ruwin
/
device-mgt-core
forked from community/device-mgt-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Permission modifications

Browse Source
revert-70aa11f8
kamidu 8 years ago
parent 940f2aaede
commit 878daae5c5
23 changed files with 302 additions and 244 deletions
Show Stats Download Patch File Download Diff File

2
components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/META-INF/permissions.xml
Unescape View File

@ -32,7 +32,7 @@
<!-- Device related APIs -->
<Permission>
<name>get certificate in the database</name>
<path>/device-mgt/admin/certificate/GetSignCSR</path>
<path>/device-mgt/certificate/GetSignCSR</path>
<url>/certificates/scep/signcsr</url>
<method>POST</method>
<scope>emm_admin</scope>

4
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
Unescape View File

@ -93,7 +93,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Permission(name = "View Activities", permission = "/device-mgt/activities/view")
@Permission(name = "View Activities", permission = "/device-mgt/devices/owning/view")
Response getActivity(
@ApiParam(
name = "id",
@ -154,7 +154,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Permission(name = "View Activities", permission = "/device-mgt/activities/view")
@Permission(name = "View Activities", permission = "/device-mgt/devices/owning/view")
Response getActivities(
@ApiParam(
name = "since",

4
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
Unescape View File

@ -82,7 +82,7 @@ public interface ConfigurationManagementService {
"platform configuration.",
response = ErrorResponse.class)
})
@Permission(name = "View Configurations", permission = "/device-mgt/configuration/view")
@Permission(name = "View Configurations", permission = "/device-mgt/configurations/view")
Response getConfiguration(
@ApiParam(
name = "If-Modified-Since",
@ -128,7 +128,7 @@ public interface ConfigurationManagementService {
"Server error occurred while modifying general platform configuration.",
response = ErrorResponse.class)
})
@Permission(name = "Manage configurations", permission = "/device-mgt/configuration/manage")
@Permission(name = "Manage configurations", permission = "/device-mgt/configurations/manage")
Response updateConfiguration(
@ApiParam(
name = "configuration",

16
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
Unescape View File

@ -93,7 +93,7 @@ public interface DeviceManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getDevices(
@ApiParam(
name = "name",
@ -200,7 +200,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving information requested device.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getDevice(
@ApiParam(
name = "type",
@ -282,7 +282,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving feature list of the device.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getFeaturesOfDevice(
@ApiParam(
name = "type",
@ -358,7 +358,7 @@ public interface DeviceManagementService {
"Server error occurred while enrolling the device.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response searchDevices(
@ApiParam(
name = "offset",
@ -437,7 +437,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving installed application list of the device.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getInstalledApplications(
@ApiParam(
name = "type",
@ -533,7 +533,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving operation list scheduled for the device.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getDeviceOperations(
@ApiParam(
name = "type",
@ -631,7 +631,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getEffectivePolicyOfDevice(
@ApiParam(
name = "type",
@ -683,7 +683,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getComplianceDataOfDevice(
@ApiParam(
name = "type",

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java
Unescape View File

@ -79,7 +79,7 @@ public interface DeviceTypeManagementService {
response = ErrorResponse.class)
}
)
@Permission(name = "View Device Types", permission = "/device-mgt/devices/view")
@Permission(name = "View Device Types", permission = "/device-mgt/devices/owning/view")
Response getDeviceTypes(
@ApiParam(
name = "If-Modified-Since",

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
Unescape View File

@ -82,7 +82,7 @@ public interface GroupManagementService {
//
// @GET
// @Path("/{groupName}/devices")
// @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
// @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/groups/roles"})
// Response getDevicesOfGroup(@PathParam("groupName") String groupName, @QueryParam("offset") int offset,
// @QueryParam("limit") int limit);
//

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
Unescape View File

@ -86,7 +86,7 @@ public interface DeviceManagementAdminService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Permission(name = "View Devices", permission = "/device-mgt/admin/devices/view")
@Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
Response getDevicesByName(
@ApiParam(
name = "name",

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
Unescape View File

@ -69,7 +69,7 @@ public interface UserManagementAdminService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(name = "View Users", permission = "/device-mgt/admin/users/view")
@Permission(name = "View Users", permission = "/device-mgt/users/manage")
Response resetUserPassword(
@ApiParam(
name = "username",

106
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
Unescape View File

@ -45,334 +45,334 @@
</Permission>
<Permission>
<name>Devices</name>
<path>/device-mgt/admin/devices</path>
<path>/device-mgt/devices</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Device related APIs -->
<Permission>
<name>List devices</name>
<path>/device-mgt/admin/devices/List</path>
<path>/device-mgt/devices/List</path>
<url>/devices</url>
<method>GET</method>
</Permission>
<Permission>
<name>Search devices</name>
<path>/device-mgt/admin/devices/Search</path>
<path>/device-mgt/devices/Search</path>
<url>/devices/search-devices</url>
<method>POST</method>
</Permission>
<Permission>
<name>View device</name>
<path>/device-mgt/admin/devices/View</path>
<path>/device-mgt/devices/View</path>
<url>/devices/*/*</url>
<method>GET</method>
</Permission>
<Permission>
<name>View device info</name>
<path>/device-mgt/admin/devices/View</path>
<path>/device-mgt/devices/View</path>
<url>/devices/*/*/info</url>
<method>GET</method>
</Permission>
<Permission>
<name>View device applications</name>
<path>/device-mgt/admin/devices/View-Applications</path>
<path>/device-mgt/devices/View-Applications</path>
<url>/devices/*/*/applications</url>
<method>GET</method>
</Permission>
<Permission>
<name>View device effective-policy</name>
<path>/device-mgt/admin/devices/View-Active-Policy</path>
<path>/device-mgt/devices/View-Active-Policy</path>
<url>/devices/*/*/effective-policy</url>
<method>GET</method>
</Permission>
<Permission>
<name>View devices feature</name>
<path>/device-mgt/admin/devices/View-Features</path>
<path>/device-mgt/devices/View-Features</path>
<url>/devices/*/*/features</url>
<method>GET</method>
</Permission>
<Permission>
<name>View device operations</name>
<path>/device-mgt/admin/devices/View-Operations</path>
<path>/device-mgt/devices/View-Operations</path>
<url>/devices/*/*/operations</url>
<method>GET</method>
</Permission>
<Permission>
<name>View Compliance Data</name>
<path>/device-mgt/admin/devices/View-Compliance-Data</path>
<path>/device-mgt/devices/View-Compliance-Data</path>
<url>/devices/*/*/compliance-data</url>
<method>GET</method>
</Permission>
<Permission>
<name>List all devices</name>
<path>/device-mgt/admin/devices/Admin-View</path>
<path>/device-mgt/devices/Admin-View</path>
<url>/admin/devices</url>
<method>GET</method>
</Permission>
<Permission>
<name>View device types</name>
<path>/device-mgt/admin/devices/Admin-DeviceType-View</path>
<path>/device-mgt/devices/Admin-DeviceType-View</path>
<url>/admin/device-types</url>
<method>GET</method>
</Permission>
<!-- End of Device related APIs -->
<Permission>
<name>Policies</name>
<path>/device-mgt/admin/policies</path>
<path>/device-mgt/policies</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Policy related APIs -->
<Permission>
<name>List policies</name>
<path>/device-mgt/admin/policies/List</path>
<path>/device-mgt/policies/List</path>
<url>/policies</url>
<method>GET</method>
</Permission>
<Permission>
<name>Add Policy</name>
<path>/device-mgt/admin/policies/Add</path>
<path>/device-mgt/policies/Add</path>
<url>/policies</url>
<method>POST</method>
</Permission>
<Permission>
<name>Activate policy</name>
<path>/device-mgt/admin/policies/Activate-Policy</path>
<path>/device-mgt/policies/Activate-Policy</path>
<url>/policies/activate-policy</url>
<method>PUT</method>
</Permission>
<Permission>
<name>Deactivate Policy</name>
<path>/device-mgt/admin/policies/Deactivate-Policy</path>
<path>/device-mgt/policies/Deactivate-Policy</path>
<url>/policies/deactivate-policy</url>
<method>PUT</method>
</Permission>
<Permission>
<name>Remove Policy</name>
<path>/device-mgt/admin/policies/Remove</path>
<path>/device-mgt/policies/Remove</path>
<url>/policies/remove-policy</url>
<method>POST</method>
</Permission>
<Permission>
<name>View Policy</name>
<path>/device-mgt/admin/policies/View</path>
<path>/device-mgt/policies/View</path>
<url>/policies/*</url>
<method>GET</method>
</Permission>
<Permission>
<name>Update Policy</name>
<path>/device-mgt/admin/policies/Update</path>
<path>/device-mgt/policies/Update</path>
<url>/policies/*</url>
<method>PUT</method>
</Permission>
<Permission>
<name>Update Policy</name>
<path>/device-mgt/admin/policies/Update</path>
<path>/device-mgt/policies/Update</path>
<url>/policies/apply-changes</url>
<method>PUT</method>
</Permission>
<Permission>
<name>Update Policy</name>
<path>/device-mgt/admin/policies/Change-Priority</path>
<path>/device-mgt/policies/Change-Priority</path>
<url>/policies/priorities</url>
<method>PUT</method>
</Permission>
<!-- End of Policy related APIs -->
<Permission>
<name>Notifications</name>
<path>/device-mgt/admin/notifications</path>
<path>/device-mgt/notifications</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Notification related APIs -->
<Permission>
<name>View notifications</name>
<path>/device-mgt/admin/notifications/View</path>
<path>/device-mgt/notifications/View</path>
<url>/notifications</url>
<method>GET</method>
</Permission>
<Permission>
<name>Mark checked notifications</name>
<path>/device-mgt/admin/notifications/View</path>
<path>/device-mgt/notifications/View</path>
<url>/notifications/*/mark-checked</url>
<method>PUT</method>
</Permission>
<!-- End of Notification related APIs -->
<Permission>
<name>Users</name>
<path>/device-mgt/admin/users</path>
<path>/device-mgt/users</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- User related APIs -->
<Permission>
<name>List users</name>
<path>/device-mgt/admin/users/List</path>
<path>/device-mgt/users/List</path>
<url>/users</url>
<method>GET</method>
</Permission>
<Permission>
<name>Add user</name>
<path>/device-mgt/admin/users/Add</path>
<path>/device-mgt/users/Add</path>
<url>/users</url>
<method>POST</method>
</Permission>
<Permission>
<name>List users</name>
<path>/device-mgt/admin/users/Search</path>
<path>/device-mgt/users/Search</path>
<url>/users/search/usernames</url>
<method>GET</method>
</Permission>
<Permission>
<name>Remove user</name>
<path>/device-mgt/admin/users/Remove</path>
<path>/device-mgt/users/Remove</path>
<url>/users/*</url>
<method>DELETE</method>
</Permission>
<Permission>
<name>View user</name>
<path>/device-mgt/admin/users/View</path>
<path>/device-mgt/users/View</path>
<url>/users/*</url>
<method>GET</method>
</Permission>
<Permission>
<name>Update user</name>
<path>/device-mgt/admin/users/Update</path>
<path>/device-mgt/users/Update</path>
<url>/users/*</url>
<method>PUT</method>
</Permission>
<Permission>
<name>Update user credentials</name>
<path>/device-mgt/admin/users/Change-Password</path>
<path>/device-mgt/users/Change-Password</path>
<url>/users/*/credentials</url>
<method>PUT</method>
</Permission>
<Permission>
<name>View assigned role</name>
<path>/device-mgt/admin/roles/Assigned-Roles</path>
<path>/device-mgt/roles/Assigned-Roles</path>
<url>/users/*/roles</url>
<method>GET</method>
</Permission>
<Permission>
<name>Change any user credentials</name>
<path>/device-mgt/admin/users/Change-Password-Any</path>
<path>/device-mgt/users/Change-Password-Any</path>
<url>/admin/users/*/credentials</url>
<method>POST</method>
</Permission>
<Permission>
<name>Send invitation mail</name>
<path>/device-mgt/admin/users/Send-invitations</path>
<path>/device-mgt/users/Send-invitations</path>
<url>/users/send-invitation</url>
<method>POST</method>
</Permission>
<!-- End of User related APIs -->
<Permission>
<name>Roles</name>
<path>/device-mgt/admin/roles</path>
<path>/device-mgt/roles</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Role related APIs -->
<Permission>
<name>List roles</name>
<path>/device-mgt/admin/roles/List</path>
<path>/device-mgt/roles/List</path>
<url>/roles</url>
<method>GET</method>
</Permission>
<Permission>
<name>Add role</name>
<path>/device-mgt/admin/roles/Add</path>
<path>/device-mgt/roles/Add</path>
<url>/roles</url>
<method>POST</method>
</Permission>
<Permission>
<name>Remove role</name>
<path>/device-mgt/admin/roles/Remove</path>
<path>/device-mgt/roles/Remove</path>
<url>/roles/*</url>
<method>DELETE</method>
</Permission>
<Permission>
<name>View role</name>
<path>/device-mgt/admin/roles/View</path>
<path>/device-mgt/roles/View</path>
<url>/roles/*</url>
<method>GET</method>
</Permission>
<Permission>
<name>Update role</name>
<path>/device-mgt/admin/roles/Update</path>
<path>/device-mgt/roles/Update</path>
<url>/roles/*</url>
<method>PUT</method>
</Permission>
<Permission>
<name>View role permissions</name>
<path>/device-mgt/admin/roles/View-Permission</path>
<path>/device-mgt/roles/View-Permission</path>
<url>/roles/*/permissions</url>
<method>GET</method>
</Permission>
<Permission>
<name>Add Users to role</name>
<path>/device-mgt/admin/roles/Add-Users</path>
<path>/device-mgt/roles/Add-Users</path>
<url>/roles/*/users</url>
<method>PUT</method>
</Permission>
<!-- End of Role related APIs -->
<Permission>
<name>Configurations</name>
<path>/device-mgt/admin/general-configs</path>
<path>/device-mgt/general-configs</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Configuration related APIs -->
<Permission>
<name>View configuration</name>
<path>/device-mgt/admin/general-configuration/View</path>
<path>/device-mgt/general-configuration/View</path>
<url>/configuration</url>
<method>GET</method>
</Permission>
<Permission>
<name>Update configuration</name>
<path>/device-mgt/admin/general-configuration/Update</path>
<path>/device-mgt/general-configuration/Update</path>
<url>/configuration</url>
<method>PUT</method>
</Permission>
<!-- End of Configuration related APIs -->
<Permission>
<name>Activities</name>
<path>/device-mgt/admin/activities</path>
<path>/device-mgt/activities</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Activity related APIs -->
<Permission>
<name>View Activities</name>
<path>/device-mgt/admin/activities/View</path>
<path>/device-mgt/devices/owning/view</path>
<url>/activities</url>
<method>GET</method>
</Permission>
<Permission>
<name>View Activity Details</name>
<path>/device-mgt/admin/activities/View</path>
<path>/device-mgt/devices/owning/view</path>
<url>/activities/*</url>
<method>GET</method>
</Permission>
<!-- End of Activity related APIs -->
<Permission>
<name>Applications</name>
<path>/device-mgt/admin/applications</path>
<path>/device-mgt/applications</path>
<url>/</url>
<method>GET</method>
</Permission>
<!-- Application related APIs -->
<Permission>
<name>Install Applications</name>
<path>/device-mgt/admin/application/Install</path>
<path>/device-mgt/application/Install</path>
<url>/admin/applications/install-application</url>
<method>POST</method>
</Permission>
<Permission>
<name>Uninstall-Applications</name>
<path>/device-mgt/admin/application/Uninstall</path>
<path>/device-mgt/application/Uninstall</path>
<url>/admin/applications/uninstall-application</url>
<method>POST</method>
</Permission>

2
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java
Unescape View File

@ -67,7 +67,7 @@ public class DeviceGroupConstants {
public static class Permissions {
public static final String[] DEFAULT_ADMIN_PERMISSIONS =
{"/permission/device-mgt/admin/groups", "/permission/device-mgt/user/groups"};
{"/permission/device-mgt/groups", "/permission/device-mgt/user/groups"};
public static final String[] DEFAULT_OPERATOR_PERMISSIONS =
{"/permission/device-mgt/user/groups/device_operation"};
public static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS =

4
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
Unescape View File

@ -47,7 +47,7 @@ import java.util.Map;
*/
public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService {
private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin";
private final static String CDM_ADMIN_PERMISSION = "/device-mgt/devices/any/permitted-actions-upon-owning-device";
private final static String CDM_ADMIN = "Device Management Administrator";
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
@ -246,7 +246,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
Permission permission = new Permission();
permission.setName(CDM_ADMIN);
permission.setPath(CDM_ADMIN_PERMISSION);
permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
return PermissionUtils.putPermission(permission);
}

6
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag
Unescape View File

@ -152,7 +152,7 @@ if (!user) {
result = responsePayload.responseText;
});
} else if (uriMatcher.match("/{context}/api/devices/")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/devices/list")) {
result = deviceModule.listDevices();
} else {
response.sendError(403);
@ -161,7 +161,7 @@ if (!user) {
elements = uriMatcher.elements();
deviceId = elements.deviceId;
type = elements.type;
if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/devices/list")) {
result = deviceModule.viewDevice(type, deviceId);
}else {
response.sendError(403);
@ -171,7 +171,7 @@ if (!user) {
deviceId = elements.deviceId;
type = elements.type;
operation = elements.operation;
if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/operation")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/devices/operation")) {
result = deviceModule.performOperation(deviceId, operation, [], type);
} else {
response.sendError(403);

6
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag
Unescape View File

@ -98,7 +98,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
/*
@Deprecated
*/
if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/invite")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/user/invite")) {
elements = uriMatcher.elements();
username = elements.username;
userModule.inviteUser(username);
@ -109,7 +109,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
/*
@Deprecated
*/
if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/add")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/user/add")) {
addUserFormData = request.getContent();
username = addUserFormData.username;
firstname = addUserFormData.firstname;
@ -160,7 +160,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
/*
@Deprecated
*/
if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/remove")) {
if (userModule.isAuthorized("/permission/admin/device-mgt/user/remove")) {
elements = uriMatcher.elements();
username = elements.username;
try {

24
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js
Unescape View File

@ -396,25 +396,25 @@ var userModule = function () {
publicMethods.getUIPermissions = function () {
var permissions = {};
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/devices/list")) {
permissions["LIST_DEVICES"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/devices/list")) {
permissions["LIST_OWN_DEVICES"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/groups/list")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/groups/list")) {
permissions["LIST_ALL_GROUPS"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/list")) {
permissions["LIST_GROUPS"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/list")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/list")) {
permissions["LIST_USERS"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/list")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/roles/list")) {
permissions["LIST_ROLES"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/list")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/list")) {
permissions["LIST_ALL_POLICIES"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/list")) {
@ -426,28 +426,28 @@ var userModule = function () {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/add")) {
permissions["ADD_GROUP"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/add")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/add")) {
permissions["ADD_USER"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/remove")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/remove")) {
permissions["REMOVE_USER"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/add")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/roles/add")) {
permissions["ADD_ROLE"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/add")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/add")) {
permissions["ADD_ADMIN_POLICY"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/add")) {
permissions["ADD_POLICY"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/priority")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/priority")) {
permissions["CHANGE_POLICY_PRIORITY"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/dashboard/view")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/dashboard/view")) {
permissions["VIEW_DASHBOARD"] = true;
}
if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/platform-configs/view")) {
if (publicMethods.isAuthorized("/permission/admin/device-mgt/platform-configs/view")) {
permissions["TENANT_CONFIGURATION"] = true;
}

110
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.hbs
Unescape View File

@ -23,77 +23,87 @@
<i class="icon fw fw-home"></i>
</a>
</li>
<li>
<a href="{{@app.context}}/certificates">
Certificates
</a>
</li>
<li>
<a href="{{@app.context}}/certificates/add">
<span class="fw-stack">
<i class="fw fw-ring fw-stack-2x"></i>
<i class="fw fw-document fw-stack-1x"></i>
</span>
Add Certificate
Add
</a>
</li>
{{/zone}}
{{#zone "content"}}
<!-- content/body -->
<div class="row">
<div class="col-md-12">
<!-- content -->
<div id="certificate-create-form" class="container col-centered wr-content">
<div class="wr-form">
<p class="page-sub-title">Add Certificate</p>
<p>Please note that * sign represents required fields of data.</p>
<hr/>
<div class="row">
<div class="col-lg-8">
<div id="certificate-create-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
{{#if isAuthorized}}
<!-- content/body -->
<div class="row">
<div class="col-md-12">
<!-- content -->
<div id="certificate-create-form" class="container col-centered wr-content">
<div class="wr-form">
<p class="page-sub-title">Add Certificate</p>
<p>Please note that * sign represents required fields of data.</p>
<hr/>
<div class="row">
<div class="col-lg-8">
<div id="certificate-create-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<label class="wr-input-label ">
Serial Number *
</label>
<br>
<div id="serialNoInputField" class="form-group wr-input-control">
<input type="text" id="serialNo" class="form-control"/>
</div>
<label class="wr-input-label">Certificate *</label>
<div id="certificateField" class="form-group wr-input-control">
<input type="file" id="certificate" class="form-control"/>
<label class="wr-input-label ">
Serial Number *
</label>
<br>
<div id="serialNoInputField" class="form-group wr-input-control">
<input type="text" id="serialNo" class="form-control"/>
</div>
<label class="wr-input-label">Certificate *</label>
<div id="certificateField" class="form-group wr-input-control">
<input type="file" id="certificate" class="form-control"/>
</div>
</div>
</div>
</div>
<br>
<div class="row">
<div class="col-lg-8">
<button id="add-certificate-btn" class="wr-btn">Add Certificate</button>
<br>
<div class="row">
<div class="col-lg-8">
<button id="add-certificate-btn" class="wr-btn">Add Certificate</button>
</div>
</div>
</div>
</div>
</div>
<div id="certificate-created-msg" class="container col-centered wr-content hidden">
<div class="wr-form">
<p class="page-sub-title">Certificate was added successfully.</p>
<br>
<br>Please click <b>"Add Another Certificate"</b>, if you wish to add another certificate or
<div id="certificate-created-msg" class="container col-centered wr-content hidden">
<div class="wr-form">
<p class="page-sub-title">Certificate was added successfully.</p>
<br>
<br>Please click <b>"Add Another Certificate"</b>, if you wish to add another certificate or
click
<b>"View Certificate List"</b> to complete the process and go back to the certificate list.
<hr/>
<button class="wr-btn" onclick="window.location.href='/emm/certificates'">View Certificate List
</button>
<a href="/emm/certificates/add" class="cu-btn-inner">
<b>"View Certificate List"</b> to complete the process and go back to the certificate list.
<hr/>
<button class="wr-btn" onclick="window.location.href='/emm/certificates'">View Certificate List
</button>
<a href="/emm/certificates/add" class="cu-btn-inner">
<span class="fw-stack">
<i class="fw fw-ring fw-stack-2x"></i>
<i class="fw fw-add fw-stack-1x"></i>
</span>
Add Another Certificate
</a>
Add Another Certificate
</a>
</div>
</div>
<!-- /content -->
</div>
<!-- /content -->
</div>
</div>
<!-- /content/body -->
<!-- /content/body -->
{{else}}
<h1 class="page-sub-title">
Permission Denied
</h1>
<br>
You not authorized to enter Certificate Management Section.
<br>
{{/if}}
{{/zone}}
{{#zone "bottomJs"}}

3
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.js
Unescape View File

@ -26,7 +26,8 @@ function onRequest(context) {
// var log = new Log("units/user-create/create.js");
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var mdmProps = require("/app/modules/conf-reader/main.js")["conf"];
var viewModel = {};
viewModel.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/certificates/manage");
var response = userModule.getRolesByUserStore();
if (response["status"] == "success") {
viewModel["roles"] = response["content"];

18
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificates/certificates.hbs
Unescape View File

@ -24,14 +24,24 @@
</a>
</li>
<li>
<a href="{{@app.context}}/certificates/add">
<a href="{{@app.context}}/certificates">
Certificate
</a>
</li>
{{/zone}}
{{#zone "navbarActions"}}
{{#if removePermitted}}
<li>
<a href="{{@app.context}}/certificates/add">
<span class="fw-stack">
<i class="fw fw-ring fw-stack-2x"></i>
<i class="fw fw-document fw-stack-1x"></i>
</span>
Add Certificate
</a>
</li>
Add Certificate
</a>
</li>
{{/if}}
{{/zone}}
{{#zone "content"}}

11
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs
Unescape View File

@ -38,6 +38,7 @@
{{/zone}}
{{#zone "content"}}
{{#if canManage}}
<!-- content/body -->
<div class="row">
<div class="col-md-12">
@ -96,6 +97,7 @@
Role name is required, should be in minimum 3 characters long and not include any whitespaces.
</label>
</div>
{{#if canViewUsers}}
<label class="wr-input-label">
User list
</label>
@ -104,6 +106,7 @@
<!--suppress HtmlFormInputWithoutLabel -->
<select id="users" class="form-control select2" multiple="multiple"></select>
</div>
{{/if}}
</div>
</div>
<br>
@ -134,6 +137,14 @@
</div>
</div>
<!-- /content/body -->
{{else}}
<h1 class="page-sub-title">
Permission Denied
</h1>
<br>
You not authorized to enter Role Management Section.
<br>
{{/if}}
{{/zone}}
{{#zone "bottomJs"}}
{{js "js/bottomJs.js"}}

20
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.js
Unescape View File

@ -20,16 +20,24 @@
* Returns the dynamic state to be populated by add-user page.
*
* @param context Object that gets updated with the dynamic state of this page to be presented
* @returns {*} A context object that returns the dynamic state of this page to be presented
* @returns {*} A displayData object that returns the dynamic state of this page to be presented
*/
function onRequest(context) {
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var deviceMgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var displayData = {};
context["userStores"] = userModule.getSecondaryUserStores();
context["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"];
context["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"];
context["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"];
displayData["userStores"] = userModule.getSecondaryUserStores();
displayData["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"];
displayData["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"];
displayData["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"];
return context;
if (userModule.isAuthorized("/permission/admin/device-mgt/roles/manage")) {
displayData.canManage = true;
}
if (userModule.isAuthorized("/permission/admin/device-mgt/users/view")) {
displayData.canViewUsers = true;
}
return displayData;
}

195
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.hbs
Unescape View File

@ -37,110 +37,123 @@
{{#zone "content"}}
{{#if canManage}}
<!-- content/body -->
<div class="row">
<div class="col-md-12">
<!-- content -->
<div id="user-create-form" class="container col-centered wr-content">
<div class="wr-form">
<p class="page-sub-title">Add User</p>
<p>Please note that * sign represents required fields of data.</p>
<hr/>
<div class="row">
<div class="col-lg-8">
<div id="user-create-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<label class="wr-input-label" title="Select the domain of the user store from the drop-down given below. The domain of the default user store is PRIMARY">
User Store Domain
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div class="wr-input-control">
<select id="userStore" class="form-control select">
<option value="PRIMARY">PRIMARY</option>
{{#each userStores}}
<option value="{{this}}">{{this}}</option>
{{/each}}
</select>
</div>
<label class="wr-input-label" title="{{usernameHelpMsg}}">
User Name *
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div id="usernameInputField" class="form-group wr-input-control">
<input limit="{{charLimit}}" type="text" id="username" data-regex="{{usernameJSRegEx}}" data-errormsg="{{usernameRegExViolationErrorMsg}}" class="form-control"/>
<span class=" usernameError hidden glyphicon glyphicon-remove form-control-feedback"></span>
<label class="error usernameEmpty hidden" for="summary">This field is required. Username should be in minimum 3 characters long and do not include any whitespaces.</label>
</div>
<label class="wr-input-label">First Name *</label>
<div id="firstNameField" class="form-group wr-input-control">
<input type="text" id="firstname" data-regex="{{firstnameJSRegEx}}" data-errormsg="{{firstnameRegExViolationErrorMsg}}" class="form-control"/>
<span class="glyphicon glyphicon-remove form-control-feedback hidden fnError"></span>
<label class=" hidden error fnError" for="summary">This field is required.</label>
</div>
<label class="wr-input-label">Last Name *</label>
<div id="lastNameField" class="form-group wr-input-control">
<input type="text" id="lastname" data-regex="{{lastnameJSRegEx}}" data-errormsg="{{lastnameRegExViolationErrorMsg}}" class="form-control"/>
<span class="glyphicon glyphicon-remove form-control-feedback hidden lnError"></span>
<label class=" hidden error lnError" for="summary">This field is required.</label>
</div>
<label class="wr-input-label" title="Ex: dan@abc.com">
Email Address *
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div id="emailField" class=" form-group wr-input-control">
<input type="email" id="emailAddress" class="form-control"/>
<span class="glyphicon glyphicon-remove form-control-feedback hidden emailError"></span>
<label class=" hidden error email-required" for="summary">This field is required.</label>
<label class=" hidden error email-invalid" for="summary">Invalid Email Address.</label>
</div>
<label class="wr-input-label" title="Optional field that can have 0-to-many roles for the user">
User Roles
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div class="wr-input-control">
<select id="roles" class="form-control select2" multiple="multiple">
{{#each roles}}
<option>{{this}}</option>
{{/each}}
</select>
<!-- content/body -->
<div class="row">
<div class="col-md-12">
<!-- content -->
<div id="user-create-form" class="container col-centered wr-content">
<div class="wr-form">
<p class="page-sub-title">Add User</p>
<p>Please note that * sign represents required fields of data.</p>
<hr/>
<div class="row">
<div class="col-lg-8">
<div id="user-create-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<label class="wr-input-label"
title="Select the domain of the user store from the drop-down given below. The domain of the default user store is PRIMARY">
User Store Domain
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div class="wr-input-control">
<select id="userStore" class="form-control select">
<option value="PRIMARY">PRIMARY</option>
{{#each userStores}}
<option value="{{this}}">{{this}}</option>
{{/each}}
</select>
</div>
<label class="wr-input-label" title="{{usernameHelpMsg}}">
User Name *
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div id="usernameInputField" class="form-group wr-input-control">
<input limit="{{charLimit}}" type="text" id="username"
data-regex="{{usernameJSRegEx}}"
data-errormsg="{{usernameRegExViolationErrorMsg}}" class="form-control"/>
<span class=" usernameError hidden glyphicon glyphicon-remove form-control-feedback"></span>
<label class="error usernameEmpty hidden" for="summary">This field is required.
Username should be in minimum 3 characters long and do not include any
whitespaces.</label>
</div>
<label class="wr-input-label">First Name *</label>
<div id="firstNameField" class="form-group wr-input-control">
<input type="text" id="firstname" data-regex="{{firstnameJSRegEx}}"
data-errormsg="{{firstnameRegExViolationErrorMsg}}" class="form-control"/>
<span class="glyphicon glyphicon-remove form-control-feedback hidden fnError"></span>
<label class=" hidden error fnError" for="summary">This field is required.</label>
</div>
<label class="wr-input-label">Last Name *</label>
<div id="lastNameField" class="form-group wr-input-control">
<input type="text" id="lastname" data-regex="{{lastnameJSRegEx}}"
data-errormsg="{{lastnameRegExViolationErrorMsg}}" class="form-control"/>
<span class="glyphicon glyphicon-remove form-control-feedback hidden lnError"></span>
<label class=" hidden error lnError" for="summary">This field is required.</label>
</div>
<label class="wr-input-label" title="Ex: dan@abc.com">
Email Address *
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
<div id="emailField" class=" form-group wr-input-control">
<input type="email" id="emailAddress" class="form-control"/>
<span class="glyphicon glyphicon-remove form-control-feedback hidden emailError"></span>
<label class=" hidden error email-required" for="summary">This field is
required.</label>
<label class=" hidden error email-invalid" for="summary">Invalid Email
Address.</label>
</div>
<label class="wr-input-label"
title="Optional field that can have 0-to-many roles for the user">
User Roles
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</label>
{{#if canViewRoles}}
<div class="wr-input-control">
<select id="roles" class="form-control select2" multiple="multiple">
{{#each roles}}
<option>{{this}}</option>
{{/each}}
</select>
</div>
{{/if}}
</div>
</div>
<br>
<button id="add-user-btn" class="wr-btn">Add User</button>
</div>
<br>
<button id="add-user-btn" class="wr-btn">Add User</button>
</div>
</div>
<div id="user-created-msg" class="container col-centered wr-content hidden">
<div class="wr-form">
<p class="page-sub-title">User was added successfully.</p>
<p>
An invitation mail will be sent to this user to initiate device enrollment.
Below QR code can also be used to enroll a device.
</p>
<div class="panel panel-default">
<div id="qr-code-modal" class="hidden" data-enrollment-url="{{enrollmentURL}}"></div>
<div class="panel-body">
<div class="qr-code col-lg-5 col-md-6 col-centered"></div>
<div id="user-created-msg" class="container col-centered wr-content hidden">
<div class="wr-form">
<p class="page-sub-title">User was added successfully.</p>
<p>
An invitation mail will be sent to this user to initiate device enrollment.
Below QR code can also be used to enroll a device.
</p>
<div class="panel panel-default">
<div id="qr-code-modal" class="hidden" data-enrollment-url="{{enrollmentURL}}"></div>
<div class="panel-body">
<div class="qr-code col-lg-5 col-md-6 col-centered"></div>
</div>
</div>
</div>
<br>Please click <b>"Add Another User"</b>, if you wish to add another user or click
<b>"View User List"</b> to complete the process and go back to the user list.
<hr/>
<button class="wr-btn" onclick="window.location.href='{{@app.context}}/users'">View User List</button>
<a href="{{@app.context}}/user/add" class="cu-btn-inner">
<br>Please click <b>"Add Another User"</b>, if you wish to add another user or click
<b>"View User List"</b> to complete the process and go back to the user list.
<hr/>
<button class="wr-btn" onclick="window.location.href='{{@app.context}}/users'">View User List
</button>
<a href="{{@app.context}}/user/add" class="cu-btn-inner">
<span class="fw-stack">
<i class="fw fw-ring fw-stack-2x"></i>
<i class="fw fw-add fw-stack-1x"></i>
</span>
Add Another User
</a>
Add Another User
</a>
</div>
</div>
<!-- /content -->
</div>
<!-- /content -->
</div>
</div>
{{else}}
<h1 class="page-sub-title">
Permission Denied

3
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.js
Unescape View File

@ -35,6 +35,9 @@ function onRequest() {
if (userModule.isAuthorized("/permission/admin/device-mgt/users/manage")) {
page.canManage = true;
}
if (userModule.isAuthorized("/permission/admin/device-mgt/roles/view")) {
page.canViewRoles = true;
}
var userStores = userModule.getSecondaryUserStores();
page["userStores"] = userStores;
page["charLimit"] = devicemgtProps["usernameLength"];

2
components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js
Unescape View File

@ -26,6 +26,8 @@ function onRequest(context) {
var types = {};
types.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/manage");
types.isAuthorizedViewUsers = userModule.isAuthorized("/permission/admin/device-mgt/roles/view");
types.isAuthorizedViewRoles = userModule.isAuthorized("/permission/admin/device-mgt/users/view");
types["types"] = [];
var typesListResponse = deviceModule.getDeviceTypes();
if (typesListResponse["status"] == "success") {

2
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java
Unescape View File

@ -23,7 +23,7 @@ import javax.xml.bind.annotation.XmlType;
* &lt;simpleType>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
* &lt;enumeration value="/permission/device-mgt/user/groups/device_operation"/>
* &lt;enumeration value="/permission/device-mgt/admin/groups"/>
* &lt;enumeration value="/permission/device-mgt/groups"/>
* &lt;enumeration value="/permission/device-mgt/user/groups"/>
* &lt;enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
* &lt;/restriction>

Write Preview
Loading…
Cancel
Save