Fixed issues in permission tree'

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java

@@ -60,7 +60,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
 
     @Override
     public boolean addPermission(Permission permission) throws PermissionManagementException {
-        permissionTree.addPermission(permission); // adding a permission to the tree
+        // update the permission path to absolute permission path
+        permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
+        // adding a permission to the tree
+        permissionTree.addPermission(permission);
         return PermissionUtils.putPermission(permission);
     }
 

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java

@@ -87,18 +87,19 @@ public class PermissionTree {
      */
     public Permission getPermission(String url, String httpMethod) {
         StringTokenizer st = new StringTokenizer(url, ROOT);
-        PermissionNode tempRoot = rootNode;
+        PermissionNode tempRoot;
+        PermissionNode currentRoot = rootNode;
         while (st.hasMoreTokens()) {
             String currentToken = st.nextToken();
 
             // returns the child node which matches with the 'currentToken' path.
-            tempRoot = tempRoot.getChild(currentToken);
+            tempRoot = currentRoot.getChild(currentToken);
 
             // if tempRoot is null, that means 'currentToken' is not matched with the child's path.
             // It means that it is at a point where the request must have dynamic path variables.
             // Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
             if (tempRoot == null) {
-                tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION);
+                tempRoot = currentRoot.getChild(DYNAMIC_PATH_NOTATION);
                 // if tempRoot is null, that means there is no any permission which matches with the
                 // given path
                 if (tempRoot == null) {
@@ -108,7 +109,8 @@ public class PermissionTree {
                     return null;
                 }
             }
+            currentRoot = tempRoot;
         }
-        return tempRoot.getPermission(httpMethod);
+        return currentRoot.getPermission(httpMethod);
     }
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java

@@ -55,6 +55,10 @@ public class PermissionUtils {
 		}
 	}
 
+	public static String getAbsolutePermissionPath(String permissionPath) {
+		return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
+	}
+
 	public static Permission getPermission(String path) throws PermissionManagementException {
 		try {
 			Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
@@ -97,8 +101,7 @@ public class PermissionUtils {
 		Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
 		resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
 		PermissionUtils.getGovernanceRegistry().beginTransaction();
-		PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
-		                                            path, resource);
+		PermissionUtils.getGovernanceRegistry().put(path, resource);
 		PermissionUtils.getGovernanceRegistry().commitTransaction();
 	}
 

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java

@@ -70,16 +70,14 @@ public class ScopeValidator extends OAuth2ScopeValidator {
                 getPermissionManagerService();
         try {
             Permission permission = permissionManagerService.getPermission(properties);
-            String username = accessTokenDO.getAuthzUser();
-            status = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
-                    getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
-                                                               ScopeValidator.PermissionMethod.READ);
-            UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
-            if(userRealm != null && userRealm.getAuthorizationManager() != null){
-                status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
-                                                                              ScopeValidator.PermissionMethod.READ);
+            if(permission != null){
+                String username = accessTokenDO.getAuthzUser();
+                UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
+                if(userRealm != null && userRealm.getAuthorizationManager() != null){
+                    status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
+                                                                                  PermissionMethod.READ);
+                }
             }
-
         } catch (PermissionManagementException e) {
             log.error("Error occurred while validating the resource scope for : " + resource +
                       ", Msg = " + e.getMessage(), e);