Fixed issues in permission tree'

9 years ago · 429b738dba
parent f6c65dd481
commit 429b738dba
4 changed files with 22 additions and 16 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
@ -60,7 +60,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {

    @Override
    public boolean addPermission(Permission permission) throws PermissionManagementException {
-        permissionTree.addPermission(permission); // adding a permission to the tree
+        // update the permission path to absolute permission path
+        permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
+        // adding a permission to the tree
+        permissionTree.addPermission(permission);
        return PermissionUtils.putPermission(permission);
    }

--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java
@ -87,18 +87,19 @@ public class PermissionTree {
     */
    public Permission getPermission(String url, String httpMethod) {
        StringTokenizer st = new StringTokenizer(url, ROOT);
-        PermissionNode tempRoot = rootNode;
+        PermissionNode tempRoot;
+        PermissionNode currentRoot = rootNode;
        while (st.hasMoreTokens()) {
            String currentToken = st.nextToken();

            // returns the child node which matches with the 'currentToken' path.
-            tempRoot = tempRoot.getChild(currentToken);
+            tempRoot = currentRoot.getChild(currentToken);

            // if tempRoot is null, that means 'currentToken' is not matched with the child's path.
            // It means that it is at a point where the request must have dynamic path variables.
            // Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
            if (tempRoot == null) {
-                tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION);
+                tempRoot = currentRoot.getChild(DYNAMIC_PATH_NOTATION);
                // if tempRoot is null, that means there is no any permission which matches with the
                // given path
                if (tempRoot == null) {
@ -108,7 +109,8 @@ public class PermissionTree {
                    return null;
                }
            }
+            currentRoot = tempRoot;
        }
-        return tempRoot.getPermission(httpMethod);
+        return currentRoot.getPermission(httpMethod);
    }
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
@ -55,6 +55,10 @@ public class PermissionUtils {
 		}
 	}

+	public static String getAbsolutePermissionPath(String permissionPath) {
+		return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
+	}
+
 	public static Permission getPermission(String path) throws PermissionManagementException {
 		try {
 			Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
@ -97,8 +101,7 @@ public class PermissionUtils {
 		Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
 		resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
 		PermissionUtils.getGovernanceRegistry().beginTransaction();
-		PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
-		                                            path, resource);
+		PermissionUtils.getGovernanceRegistry().put(path, resource);
 		PermissionUtils.getGovernanceRegistry().commitTransaction();
 	}

--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java
+++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java
@ -70,16 +70,14 @@ public class ScopeValidator extends OAuth2ScopeValidator {
                getPermissionManagerService();
        try {
            Permission permission = permissionManagerService.getPermission(properties);
+            if(permission != null){
                String username = accessTokenDO.getAuthzUser();
-            status = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
-                    getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
-                                                               ScopeValidator.PermissionMethod.READ);
                UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
                if(userRealm != null && userRealm.getAuthorizationManager() != null){
                    status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
-                                                                              ScopeValidator.PermissionMethod.READ);
+                                                                                  PermissionMethod.READ);
+                }
            }
-
        } catch (PermissionManagementException e) {
            log.error("Error occurred while validating the resource scope for : " + resource +
                      ", Msg = " + e.getMessage(), e);