forked from community/product-iots
parent
5ac84ae316
commit
73aaac46b0
@ -0,0 +1,116 @@
|
||||
<%
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||
* either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
var uri = request.getRequestURI();
|
||||
var uriMatcher = new URIMatcher(String(uri));
|
||||
|
||||
var log = new Log("api/user-api.jag");
|
||||
|
||||
var constants = require("/modules/constants.js");
|
||||
var mdmProps = require('/config/mdm-props.js').config();
|
||||
var userModule = require("/modules/user.js").userModule;
|
||||
var deviceModule = require("/modules/device.js").deviceModule;
|
||||
var utility = require("/modules/utility.js").utility;
|
||||
|
||||
var result;
|
||||
|
||||
if (uriMatcher.match("/{context}/api/user/login/")) {
|
||||
username = request.getParameter("username");
|
||||
password = request.getParameter("password");
|
||||
try {
|
||||
userModule.login(username, password, function(user) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("User Logged In : " + user);
|
||||
}
|
||||
utility.insertAppPermissions(userModule, "login");
|
||||
response.sendRedirect(constants.WEB_APP_CONTEXT);
|
||||
}, function() {
|
||||
response.sendRedirect(mdmProps.appContext + "login?#auth-failed");
|
||||
});
|
||||
} catch (e) {
|
||||
log.error("Exception occurred while a user tried to login to MDM", e);
|
||||
response.sendRedirect(mdmProps.appContext + "login?#error");
|
||||
}
|
||||
} else if (uriMatcher.match("/{context}/api/user/logout/")){
|
||||
userModule.logout(function() {
|
||||
response.sendRedirect(mdmProps.appContext + "login");
|
||||
});
|
||||
} else if (uriMatcher.match("/{context}/api/user/devices/")) {
|
||||
if (userModule.isAuthorized("/permission/device-mgt/user/devices/list")) {
|
||||
carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||
result = deviceModule.listDevicesForUser(carbonUser.username);
|
||||
} else {
|
||||
response.sendError(403);
|
||||
}
|
||||
} else if (uriMatcher.match("/{context}/api/users/{username}/invite")) {
|
||||
if (userModule.isAuthorized("/permission/device-mgt/admin/users/invite")) {
|
||||
elements = uriMatcher.elements();
|
||||
username = elements.username;
|
||||
userModule.inviteUser(username);
|
||||
} else {
|
||||
response.sendError(403);
|
||||
}
|
||||
} else if (uriMatcher.match("/{context}/api/users/add")) {
|
||||
if (userModule.isAuthorized("/permission/device-mgt/admin/users/add")) {
|
||||
addUserFormData = request.getContent();
|
||||
|
||||
username = addUserFormData.username;
|
||||
firstname = addUserFormData.firstname;
|
||||
lastname = addUserFormData.lastname;
|
||||
emailAddress = addUserFormData.emailAddress;
|
||||
|
||||
if (!addUserFormData.userRoles) {
|
||||
userRoles = null;
|
||||
} else {
|
||||
userRoles = String(addUserFormData.userRoles).split(",");
|
||||
}
|
||||
|
||||
try {
|
||||
result = userModule.addUser(username, firstname, lastname, emailAddress, userRoles);
|
||||
} catch (e) {
|
||||
log.error("Exception occurred while trying to add a user to MDM User Store", e);
|
||||
// http status code 400 refers to - Bad request.
|
||||
result = 400;
|
||||
}
|
||||
} else {
|
||||
// http status code 403 refers to - forbidden.
|
||||
result = 403;
|
||||
}
|
||||
} else if (uriMatcher.match("/{context}/api/users/{username}/remove")) {
|
||||
if (userModule.isAuthorized("/permission/device-mgt/admin/users/remove")) {
|
||||
elements = uriMatcher.elements();
|
||||
username = elements.username;
|
||||
try {
|
||||
result = userModule.removeUser(username);
|
||||
} catch (e) {
|
||||
log.error("Exception occurred while trying to remove a user from MDM User Store", e);
|
||||
// http status code 400 refers to - Bad request.
|
||||
result = 400;
|
||||
}
|
||||
} else {
|
||||
// http status code 403 refers to - forbidden.
|
||||
result = 403;
|
||||
}
|
||||
}
|
||||
|
||||
// returning the result.
|
||||
if (result) {
|
||||
print(result);
|
||||
}
|
||||
%>
|
@ -0,0 +1,27 @@
|
||||
{
|
||||
"appContext" : "/mdm/",
|
||||
"apiContext" : "api",
|
||||
"httpsURL": "%https.ip%",
|
||||
"httpURL": "%http.ip%",
|
||||
"iOSConfigRoot": "%https.ip%/ios/",
|
||||
"device": {
|
||||
"ios": {
|
||||
"location": "%http.ip%/mdm/public/asset-download-agent/asset/ios-agent.ipa",
|
||||
"bundleid": "org.wso2.carbon.mdm.mobileservices.ios.agent.iOSMDMAgent",
|
||||
"version": "1.0",
|
||||
"appname": "MDM Agent"
|
||||
}
|
||||
},
|
||||
"androidAgentApp" : "android-agent.apk",
|
||||
"windowsConfigRoot": "http://10.10.10.198:9763/mdm-windows-api/services/federated/bst/authentication",
|
||||
"ssoConfiguration": {
|
||||
"enabled": false,
|
||||
"issuer": "mdm",
|
||||
"appName": "mdm",
|
||||
"identityProviderURL": "%https.ip%/sso/samlsso.jag",
|
||||
"responseSigningEnabled": "true",
|
||||
"keyStorePassword": "wso2carbon",
|
||||
"identityAlias": "wso2carbon",
|
||||
"keyStoreName": "/repository/resources/security/wso2carbon.jks"
|
||||
}
|
||||
}
|
@ -0,0 +1,27 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||
* either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
var carbonModule = require("carbon");
|
||||
var carbonServer = new carbonModule.server.Server({
|
||||
tenanted: true,
|
||||
url: mdmProps.httpsURL + '/admin'
|
||||
});
|
||||
application.put("carbonServer", carbonServer);
|
||||
var userModule = require("/modules/user.js").userModule;
|
||||
var utility = require("/modules/utility.js").utility;
|
||||
utility.insertAppPermissions(userModule, "init");
|
@ -0,0 +1,39 @@
|
||||
{
|
||||
"displayName": "Device Cloud",
|
||||
"logLevel": "info",
|
||||
"initScripts": ["/config/init.js"],
|
||||
"urlMappings": [
|
||||
{
|
||||
"url" : "/testb/*",
|
||||
"path" : "test.jag"
|
||||
},
|
||||
{
|
||||
"url" : "/test/*",
|
||||
"path" : "test/testExecutor.jag"
|
||||
},
|
||||
{
|
||||
"url": "/api/user/*",
|
||||
"path": "/api/user-api.jag"
|
||||
},
|
||||
{
|
||||
"url": "/api/users/*",
|
||||
"path": "/api/user-api.jag"
|
||||
},
|
||||
{
|
||||
"url": "/sso/login",
|
||||
"path": "/lib/login.jag"
|
||||
},
|
||||
{
|
||||
"url": "/sso/logout",
|
||||
"path": "/lib/logout.jag"
|
||||
},
|
||||
{
|
||||
"url": "/sso/acs",
|
||||
"path": "/lib/acs.jag"
|
||||
},
|
||||
{
|
||||
"url": "/*",
|
||||
"path": "/lib/fuse.jag"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,36 @@
|
||||
<%
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
(function(){
|
||||
var constants = require('/modules/constants.js');
|
||||
if (!session.get(constants.USER_SESSION_KEY)) {
|
||||
var dataConfig = require('/config/mdm-props.js').config();
|
||||
var sso = require('/modules/sso.js').sso;
|
||||
var keyStoreParams = {
|
||||
keyStoreName : dataConfig.ssoConfiguration.keyStoreName,
|
||||
keyStorePassword : dataConfig.ssoConfiguration.keyStorePassword,
|
||||
identityAlias : dataConfig.ssoConfiguration.identityAlias
|
||||
}
|
||||
sso.configure(dataConfig.ssoConfiguration.issuer, dataConfig.ssoConfiguration.appName, keyStoreParams,
|
||||
dataConfig.ssoConfiguration.identityProviderURL);
|
||||
sso.login();
|
||||
}else{
|
||||
response.sendRedirect(dataConfig.appContext);
|
||||
}
|
||||
}());
|
||||
%>
|
@ -0,0 +1,37 @@
|
||||
<%
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
var constants = require('/modules/constants.js');
|
||||
var user = session.get(constants.USER_SESSION_KEY);
|
||||
var dataConfig = require('/config/mdm-props.js').config();
|
||||
var log = new Log();
|
||||
if (user === null) {
|
||||
log.debug("Cannot perform logout. No user session found.");
|
||||
response.sendRedirect(dataConfig.appContext+'dashboard');
|
||||
} else {
|
||||
var sso = require('/modules/sso.js').sso;
|
||||
var keyStoreParams = {
|
||||
keyStoreName: dataConfig.ssoConfiguration.keyStoreName,
|
||||
keyStorePassword: dataConfig.ssoConfiguration.keyStorePassword,
|
||||
identityAlias: dataConfig.ssoConfiguration.identityAlias
|
||||
}
|
||||
sso.configure(dataConfig.ssoConfiguration.issuer, dataConfig.ssoConfiguration.appName, keyStoreParams,
|
||||
dataConfig.ssoConfiguration.identityProviderURL);
|
||||
sso.logout(user);
|
||||
}
|
||||
%>
|
@ -0,0 +1,23 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||
* either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
var WEB_APP_TITLE = "WSO2 Device Cloud";
|
||||
var WEB_APP_CONTEXT = "/iot";
|
||||
var USER_SESSION_KEY = "USER";
|
||||
var UNSPECIFIED = "Unspecified";
|
||||
|
||||
|
@ -0,0 +1,161 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http:www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
var sso = {};
|
||||
var ssoMod = require("sso");
|
||||
var log = new Log();
|
||||
(function () {
|
||||
var carbon = require("carbon");
|
||||
var process = require("process");
|
||||
var getSSOSessions = function () {
|
||||
var sso_sessions = application.get('sso_sessions');
|
||||
|
||||
if (!sso_sessions) {
|
||||
application.put('sso_sessions', {});
|
||||
sso_sessions = application.get('sso_sessions');
|
||||
}
|
||||
return sso_sessions;
|
||||
};
|
||||
|
||||
sso.configure = function (issuer, appName, keyStoreParams, address, transport, ssoService, responseSign) {
|
||||
sso.issuer = issuer;
|
||||
sso.appName = appName;
|
||||
sso.relayState = "/" + appName;
|
||||
sso.transport = (transport ? transport : "https");
|
||||
sso.ssoService = (ssoService ? ssoService : "/samlsso");
|
||||
sso.responseSign = (responseSign ? responseSign : true);
|
||||
sso.log = new Log("SSO Module");
|
||||
sso.address = carbon.server.address(sso.transport);
|
||||
sso.keyStoreProps = {
|
||||
KEY_STORE_NAME: process.getProperty('carbon.home') + keyStoreParams.keyStoreName,
|
||||
KEY_STORE_PASSWORD: keyStoreParams.keyStorePassword,
|
||||
IDP_ALIAS: keyStoreParams.identityAlias
|
||||
};
|
||||
};
|
||||
|
||||
sso.login = function () {
|
||||
sso.sessionId = session.getId();
|
||||
var referer = request.getHeader("referer");
|
||||
sso.relayState = (referer ? referer : sso.relayState);
|
||||
sso.relayState = sso.relayState;// append query string
|
||||
var log = new Log();
|
||||
|
||||
if (request.getQueryString()) {
|
||||
|
||||
sso.relayState += request.getQueryString();
|
||||
}
|
||||
sso.encodedSAMLAuthRequest = ssoMod.client.getEncodedSAMLAuthRequest(sso.issuer);
|
||||
var postUrl = sso.address + sso.ssoService;
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Request sent to IdP");
|
||||
}
|
||||
print("<div><p>You are now being redirected to SSO Provider. If the redirection fails, please click on the "+
|
||||
"button below.</p> <form method='post' action='" + postUrl + "'><p><input type='hidden' " +
|
||||
"name='SAMLRequest' value='" + sso.encodedSAMLAuthRequest + "'/><input type='hidden' " +
|
||||
"name='RelayState' value='" + sso.relayState + "'/><input type='hidden' name='SSOAuthSessionID' " +
|
||||
"value='" + sso.sessionId + "'/><button type='submit'>Redirect manually</button></p></form></div>" +
|
||||
"<script type = 'text/javascript' >document.forms[0].submit();</script>");
|
||||
};
|
||||
|
||||
sso.logout = function (user) {
|
||||
var sso_sessions = getSSOSessions();
|
||||
sso.sessionId = session.getId();
|
||||
sso.sessionIndex = sso_sessions[sso.sessionId];
|
||||
|
||||
var referer = request.getHeader("referer");
|
||||
sso.relayState = (referer ? referer : sso.relayState);
|
||||
sso.relayState = sso.relayState + request.getQueryString(); // append query string
|
||||
sso.encodedSAMLLogoutRequest = ssoMod.client.getEncodedSAMLLogoutRequest(user, sso.sessionIndex, sso.issuer);
|
||||
var postUrl = sso.address + sso.ssoService;
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug("Logout request recieved from session id ::: " + sso.sessionId);
|
||||
}
|
||||
print("<div><p>You are now redirected to Stratos Identity. If theredirection fails, please click the post " +
|
||||
"button.</p> <form id='logoutForm' method='post' action='" + postUrl + "'> <p> <input type='hidden' " +
|
||||
"name='SAMLRequest' value='" + sso.encodedSAMLLogoutRequest + "'/> <input type='hidden' " +
|
||||
"name='RelayState' value='" + sso.relayState + "'/> <input type='hidden' name='SSOAuthSessionID' " +
|
||||
"value='" + sso.sessionId + "'/> <button type='submit'>POST</button> </p> </form> </div> <script " +
|
||||
"type = 'text/javascript' > document.forms[0].submit(); </script>");
|
||||
};
|
||||
|
||||
sso.acs = function (loginCallback, logoutCallback) {
|
||||
var sso_sessions = getSSOSessions();
|
||||
sso.sessionId = session.getId();
|
||||
var samlResponse = request.getParameter('SAMLResponse');
|
||||
var samlRequest = request.getParameter('SAMLRequest');
|
||||
var relayState = request.getParameter('RelayState');
|
||||
var samlRespObj;
|
||||
|
||||
if (samlResponse != null) {
|
||||
samlRespObj = ssoMod.client.getSamlObject(samlResponse);
|
||||
if (ssoMod.client.isLogoutResponse(samlRespObj)) {
|
||||
logoutCallback();
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug('Session Id Invalidated :::' + sso.sessionId);
|
||||
}
|
||||
// Invalidating the session after the callback
|
||||
session.invalidate();
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug("Login request");
|
||||
}
|
||||
// validating the signature
|
||||
if (sso.responseSign) {
|
||||
if (ssoMod.client.validateSignature(samlRespObj, sso.keyStoreProps)) {
|
||||
var sessionObj = ssoMod.client.decodeSAMLLoginResponse(samlRespObj, samlResponse,
|
||||
sso.sessionId);
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug("Saml object session ID :::" + sessionObj.sessionId);
|
||||
}
|
||||
if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') {
|
||||
sso_sessions[sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId] =
|
||||
sessionObj.sessionIndex;
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug("Login successful");
|
||||
sso.log.debug('User is set :::' + sessionObj.loggedInUser);
|
||||
}
|
||||
loginCallback(sessionObj.loggedInUser);
|
||||
} else {
|
||||
sso.log.error("Session index invalid");
|
||||
}
|
||||
} else {
|
||||
sso.log.error("Response Signing failed");
|
||||
}
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug("Response Signing is disabled");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/*
|
||||
Executed for single logout requests
|
||||
*/
|
||||
if (samlRequest != null) {
|
||||
var index = ssoMod.client.decodeSAMLLogoutRequest(ssoMod.client.getSamlObject(samlRequest));
|
||||
var jSessionId = getSSOSessions()[index];
|
||||
delete getSSOSessions()[index];
|
||||
if (log.isDebugEnabled()) {
|
||||
sso.log.debug('Backend logout received from store. The index is :::' + index);
|
||||
sso.log.debug('Session Id Invalidated :::' + jSessionId);
|
||||
}
|
||||
session.invalidate();
|
||||
}
|
||||
}
|
||||
})();
|
@ -0,0 +1,296 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||
* either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
var userModule;
|
||||
userModule = function () {
|
||||
var log = new Log("modules/user.js");
|
||||
|
||||
var constants = require("/modules/constants.js");
|
||||
var dataConfig = require("/config/mdm-props.js").config();
|
||||
var utility = require("/modules/utility.js").utility;
|
||||
|
||||
var userManagementService = utility.getUserManagementService();
|
||||
var deviceManagementService = utility.getDeviceManagementService();
|
||||
var EmailMessageProperties = Packages.org.wso2.carbon.device.mgt.common.EmailMessageProperties;
|
||||
|
||||
var publicMethods = {};
|
||||
var privateMethods = {};
|
||||
|
||||
/**
|
||||
* Authenticate a user when he or she attempts to login to MDM.
|
||||
*
|
||||
* @param username Username of the user
|
||||
* @param password Password of the user
|
||||
* @param successCallback Function to be called at the event of successful authentication
|
||||
* @param failureCallback Function to be called at the event of failed authentication
|
||||
*/
|
||||
publicMethods.login = function (username, password, successCallback, failureCallback) {
|
||||
var carbonModule = require("carbon");
|
||||
var carbonServer = application.get("carbonServer");
|
||||
try {
|
||||
// get tenant specific full user name.
|
||||
username = username + "@" + carbonModule.server.tenantDomain();
|
||||
// check if the user is an authenticated user.
|
||||
var isAuthenticated = carbonServer.authenticate(username, password);
|
||||
if (isAuthenticated) {
|
||||
var tenantUser = carbonModule.server.tenantUser(username);
|
||||
session.put(constants.USER_SESSION_KEY, tenantUser);
|
||||
successCallback(tenantUser);
|
||||
} else {
|
||||
failureCallback();
|
||||
}
|
||||
} catch (e) {
|
||||
throw e;
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Add user to mdm-user-store.
|
||||
*
|
||||
* @param username Username of the user
|
||||
* @param firstname First name of the user
|
||||
* @param lastname Last name of the user
|
||||
* @param emailAddress Email address of the user
|
||||
* @param userRoles Roles assigned to the user
|
||||
*
|
||||
* @returns {number} HTTP Status code 201 if succeeded, 409 if user already exists
|
||||
*/
|
||||
publicMethods.addUser = function (username, firstname, lastname, emailAddress, userRoles) {
|
||||
var carbon = require('carbon');
|
||||
var tenantId = carbon.server.tenantId();
|
||||
var url = carbon.server.address('https') + "/admin/services";
|
||||
var server = new carbon.server.Server(url);
|
||||
var userManager = new carbon.user.UserManager(server, tenantId);
|
||||
|
||||
try {
|
||||
if (userManager.userExists(username)) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("A user with name '" + username + "' already exists.");
|
||||
}
|
||||
// http status code 409 refers to - conflict.
|
||||
return 409;
|
||||
} else {
|
||||
var initialUserPassword = privateMethods.generateInitialUserPassword();
|
||||
var defaultUserClaims = privateMethods.buildDefaultUserClaims(firstname, lastname, emailAddress);
|
||||
|
||||
userManager.addUser(username, initialUserPassword, userRoles, defaultUserClaims, "default");
|
||||
privateMethods.inviteUserToEnroll(username, initialUserPassword);
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("A new user with name '" + username + "' was created.");
|
||||
}
|
||||
// http status code 201 refers to - created.
|
||||
return 201;
|
||||
}
|
||||
} catch (e) {
|
||||
throw e;
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Remove an existing user from mdm-user-store.
|
||||
*
|
||||
* @param username Username of the user
|
||||
* @returns {number} HTTP Status code 200 if succeeded, 409 if the user does not exist
|
||||
*/
|
||||
publicMethods.removeUser = function (username) {
|
||||
var carbon = require('carbon');
|
||||
var tenantId = carbon.server.tenantId();
|
||||
var url = carbon.server.address('https') + "/admin/services";
|
||||
var server = new carbon.server.Server(url);
|
||||
var userManager = new carbon.user.UserManager(server, tenantId);
|
||||
|
||||
try {
|
||||
if (userManager.userExists(username)) {
|
||||
userManager.removeUser(username);
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("An existing user with name '" + username + "' was removed.");
|
||||
}
|
||||
// http status code 200 refers to - success.
|
||||
return 200;
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("A user with name '" + username + "' does not exist to remove.");
|
||||
}
|
||||
// http status code 409 refers to - conflict.
|
||||
return 409;
|
||||
}
|
||||
} catch (e) {
|
||||
throw e;
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Private method to be used by addUser() to
|
||||
* generate an initial user password for a user.
|
||||
* This will be the password used by a user for his initial login to the system.
|
||||
*
|
||||
* @returns {string} Initial User Password
|
||||
*/
|
||||
privateMethods.generateInitialUserPassword = function () {
|
||||
var passwordLength = 6;
|
||||
//defining the pool of characters to be used for initial password generation
|
||||
var lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
|
||||
var upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
var numericCharset = "0123456789";
|
||||
|
||||
var totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
|
||||
var totalCharsetLength = totalCharset.length;
|
||||
|
||||
var initialUserPassword = "";
|
||||
for (var i = 0; i < passwordLength; ++i) {
|
||||
initialUserPassword += totalCharset.charAt(Math.floor(Math.random() * totalCharsetLength));
|
||||
}
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Initial password created for new user : " + initialUserPassword);
|
||||
}
|
||||
return String(initialUserPassword);
|
||||
};
|
||||
|
||||
/**
|
||||
* Build default user claims.
|
||||
*
|
||||
* @param firstname First name of the user
|
||||
* @param lastname Last name of the user
|
||||
* @param emailAddress Email address of the user
|
||||
*
|
||||
* @returns {Object} Default user claims to be provided
|
||||
*/
|
||||
privateMethods.buildDefaultUserClaims = function (firstname, lastname, emailAddress) {
|
||||
var defaultUserClaims = {
|
||||
"http://wso2.org/claims/givenname": firstname,
|
||||
"http://wso2.org/claims/lastname": lastname,
|
||||
"http://wso2.org/claims/emailaddress": emailAddress
|
||||
};
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("ClaimMap created for new user : " + stringify(defaultUserClaims));
|
||||
}
|
||||
return defaultUserClaims;
|
||||
};
|
||||
|
||||
/**
|
||||
* Send an initial invitation email to a user with username/password attached
|
||||
* for the very-first enrollment with WSO2 MDM.
|
||||
*
|
||||
* @param username Username of the user
|
||||
* @param password Password of the user
|
||||
*/
|
||||
privateMethods.inviteUserToEnroll = function (username, password) {
|
||||
var enrollmentURL = dataConfig.httpsURL + dataConfig.appContext + "download-agent";
|
||||
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||
if (!carbonUser) {
|
||||
log.error("User object was not found in the session");
|
||||
throw constants.ERRORS.USER_NOT_FOUND;
|
||||
}
|
||||
var user = userManagementService.getUser(username, carbonUser.tenantId);
|
||||
|
||||
var emailTo = [];
|
||||
emailTo[0] = user.getEmail();
|
||||
var emailMessageProperties = new EmailMessageProperties();
|
||||
emailMessageProperties.setMailTo(emailTo);
|
||||
emailMessageProperties.setFirstName(user.getFirstName());
|
||||
emailMessageProperties.setUserName(username);
|
||||
emailMessageProperties.setPassword(password);
|
||||
emailMessageProperties.setEnrolmentUrl(enrollmentURL);
|
||||
deviceManagementService.sendRegistrationEmail(emailMessageProperties);
|
||||
};
|
||||
|
||||
publicMethods.addPermissions = function (permissionList, path, init) {
|
||||
var carbonModule = require("carbon");
|
||||
var carbonServer = application.get("carbonServer");
|
||||
var options = {system: true};
|
||||
if (init == "login") {
|
||||
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||
if (carbonUser) {
|
||||
options.tenantId = carbonUser.tenantId;
|
||||
}
|
||||
}
|
||||
var registry = new carbonModule.registry.Registry(carbonServer, options);
|
||||
var i, permission, resource;
|
||||
for (i = 0; i < permissionList.length; i++) {
|
||||
permission = permissionList[i];
|
||||
resource = {
|
||||
collection : true,
|
||||
name : permission.name,
|
||||
properties : {
|
||||
name : permission.name
|
||||
}
|
||||
};
|
||||
registry.put("/_system/governance/permission/" + path + "/" + permission.key, resource);
|
||||
}
|
||||
};
|
||||
|
||||
publicMethods.inviteUser = function (username) {
|
||||
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||
if (!carbonUser) {
|
||||
log.error("User object was not found in the session");
|
||||
throw constants.ERRORS.USER_NOT_FOUND;
|
||||
}
|
||||
var user = userManagementService.getUser(username, carbonUser.tenantId);
|
||||
var enrollmentURL = dataConfig.httpsURL + dataConfig.appContext + "download-agent";
|
||||
|
||||
var emailProperties = new EmailMessageProperties();
|
||||
var emailTo = [];
|
||||
emailTo[0] = user.getEmail();
|
||||
emailProperties.setMailTo(emailTo);
|
||||
emailProperties.setFirstName(user.getFirstName());
|
||||
emailProperties.setEnrolmentUrl(enrollmentURL);
|
||||
deviceManagementService.sendEnrolmentInvitation(emailProperties);
|
||||
};
|
||||
|
||||
publicMethods.getUsers = function () {
|
||||
var users = [];
|
||||
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||
if (!carbonUser) {
|
||||
log.error("User object was not found in the session");
|
||||
throw constants.ERRORS.USER_NOT_FOUND;
|
||||
}
|
||||
var userList = userManagementService.getUsersForTenant(carbonUser.tenantId);
|
||||
var i, userObject;
|
||||
for (i = 0; i < userList.size(); i++) {
|
||||
userObject = userList.get(i);
|
||||
users.push({
|
||||
"username" : userObject.getUserName(),
|
||||
"email" : userObject.getEmail(),
|
||||
"name" : userObject.getFirstName() + " " + userObject.getLastName()
|
||||
});
|
||||
}
|
||||
return users;
|
||||
};
|
||||
|
||||
publicMethods.isAuthorized = function (permission) {
|
||||
var carbonModule = require("carbon");
|
||||
var carbonServer = application.get("carbonServer");
|
||||
var carbonUser = session.get(constants.USER_SESSION_KEY);
|
||||
if (!carbonUser) {
|
||||
log.error("User object was not found in the session");
|
||||
throw constants.ERRORS.USER_NOT_FOUND;
|
||||
}
|
||||
var userManager = new carbonModule.user.UserManager(carbonServer, carbonUser.tenantId);
|
||||
var user = new carbonModule.user.User(userManager, carbonUser.username);
|
||||
return user.isAuthorized(permission, "ui.execute");
|
||||
};
|
||||
|
||||
publicMethods.logout = function (successCallback) {
|
||||
session.invalidate();
|
||||
successCallback();
|
||||
};
|
||||
|
||||
return publicMethods;
|
||||
}();
|
||||
|
||||
|
@ -0,0 +1,41 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||
* either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
var utility;
|
||||
utility = function () {
|
||||
var JavaClass = Packages.java.lang.Class;
|
||||
var PrivilegedCarbonContext = Packages.org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
|
||||
var getOsgiService = function (className) {
|
||||
return PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(JavaClass.forName(className));
|
||||
};
|
||||
|
||||
var publicMethods = {};
|
||||
|
||||
publicMethods.getDeviceManagementService = function () {
|
||||
return getOsgiService('org.wso2.carbon.device.mgt.core.service.DeviceManagementService');
|
||||
};
|
||||
|
||||
publicMethods.getUserManagementService = function () {
|
||||
return getOsgiService('org.wso2.carbon.device.mgt.user.core.service.UserManagementService');
|
||||
};
|
||||
|
||||
return publicMethods;
|
||||
}();
|
||||
|
||||
|
@ -0,0 +1,9 @@
|
||||
{{authorized}}
|
||||
{{layout "fluid"}}
|
||||
{{#zone "title"}}
|
||||
WSO2 Device Cloud | Add User
|
||||
{{/zone}}
|
||||
{{#zone "body"}}
|
||||
{{unit "appbar"}}
|
||||
{{unit "add-user"}}
|
||||
{{/zone}}
|
@ -0,0 +1,19 @@
|
||||
{{authorized}}
|
||||
{{layout "fluid"}}
|
||||
{{#zone "title"}}
|
||||
WSO2 MDM | Device Management
|
||||
{{/zone}}
|
||||
{{#zone "body"}}
|
||||
{{unit "appbar"}}
|
||||
{{unit "extended-search-box"}}
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
<!-- content -->
|
||||
<div class="container col-md-12 col-centered wr-content">
|
||||
{{unit "operation-bar"}}
|
||||
{{unit "device-listing"}}
|
||||
</div>
|
||||
<!-- /content -->
|
||||
</div>
|
||||
</div>
|
||||
{{/zone}}
|
@ -0,0 +1,7 @@
|
||||
{{layout "fluid"}}
|
||||
{{#zone "title"}}
|
||||
WSO2 Mobile Device Manager | Login
|
||||
{{/zone}}
|
||||
{{#zone "body"}}
|
||||
{{unit "login"}}
|
||||
{{/zone}}
|
@ -0,0 +1,9 @@
|
||||
{{authorized}}
|
||||
{{layout "fluid"}}
|
||||
{{#zone "title"}}
|
||||
User Management
|
||||
{{/zone}}
|
||||
{{#zone "body"}}
|
||||
{{unit "appbar"}}
|
||||
{{unit "user-listing"}}
|
||||
{{/zone}}
|
@ -0,0 +1,12 @@
|
||||
<%
|
||||
var userModule = require("/modules/user.js").userModule;
|
||||
userModule.addPermissions([{key: "device-mgt/", name: "Device Management"}], "");
|
||||
userModule.addPermissions([{key: "device-mgt/admin", name: "Device Management Admin"}], "");
|
||||
userModule.addPermissions([{key: "device-mgt/user", name: "Device Management User"}], "");
|
||||
|
||||
userModule.addPermissions([{key: "devices", name: "Device"}], "device-mgt/admin");
|
||||
userModule.addPermissions([{key: "devices", name: "Device"}], "device-mgt/user");
|
||||
userModule.addPermissions([{key: "devices/list", name: "List all Devices"}], "device-mgt/admin");
|
||||
userModule.addPermissions([{key: "devices/list", name: "List own Devices"}], "device-mgt/user");
|
||||
new Log().info(userModule.isAuthorized("/permission/device-mgt/admin/devices/list"));
|
||||
%>
|
@ -0,0 +1,20 @@
|
||||
<%
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
require("jaggery-test").test.run();
|
||||
%>
|
@ -0,0 +1,5 @@
|
||||
# Ignore everything in this directory.
|
||||
# they are auto generated, should not be committed.
|
||||
*
|
||||
# Except this file
|
||||
!.gitignore
|
@ -0,0 +1,56 @@
|
||||
{{#zone "main"}}
|
||||
<!-- content/body -->
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
<!-- content -->
|
||||
<div class="container col-centered wr-content">
|
||||
<div class="wr-form">
|
||||
<h1 class="wr-title">Add User</h1>
|
||||
Please note that * sign represents required fields of data.
|
||||
<hr />
|
||||
<span class="wr-validation-summary hidden">
|
||||
<p></p>
|
||||
</span>
|
||||
<div class="row">
|
||||
<div class="col-lg-8">
|
||||
<label class="wr-input-label">User Name *</label>
|
||||
<div class="wr-input-control">
|
||||
<input type="text" id="username" value="" placeholder="input text"/>
|
||||
</div>
|
||||
<label class="wr-input-label">First Name *</label>
|
||||
<div class="wr-input-control">
|
||||
<input type="text" id="firstname" value="" placeholder="input text"/>
|
||||
</div>
|
||||
<label class="wr-input-label">Last Name *</label>
|
||||
<div class="wr-input-control">
|
||||
<input type="text" id="lastname" value="" placeholder="input text"/>
|
||||
</div>
|
||||
<label class="wr-input-label">Email Address *</label>
|
||||
<div class="wr-input-control">
|
||||
<input type="email" id="email" value="" placeholder="input text"/>
|
||||
</div>
|
||||
<label class="wr-input-label">
|
||||
User Roles
|
||||
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
|
||||
</label>
|
||||
<div class="wr-input-control">
|
||||
<select id="roles" class="form-control select2" multiple="multiple">
|
||||
{{#each roles}}
|
||||
<option>{{this}}</option>
|
||||
{{/each}}
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<button id="add-user-btn" class="wr-btn">Add User</button>
|
||||
</div>
|
||||
</div>
|
||||
<!-- /content -->
|
||||
</div>
|
||||
</div>
|
||||
<!-- /content/body -->
|
||||
{{/zone}}
|
||||
{{#zone "bottomJs"}}
|
||||
<script src="{{self.publicURL}}/js/bottomJs.js"></script>
|
||||
{{/zone}}
|
||||
|
@ -0,0 +1,26 @@
|
||||
/**
|
||||
* Returns the dynamic state to be populated by add-user page.
|
||||
*
|
||||
* @param context Object that gets updated with the dynamic state of this page to be presented
|
||||
* @returns {*} A context object that returns the dynamic state of this page to be presented
|
||||
*/
|
||||
function onRequest(context) {
|
||||
var carbon = require('carbon');
|
||||
var tenantId = carbon.server.tenantId();
|
||||
var url = carbon.server.address('https') + "/admin/services/";
|
||||
var server = new carbon.server.Server(url);
|
||||
var userManager = new carbon.user.UserManager(server, tenantId);
|
||||
|
||||
var allRoles = userManager.allRoles();
|
||||
var i = 0;
|
||||
var filteredRoles = [];
|
||||
while (allRoles[i]) {
|
||||
if (allRoles[i] != "Internal/subscriber" && allRoles[i] != "Internal/everyone") {
|
||||
filteredRoles.push(allRoles[i]);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
|
||||
context.roles = filteredRoles;
|
||||
return context;
|
||||
}
|
@ -0,0 +1,3 @@
|
||||
{
|
||||
"predicate": false
|
||||
}
|
@ -0,0 +1,91 @@
|
||||
$( document ).ready(function() {
|
||||
$("select.select2").select2({
|
||||
placeholder : "Select..."
|
||||
});
|
||||
|
||||
$("select.select2[multiple=multiple]").select2({
|
||||
placeholder : "Select...",
|
||||
tags : true
|
||||
});
|
||||
});
|
||||
|
||||
/**
|
||||
* Checks if an email address has the valid format or not.
|
||||
*
|
||||
* @param email Email address
|
||||
* @returns {boolean} true if email has the valid format, otherwise false.
|
||||
*/
|
||||
var emailIsValid = function(email) {
|
||||
var atPosition = email.indexOf("@");
|
||||
var dotPosition = email.lastIndexOf(".");
|
||||
return !(atPosition < 1 || ( dotPosition - atPosition < 2 ));
|
||||
};
|
||||
|
||||
/**
|
||||
* Following click function would execute
|
||||
* when a user clicks on "Add User" button
|
||||
* on Add User page in WSO2 MDM Console.
|
||||
*/
|
||||
$("button#add-user-btn").click(function() {
|
||||
var username = $("input#username").val();
|
||||
var firstname = $("input#firstname").val();
|
||||
var lastname = $("input#lastname").val();
|
||||
var emailAddress = $("input#email").val();
|
||||
var userRoles = $("select#roles").val();
|
||||
|
||||
if (!username) {
|
||||
$(".wr-validation-summary p").text("Username is a required field. It cannot be empty.");
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
} else if (!firstname) {
|
||||
$(".wr-validation-summary p").text("Firstname is a required field. It cannot be empty.");
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
} else if (!lastname) {
|
||||
$(".wr-validation-summary p").text("Lastname is a required field. It cannot be empty.");
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
} else if (!emailAddress) {
|
||||
$(".wr-validation-summary p").text("Email is a required field. It cannot be empty.");
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
} else if (!emailIsValid(emailAddress)) {
|
||||
$(".wr-validation-summary p").text("Email is not valid. Please enter a correct email address.");
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
} else {
|
||||
var addUserFormData = {};
|
||||
addUserFormData.username = username;
|
||||
addUserFormData.firstname = firstname;
|
||||
addUserFormData.lastname = lastname;
|
||||
addUserFormData.emailAddress = emailAddress;
|
||||
addUserFormData.userRoles = userRoles;
|
||||
|
||||
var addUserAPI = "/mdm/api/users/add";
|
||||
|
||||
$.ajax({
|
||||
type : "POST",
|
||||
url : addUserAPI,
|
||||
contentType : "application/json",
|
||||
data : JSON.stringify(addUserFormData),
|
||||
success : function(data) {
|
||||
if (data == 201) {
|
||||
$(".wr-validation-summary p").text("User (" + username + ") was added. " +
|
||||
"An invitation mail will also be sent to this user to initiate a device enrollment.");
|
||||
// Clearing user input fields.
|
||||
$("input#username").val("");
|
||||
$("input#firstname").val("");
|
||||
$("input#lastname").val("");
|
||||
$("input#email").val("");
|
||||
$("select#roles").select2("val", "");
|
||||
} else if (data == 400) {
|
||||
$(".wr-validation-summary p").text("Exception occurred at backend.");
|
||||
} else if (data == 403) {
|
||||
$(".wr-validation-summary p").text("Action was not permitted.");
|
||||
} else if (data == 409) {
|
||||
$(".wr-validation-summary p").text("Sorry, User already exists.");
|
||||
}
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
},
|
||||
error : function() {
|
||||
$(".wr-validation-summary p").text("An unexpected error occurred.");
|
||||
$(".wr-validation-summary").removeClass("hidden");
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
@ -0,0 +1,44 @@
|
||||
{{#zone "main"}}
|
||||
|
||||
<div id="nav" class="row wr-app-bar">
|
||||
<div class="wr-action-container">
|
||||
<div class="wr-action-btn-bar">
|
||||
<!--<a href="javascript:history.go(-1)" class="cu-btn">
|
||||
<i class="wso2icon wso2-c-left-arrow"></i>Go Back
|
||||
</a>-->
|
||||
{{#if permissions.ADD_USER}}
|
||||
<a href="/mdm/add-user" class="cu-btn">
|
||||
<span class="wso2icon-stack">
|
||||
<i class="wso2icon wso2-ring wso2icon-stack-2x"></i>
|
||||
<i class="wso2icon wso2-add wso2icon-stack-1x"></i>
|
||||
</span>
|
||||
Add User
|
||||
</a>
|
||||
{{/if}}
|
||||
{{#if permissions.LIST_USERS}}
|
||||
<a href="/mdm/users" class="cu-btn">
|
||||
<span class="wso2icon-stack">
|
||||
<i class="wso2icon wso2icon-stack-1x"></i>
|
||||
</span>
|
||||
User Management
|
||||
</a>
|
||||
{{/if}}
|
||||
{{#if permissions.LIST_DEVICES}}
|
||||
<a href="/mdm" class="cu-btn">
|
||||
<span class="wso2icon-stack">
|
||||
<i class="wso2icon wso2icon-stack-1x"></i>
|
||||
</span>
|
||||
Device Management
|
||||
</a>
|
||||
{{/if}}
|
||||
<a href="javascript:openNotificationbar()" class="cu-btn wr-notification-toggle-btn">
|
||||
<span class="wso2icon-stack-md">
|
||||
<i class="wso2icon wso2-bell wso2icon-stack-1-5x"></i>
|
||||
</span>
|
||||
<span class="wr-notification-bubble">0</span>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{/zone}}
|
@ -0,0 +1,16 @@
|
||||
function onRequest(context) {
|
||||
var userModule = require("/modules/user.js").userModule;
|
||||
var permissions = {};
|
||||
if (userModule.isAuthorized("/permission/device-mgt/admin/devices/list") ||
|
||||
userModule.isAuthorized("/permission/device-mgt/user/devices/list")) {
|
||||
permissions.LIST_DEVICES = true;
|
||||
}
|
||||
if (userModule.isAuthorized("/permission/device-mgt/admin/users/list")) {
|
||||
permissions.LIST_USERS = true;
|
||||
}
|
||||
if (userModule.isAuthorized("/permission/device-mgt/admin/users/add")) {
|
||||
permissions.ADD_USER = true;
|
||||
}
|
||||
context.permissions = permissions;
|
||||
return context;
|
||||
}
|
@ -0,0 +1,3 @@
|
||||
{
|
||||
"predicate": "true"
|
||||
}
|
Loading…
Reference in new issue