Merge branch 'kernel-4.6.2' into 'kernel-4.6.x'

changes done to fix tenant login issue See merge request entgra/carbon-device-mgt!792
3 years ago · ff747fa797
parent 6bb8938ee1 eae469fbc5
commit ff747fa797
3 changed files with 42 additions and 5 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java
@ -21,11 +21,15 @@ import org.apache.axis2.context.ConfigurationContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
 import org.wso2.carbon.device.mgt.core.DeviceManagementConstants.User;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.Permission;
 import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.api.UserStoreManager;
 import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;

 /**
 * Load configuration files to tenant's registry.
@ -48,10 +52,36 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
            UserStoreManager userStoreManager =
                    DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
                            .getUserStoreManager();
+            AuthorizationManager authorizationManager = DeviceManagementDataHolder.getInstance().getRealmService()
+                    .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getAuthorizationManager();
+
            String tenantAdminName = userRealm.getRealmConfiguration().getAdminUserName();
-            userStoreManager.addRole(User.DEFAULT_DEVICE_USER, new String[]{tenantAdminName}, User.PERMISSIONS_FOR_DEVICE_USER);
-            userStoreManager.addRole(User.DEFAULT_DEVICE_ADMIN, new String[]{tenantAdminName},
-                                     User.PERMISSIONS_FOR_DEVICE_ADMIN);
+
+            if (!userStoreManager.isExistingRole(DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN)) {
+                userStoreManager.addRole(
+                        DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
+                        null,
+                        DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN);
+            } else {
+                for (Permission permission : DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN) {
+                    authorizationManager.authorizeRole(DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
+                            permission.getResourceId(), permission.getAction());
+                }
+            }
+            if (!userStoreManager.isExistingRole(DeviceManagementConstants.User.DEFAULT_DEVICE_USER)) {
+                userStoreManager.addRole(
+                        DeviceManagementConstants.User.DEFAULT_DEVICE_USER,
+                        null,
+                        DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER);
+            } else {
+                for (Permission permission : DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER) {
+                    authorizationManager.authorizeRole(DeviceManagementConstants.User.DEFAULT_DEVICE_USER,
+                            permission.getResourceId(), permission.getAction());
+                }
+            }
+            userStoreManager.updateRoleListOfUser(tenantAdminName, null,
+                    new String[] {DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
+                            DeviceManagementConstants.User.DEFAULT_DEVICE_USER});
            if (log.isDebugEnabled()) {
                log.debug("Device management roles: " + User.DEFAULT_DEVICE_USER + ", " + User.DEFAULT_DEVICE_ADMIN +
                                  " created for the tenant:" + tenantDomain + "."
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java
@ -59,6 +59,7 @@ public class PermissionScopeHandler extends HttpServlet {
            proxyResponse.setCode(HttpStatus.SC_OK);
            proxyResponse.setData(jsonObject.toString());
            HandlerUtil.handleSuccess(resp, proxyResponse);
+            return;
        }
        HandlerUtil.handleError(resp, null);
    }
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java
@ -507,8 +507,14 @@ public class HandlerUtil {
        if (log.isDebugEnabled()) {
            log.debug("refreshing the token");
        }
-        HttpPost tokenEndpoint = new HttpPost(
-                gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
+        String iotsCorePort = System.getProperty("iot.core.https.port");
+        if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) {
+            iotsCorePort = System.getProperty("iot.core.http.port");
+        }
+        String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
+                + HandlerConstants.COLON + iotsCorePort;
+
+        HttpPost tokenEndpoint = new HttpPost(iotsCoreUrl + HandlerConstants.TOKEN_ENDPOINT);
        HttpSession session = req.getSession(false);
        if (session == null) {
            log.error("Couldn't find a session, hence it is required to login and proceed.");