From 29aca290a442aaeb3870cd7a52f454532cd17e9c Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Wed, 4 May 2016 00:49:06 +0530
Subject: [PATCH] Adding group permission checking

---
 .../coffeeking/api/ConnectedCupControllerServiceImpl.java  | 6 ++++--
 .../org/coffeeking/api/ConnectedCupManagerServiceImpl.java | 7 +++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupControllerServiceImpl.java b/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupControllerServiceImpl.java
index 9cd9e289..f41e77c4 100644
--- a/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupControllerServiceImpl.java
+++ b/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupControllerServiceImpl.java
@@ -28,6 +28,7 @@ import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorization
 import org.wso2.carbon.analytics.dataservice.commons.SORT;
 import org.wso2.carbon.analytics.dataservice.commons.SortByField;
 import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
@@ -49,7 +50,8 @@ public class ConnectedCupControllerServiceImpl implements ConnectedCupController
     public Response orderCoffee(@QueryParam("deviceId") String deviceId) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                                                 ConnectedCupConstants.DEVICE_TYPE))) {
+                                                 ConnectedCupConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.
+                                                DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             log.info("Coffee ordered....!");
@@ -77,7 +79,7 @@ public class ConnectedCupControllerServiceImpl implements ConnectedCupController
 
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                       ConnectedCupConstants.DEVICE_TYPE))) {
+                       ConnectedCupConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             List<SensorRecord> sensorDatas;
diff --git a/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupManagerServiceImpl.java b/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupManagerServiceImpl.java
index 145348d0..d7b2e678 100644
--- a/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupManagerServiceImpl.java
+++ b/modules/samples/connectedcup/component/api/src/main/java/org/coffeeking/api/ConnectedCupManagerServiceImpl.java
@@ -27,6 +27,7 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
@@ -56,7 +57,8 @@ public class ConnectedCupManagerServiceImpl implements ConnectedCupManagerServic
             DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
             deviceIdentifier.setId(deviceId);
             deviceIdentifier.setType(ConnectedCupConstants.DEVICE_TYPE);
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
+                    Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             boolean removed = APIUtil.getDeviceManagementService().disenrollDevice(
@@ -81,7 +83,8 @@ public class ConnectedCupManagerServiceImpl implements ConnectedCupManagerServic
         deviceIdentifier.setId(deviceId);
         deviceIdentifier.setType(ConnectedCupConstants.DEVICE_TYPE);
         try {
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
+                    Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier);