|
|
@ -22,17 +22,13 @@ import org.apache.commons.logging.Log;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
import org.wso2.carbon.CarbonConstants;
|
|
|
|
import org.wso2.carbon.CarbonConstants;
|
|
|
|
import org.wso2.carbon.base.MultitenantConstants;
|
|
|
|
import org.wso2.carbon.base.MultitenantConstants;
|
|
|
|
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
|
|
|
|
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
|
|
|
|
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.service.api.RoleManagementService;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.service.api.RoleManagementService;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
|
|
|
|
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
|
|
|
|
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
|
|
|
|
import org.wso2.carbon.user.api.*;
|
|
|
|
import org.wso2.carbon.user.api.*;
|
|
|
|
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
|
|
|
|
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
|
|
|
@ -43,12 +39,16 @@ import org.wso2.carbon.user.mgt.common.UserAdminException;
|
|
|
|
import javax.ws.rs.*;
|
|
|
|
import javax.ws.rs.*;
|
|
|
|
import javax.ws.rs.core.MediaType;
|
|
|
|
import javax.ws.rs.core.MediaType;
|
|
|
|
import javax.ws.rs.core.Response;
|
|
|
|
import javax.ws.rs.core.Response;
|
|
|
|
|
|
|
|
import java.io.UnsupportedEncodingException;
|
|
|
|
import java.net.URI;
|
|
|
|
import java.net.URI;
|
|
|
|
import java.net.URISyntaxException;
|
|
|
|
import java.net.URISyntaxException;
|
|
|
|
|
|
|
|
import java.net.URLEncoder;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import static org.wso2.carbon.device.mgt.jaxrs.util.Constants.PRIMARY_USER_STORE;
|
|
|
|
|
|
|
|
|
|
|
|
@Path("/roles")
|
|
|
|
@Path("/roles")
|
|
|
|
@Produces(MediaType.APPLICATION_JSON)
|
|
|
|
@Produces(MediaType.APPLICATION_JSON)
|
|
|
|
@Consumes(MediaType.APPLICATION_JSON)
|
|
|
|
@Consumes(MediaType.APPLICATION_JSON)
|
|
|
@ -56,7 +56,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
|
|
|
|
|
|
|
|
private static final String API_BASE_PATH = "/roles";
|
|
|
|
private static final String API_BASE_PATH = "/roles";
|
|
|
|
private static final Log log = LogFactory.getLog(RoleManagementServiceImpl.class);
|
|
|
|
private static final Log log = LogFactory.getLog(RoleManagementServiceImpl.class);
|
|
|
|
private static final String PRIMARY_USER_STORE = "PRIMARY";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@GET
|
|
|
|
@GET
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
@ -94,9 +93,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
@GET
|
|
|
|
@GET
|
|
|
|
@Path("/{roleName}/permissions")
|
|
|
|
@Path("/{roleName}/permissions")
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public Response getPermissionsOfRole(
|
|
|
|
public Response getPermissionsOfRole(@PathParam("roleName") String roleName,
|
|
|
|
@PathParam("roleName") String roleName,
|
|
|
|
@QueryParam("user-store") String userStoreName, @HeaderParam("If-Modified-Since") String ifModifiedSince) {
|
|
|
|
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
|
|
|
|
if (userStoreName != null && !userStoreName.isEmpty()) {
|
|
|
|
|
|
|
|
roleName = userStoreName + "/" + roleName;
|
|
|
|
|
|
|
|
}
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
|
|
|
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
|
|
@ -164,11 +165,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
@GET
|
|
|
|
@GET
|
|
|
|
@Path("/{roleName}")
|
|
|
|
@Path("/{roleName}")
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public Response getRole(@PathParam("roleName") String roleName,
|
|
|
|
public Response getRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName,
|
|
|
|
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
|
|
|
|
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
log.debug("Getting the list of user roles");
|
|
|
|
log.debug("Getting the list of user roles");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (userStoreName != null && !userStoreName.isEmpty()) {
|
|
|
|
|
|
|
|
roleName = userStoreName + "/" + roleName;
|
|
|
|
|
|
|
|
}
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RoleInfo roleInfo = new RoleInfo();
|
|
|
|
RoleInfo roleInfo = new RoleInfo();
|
|
|
|
try {
|
|
|
|
try {
|
|
|
@ -229,9 +233,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
|
|
|
|
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
|
|
|
|
|
|
|
|
|
|
|
|
//TODO fix what's returned in the entity
|
|
|
|
//TODO fix what's returned in the entity
|
|
|
|
return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
|
|
|
|
return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
|
|
|
|
"Role '" + roleInfo.getRoleName() + "' has " +
|
|
|
|
entity("Role '" + roleInfo.getRoleName() + "' has " + "successfully been"
|
|
|
|
"successfully been added").build();
|
|
|
|
+ " added").build();
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
} catch (UserStoreException e) {
|
|
|
|
String msg = "Error occurred while adding role '" + roleInfo.getRoleName() + "'";
|
|
|
|
String msg = "Error occurred while adding role '" + roleInfo.getRoleName() + "'";
|
|
|
|
log.error(msg, e);
|
|
|
|
log.error(msg, e);
|
|
|
@ -243,13 +247,22 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
log.error(msg, e);
|
|
|
|
log.error(msg, e);
|
|
|
|
return Response.serverError().entity(
|
|
|
|
return Response.serverError().entity(
|
|
|
|
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
|
|
|
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
|
|
|
|
|
|
|
} catch (UnsupportedEncodingException e) {
|
|
|
|
|
|
|
|
String msg = "Error occurred while encoding role name";
|
|
|
|
|
|
|
|
log.error(msg, e);
|
|
|
|
|
|
|
|
return Response.serverError().entity(
|
|
|
|
|
|
|
|
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@PUT
|
|
|
|
@PUT
|
|
|
|
@Path("/{roleName}")
|
|
|
|
@Path("/{roleName}")
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public Response updateRole(@PathParam("roleName") String roleName, RoleInfo roleInfo) {
|
|
|
|
public Response updateRole(@PathParam("roleName") String roleName, RoleInfo roleInfo,
|
|
|
|
|
|
|
|
@QueryParam("user-store") String userStoreName) {
|
|
|
|
|
|
|
|
if (userStoreName != null && !userStoreName.isEmpty()) {
|
|
|
|
|
|
|
|
roleName = userStoreName + "/" + roleName;
|
|
|
|
|
|
|
|
}
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateRoleDetails(roleInfo);
|
|
|
|
RequestValidationUtil.validateRoleDetails(roleInfo);
|
|
|
|
try {
|
|
|
|
try {
|
|
|
@ -306,7 +319,10 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
@DELETE
|
|
|
|
@DELETE
|
|
|
|
@Path("/{roleName}")
|
|
|
|
@Path("/{roleName}")
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public Response deleteRole(@PathParam("roleName") String roleName) {
|
|
|
|
public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) {
|
|
|
|
|
|
|
|
if (userStoreName != null && !userStoreName.isEmpty()) {
|
|
|
|
|
|
|
|
roleName = userStoreName + "/" + roleName;
|
|
|
|
|
|
|
|
}
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
|
|
|
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
|
|
@ -337,7 +353,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
@PUT
|
|
|
|
@PUT
|
|
|
|
@Path("/{roleName}/users")
|
|
|
|
@Path("/{roleName}/users")
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public Response updateUsersOfRole(@PathParam("roleName") String roleName, List<String> users) {
|
|
|
|
public Response updateUsersOfRole(@PathParam("roleName") String roleName,
|
|
|
|
|
|
|
|
@QueryParam("user-store") String userStoreName, List<String> users) {
|
|
|
|
|
|
|
|
if (userStoreName != null && !userStoreName.isEmpty()) {
|
|
|
|
|
|
|
|
roleName = userStoreName + "/" + roleName;
|
|
|
|
|
|
|
|
}
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateRoleName(roleName);
|
|
|
|
RequestValidationUtil.validateUsers(users);
|
|
|
|
RequestValidationUtil.validateUsers(users);
|
|
|
|
try {
|
|
|
|
try {
|
|
|
@ -372,7 +392,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
log.debug("Getting the list of user roles");
|
|
|
|
log.debug("Getting the list of user roles");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (userStore.equals("all")) {
|
|
|
|
|
|
|
|
roles = userStoreManager.getRoleNames("*", -1, false, true, true);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
roles = userStoreManager.getRoleNames(userStore + "/*", -1, false, true, true);
|
|
|
|
roles = userStoreManager.getRoleNames(userStore + "/*", -1, false, true, true);
|
|
|
|
|
|
|
|
}
|
|
|
|
// removing all internal roles, roles created for Service-providers and application related roles.
|
|
|
|
// removing all internal roles, roles created for Service-providers and application related roles.
|
|
|
|
List<String> filteredRoles = new ArrayList<>();
|
|
|
|
List<String> filteredRoles = new ArrayList<>();
|
|
|
|
for (String role : roles) {
|
|
|
|
for (String role : roles) {
|
|
|
|