Fix issue of app installation with admin user

In the current implementation, devices owned by the logged in user is fetched as the device list. When an admin user logged in, even though the user has permission to view and install apps to other users devices the devices does not get fetched if the admin user is not the owner.

This resolves the above issue by fetching all devices if the user has admin permission.

Resolves product-iots#55

components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/ApplicationOperationsImpl.java

@@ -39,6 +39,8 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.Platform;
 import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
 import org.wso2.carbon.appmgt.mobile.utils.User;
@@ -233,25 +235,32 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
         List<Device> devices;
         List<org.wso2.carbon.device.mgt.common.Device> deviceList;
         try {
-            DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils
+            final int tenantId = applicationOperationDevice.getTenantId();
-                    .getDeviceManagementService(applicationOperationDevice.getTenantId());
             final String username = applicationOperationDevice.getCurrentUser().getUsername();
             final String platform = applicationOperationDevice.getPlatform();
+            DeviceAccessAuthorizationService deviceAccessAuthorizationService = MDMServiceAPIUtils
+                    .getDeviceAccessAuthorizationService(applicationOperationDevice.getTenantId());
+            DeviceManagementProviderService deviceManagementService = MDMServiceAPIUtils
+                    .getDeviceManagementService(tenantId);
+            boolean isAdmin = deviceAccessAuthorizationService.isDeviceAdminUser();
+
             switch (platform) {
                 case MDMAppConstants.WEBAPP:
-                    deviceList = deviceManagementService.getDevicesOfUser(username);
+                    deviceList = isAdmin ? deviceManagementService.getAllDevices() :
+                            deviceManagementService.getDevicesOfUser(username);
                     break;
                 case MDMAppConstants.ANDROID:
-                    deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID);
+                    deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.ANDROID) :
+                            deviceManagementService.getDevicesOfUser(username, MDMAppConstants.ANDROID);
                     break;
                 case MDMAppConstants.IOS:
-                    deviceList = deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS);
+                    deviceList = isAdmin ? deviceManagementService.getAllDevices(MDMAppConstants.IOS) :
+                            deviceManagementService.getDevicesOfUser(username, MDMAppConstants.IOS);
                     break;
                 default:
-                    String msg = "App platform:" + platform + "is not supported.";
+                    throw new MobileApplicationException("App platform: [" + platform + "] is not supported.");
-                    log.error(msg);
-                    throw new MobileApplicationException(msg);
             }
+
             devices = new ArrayList<>(deviceList.size());
             if (log.isDebugEnabled()) {
                 log.debug("device list got from mdm " + deviceList.toString());
@@ -291,7 +300,8 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
         } catch (DeviceManagementException e) {
             logError("Error While retrieving Device List.", e);
             throw new MobileApplicationException(e.getMessage());
-
+        } catch (DeviceAccessAuthorizationException e) {
+            throw new MobileApplicationException("Error while checking user permissions", e);
         }
         return devices;
     }

components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.osgiconnector/src/main/java/org/wso2/carbon/appmgt/mdm/osgiconnector/mdmmgt/util/MDMServiceAPIUtils.java

@@ -19,6 +19,7 @@ package org.wso2.carbon.appmgt.mdm.osgiconnector.mdmmgt.util;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 
@@ -49,6 +50,26 @@ public class MDMServiceAPIUtils {
 		return deviceManagementProviderService;
 	}
 
+    /**
+     * Returns the DeviceAccessAuthorizationService osgi service.
+     *
+     * @param tenantId tenant id
+     * @return {@link DeviceAccessAuthorizationService}
+     */
+    public static DeviceAccessAuthorizationService getDeviceAccessAuthorizationService(int tenantId) {
+        PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        ctx.setTenantId(tenantId, true);
+        DeviceAccessAuthorizationService deviceAccessAuthorizationService =
+                (DeviceAccessAuthorizationService) ctx
+                        .getOSGiService(DeviceAccessAuthorizationService.class, null);
+        if (deviceAccessAuthorizationService == null) {
+            String msg = "Device Access Authorization service has not initialized.";
+            log.error(msg);
+            throw new IllegalStateException(msg);
+        }
+        return deviceAccessAuthorizationService;
+    }
+
 	/**
 	 * Returns the ApplicationManagementProviderService osgi service.
 	 *