew) boolean isAddNew)
throws GroupManagementException { throws GroupManagementException, UserDoesNotExistException {
if (groupId == -1) { if (groupId == -1) {
return false; return false;
} }
@ -407,14 +408,21 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
userStoreManager = userStoreManager =
DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm( DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(
tenantId).getUserStoreManager(); tenantId).getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
throw new UserDoesNotExistException("User not exists with name " + username);
}
roles[0] = "Internal/group-" + groupId + "-" + sharingRole; roles[0] = "Internal/group-" + groupId + "-" + sharingRole;
if (isAddNew) { List<String> currentRoles = getRoles(username, groupId);
if (isAddNew && !currentRoles.contains(sharingRole)) {
userStoreManager.updateRoleListOfUser(username, null, roles); userStoreManager.updateRoleListOfUser(username, null, roles);
} else { } else if (!isAddNew && currentRoles.contains(sharingRole)) {
userStoreManager.updateRoleListOfUser(username, roles, null); userStoreManager.updateRoleListOfUser(username, roles, null);
} }
return true; return true;
} catch (UserStoreException e) { } catch (UserStoreException e) {
if (e instanceof UserDoesNotExistException) {
throw (UserDoesNotExistException) e;
}
throw new GroupManagementException("User store error in adding user " + username + " to group name:" + throw new GroupManagementException("User store error in adding user " + username + " to group name:" +
groupId, e); groupId, e);
} }
@ -532,18 +540,23 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
public List<String> getRoles(String username, String groupName, String owner) throws GroupManagementException { public List<String> getRoles(String username, String groupName, String owner)
throws GroupManagementException, UserDoesNotExistException {
int groupId = getGroupId(groupName, owner); int groupId = getGroupId(groupName, owner);
return getRoles(username, groupId); return getRoles(username, groupId);
} }
private List<String> getRoles(String username, int groupId) throws GroupManagementException { private List<String> getRoles(String username, int groupId)
throws GroupManagementException, UserDoesNotExistException {
UserStoreManager userStoreManager; UserStoreManager userStoreManager;
List<String> groupRoleList = new ArrayList<>(); List<String> groupRoleList = new ArrayList<>();
try { try {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId) userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
.getUserStoreManager(); .getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
throw new UserDoesNotExistException("User not exists with name " + username);
}
String[] roleList = userStoreManager.getRoleListOfUser(username); String[] roleList = userStoreManager.getRoleListOfUser(username);
for (String role : roleList) { for (String role : roleList) {
if (role != null && role.contains("Internal/group-" + groupId)) { if (role != null && role.contains("Internal/group-" + groupId)) {
@ -553,6 +566,9 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
} }
return groupRoleList; return groupRoleList;
} catch (UserStoreException e) { } catch (UserStoreException e) {
if (e instanceof UserDoesNotExistException) {
throw (UserDoesNotExistException) e;
}
throw new GroupManagementException("Error occurred while getting user store manager.", e); throw new GroupManagementException("Error occurred while getting user store manager.", e);
} }
} }
@ -723,7 +739,8 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
* {@inheritDoc} * {@inheritDoc}
*/ */
@Override @Override
public String[] getPermissions(String username, String groupName, String owner) throws GroupManagementException { public String[] getPermissions(String username, String groupName, String owner)
throws GroupManagementException, UserDoesNotExistException {
UserRealm userRealm; UserRealm userRealm;
int groupId = getGroupId(groupName, owner); int groupId = getGroupId(groupName, owner);
List<String> roles = getRoles(username, groupId); List<String> roles = getRoles(username, groupId);

@ -81,8 +81,12 @@
<div class="content"> <div class="content">
<div class="row"> <div class="row">
<div class="col-lg-5 col-md-6 col-centered"> <div class="col-lg-5 col-md-6 col-centered">
<h3>Select user to manage group sharing</h3> <h3>Enter user name to manage group sharing</h3>
<div id="user-names">Loading...</div> <div id="user-names">
<br />
<input type="text" id="share-user-selector" style="color:#3f3f3f;padding:5px;width:250px;">
</input>
</div>
<div class="buttons"> <div class="buttons">
<a href="#" id="share-group-next-link" class="btn-operations"> <a href="#" id="share-group-next-link" class="btn-operations">
&nbsp;&nbsp;&nbsp;&nbsp;Next&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;Next&nbsp;&nbsp;&nbsp;&nbsp;
@ -233,6 +237,22 @@
</div> </div>
</div> </div>
<div id="group-404-content" class="hide">
<div class="content">
<div class="row">
<div class="col-lg-5 col-md-6 col-centered">
<h3 id="group-404-message">Not found.</h3>
<div class="buttons">
<a href="#" id="group-404-link" class="btn-operations">
&nbsp;&nbsp;&nbsp;&nbsp;Ok&nbsp;&nbsp;&nbsp;&nbsp;
</a>
</div>
</div>
</div>
</div>
</div>
<div id="group-409-content" class="hide"> <div id="group-409-content" class="hide">
<div class="content"> <div class="content">
<div class="row"> <div class="row">

@ -100,10 +100,10 @@ function loadGroups() {
var currentUser = groupListing.data("currentUser"); var currentUser = groupListing.data("currentUser");
var serviceURL; var serviceURL;
if ($.hasPermission("LIST_ALL_GROUPS")) { if ($.hasPermission("LIST_ALL_GROUPS")) {
serviceURL = "/devicemgt_admin/groups?start=0&rowCount=1000"; serviceURL = "/devicemgt_admin/groups";
} else if ($.hasPermission("LIST_GROUPS")) { } else if ($.hasPermission("LIST_GROUPS")) {
//Get authenticated users groups //Get authenticated users groups
serviceURL = "/devicemgt_admin/groups/user/" + currentUser + "?start=0&rowCount=1000"; serviceURL = "/devicemgt_admin/groups/user/" + currentUser;
} else { } else {
$("#loading-content").remove(); $("#loading-content").remove();
$('#device-table').addClass('hidden'); $('#device-table').addClass('hidden');
@ -133,32 +133,30 @@ function loadGroups() {
{ targets: 0, data: 'id', className: 'remove-padding icon-only content-fill' , render: function ( data, type, row, meta ) { { targets: 0, data: 'id', className: 'remove-padding icon-only content-fill' , render: function ( data, type, row, meta ) {
return '<div class="thumbnail icon"><img class="square-element text fw " src="public/cdmf.page.groups/images/group-icon.png"/></div>'; return '<div class="thumbnail icon"><img class="square-element text fw " src="public/cdmf.page.groups/images/group-icon.png"/></div>';
}}, }},
{ targets: 1, data: 'name', className: 'fade-edge' , render: function ( name, type, row, meta ) { {targets: 1, data: 'name', className: 'fade-edge'},
return '<h4 data-groupid="' + row.id + '">' + name + '</h4>';
}},
{ targets: 2, data: 'owner', className: 'fade-edge remove-padding-top'}, { targets: 2, data: 'owner', className: 'fade-edge remove-padding-top'},
{ targets: 3, data: 'id', className: 'text-right content-fill text-left-on-grid-view no-wrap' , { targets: 3, data: 'id', className: 'text-right content-fill text-left-on-grid-view no-wrap' ,
render: function ( id, type, row, meta ) { render: function ( id, type, row, meta ) {
var html; var html;
html = '<a href="devices?groupName=' + row.name + '&groupOwner=' + row.owner + '" data-click-event="remove-form" class="btn padding-reduce-on-grid-view">' + html = '<a href="devices?groupName=' + row.name + '&groupOwner=' + row.owner + '" data-click-event="remove-form" class="btn padding-reduce-on-grid-view">' +
'<span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-view fw-stack-1x"></i></span>' + '<span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-view fw-stack-1x"></i></span>' +
'<span class="hidden-xs hidden-on-grid-view">View Devices</span></a>'; '<span class="hidden-xs hidden-on-grid-view">View Devices</span></a>';
html += '<a href="analytics?groupName=' + row.name + '&groupOwner=' + row.owner + '" data-click-event="remove-form" class="btn padding-reduce-on-grid-view">' + html += '<a href="analytics?groupName=' + row.name + '&groupOwner=' + row.owner + '" data-click-event="remove-form" class="btn padding-reduce-on-grid-view">' +
'<span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-statistics fw-stack-1x"></i></span>' + '<span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-statistics fw-stack-1x"></i></span>' +
'<span class="hidden-xs hidden-on-grid-view">Analytics</span></a>'; '<span class="hidden-xs hidden-on-grid-view">Analytics</span></a>';
html += '<a href="#" data-click-event="remove-form" class="btn padding-reduce-on-grid-view share-group-link" data-group-name="' + row.name + '" ' + html += '<a href="#" data-click-event="remove-form" class="btn padding-reduce-on-grid-view share-group-link" data-group-name="' + row.name + '" ' +
'data-group-owner="' + row.owner + '"><span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-share fw-stack-1x"></i></span>' + 'data-group-owner="' + row.owner + '"><span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-share fw-stack-1x"></i></span>' +
'<span class="hidden-xs hidden-on-grid-view">Share</span></a>'; '<span class="hidden-xs hidden-on-grid-view">Share</span></a>';
html += '<a href="#" data-click-event="remove-form" class="btn padding-reduce-on-grid-view edit-group-link" data-group-name="' + row.name + '" ' + html += '<a href="#" data-click-event="remove-form" class="btn padding-reduce-on-grid-view edit-group-link" data-group-name="' + row.name + '" ' +
'data-group-owner="' + row.owner + '" data-group-description="' + row.description + '"><span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i>' + 'data-group-owner="' + row.owner + '" data-group-description="' + row.description + '"><span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i>' +
'<i class="fw fw-edit fw-stack-1x"></i></span><span class="hidden-xs hidden-on-grid-view">Edit</span></a>'; '<i class="fw fw-edit fw-stack-1x"></i></span><span class="hidden-xs hidden-on-grid-view">Edit</span></a>';
html += '<a href="#" data-click-event="remove-form" class="btn padding-reduce-on-grid-view remove-group-link" data-group-name="' + row.name + '" ' + html += '<a href="#" data-click-event="remove-form" class="btn padding-reduce-on-grid-view remove-group-link" data-group-name="' + row.name + '" ' +
'data-group-owner="' + row.owner + '"><span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-delete fw-stack-1x"></i>' + 'data-group-owner="' + row.owner + '"><span class="fw-stack"><i class="fw fw-ring fw-stack-2x"></i><i class="fw fw-delete fw-stack-1x"></i>' +
'</span><span class="hidden-xs hidden-on-grid-view">Delete</span></a>'; '</span><span class="hidden-xs hidden-on-grid-view">Delete</span></a>';
return html; return html;
}} }}
@ -221,12 +219,12 @@ $(document).ready(function () {
/* for device list sorting drop down */ /* for device list sorting drop down */
$(".ctrl-filter-type-switcher").popover( $(".ctrl-filter-type-switcher").popover(
{ {
html: true, html: true,
content: function () { content: function () {
return $("#content-filter-types").html(); return $("#content-filter-types").html();
}
} }
}
); );
/* for data tables*/ /* for data tables*/
@ -235,20 +233,20 @@ $(document).ready(function () {
$("[data-toggle=popover]").popover(); $("[data-toggle=popover]").popover();
$(".ctrl-filter-type-switcher").popover( $(".ctrl-filter-type-switcher").popover(
{ {
html: true, html: true,
content: function () { content: function () {
return $('#content-filter-types').html(); return $('#content-filter-types').html();
}
} }
}
); );
$('#nav').affix( $('#nav').affix(
{ {
offset: { offset: {
top: $('header').height() top: $('header').height()
}
} }
}
); );
}); });
@ -293,58 +291,23 @@ function attachEvents() {
* on Group Management page in WSO2 Device Management Server Console. * on Group Management page in WSO2 Device Management Server Console.
*/ */
$("a.share-group-link").click(function () { $("a.share-group-link").click(function () {
var username = $("#group-listing").data("current-user");
var groupName = $(this).data("group-name"); var groupName = $(this).data("group-name");
var groupOwner = $(this).data("group-owner"); var groupOwner = $(this).data("group-owner");
$(modalPopupContent).html($('#share-group-w1-modal-content').html()); $(modalPopupContent).html($('#share-group-w1-modal-content').html());
$('#user-names').html('<div style="height:100px" data-state="loading" data-loading-text="Loading..." data-loading-style="icon-only" data-loading-inverse="true"></div>'); $("a#share-group-next-link").show();
showPopup(); showPopup();
$("a#share-group-next-link").hide(); $("a#share-group-next-link").click(function () {
var userRequest = $.ajax( var selectedUser = $('#share-user-selector').val();
{ if (selectedUser == $("#group-listing").data("current-user")) {
url: "api/user/all", $("#user-names").html("Please specify a user other than current user.");
method: "GET", $("a#share-group-next-link").hide();
contentType: "application/json",
accept: "application/json"
}
);
userRequest.done(function (data, txtStatus, jqxhr) {
var users = JSON.parse(data);
var status = jqxhr.status;
if (status == 200) {
var str = '<br /><select id="share-user-selector" style="color:#3f3f3f;padding:5px;width:250px;">';
var hasUsers = false;
users = users.content;
for (var user in users) {
if (users[user].username != username) {
str += '<option value="' + users[user].username + '">' + users[user].username + '</option>';
hasUsers = true;
}
}
str += '</select>';
if (!hasUsers) {
str = "There is no any other users registered";
$('#user-names').html(str);
return;
}
$('#user-names').html(str);
$("a#share-group-next-link").show();
$("a#share-group-next-link").click(function () {
var selectedUser = $('#share-user-selector').val();
getAllRoles(groupName, groupOwner, selectedUser);
});
} else { } else {
displayErrors(status); getAllRoles(groupName, groupOwner, selectedUser);
} }
}); });
userRequest.fail(function (jqXHR) {
displayErrors(jqXHR);
});
$("a#share-group-w1-cancel-link").click(function () { $("a#share-group-w1-cancel-link").click(function () {
hidePopup(); hidePopup();
}); });
}); });
/** /**
@ -360,23 +323,23 @@ function attachEvents() {
showPopup(); showPopup();
$("a#remove-group-yes-link").click(function () { $("a#remove-group-yes-link").click(function () {
var successCallback = function (data) { var successCallback = function (data, textStatus, xhr) {
data = JSON.parse(data); data = JSON.parse(data);
if (data.status == 200) { if (xhr.status == 200) {
$(modalPopupContent).html($('#remove-group-200-content').html()); $(modalPopupContent).html($('#remove-group-200-content').html());
setTimeout(function () { setTimeout(function () {
hidePopup(); hidePopup();
location.reload(false); location.reload(false);
}, 2000); }, 2000);
} else { } else {
displayErrors(status); displayErrors(xhr);
} }
}; };
invokerUtil.delete("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName, invokerUtil.delete("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName,
successCallback, function (message) { successCallback, function (message) {
displayErrors(message.content); displayErrors(message);
}); });
}); });
$("a#remove-group-cancel-link").click(function () { $("a#remove-group-cancel-link").click(function () {
@ -405,22 +368,22 @@ function attachEvents() {
var newGroupDescription = $('#edit-group-description').val(); var newGroupDescription = $('#edit-group-description').val();
var group = {"name": newGroupName, "description": newGroupDescription, "owner": groupOwner}; var group = {"name": newGroupName, "description": newGroupDescription, "owner": groupOwner};
var successCallback = function (data) { var successCallback = function (data, textStatus, xhr) {
data = JSON.parse(data); data = JSON.parse(data);
if (data.status == 200) { if (xhr.status == 200) {
setTimeout(function () { setTimeout(function () {
hidePopup(); hidePopup();
location.reload(false); location.reload(false);
}, 2000); }, 2000);
} else { } else {
displayErrors(status); displayErrors(xhr);
} }
}; };
invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName, group, invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName, group,
successCallback, function (message) { successCallback, function (message) {
displayErrors(message.content); displayErrors(message);
}); });
}); });
$("a#edit-group-cancel-link").click(function () { $("a#edit-group-cancel-link").click(function () {
@ -433,23 +396,23 @@ function getAllRoles(groupName, groupOwner, selectedUser) {
$(modalPopupContent).html($('#share-group-w2-modal-content').html()); $(modalPopupContent).html($('#share-group-w2-modal-content').html());
$('#user-roles').html('<div style="height:100px" data-state="loading" data-loading-text="Loading..." data-loading-style="icon-only" data-loading-inverse="true"></div>'); $('#user-roles').html('<div style="height:100px" data-state="loading" data-loading-text="Loading..." data-loading-style="icon-only" data-loading-inverse="true"></div>');
$("a#share-group-yes-link").hide(); $("a#share-group-yes-link").hide();
var successCallback = function (data) { var successCallback = function (data, textStatus, xhr) {
data = JSON.parse(data); data = JSON.parse(data);
if (data.status == 200) { if (xhr.status == 200) {
if (data.data.length > 0) { if (data.length > 0) {
generateRoleMap(groupName, groupOwner, selectedUser, data.data); generateRoleMap(groupName, groupOwner, selectedUser, data);
} else { } else {
$('#user-roles').html("There is no any roles for this group."); $('#user-roles').html("There is no any roles for this group.");
} }
} else { } else {
displayErrors(status); displayErrors(xhr);
} }
}; };
invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles", invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles",
successCallback, function (message) { successCallback, function (message) {
displayErrors(message.content); displayErrors(message);
}); });
$("a#share-group-w2-cancel-link").click(function () { $("a#share-group-w2-cancel-link").click(function () {
hidePopup(); hidePopup();
@ -457,77 +420,63 @@ function getAllRoles(groupName, groupOwner, selectedUser) {
} }
function generateRoleMap(groupName, groupOwner, selectedUser, allRoles) { function generateRoleMap(groupName, groupOwner, selectedUser, allRoles) {
var successCallback = function (data) { var successCallback = function (data, textStatus, xhr) {
data = JSON.parse(data); data = JSON.parse(data);
if (data.status == 200) { if (xhr.status == 200) {
var userRoles = data.data; var userRoles = data;
var roleMap = [];
var str = ''; var str = '';
var isChecked = '';
for (var role in allRoles) { for (var i = 0; i < allRoles.length; i++) {
var objRole = {"role": allRoles[role], "assigned": false}; var isChecked = '';
for (var usrRole in userRoles) { for (var j = 0; j < userRoles.length; j++) {
if (allRoles[role] == userRoles[usrRole]) { if (allRoles[i] == userRoles[j]) {
objRole.assigned = true;
isChecked = 'checked'; isChecked = 'checked';
break; break;
} }
} }
str += '<label class="checkbox-text"><input type="checkbox" id="user-role-' + roleMap[role].role + '" value="' + roleMap[role].role str += '<label class="checkbox-text"><input type="checkbox" id="user-role-' + allRoles[i] + '" value="' + allRoles[i]
+ '" ' + isChecked + '/>' + roleMap[role].role + '</label>&nbsp;&nbsp;&nbsp;&nbsp;'; + '" ' + isChecked + '/>' + allRoles[i] + '</label>&nbsp;&nbsp;&nbsp;&nbsp;';
roleMap.push(objRole);
} }
$('#user-roles').html(str); $('#user-roles').html(str);
$("a#share-group-yes-link").show(); $("a#share-group-yes-link").show();
var isOngoing; $("a#share-group-yes-link").show();
$("a#share-group-yes-link").click(function () { $("a#share-group-yes-link").click(function () {
if (isOngoing) { var roles = [];
return false; for (var i = 0; i < allRoles.length; i++) {
} if ($('#user-role-' + allRoles[i]).is(':checked')) {
$("a#share-group-yes-link").html("Wait..."); roles.push(allRoles[i]);
isOngoing = true;
for (var role in roleMap) {
if ($('#user-role-' + roleMap[role].role).is(':checked') != roleMap[role].assigned) {
roleMap[role].assigned = $('#user-role-' + roleMap[role].role).is(':checked');
updateGroupShare(groupName, groupOwner, selectedUser, roleMap[role]);
} }
} }
updateGroupShare(groupName, groupOwner, selectedUser, roles);
}); });
} else { } else {
displayErrors(status); displayErrors(xhr);
} }
}; };
invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser, invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser,
successCallback, function (message) { successCallback, function (message) {
displayErrors(message.content); displayErrors(message);
}); });
$("a#share-group-w2-cancel-link").click(function () { $("a#share-group-w2-cancel-link").click(function () {
hidePopup(); hidePopup();
}); });
} }
function updateGroupShare(groupName, groupOwner, selectedUser, role) { function updateGroupShare(groupName, groupOwner, selectedUser, roles) {
var successCallback = function (data) { var successCallback = function (data) {
data = JSON.parse(data); $(modalPopupContent).html($('#share-group-200-content').html());
var status = data.status; setTimeout(function () {
if (status == 200) { hidePopup();
$(modalPopupContent).html($('#share-group-200-content').html()); location.reload(false);
setTimeout(function () { }, 2000);
hidePopup();
location.reload(false);
}, 2000);
} else {
displayErrors(status);
}
}; };
invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser, invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/user/" + selectedUser + "/share/roles",
role, successCallback, function (message) { roles, successCallback, function (message) {
displayErrors(message.content); displayErrors(message);
}); });
} }
@ -543,6 +492,12 @@ function displayErrors(jqXHR) {
$("a#group-403-link").click(function () { $("a#group-403-link").click(function () {
hidePopup(); hidePopup();
}); });
} else if (jqXHR.status == 404) {
$(modalPopupContent).html($('#group-404-content').html());
$("#group-404-message").html(jqXHR.responseText);
$("a#group-404-link").click(function () {
hidePopup();
});
} else if (jqXHR.status == 409) { } else if (jqXHR.status == 409) {
$(modalPopupContent).html($('#group-409-content').html()); $(modalPopupContent).html($('#group-409-content').html());
$("a#group-409-link").click(function () { $("a#group-409-link").click(function () {

@ -50,7 +50,6 @@ var invokerUtil = function () {
accept: acceptType, accept: acceptType,
success: successCallback success: successCallback
}; };
console.log(data);
var paramValue = {}; var paramValue = {};
paramValue.actionMethod = methoad; paramValue.actionMethod = methoad;
paramValue.actionUrl = url; paramValue.actionUrl = url;

@ -8,7 +8,7 @@
"path": "/api/device-api.jag" "path": "/api/device-api.jag"
}, },
{ {
"url": "/api/group/*", "url": "/api/groups/*",
"path": "/api/group-api.jag" "path": "/api/group-api.jag"
}, },
{ {

Loading…
Cancel
Save