Merge pull request #516 from milanperera/release-2.0.x

Improved permission-scope mapping capabilities
revert-70aa11f8
Rasika Perera 8 years ago committed by GitHub
commit b4a649bdfa

@ -1,42 +0,0 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.apimgt.annotations.api;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* This class is the representation of custom developed Permission annotation.
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
/**
* Represents the permission name.
* @return Returns permission name.
*/
String name();
/**
* Represents the permission string.
* @return Returns permission string.
*/
String permission();
}

@ -1,21 +1,3 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.annotations.api; package org.wso2.carbon.apimgt.annotations.api;
import java.lang.annotation.ElementType; import java.lang.annotation.ElementType;
@ -24,28 +6,18 @@ import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target; import java.lang.annotation.Target;
/** /**
* This class is the representation of custom developed Permission annotation. * This class is the representation of custom developed Scopes annotation.
*/ */
@Target(ElementType.METHOD) @Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME) @Retention(RetentionPolicy.RUNTIME)
public @interface Scope { public @interface Scope {
/**
* Represents the scope key which should be unique.
* @return Returns scope key.
*/
String key();
/**
* Represents the scope name.
* @return Returns scope name.
*/
String name(); String name();
/**
* Represents the scope description.
* @return Returns scope description.
*/
String description(); String description();
String key();
String[] permissions();
} }

@ -0,0 +1,35 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.annotations.api;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* This class is the representation of custom developed Scopes annotation.
*/
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface Scopes {
Scope[] scopes();
}

@ -269,18 +269,7 @@ public class APIPublisherUtil {
} }
apiConfig.setOwner(owner); apiConfig.setOwner(owner);
String isSecuredParam = servletContext.getInitParameter(PARAM_MANAGED_API_IS_SECURED); apiConfig.setSecured(false);
boolean isSecured;
if (isSecuredParam == null || isSecuredParam.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("'managed-api-isSecured' attribute is not configured. Therefore, using the default, " +
"which is 'true'");
}
isSecured = false;
} else {
isSecured = Boolean.parseBoolean(isSecuredParam);
}
apiConfig.setSecured(isSecured);
String transports = servletContext.getInitParameter(PARAM_MANAGED_API_TRANSPORTS); String transports = servletContext.getInitParameter(PARAM_MANAGED_API_TRANSPORTS);
if (transports == null || transports.isEmpty()) { if (transports == null || transports.isEmpty()) {

@ -16,10 +16,12 @@
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util; package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.SwaggerDefinition; import io.swagger.annotations.SwaggerDefinition;
import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardContext;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil; import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
@ -37,9 +39,7 @@ import java.net.URI;
import java.net.URL; import java.net.URL;
import java.security.AccessController; import java.security.AccessController;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.ArrayList; import java.util.*;
import java.util.List;
import java.util.Set;
public class AnnotationProcessor { public class AnnotationProcessor {
@ -58,9 +58,15 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_EXTENSIONS = "extensions"; private static final String SWAGGER_ANNOTATIONS_EXTENSIONS = "extensions";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES = "properties"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES = "properties";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_NAME = "name"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_NAME = "name";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION = "description";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VERSION = "version"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VERSION = "version";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_CONTEXT = "context"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_CONTEXT = "context";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String PERMISSION_PREFIX = "/permission/admin";
private StandardContext context; private StandardContext context;
@ -75,6 +81,10 @@ public class AnnotationProcessor {
private Class<io.swagger.annotations.Tag> tagClass; private Class<io.swagger.annotations.Tag> tagClass;
private Class<io.swagger.annotations.Extension> extensionClass; private Class<io.swagger.annotations.Extension> extensionClass;
private Class<io.swagger.annotations.ExtensionProperty> extensionPropertyClass; private Class<io.swagger.annotations.ExtensionProperty> extensionPropertyClass;
private Class<io.swagger.annotations.ApiOperation> apiOperation;
private Class<org.wso2.carbon.apimgt.annotations.api.Scope> scopeClass;
private Class<org.wso2.carbon.apimgt.annotations.api.Scopes> scopesClass;
private Map<String, Scope> apiScopes;
public AnnotationProcessor(final StandardContext context) { public AnnotationProcessor(final StandardContext context) {
servletContext = context.getServletContext(); servletContext = context.getServletContext();
@ -91,7 +101,13 @@ public class AnnotationProcessor {
extensionClass = (Class<io.swagger.annotations.Extension>)classLoader extensionClass = (Class<io.swagger.annotations.Extension>)classLoader
.loadClass((io.swagger.annotations.Extension.class.getName())); .loadClass((io.swagger.annotations.Extension.class.getName()));
extensionPropertyClass = (Class<io.swagger.annotations.ExtensionProperty>)classLoader extensionPropertyClass = (Class<io.swagger.annotations.ExtensionProperty>)classLoader
.loadClass((io.swagger.annotations.ExtensionProperty.class.getName())); .loadClass(io.swagger.annotations.ExtensionProperty.class.getName());
scopeClass = (Class<org.wso2.carbon.apimgt.annotations.api.Scope>) classLoader
.loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
scopesClass = (Class<org.wso2.carbon.apimgt.annotations.api.Scopes>) classLoader
.loadClass(org.wso2.carbon.apimgt.annotations.api.Scopes.class.getName());
apiOperation = (Class<io.swagger.annotations.ApiOperation>)classLoader
.loadClass((io.swagger.annotations.ApiOperation.class.getName()));
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {
log.error("An error has occurred while loading classes ", e); log.error("An error has occurred while loading classes ", e);
} }
@ -120,6 +136,7 @@ public class AnnotationProcessor {
try { try {
clazz = classLoader.loadClass(className); clazz = classLoader.loadClass(className);
Annotation swaggerDefinition = clazz.getAnnotation(apiClazz); Annotation swaggerDefinition = clazz.getAnnotation(apiClazz);
Annotation Scopes = clazz.getAnnotation(scopesClass);
List<APIResource> resourceList; List<APIResource> resourceList;
if (swaggerDefinition != null) { if (swaggerDefinition != null) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
@ -127,6 +144,9 @@ public class AnnotationProcessor {
} }
try { try {
apiResourceConfig = processAPIAnnotation(swaggerDefinition); apiResourceConfig = processAPIAnnotation(swaggerDefinition);
if (Scopes != null) {
apiScopes = processAPIScopes(Scopes);
}
if(apiResourceConfig != null){ if(apiResourceConfig != null){
String rootContext = servletContext.getContextPath(); String rootContext = servletContext.getContextPath();
pathClazzMethods = pathClazz.getMethods(); pathClazzMethods = pathClazz.getMethods();
@ -158,7 +178,7 @@ public class AnnotationProcessor {
} catch (ClassNotFoundException e1) { } catch (ClassNotFoundException e1) {
String msg = "Failed to load service class " + className + " for publishing APIs." + String msg = "Failed to load service class " + className + " for publishing APIs." +
" This API will not be published."; " This API will not be published.";
log.error(msg); log.error(msg, e1);
} catch (RuntimeException e) { } catch (RuntimeException e) {
log.error("Unexpected error has been occurred while publishing "+ className log.error("Unexpected error has been occurred while publishing "+ className
+"hence, this API will not be published."); +"hence, this API will not be published.");
@ -174,6 +194,39 @@ public class AnnotationProcessor {
return apiResourceConfigs; return apiResourceConfigs;
} }
private Map<String,Scope> processAPIScopes(Annotation annotation) throws Throwable {
Map<String, Scope> scopes = new HashMap<>();
InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation);
Annotation[] annotatedScopes = (Annotation[]) methodHandler.invoke(annotation, scopesClass
.getMethod(ANNOTATIONS_SCOPES, null), null);
Scope scope;
String permissions[];
StringBuilder aggregatedPermissions;
for(int i=0; i<annotatedScopes.length; i++){
aggregatedPermissions = new StringBuilder();
methodHandler = Proxy.getInvocationHandler(annotatedScopes[i]);
scope = new Scope();
scope.setName(invokeMethod(scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_NAME), annotatedScopes[i], STRING));
scope.setDescription(invokeMethod(scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION), annotatedScopes[i], STRING));
scope.setKey(invokeMethod(scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_KEY), annotatedScopes[i], STRING));
permissions = (String[])methodHandler.invoke(annotatedScopes[i], scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS, null),null);
for (String permission : permissions) {
aggregatedPermissions.append(PERMISSION_PREFIX);
aggregatedPermissions.append(permission);
aggregatedPermissions.append(" ");
}
scope.setRoles(aggregatedPermissions.toString().trim());
scopes.put(scope.getKey(), scope);
}
return scopes;
}
/** /**
* Get Resources for each API * Get Resources for each API
* *
@ -211,6 +264,9 @@ public class AnnotationProcessor {
Annotation producesAnno = method.getAnnotation(producesClass); Annotation producesAnno = method.getAnnotation(producesClass);
resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR)); resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
} }
if (annotations[i].annotationType().getName().equals(ApiOperation.class.getName())) {
resource.setScope(this.getScope(annotations[i]));
}
} }
resourceList.add(resource); resourceList.add(resource);
} }
@ -375,4 +431,24 @@ public class AnnotationProcessor {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
private Scope getScope(Annotation currentMethod) throws Throwable {
InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod);
Annotation[] extensions = (Annotation[]) methodHandler.invoke(currentMethod,
apiOperation.getMethod(SWAGGER_ANNOTATIONS_EXTENSIONS, null), null);
methodHandler = Proxy.getInvocationHandler(extensions[0]);
Annotation[] properties = (Annotation[])methodHandler.invoke(extensions[0], extensionClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES,null), null);
for (Annotation property : properties) {
methodHandler = Proxy.getInvocationHandler(property);
String scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null),null);
if (scopeKey.isEmpty()) {
return null;
}
return apiScopes.get(scopeKey);
}
return null;
}
} }

@ -1,18 +1,9 @@
package org.wso2.carbon.certificate.mgt.jaxrs.api; package org.wso2.carbon.certificate.mgt.jaxrs.api;
import io.swagger.annotations.Api; import io.swagger.annotations.*;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
@ -45,8 +36,19 @@ import javax.ws.rs.core.Response;
"related operations.") "related operations.")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@Scopes(scopes = {
@Scope(
name = "Sign CSR",
description = "Sign CSR",
key = "perm:sign-csr",
permissions = {"/device-mgt/certificates/manage"}
)
}
)
public interface CertificateMgtService { public interface CertificateMgtService {
String SCOPE = "scope";
/** /**
* Sign the client's certificate signing request and save it in the database. * Sign the client's certificate signing request and save it in the database.
* *
@ -64,12 +66,10 @@ public interface CertificateMgtService {
value = "Process a given CSR and return signed certificates.", value = "Process a given CSR and return signed certificates.",
notes = "This will return a signed certificate upon a given CSR.", notes = "This will return a signed certificate upon a given CSR.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = SCOPE, value = "perm:sign-csr")
scopes = { @AuthorizationScope(scope = "/device-mgt/certificates/manage", })
description = "Sign CSR") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -87,7 +87,6 @@ public interface CertificateMgtService {
message = "Internal Server Error. \n Error occurred while retrieving signed certificate.", message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
@Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
Response getSignedCertFromCSR( Response getSignedCertFromCSR(
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",

@ -6,13 +6,13 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@ -39,10 +39,39 @@ import javax.ws.rs.core.Response;
) )
@Api(value = "Certificate Management", description = "This API includes all the certificate management related operations") @Api(value = "Certificate Management", description = "This API includes all the certificate management related operations")
@Path("/admin/certificates") @Path("/admin/certificates")
@Scopes(scopes = {
@Scope(
name = "Adding a new SSL certificate",
description = "Adding a new SSL certificate",
key = "perm:admin:certificates:add",
permissions = {"/device-mgt/admin/certificates/add"}
),
@Scope(
name = "Getting Details of an SSL Certificate",
description = "Getting Details of an SSL Certificate",
key = "perm:admin:certificates:details",
permissions = {"/device-mgt/admin/certificates/details"}
),
@Scope(
name = "Getting Details of Certificates",
description = "Getting Details of Certificates",
key = "perm:admin:certificates:view",
permissions = {"/device-mgt/admin/certificates/view"}
),
@Scope(
name = "Deleting an SSL Certificate",
description = "Deleting an SSL Certificate",
key = "perm:admin:certificates:delete",
permissions = {"/device-mgt/admin/certificates/delete"}
)
}
)
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public interface CertificateManagementAdminService { public interface CertificateManagementAdminService {
String SCOPE = "scope";
/** /**
* Save a list of certificates and relevant information in the database. * Save a list of certificates and relevant information in the database.
* *
@ -58,12 +87,10 @@ public interface CertificateManagementAdminService {
value = "Adding a new SSL certificate", value = "Adding a new SSL certificate",
notes = "Add a new SSL certificate to the client end database.\n", notes = "Add a new SSL certificate to the client end database.\n",
tags = "Certificate Management", tags = "Certificate Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add")
scopes = { @AuthorizationScope(scope = "/device-mgt/certificates/manage", })
description = "Manage certificates") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -129,12 +156,10 @@ public interface CertificateManagementAdminService {
value = "Getting Details of an SSL Certificate", value = "Getting Details of an SSL Certificate",
notes = "Get the client side SSL certificate details.", notes = "Get the client side SSL certificate details.",
tags = "Certificate Management", tags = "Certificate Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:details")
scopes = { @AuthorizationScope(scope = "/device-mgt/certificates/view", })
description = "View certificates") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -202,12 +227,10 @@ public interface CertificateManagementAdminService {
+ "view all the certificate details, it is not feasible to show all the details on one " + "view all the certificate details, it is not feasible to show all the details on one "
+ "page. Therefore, the details are paginated.", + "page. Therefore, the details are paginated.",
tags = "Certificate Management", tags = "Certificate Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/certificates/view", })
description = "View certificates") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -283,12 +306,10 @@ public interface CertificateManagementAdminService {
value = "Deleting an SSL Certificate", value = "Deleting an SSL Certificate",
notes = "Delete an SSL certificate that's on the client end.", notes = "Delete an SSL certificate that's on the client end.",
tags = "Certificate Management", tags = "Certificate Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:delete")
scopes = { @AuthorizationScope(scope = "/device-mgt/certificates/manage", })
description = "Manage certificates") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -18,22 +18,13 @@
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.api; package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.SwaggerDefinition; import io.swagger.annotations.*;
import io.swagger.annotations.Info; import org.wso2.carbon.apimgt.annotations.api.Scope;
import io.swagger.annotations.ExtensionProperty; import org.wso2.carbon.apimgt.annotations.api.Scopes;
import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag;
import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList; import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -61,6 +52,16 @@ import javax.ws.rs.core.Response;
@Path("/activities") @Path("/activities")
@Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example" + @Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example" +
" operation details and responses from devices.") " operation details and responses from devices.")
@Scopes(
scopes = {
@Scope(
name = "Get activities",
description = "Get activities",
key = "perm:get-activity",
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
)
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public interface ActivityInfoProviderService { public interface ActivityInfoProviderService {
@ -74,12 +75,10 @@ public interface ActivityInfoProviderService {
notes = "Retrieve the details of a specific activity/operation, such as the meta information of " + notes = "Retrieve the details of a specific activity/operation, such as the meta information of " +
"an operation, including the responses from the devices.", "an operation, including the responses from the devices.",
tags = "Activity Info Provider", tags = "Activity Info Provider",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:get-activity")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view" })
, description = "View Activities") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -149,12 +148,10 @@ public interface ActivityInfoProviderService {
notes = "Get the details of the operations/activities executed by the server on the devices registered" + notes = "Get the details of the operations/activities executed by the server on the devices registered" +
" with WSO2 EMM, during a defined time period.", " with WSO2 EMM, during a defined time period.",
tags = "Activity Info Provider", tags = "Activity Info Provider",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:get-activity")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view" })
, description = "View Activities") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -31,8 +31,11 @@ import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration; import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -61,6 +64,21 @@ import javax.ws.rs.core.Response;
"through this API.") "through this API.")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@Scopes(scopes = {
@Scope(
name = "View configurations",
description = "",
key = "perm:view-configuration",
permissions = {"/device-mgt/platform-configurations/view"}
),
@Scope(
name = "Manage configurations",
description = "",
key = "perm:manage-configuration",
permissions = {"/device-mgt/platform-configurations/manage"}
)
}
)
public interface ConfigurationManagementService { public interface ConfigurationManagementService {
@GET @GET
@ -72,11 +90,10 @@ public interface ConfigurationManagementService {
"General platform configurations include the settings on how often the device need to be monitored. " + "General platform configurations include the settings on how often the device need to be monitored. " +
"Using this REST API you can get the general platform level configurations.", "Using this REST API you can get the general platform level configurations.",
tags = "Configuration Management", tags = "Configuration Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:view-configuration")
scopes = { @AuthorizationScope(scope = "/device-mgt/platform-configurations/view", description = "View Configurations") } })
)
} }
) )
@ApiResponses( @ApiResponses(
@ -132,11 +149,10 @@ public interface ConfigurationManagementService {
"General platform configurations include the settings on how often the the device need to be monitored." + "General platform configurations include the settings on how often the the device need to be monitored." +
"Using this REST API you can update the general platform level configurations.", "Using this REST API you can update the general platform level configurations.",
tags = "Configuration Management", tags = "Configuration Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:manage-configuration")
scopes = { @AuthorizationScope(scope = "/device-mgt/platform-configurations/manage", description = "Manage configurations") } })
)
} }
) )
@ApiResponses( @ApiResponses(

@ -13,10 +13,13 @@ import io.swagger.annotations.Info;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import io.swagger.annotations.SwaggerDefinition; import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.analytics.dashboard.bean.DeviceCountByGroup; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.DeviceCountByGroup;
import org.wso2.carbon.device.mgt.jaxrs.beans.DashboardGadgetDataWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.DashboardGadgetDataWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.DashboardPaginationGadgetDataWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.DashboardPaginationGadgetDataWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.GET; import javax.ws.rs.GET;
@ -44,6 +47,70 @@ import javax.ws.rs.core.Response;
@Tag(name = "device_management", description = "Device Analytics Dashboard related APIs.") @Tag(name = "device_management", description = "Device Analytics Dashboard related APIs.")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Device Count Overview",
description = "Device Count Overview",
key = "perm:dashboard:count-overview",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Device Counts by Potential Vulnerabilities",
description = "Device Counts by Potential Vulnerabilities",
key = "perm:dashboard:vulnerabilities",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get the number of devices that have not complied to a policy",
description = "Get the number of devices that have not complied to a policy",
key = "perm:dashboard:non-compliant",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get the number of devices for a given device type, such as connectivity status, "
+ "potential vulnerability, platform, and ownership",
description = "Get the number of devices for a given device type, such as connectivity status, "
+ "potential vulnerability, platform, and ownership",
key = "perm:dashboard:by-groups",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get the number of devices that have not complied to a given policy based on a particular",
description = "Get the number of devices that have not complied to a given policy based on a particular",
key = "perm:dashboard:device-counts",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get the number of devices that have not complied to a given policy based on a particular"
+ " device type.",
description = "Get the number of devices that have not complied to a given policy based on a " +
"particular device type.",
key = "perm:dashboard:filtered-count",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get the number of devices that have not complied to a given policy over the total"
+ " number of devices registered with WSO2 EMM.\n",
description = "Get the number of devices that have not complied to a given policy over the total"
+ " number of devices registered with WSO2 EMM.\n",
key = "perm:dashboard:non-compliant-count",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get device details of devices based on a particular device type.",
description = "Get device details of devices based on a particular device type.",
key = "perm:dashboard:details",
permissions = {"/device-mgt/dashboard/view"}
),
@Scope(
name = "Get device details of non-compliant devices which do not comply to a given policy.",
description = "Get device details of non-compliant devices which do not comply to a given policy.",
key = "perm:dashboard:feature-non-compliant",
permissions = {"/device-mgt/dashboard/view"}
)
}
)
@Path("/dashboard") @Path("/dashboard")
@Api(value = "Device Analytics Dashboard", @Api(value = "Device Analytics Dashboard",
description = "Device Analytics Dashboard related information APIs are described here.") description = "Device Analytics Dashboard related information APIs are described here.")
@ -70,13 +137,12 @@ public interface Dashboard {
notes = "Get the details of active, inactive, removed and total number of registered devices in" notes = "Get the details of active, inactive, removed and total number of registered devices in"
+ " WSO2 IoT.", + " WSO2 IoT.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:count-overview")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -127,13 +193,12 @@ public interface Dashboard {
httpMethod = "GET", httpMethod = "GET",
value = "Get the number of unmonitored and non-compliant devices in WSO2 IoT.", value = "Get the number of unmonitored and non-compliant devices in WSO2 IoT.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:vulnerabilities")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -185,13 +250,12 @@ public interface Dashboard {
value = "Get the number of devices that have not complied to a policy that was enforced on a " value = "Get the number of devices that have not complied to a policy that was enforced on a "
+ "device.", + "device.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:non-compliant")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -256,13 +320,12 @@ public interface Dashboard {
value = "Get the number of devices for a given device type, such as connectivity status, " value = "Get the number of devices for a given device type, such as connectivity status, "
+ "potential vulnerability, platform, and ownership.\n", + "potential vulnerability, platform, and ownership.\n",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:by-groups")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -346,13 +409,12 @@ public interface Dashboard {
value = "Get the number of devices that have not complied to a given policy based on a particular" value = "Get the number of devices that have not complied to a given policy based on a particular"
+ " device type.", + " device type.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:device-counts")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -426,13 +488,12 @@ public interface Dashboard {
+ "The device ownership type, such as BYOD or COPE.\n" + "The device platform.\n" + "The device ownership type, such as BYOD or COPE.\n" + "The device platform.\n"
+ "The potential vulnerabilities faced by the devices.", + "The potential vulnerabilities faced by the devices.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:filtered-count")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -519,13 +580,12 @@ public interface Dashboard {
value = "Get the number of devices that have not complied to a given policy over the total" value = "Get the number of devices that have not complied to a given policy over the total"
+ " number of devices registered with WSO2 IoT.\n", + " number of devices registered with WSO2 IoT.\n",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:non-compliant-count")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -595,13 +655,12 @@ public interface Dashboard {
httpMethod = "GET", httpMethod = "GET",
value = "Get device details of devices based on a particular device type.", value = "Get device details of devices based on a particular device type.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:details")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -698,13 +757,12 @@ public interface Dashboard {
httpMethod = "GET", httpMethod = "GET",
value = "Get device details of non-compliant devices which do not comply to a given policy.", value = "Get device details of non-compliant devices which do not comply to a given policy.",
tags = "Dashboard", tags = "Dashboard",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:dashboard:feature-non-compliant")
scopes = {@AuthorizationScope(scope = "/device-mgt/dashboard/view", })
description = "View Dashboard")} }
) )
})
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
@ -780,4 +838,4 @@ public interface Dashboard {
value = "Provide how many policy details you require from the starting pagination index.", value = "Provide how many policy details you require from the starting pagination index.",
required = true) required = true)
@QueryParam(RESULT_COUNT) int resultCount); @QueryParam(RESULT_COUNT) int resultCount);
} }

@ -24,13 +24,13 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.Feature; import org.wso2.carbon.device.mgt.common.Feature;
import org.wso2.carbon.device.mgt.common.app.mgt.Application; import org.wso2.carbon.device.mgt.common.app.mgt.Application;
@ -38,6 +38,7 @@ import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
import org.wso2.carbon.device.mgt.common.search.SearchContext; import org.wso2.carbon.device.mgt.common.search.SearchContext;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy; import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.NonComplianceData; import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.NonComplianceData;
@ -64,6 +65,64 @@ import javax.ws.rs.core.Response;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Getting Details of Registered Devices",
description = "Getting Details of Registered Devices",
key = "perm:devices:view",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Details of a Device",
description = "Getting Details of a Device",
key = "perm:devices:details",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Delete the device specified by device id",
description = "Delete the device specified by device id",
key = "perm:devices:delete",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Feature Details of a Device",
description = "Getting Feature Details of a Device",
key = "perm:devices:features",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Advanced Search for Devices",
description = "Advanced Search for Devices",
key = "perm:devices:search",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Installed Application Details of a Device",
description = "Getting Installed Application Details of a Device",
key = "perm:devices:applications",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Device Operation Details",
description = "Getting Device Operation Details",
key = "perm:devices:operations",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Get the details of the policy that is enforced on a device.",
description = "Get the details of the policy that is enforced on a device.",
key = "perm:devices:effective-policy",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Policy Compliance Details of a Device",
description = "Getting Policy Compliance Details of a Device",
key = "perm:devices:compliance-data",
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
)
@Path("/devices") @Path("/devices")
@Api(value = "Device Management", description = "This API carries all device management related operations " + @Api(value = "Device Management", description = "This API carries all device management related operations " +
"such as get all the available devices, etc.") "such as get all the available devices, etc.")
@ -78,13 +137,11 @@ public interface DeviceManagementService {
value = "Getting Details of Registered Devices", value = "Getting Details of Registered Devices",
notes = "Provides details of all the devices enrolled with WSO2 EMM.", notes = "Provides details of all the devices enrolled with WSO2 EMM.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view" })
, description = "View Devices") } }
)
}
) )
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse(code = 200, message = "OK. \n Successfully fetched the list of devices.", @ApiResponse(code = 200, message = "OK. \n Successfully fetched the list of devices.",
@ -205,12 +262,10 @@ public interface DeviceManagementService {
value = "Getting Details of a Device", value = "Getting Details of a Device",
notes = "Get the details of a device by specifying the device type and device identifier.", notes = "Get the details of a device by specifying the device type and device identifier.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:details")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -282,15 +337,13 @@ public interface DeviceManagementService {
@ApiOperation( @ApiOperation(
produces = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON,
httpMethod = "DELETE", httpMethod = "DELETE",
value = "Delete the device speccified by device id", value = "Delete the device specified by device id",
notes = "Returns the status of the deleted device operation.", notes = "Returns the status of the deleted device operation.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:delete")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -359,13 +412,11 @@ public interface DeviceManagementService {
"Using this REST API you can get the features that can be carried out on a preferred device type," + "Using this REST API you can get the features that can be carried out on a preferred device type," +
" such as iOS, Android or Windows.", " such as iOS, Android or Windows.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:features")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") } }
)
}
) )
@ApiResponses( @ApiResponses(
value = { value = {
@ -450,12 +501,10 @@ public interface DeviceManagementService {
value = "Advanced Search for Devices", value = "Advanced Search for Devices",
notes = "Search for devices by filtering the search result through the specified search terms.", notes = "Search for devices by filtering the search result through the specified search terms.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:search")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -529,13 +578,12 @@ public interface DeviceManagementService {
value = "Getting Installed Application Details of a Device", value = "Getting Installed Application Details of a Device",
notes = "Get the list of applications subscribed to by a device.", notes = "Get the list of applications subscribed to by a device.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:applications")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") }
) }
}
) )
@ApiResponses( @ApiResponses(
value = { value = {
@ -633,13 +681,11 @@ public interface DeviceManagementService {
value = "Getting Device Operation Details", value = "Getting Device Operation Details",
notes = "Get the details of operations carried out on a selected device.", notes = "Get the details of operations carried out on a selected device.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:operations")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") } }
)
}
) )
@ApiResponses( @ApiResponses(
value = { value = {
@ -746,13 +792,11 @@ public interface DeviceManagementService {
"WSO2 EMM filters the policies based on the device platform (device type)," + "WSO2 EMM filters the policies based on the device platform (device type)," +
"the device ownership type, the user role or name and finally, the policy that matches these filters will be enforced on the device.", "the device ownership type, the user role or name and finally, the policy that matches these filters will be enforced on the device.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:effective-policy")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") } }
)
}
) )
@ApiResponses( @ApiResponses(
value = { value = {
@ -837,12 +881,10 @@ public interface DeviceManagementService {
notes = "A policy is enforced on the devices that register with WSO2 EMM. " + notes = "A policy is enforced on the devices that register with WSO2 EMM. " +
"The server checks if the settings in the device comply with the policy that is enforced on the device using this REST API.", "The server checks if the settings in the device comply with the policy that is enforced on the device using this REST API.",
tags = "Device Management", tags = "Device Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:devices:compliance-data")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Devices") }
)
} }
) )
@ApiResponses( @ApiResponses(

@ -24,15 +24,16 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -54,6 +55,22 @@ import javax.ws.rs.core.Response;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Getting the Supported Device Platforms",
description = "Getting the Supported Device Platforms",
key = "perm:device-types:types",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Get Feature Details of a Device Type",
description = "Get Feature Details of a Device Type",
key = "perm:device-types:features",
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
)
@Path("/device-types") @Path("/device-types")
@Api(value = "Device Type Management", description = "This API corresponds to all tasks related to device " + @Api(value = "Device Type Management", description = "This API corresponds to all tasks related to device " +
"type management") "type management")
@ -68,12 +85,10 @@ public interface DeviceTypeManagementService {
value = "Getting the Supported Device Platforms", value = "Getting the Supported Device Platforms",
notes = "Get the list of device platforms supported by WSO2 EMM.", notes = "Get the list of device platforms supported by WSO2 EMM.",
tags = "Device Type Management", tags = "Device Type Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:device-types:types")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Device Types") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -123,6 +138,7 @@ public interface DeviceTypeManagementService {
String ifModifiedSince); String ifModifiedSince);
@GET @GET
@Path("/{type}/features")
@ApiOperation( @ApiOperation(
produces = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON,
httpMethod = "GET", httpMethod = "GET",
@ -131,12 +147,10 @@ public interface DeviceTypeManagementService {
"Using this REST API you can get the features that can be carried out on a preferred device type," + "Using this REST API you can get the features that can be carried out on a preferred device type," +
" such as iOS, Android or Windows.", " such as iOS, Android or Windows.",
tags = "Device Type Management", tags = "Device Type Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:device-types:features")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", })
description = "View Device Types") }
)
} }
) )
@ApiResponses( @ApiResponses(

@ -24,8 +24,6 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty; import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info; import io.swagger.annotations.Info;
@ -33,6 +31,8 @@ import io.swagger.annotations.ResponseHeader;
import io.swagger.annotations.SwaggerDefinition; import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import org.apache.axis2.transport.http.HTTPConstants; import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
@ -40,6 +40,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceList;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceToGroupsAssignment; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceToGroupsAssignment;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.Valid; import javax.validation.Valid;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
@ -75,6 +76,94 @@ import java.util.List;
"details.") "details.")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Get the list of groups belongs to current user.",
description = "Get the list of groups belongs to current user.",
key = "perm:groups:groups",
permissions = {"/device-mgt/groups/view"}
),
@Scope(
name = "Get the count of groups belongs to current user.",
description = "Get the count of groups belongs to current user.",
key = "perm:groups:count",
permissions = {"/device-mgt/groups/view"}
),
@Scope(
name = "Add new device group to the system.",
description = "Add new device group to the system.",
key = "perm:groups:add",
permissions = {"/device-mgt/groups/add"}
),
@Scope(
name = "View group specified",
description = "View group specified",
key = "perm:groups:groups-view",
permissions = {"/device-mgt/groups/view"}
),
@Scope(
name = "Update a group",
description = "Update a group",
key = "perm:groups:update",
permissions = {"/device-mgt/groups/update"}
),
@Scope(
name = "Delete a group",
description = "Delete a group",
key = "perm:groups:remove",
permissions = {"/device-mgt/groups/remove"}
),
@Scope(
name = "Manage group sharing with a user",
description = "Manage group sharing with a user",
key = "perm:groups:share",
permissions = {"/device-mgt/groups/share"}
),
@Scope(
name = "View list of roles of a device group",
description = "View list of roles of a device group",
key = "perm:groups:roles",
permissions = {"/device-mgt/groups/roles/view"}
),
@Scope(
name = "View list of devices in the device group",
description = "View list of devices in the device group",
key = "perm:groups:devices",
permissions = {"/device-mgt/groups/devices/view"}
),
@Scope(
name = "View list of device count in the device group",
description = "View list of device count in the device group",
key = "perm:groups:devices-count",
permissions = {"/device-mgt/groups/devices/view"}
),
@Scope(
name = "Add devices to group",
description = "Add devices to group",
key = "perm:groups:devices-add",
permissions = {"/device-mgt/groups/devices/add"}
),
@Scope(
name = "Remove devices from group",
description = "Remove devices from group",
key = "perm:groups:devices-remove",
permissions = {"/device-mgt/groups/devices/remove"}
),
@Scope(
name = "Assign devices to groups",
description = "Assign devices to groups",
key = "perm:groups:assign",
permissions = {"/device-mgt/groups/devices/add"}
),
@Scope(
name = "List of groups that have the device",
description = "List of groups that have the device",
key = "perm:groups:device",
permissions = {"/device-mgt/groups/devices/view"}
)
}
)
@Path("/groups") @Path("/groups")
@Api(value = "Device Group Management", description = "This API carries all device group management related " + @Api(value = "Device Group Management", description = "This API carries all device group management related " +
"operations such as get all the available groups, etc.") "operations such as get all the available groups, etc.")
@ -89,12 +178,10 @@ public interface GroupManagementService {
value = "Get the list of groups belongs to current user.", value = "Get the list of groups belongs to current user.",
notes = "Returns all permitted groups enrolled with the system.", notes = "Returns all permitted groups enrolled with the system.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:groups")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/view", })
description = "View Groups") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -154,13 +241,12 @@ public interface GroupManagementService {
value = "Get the count of groups belongs to current user.", value = "Get the count of groups belongs to current user.",
notes = "Returns count of all permitted groups enrolled with the system.", notes = "Returns count of all permitted groups enrolled with the system.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:count")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/view", })
description = "View Groups") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse(code = 200, message = "OK. \n Successfully fetched the device group count.", @ApiResponse(code = 200, message = "OK. \n Successfully fetched the device group count.",
@ -203,12 +289,10 @@ public interface GroupManagementService {
value = "Add new device group to the system.", value = "Add new device group to the system.",
notes = "Add device group with current user as the owner.", notes = "Add device group with current user as the owner.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:add")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/add", })
description = "Add Group") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -271,12 +355,10 @@ public interface GroupManagementService {
value = "View group specified.", value = "View group specified.",
notes = "Returns details of group enrolled with the system.", notes = "Returns details of group enrolled with the system.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:groups-view")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/view", })
description = "View Groups") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -326,12 +408,10 @@ public interface GroupManagementService {
notes = "If you wish to make changes to an existing group, that can be done by updating the group using " + notes = "If you wish to make changes to an existing group, that can be done by updating the group using " +
"this resource.", "this resource.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:update")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/update", })
description = "Update Group") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -385,12 +465,10 @@ public interface GroupManagementService {
notes = "If you wish to remove an existing group, that can be done by updating the group using " + notes = "If you wish to remove an existing group, that can be done by updating the group using " +
"this resource.", "this resource.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:remove")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/remove", })
description = "Remove Group") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -439,12 +517,10 @@ public interface GroupManagementService {
notes = "If you wish to share /un share an existing group with a user under defined sharing roles, " + notes = "If you wish to share /un share an existing group with a user under defined sharing roles, " +
"that can be done using this resource.", "that can be done using this resource.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:share")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/share", })
description = "Share Group") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -497,12 +573,10 @@ public interface GroupManagementService {
value = "View list of roles of a device group.", value = "View list of roles of a device group.",
notes = "Returns details of roles which particular group has been shared with.", notes = "Returns details of roles which particular group has been shared with.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:roles")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/roles/view", })
description = "View roles") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -551,12 +625,10 @@ public interface GroupManagementService {
value = "View list of devices in the device group.", value = "View list of devices in the device group.",
notes = "Returns list of devices in the device group.", notes = "Returns list of devices in the device group.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:devices")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/devices/view", })
description = "View devices") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -613,12 +685,10 @@ public interface GroupManagementService {
value = "View list of device count in the device group.", value = "View list of device count in the device group.",
notes = "Returns device count in the device group.", notes = "Returns device count in the device group.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:devices-count")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/devices/view", })
description = "View devices") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -667,12 +737,10 @@ public interface GroupManagementService {
value = "Add devices to group.", value = "Add devices to group.",
notes = "Add existing devices to the device group.", notes = "Add existing devices to the device group.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:devices-add")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/devices/add", })
description = "Add devices") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -725,12 +793,10 @@ public interface GroupManagementService {
value = "Remove devices from group.", value = "Remove devices from group.",
notes = "Remove existing devices from the device group.", notes = "Remove existing devices from the device group.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:devices-remove")
scopes = { @AuthorizationScope(scope = "/device-mgt/groups/devices/remove", })
description = "Remove devices") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -783,12 +849,10 @@ public interface GroupManagementService {
value = "Assign devices to groups", value = "Assign devices to groups",
notes = "Add existing device to device groups.", notes = "Add existing device to device groups.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:assign")
scopes = {@AuthorizationScope(scope = "/device-mgt/groups/devices/add", })
description = "Add devices")}
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -837,12 +901,10 @@ public interface GroupManagementService {
value = "List of groups that have the device", value = "List of groups that have the device",
notes = "List of groups that have the device.", notes = "List of groups that have the device.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:device")
scopes = {@AuthorizationScope(scope = "/device-mgt/groups/devices/view", })
description = "Add devices")}
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -24,16 +24,17 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList; import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Max; import javax.validation.constraints.Max;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
@ -60,6 +61,22 @@ import javax.ws.rs.core.Response;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Getting All Device Notification Details",
description = "Getting All Device Notification Details",
key = "perm:notifications:view",
permissions = {"/device-mgt/notifications/view"}
),
@Scope(
name = "Updating the Device Notification Status",
description = "Updating the Device Notification Status",
key = "perm:notifications:mark-checked",
permissions = {"/device-mgt/notifications/view"}
)
}
)
@Api(value = "Device Notification Management", description = "Device notification related operations can be found here.") @Api(value = "Device Notification Management", description = "Device notification related operations can be found here.")
@Path("/notifications") @Path("/notifications")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@ -73,12 +90,10 @@ public interface NotificationManagementService {
value = "Getting All Device Notification Details", value = "Getting All Device Notification Details",
notes = "Get the details of all the notifications that were pushed to the devices registered with WSO2 EMM using this REST API.", notes = "Get the details of all the notifications that were pushed to the devices registered with WSO2 EMM using this REST API.",
tags = "Device Notification Management", tags = "Device Notification Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:notifications:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/notifications/view", })
description = "View notifications") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -164,12 +179,10 @@ public interface NotificationManagementService {
notes = "When a user has read the the device notification the device notification status must " notes = "When a user has read the the device notification the device notification status must "
+ "change from NEW to CHECKED. This API is used to update device notification status.", + "change from NEW to CHECKED. This API is used to update device notification status.",
tags = "Device Notification Management", tags = "Device Notification Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:notifications:mark-checked")
scopes = { @AuthorizationScope(scope = "/device-mgt/notifications/view", })
description = "View notifications") }
)
} }
) )
@ApiResponses( @ApiResponses(

@ -24,17 +24,17 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy; import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import javax.validation.Valid; import javax.validation.Valid;
@ -63,6 +63,64 @@ import java.util.List;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Adding a Policy",
description = "Adding a Policy",
key = "perm:policies:manage",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Getting Details of Policies",
description = "Getting Details of Policies",
key = "perm:policies:get-details",
permissions = {"/device-mgt/policies/view"}
),
@Scope(
name = "Getting Details of a Policy",
description = "Getting Details of a Policy",
key = "perm:policies:get-policy-details",
permissions = {"/device-mgt/policies/view"}
),
@Scope(
name = "Updating a Policy",
description = "Updating a Policy",
key = "perm:policies:update",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Removing Multiple Policies",
description = "Removing Multiple Policies",
key = "perm:policies:remove",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Activating Policies",
description = "Activating Policies",
key = "perm:policies:activate",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Deactivating Policies",
description = "Deactivating Policies",
key = "perm:policies:deactivate",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Applying Changes on Policies",
description = "Applying Changes on Policies",
key = "perm:policies:changes",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Updating the Policy Priorities",
description = "Updating the Policy Priorities",
key = "perm:policies:priorities",
permissions = {"/device-mgt/policies/manage"}
)
}
)
@Api(value = "Device Policy Management", description = "This API includes the functionality around device policy management") @Api(value = "Device Policy Management", description = "This API includes the functionality around device policy management")
@Path("/policies") @Path("/policies")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@ -78,12 +136,10 @@ public interface PolicyManagementService {
notes = "Add a policy using this REST API command. When adding a policy you will have the option of saving the policy or saving and publishing the policy." + notes = "Add a policy using this REST API command. When adding a policy you will have the option of saving the policy or saving and publishing the policy." +
"Using this REST API you are able to save a created Policy and this policy will be in the inactive state.", "Using this REST API you are able to save a created Policy and this policy will be in the inactive state.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:manage")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -148,12 +204,10 @@ public interface PolicyManagementService {
notes = "Retrieve the details of all the policies in WSO2 EMM.", notes = "Retrieve the details of all the policies in WSO2 EMM.",
response = Policy.class, response = Policy.class,
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:get-details")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/view", })
description = "View policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -225,12 +279,10 @@ public interface PolicyManagementService {
notes = "Retrieve the details of a policy that is in WSO2 EMM.", notes = "Retrieve the details of a policy that is in WSO2 EMM.",
response = Policy.class, response = Policy.class,
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:get-policy-details")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/view", })
description = "View policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -295,12 +347,10 @@ public interface PolicyManagementService {
value = "Updating a Policy", value = "Updating a Policy",
notes = "Make changes to an existing policy by updating the policy using this resource.", notes = "Make changes to an existing policy by updating the policy using this resource.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:update")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -365,12 +415,10 @@ public interface PolicyManagementService {
value = "Removing Multiple Policies", value = "Removing Multiple Policies",
notes = "Delete one or more than one policy using this API.", notes = "Delete one or more than one policy using this API.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:remove")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -413,12 +461,10 @@ public interface PolicyManagementService {
value = "Activating Policies", value = "Activating Policies",
notes = "Publish a policy using this API to bring a policy that is in the inactive state to the active state.", notes = "Publish a policy using this API to bring a policy that is in the inactive state to the active state.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:activate")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -456,12 +502,10 @@ public interface PolicyManagementService {
value = "Deactivating Policies", value = "Deactivating Policies",
notes = "Unpublish a policy using this API to bring a policy that is in the active state to the inactive state.", notes = "Unpublish a policy using this API to bring a policy that is in the active state to the inactive state.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:deactivate")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -504,12 +548,10 @@ public interface PolicyManagementService {
" devices will not receive these changes immediately. Once all the required changes are made" + " devices will not receive these changes immediately. Once all the required changes are made" +
" you need to apply the changes to push the policy changes to the existing devices.", " you need to apply the changes to push the policy changes to the existing devices.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:changes")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -534,13 +576,11 @@ public interface PolicyManagementService {
value = "Updating the Policy Priorities", value = "Updating the Policy Priorities",
notes = "Make changes to the existing policy priority order by updating the priority order using this API.", notes = "Make changes to the existing policy priority order by updating the priority order using this API.",
tags = "Device Policy Management", tags = "Device Policy Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:priorities")
scopes = { @AuthorizationScope(scope = "/device-mgt/policies/manage", })
description = "Manage policies") } }
)
}
) )
@ApiResponses( @ApiResponses(
value = { value = {
@ -565,7 +605,6 @@ public interface PolicyManagementService {
@GET @GET
@Path("/effective-policy/{deviceType}/{deviceId}") @Path("/effective-policy/{deviceType}/{deviceId}")
@Permission(name = "Get Effective Policy of Devices", permission = "/device-mgt/policies/view")
Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType); Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType);
} }

@ -24,16 +24,17 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.user.mgt.common.UIPermissionNode; import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -56,6 +57,58 @@ import java.util.List;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Getting the List of Roles",
description = "Getting the List of Roles",
key = "perm:roles:view",
permissions = {"/device-mgt/roles/view"}
),
@Scope(
name = "Getting Permission Details of a Role",
description = "Getting Permission Details of a Role",
key = "perm:roles:permissions",
permissions = {"/device-mgt/roles/view"}
),
@Scope(
name = "Getting the List of Roles",
description = "Getting the List of Roles",
key = "perm:roles:details",
permissions = {"/device-mgt/roles/view"}
),
@Scope(
name = "Adding a Role",
description = "Adding a Role",
key = "perm:roles:add",
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Adding a combined Role",
description = "Adding a combined Role",
key = "perm:roles:create-combined-role",
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Updating Role Details",
description = "Updating Role Details",
key = "perm:roles:update",
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Deleting a Role",
description = "Deleting a Role",
key = "perm:roles:delete",
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Adding Users to a Role",
description = "Adding Users to a Role",
key = "perm:roles:add-users",
permissions = {"/device-mgt/roles/manage"}
)
}
)
@Path("/roles") @Path("/roles")
@Api(value = "Role Management", description = "Role management related operations can be found here.") @Api(value = "Role Management", description = "Role management related operations can be found here.")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@ -70,11 +123,10 @@ public interface RoleManagementService {
notes = "WSO2 EMM supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 EMM.\n" + notes = "WSO2 EMM supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 EMM.\n" +
"Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.", "Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/view", description = "View Roles") } })
)
} }
) )
@ApiResponses( @ApiResponses(
@ -151,11 +203,10 @@ public interface RoleManagementService {
response = UIPermissionNode.class, response = UIPermissionNode.class,
responseContainer = "List", responseContainer = "List",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:permissions")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/view", description = "View Roles") } })
)
} }
) )
@ApiResponses( @ApiResponses(
@ -227,12 +278,10 @@ public interface RoleManagementService {
notes = "Get the permissions associated with a role and role specific details using this REST API.", notes = "Get the permissions associated with a role and role specific details using this REST API.",
response = RoleInfo.class, response = RoleInfo.class,
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:details")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/view", })
description = "View Roles") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -303,12 +352,10 @@ public interface RoleManagementService {
value = "Adding a Role", value = "Adding a Role",
notes = "WSO2 EMM supports role-based access control (RBAC) and role management. Add a new role to WSO2 EMM using this REST API.", notes = "WSO2 EMM supports role-based access control (RBAC) and role management. Add a new role to WSO2 EMM using this REST API.",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:add")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/manage", })
description = "Manage Roles") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -365,12 +412,10 @@ public interface RoleManagementService {
value = "Adding a combined Role", value = "Adding a combined Role",
notes = "WSO2 EMM supports role-based access control (RBAC) and role management. Add a new combined role to WSO2 EMM using this REST API.", notes = "WSO2 EMM supports role-based access control (RBAC) and role management. Add a new combined role to WSO2 EMM using this REST API.",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:create-combined-role")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/manage", })
description = "Manage Roles") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -430,12 +475,10 @@ public interface RoleManagementService {
notes = "There will be situations where you need to update the role details, such as the permissions" + notes = "There will be situations where you need to update the role details, such as the permissions" +
" or the role name. Update the role details using this REST API.", " or the role name. Update the role details using this REST API.",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:update")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/manage", })
description = "Manage Roles") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -498,12 +541,10 @@ public interface RoleManagementService {
notes = "Roles become obsolete over time due to various reasons. In a situation where your Organization identifies that a specific role is no longer required, you " + notes = "Roles become obsolete over time due to various reasons. In a situation where your Organization identifies that a specific role is no longer required, you " +
"can delete a role using this REST API.", "can delete a role using this REST API.",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:delete")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/manage", })
description = "Manage Roles") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -550,12 +591,10 @@ public interface RoleManagementService {
"be cumbersome. Therefore, you can define all the new employees that belong to the engineering " + "be cumbersome. Therefore, you can define all the new employees that belong to the engineering " +
"role using this API.", "role using this API.",
tags = "Role Management", tags = "Role Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:add-users")
scopes = { @AuthorizationScope(scope = "/device-mgt/roles/manage", })
description = "Manage Roles") }
)
} }
) )
@ApiResponses( @ApiResponses(

@ -18,20 +18,22 @@
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.api; package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Info;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import org.apache.axis2.transport.http.HTTPConstants; import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList;
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation; import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
@ -39,6 +41,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.Valid; import javax.validation.Valid;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
@ -70,6 +73,76 @@ import java.util.List;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "Adding a User",
description = "Adding a User",
key = "perm:users:add",
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Getting Details of a User",
description = "Getting Details of a User",
key = "perm:users:details",
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Updating Details of a User",
description = "Updating Details of a User",
key = "perm:users:update",
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Deleting a User",
description = "Deleting a User",
key = "perm:users:delete",
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Getting the Role Details of a User",
description = "Getting the Role Details of a User",
key = "perm:users:roles",
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Getting Details of Users",
description = "Getting Details of Users",
key = "perm:users:user-details",
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Getting the User Count",
description = "Getting the User Count",
key = "perm:users:count",
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Getting the User existence status",
description = "Getting the User existence status",
key = "perm:users:is-exist",
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Searching for a User Name",
description = "Searching for a User Name",
key = "perm:users:search",
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Changing the User Password",
description = "Adding a User",
key = "perm:users:credentials",
permissions = {"/login"}
),
@Scope(
name = "Sending Enrollment Invitations to Users",
description = "Sending Enrollment Invitations to Users",
key = "perm:users:send-invitation",
permissions = {"/device-mgt/users/manage"}
)
}
)
@Path("/users") @Path("/users")
@Api(value = "User Management", description = "User management related operations can be found here.") @Api(value = "User Management", description = "User management related operations can be found here.")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@ -84,12 +157,10 @@ public interface UserManagementService {
value = "Adding a User", value = "Adding a User",
notes = "WSO2 IoTS supports user management. Add a new user to the WSO2 IoTS user management system via this REST API", notes = "WSO2 IoTS supports user management. Add a new user to the WSO2 IoTS user management system via this REST API",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:add")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/manage", })
description = "Manage Users") }
)
} }
) )
@ApiResponses( @ApiResponses(
@ -146,12 +217,10 @@ public interface UserManagementService {
notes = "Get the details of a user registered with WSO2 IoTS using the REST API.", notes = "Get the details of a user registered with WSO2 IoTS using the REST API.",
response = BasicUserInfo.class, response = BasicUserInfo.class,
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:details")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/view", })
description = "View Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -219,12 +288,10 @@ public interface UserManagementService {
notes = "There will be situations where you will want to update the user details. In such " notes = "There will be situations where you will want to update the user details. In such "
+ "situation you can update the user details using this REST API.", + "situation you can update the user details using this REST API.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:update")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/manage", })
description = "Manage Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -286,12 +353,10 @@ public interface UserManagementService {
value = "Deleting a User", value = "Deleting a User",
notes = "When an employee leaves the organization, you can remove the user details from WSO2 IoTS using this REST API.", notes = "When an employee leaves the organization, you can remove the user details from WSO2 IoTS using this REST API.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:delete")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/manage", })
description = "Manage Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -331,12 +396,10 @@ public interface UserManagementService {
value = "Getting the Role Details of a User", value = "Getting the Role Details of a User",
notes = "A user can be assigned to one or more role in IoTS. Using this REST API you can get the role/roles a user is assigned to.", notes = "A user can be assigned to one or more role in IoTS. Using this REST API you can get the role/roles a user is assigned to.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:roles")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/view", })
description = "View Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -395,12 +458,10 @@ public interface UserManagementService {
notes = "You are able to manage users in WSO2 IoTS by adding, updating and removing users. If you wish to get the list of users registered with WSO2 IoTS, you can do so " notes = "You are able to manage users in WSO2 IoTS by adding, updating and removing users. If you wish to get the list of users registered with WSO2 IoTS, you can do so "
+ "using this REST API", + "using this REST API",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:user-details")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/view", })
description = "View Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -468,11 +529,10 @@ public interface UserManagementService {
value = "Getting the User Count", value = "Getting the User Count",
notes = "Get the number of users in WSO2 IoTS via this REST API.", notes = "Get the number of users in WSO2 IoTS via this REST API.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:count")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/view", description = "View Users") } })
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -504,12 +564,10 @@ public interface UserManagementService {
value = "Getting the User existence status", value = "Getting the User existence status",
notes = "Check if the user exists in the user store.", notes = "Check if the user exists in the user store.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:is-exist")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/view", })
description = "View Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -549,11 +607,10 @@ public interface UserManagementService {
+ "You will be given a list of users having the user name in the exact order of the " + "You will be given a list of users having the user name in the exact order of the "
+ "characters you provided.", + "characters you provided.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:search")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/view", description = "View Users") } })
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -627,11 +684,10 @@ public interface UserManagementService {
value = "Changing the User Password", value = "Changing the User Password",
notes = "A user is able to change the password to secure their WSO2 IoTS profile via this REST API.", notes = "A user is able to change the password to secure their WSO2 IoTS profile via this REST API.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:credentials")
scopes = { @AuthorizationScope(scope = "/login", description = "Reset user password") } })
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -673,11 +729,10 @@ public interface UserManagementService {
notes = "Send the users a mail inviting them to enroll their devices using the REST API given below.\n" + notes = "Send the users a mail inviting them to enroll their devices using the REST API given below.\n" +
"Before running the REST API command to send the enrollment invitations to users make sure to configure WSO2 IoTS as explained in step 4, under the WSO2 IoTS general server configurations documentation.", "Before running the REST API command to send the enrollment invitations to users make sure to configure WSO2 IoTS as explained in step 4, under the WSO2 IoTS general server configurations documentation.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:send-invitation")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/manage", description = "Manage Users") } })
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -18,11 +18,22 @@
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.SwaggerDefinition;
import org.wso2.carbon.apimgt.annotations.api.Permission; import io.swagger.annotations.Info;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.POST; import javax.ws.rs.POST;
@ -50,6 +61,22 @@ import javax.ws.rs.core.Response;
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " + @Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and do a selected number of operations. " + "'internal' components to log in as an admin user and do a selected number of operations. " +
"Further, this is strictly restricted to admin users only ") "Further, this is strictly restricted to admin users only ")
@Scopes(
scopes = {
@Scope(
name = "Installing an Application (Internal API)",
description = "Installing an Application (Internal API)",
key = "perm:applications:install",
permissions = {"/device-mgt/applications/manage"}
),
@Scope(
name = "Uninstalling an Application (Internal API)",
description = "Uninstalling an Application (Internal API)",
key = "perm:applications:uninstall",
permissions = {"/device-mgt/applications/manage"}
)
}
)
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public interface ApplicationManagementAdminService { public interface ApplicationManagementAdminService {
@ -64,12 +91,10 @@ public interface ApplicationManagementAdminService {
notes = "This is an internal API that can be used to install an application on a device.", notes = "This is an internal API that can be used to install an application on a device.",
response = Activity.class, response = Activity.class,
tags = "Application Management Administrative Service", tags = "Application Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:applications:install")
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description })
= "Install/Uninstall applications") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -110,12 +135,10 @@ public interface ApplicationManagementAdminService {
notes = "This is an internal API that can be used to uninstall an application.", notes = "This is an internal API that can be used to uninstall an application.",
response = Activity.class, response = Activity.class,
tags = "Application Management Administrative Service", tags = "Application Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:applications:uninstall")
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description })
= "Install/Uninstall applications") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -22,7 +22,6 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;

@ -24,15 +24,16 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -60,6 +61,16 @@ import javax.ws.rs.core.Response;
"Further, this is strictly restricted to admin users only ") "Further, this is strictly restricted to admin users only ")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@Scopes(
scopes = {
@Scope(
name = "Getting Details of a Device",
description = "Getting Details of a Device",
key = "perm:admin:devices:view",
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
)
public interface DeviceManagementAdminService { public interface DeviceManagementAdminService {
@GET @GET
@ -71,12 +82,10 @@ public interface DeviceManagementAdminService {
response = Device.class, response = Device.class,
responseContainer = "List", responseContainer = "List",
tags = "Device Management Administrative Service", tags = "Device Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:admin:devices:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", description })
= "View Devices") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -25,16 +25,17 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.apache.axis2.transport.http.HTTPConstants; import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -61,6 +62,22 @@ import javax.ws.rs.core.Response;
@Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " + @Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and do a selected number of operations. " + "'internal' components to log in as an admin user and do a selected number of operations. " +
"Further, this is strictly restricted to admin users only ") "Further, this is strictly restricted to admin users only ")
@Scopes(
scopes = {
@Scope(
name = "View groups",
description = "",
key = "perm:admin-groups:view",
permissions = {"/device-mgt/admin/groups/view"}
),
@Scope(
name = "Count groups",
description = "",
key = "perm:admin-groups:count",
permissions = {"/device-mgt/admin/groups/view"}
)
}
)
public interface GroupManagementAdminService { public interface GroupManagementAdminService {
@GET @GET
@ -70,12 +87,10 @@ public interface GroupManagementAdminService {
value = "Get the list of groups.", value = "Get the list of groups.",
notes = "Returns all groups enrolled with the system.", notes = "Returns all groups enrolled with the system.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:admin-groups:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description })
= "View Groups") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -135,12 +150,10 @@ public interface GroupManagementAdminService {
value = "Get the count of groups belongs to current user.", value = "Get the count of groups belongs to current user.",
notes = "Returns count of all permitted groups enrolled with the system.", notes = "Returns count of all permitted groups enrolled with the system.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:admin-groups:count")
scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description })
= "View Groups") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -24,14 +24,15 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -53,6 +54,16 @@ import javax.ws.rs.core.Response;
@Tag(name = "device_management", description = "") @Tag(name = "device_management", description = "")
} }
) )
@Scopes(
scopes = {
@Scope(
name = "View Users",
description = "View Users",
key = "perm:admin-users:view",
permissions = {"/device-mgt/users/manage"}
)
}
)
@Path("/admin/users") @Path("/admin/users")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@ -71,12 +82,10 @@ public interface UserManagementAdminService {
notes = "The EMM administrator is able to change the password of the users in " + notes = "The EMM administrator is able to change the password of the users in " +
"the system and block them from logging into their EMM profile using this REST API.", "the system and block them from logging into their EMM profile using this REST API.",
tags = "User Management Administrative Service", tags = "User Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:admin-users:view")
scopes = { @AuthorizationScope(scope = "/device-mgt/users/manage", description })
= "View Users") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -24,8 +24,11 @@ import io.swagger.jaxrs.config.ReaderListener;
import io.swagger.models.Swagger; import io.swagger.models.Swagger;
import io.swagger.models.auth.OAuth2Definition; import io.swagger.models.auth.OAuth2Definition;
import io.swagger.models.auth.SecuritySchemeDefinition; import io.swagger.models.auth.SecuritySchemeDefinition;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List;
import java.util.Map; import java.util.Map;
@SwaggerDefinition( @SwaggerDefinition(
@ -54,6 +57,7 @@ public class SecurityDefinitionConfigurator implements ReaderListener {
schemes.put(TOKEN_AUTH_SCHEME, tokenScheme); schemes.put(TOKEN_AUTH_SCHEME, tokenScheme);
swagger.setSecurityDefinitions(schemes); swagger.setSecurityDefinitions(schemes);
//TODO: Have to add wso2-scopes to swagger definition from here
} }
} }

@ -27,6 +27,7 @@ public class Constants {
public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname"; public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname";
public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname"; public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname";
public static final String PRIMARY_USER_STORE = "PRIMARY"; public static final String PRIMARY_USER_STORE = "PRIMARY";
public static final String SCOPE = "scope";
public final class ErrorMessages { public final class ErrorMessages {
private ErrorMessages () { throw new AssertionError(); } private ErrorMessages () { throw new AssertionError(); }

@ -23,6 +23,7 @@ import io.swagger.models.Swagger;
import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardContext;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
@ -38,10 +39,7 @@ import java.net.URI;
import java.net.URL; import java.net.URL;
import java.security.AccessController; import java.security.AccessController;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.ArrayList; import java.util.*;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
public class AnnotationProcessor { public class AnnotationProcessor {
@ -56,11 +54,16 @@ public class AnnotationProcessor {
private static final String STRING_ARR = "string_arr"; private static final String STRING_ARR = "string_arr";
private static final String STRING = "string"; private static final String STRING = "string";
private static final String SWAGGER_ANNOTATIONS_AUTHORIZATIONS = "authorizations"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES = "properties";
private static final String SWAGGER_ANNOTATIONS_PERMISSION = "permission"; private static final String SWAGGER_ANNOTATIONS_EXTENSIONS = "extensions";
private static final String SWAGGER_ANNOTATIONS_SCOPES = "scopes"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
private static final String SWAGGER_ANNOTATIONS_SCOPE = "scope"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_NAME = "name";
private static final String SWAGGER_ANNOTATIONS_DESCRIPTION = "description"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION = "description";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String PERMISSION_PREFIX = "/permission/admin";
private StandardContext context; private StandardContext context;
private Method[] pathClazzMethods; private Method[] pathClazzMethods;
@ -74,6 +77,11 @@ public class AnnotationProcessor {
private Class<io.swagger.annotations.ApiOperation> apiOperation; private Class<io.swagger.annotations.ApiOperation> apiOperation;
private Class<io.swagger.annotations.Authorization> authorizationClass; private Class<io.swagger.annotations.Authorization> authorizationClass;
private Class<io.swagger.annotations.AuthorizationScope> authorizationScopeClass; private Class<io.swagger.annotations.AuthorizationScope> authorizationScopeClass;
private Class<io.swagger.annotations.Extension> extensionClass;
private Class<io.swagger.annotations.ExtensionProperty> extensionPropertyClass;
private Class<org.wso2.carbon.apimgt.annotations.api.Scope> scopeClass;
private Class<org.wso2.carbon.apimgt.annotations.api.Scopes> scopesClass;
private Map<String, Scope> apiScopes;
public AnnotationProcessor(final StandardContext context) { public AnnotationProcessor(final StandardContext context) {
@ -90,6 +98,15 @@ public class AnnotationProcessor {
.loadClass((io.swagger.annotations.Authorization.class.getName())); .loadClass((io.swagger.annotations.Authorization.class.getName()));
authorizationScopeClass = (Class<io.swagger.annotations.AuthorizationScope>)classLoader authorizationScopeClass = (Class<io.swagger.annotations.AuthorizationScope>)classLoader
.loadClass((io.swagger.annotations.AuthorizationScope.class.getName())); .loadClass((io.swagger.annotations.AuthorizationScope.class.getName()));
extensionClass = (Class<io.swagger.annotations.Extension>)classLoader
.loadClass((io.swagger.annotations.Extension.class.getName()));
extensionPropertyClass = (Class<io.swagger.annotations.ExtensionProperty>)classLoader
.loadClass(io.swagger.annotations.ExtensionProperty.class.getName());
scopeClass = (Class<org.wso2.carbon.apimgt.annotations.api.Scope>) classLoader
.loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
scopesClass = (Class<org.wso2.carbon.apimgt.annotations.api.Scopes>) classLoader
.loadClass(org.wso2.carbon.apimgt.annotations.api.Scopes.class.getName());
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {
log.error("An error has occurred while loading classes ", e); log.error("An error has occurred while loading classes ", e);
} }
@ -135,6 +152,10 @@ public class AnnotationProcessor {
try { try {
clazz = classLoader.loadClass(className); clazz = classLoader.loadClass(className);
Annotation apiAnno = clazz.getAnnotation(apiClazz); Annotation apiAnno = clazz.getAnnotation(apiClazz);
Annotation scopesAnno = clazz.getAnnotation(scopesClass);
if (scopesAnno != null) {
apiScopes = processAPIScopes(scopesAnno);
}
List<Permission> resourceList; List<Permission> resourceList;
if (apiAnno != null) { if (apiAnno != null) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
@ -165,7 +186,9 @@ public class AnnotationProcessor {
} }
} }
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {
log.error("Error when passing the api annotation for device type apis."); log.error("Error when passing the api annotation for device type apis.", e);
} catch (Throwable e) {
log.error("Error when passing the scopes annotation for device type apis.", e);
} }
return apiPermissions; return apiPermissions;
} }
@ -342,28 +365,55 @@ public class AnnotationProcessor {
private void setPermission(Annotation currentMethod, Permission permission) throws Throwable { private void setPermission(Annotation currentMethod, Permission permission) throws Throwable {
InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod); InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod);
Annotation[] authorizations = (Annotation[]) methodHandler.invoke(currentMethod Annotation[] extensions = (Annotation[]) methodHandler.invoke(currentMethod,
, apiOperation.getMethod(SWAGGER_ANNOTATIONS_AUTHORIZATIONS,null),null); apiOperation.getMethod(SWAGGER_ANNOTATIONS_EXTENSIONS, null), null);
for(int i=0; i<authorizations.length; i++){ methodHandler = Proxy.getInvocationHandler(extensions[0]);
methodHandler = Proxy.getInvocationHandler(authorizations[i]); Annotation[] properties = (Annotation[])methodHandler.invoke(extensions[0], extensionClass
String value =(String)methodHandler.invoke(authorizations[i], authorizationClass.getMethod("value", null) .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES,null), null);
,null); Scope scope;
if(SWAGGER_ANNOTATIONS_PERMISSION.equals(value)){ for (Annotation property : properties) {
Annotation[] scopes =(Annotation[])methodHandler.invoke(authorizations[i], authorizationClass methodHandler = Proxy.getInvocationHandler(property);
.getMethod(SWAGGER_ANNOTATIONS_SCOPES, null),null); String scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
String[] scopesList = new String[scopes.length]; .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null),null);
String[] descriptions = new String[scopes.length]; if (!scopeKey.isEmpty()) {
for(int j=0; j<scopes.length; j++){ scope = apiScopes.get(scopeKey);
methodHandler = Proxy.getInvocationHandler(scopes[j]); permission.setName(scope.getName());
scopesList[j] = (String)methodHandler.invoke(authorizations[j], authorizationScopeClass //TODO: currently permission tree supports only adding one permission per API point.
.getMethod(SWAGGER_ANNOTATIONS_SCOPE, null),null); permission.setPath(scope.getRoles().split(" ")[0]);
descriptions[j] = (String)methodHandler.invoke(authorizations[j], authorizationScopeClass }
.getMethod(SWAGGER_ANNOTATIONS_DESCRIPTION, null),null); }
} }
//todo currently permission tree supports only adding one permission per API point.
permission.setName(descriptions[0]); private Map<String,Scope> processAPIScopes(Annotation annotation) throws Throwable {
permission.setPath(scopesList[0]); Map<String, Scope> scopes = new HashMap<>();
InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation);
Annotation[] annotatedScopes = (Annotation[]) methodHandler.invoke(annotation, scopesClass
.getMethod(ANNOTATIONS_SCOPES, null), null);
Scope scope;
String permissions[];
StringBuilder aggregatedPermissions;
for(int i=0; i<annotatedScopes.length; i++){
aggregatedPermissions = new StringBuilder();
methodHandler = Proxy.getInvocationHandler(annotatedScopes[i]);
scope = new Scope();
scope.setName(invokeMethod(scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_NAME), annotatedScopes[i], STRING));
scope.setDescription(invokeMethod(scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION), annotatedScopes[i], STRING));
scope.setKey(invokeMethod(scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_KEY), annotatedScopes[i], STRING));
permissions = (String[])methodHandler.invoke(annotatedScopes[i], scopeClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS, null),null);
for (String permission : permissions) {
aggregatedPermissions.append(PERMISSION_PREFIX);
aggregatedPermissions.append(permission);
aggregatedPermissions.append(" ");
} }
scope.setRoles(aggregatedPermissions.toString());
scopes.put(scope.getKey(), scope);
} }
return scopes;
} }
} }

@ -62,53 +62,84 @@
"copyrightSuffix" : " All Rights Reserved." "copyrightSuffix" : " All Rights Reserved."
}, },
"scopes" : [ "scopes" : [
"user:manage", "perm:sign-csr",
"user:view", "perm:admin:devices:view",
"device-type:admin:view", "perm:roles:add",
"device:view", "perm:roles:add-users",
"notification:view", "perm:roles:update",
"device:admin:view", "perm:roles:permissions",
"application:manage", "perm:roles:details",
"activity:view", "perm:roles:view",
"user:admin:reset-password", "perm:roles:create-combined-role",
"policy:manage", "perm:roles:delete",
"policy:view", "perm:dashboard:vulnerabilities",
"role:manage", "perm:dashboard:non-compliant-count",
"role:view", "perm:dashboard:non-compliant",
"configuration:view", "perm:dashboard:by-groups",
"configuration:modify", "perm:dashboard:device-counts",
"device:android:operation:reboot", "perm:dashboard:feature-non-compliant",
"device:android:operation:camera", "perm:dashboard:count-overview",
"device:android:operation:vpn", "perm:dashboard:filtered-count",
"device:android:operation:lock", "perm:dashboard:details",
"device:android:operation:ring", "perm:get-activity",
"device:android:operation:update-app", "perm:devices:delete",
"device:android:operation:wipe", "perm:devices:applications",
"device:android:operation:encrypt", "perm:devices:effective-policy",
"device:android:operation:blacklist-app", "perm:devices:compliance-data",
"device:android:operation:applications", "perm:devices:features",
"device:android:operation:enterprise-wipe", "perm:devices:operations",
"device:android:operation:info", "perm:devices:search",
"device:android:operation:wifi", "perm:devices:details",
"device:android:operation:uninstall-app", "perm:devices:view",
"device:android:operation:change-lock", "perm:view-configuration",
"device:android:operation:notification", "perm:manage-configuration",
"device:android:operation:upgrade", "perm:policies:remove",
"device:android:operation:unlock", "perm:policies:priorities",
"device:android:operation:mute", "perm:policies:deactivate",
"device:android:operation:location", "perm:policies:get-policy-details",
"device:android:operation:webclip", "perm:policies:manage",
"device:android:operation:clear-password", "perm:policies:activate",
"device:android:operation:password-policy", "perm:policies:update",
"device:android:operation:install-app", "perm:policies:changes",
"device:android:event:write", "perm:policies:get-details",
"device:android:event:read", "perm:users:add",
"device:android:enroll", "perm:users:details",
"configuration:manage", "perm:users:count",
"configuration:view", "perm:users:delete",
"device:android:enroll", "perm:users:roles",
"certificate:view", "perm:users:user-details",
"certificate:manage" "perm:users:credentials",
"perm:users:search",
"perm:users:is-exist",
"perm:users:update",
"perm:users:send-invitation",
"perm:admin-users:view",
"perm:groups:devices",
"perm:groups:update",
"perm:groups:add",
"perm:groups:device",
"perm:groups:devices-count",
"perm:groups:remove",
"perm:groups:groups",
"perm:groups:groups-view",
"perm:groups:share",
"perm:groups:count",
"perm:groups:roles",
"perm:groups:devices-remove",
"perm:groups:devices-add",
"perm:groups:assign",
"perm:device-types:features",
"perm:device-types:types",
"perm:applications:install",
"perm:applications:uninstall",
"perm:admin-groups:count",
"perm:admin-groups:view",
"perm:notifications:mark-checked",
"perm:notifications:view",
"perm:admin:certificates:delete",
"perm:admin:certificates:details",
"perm:admin:certificates:view",
"perm:admin:certificates:add"
], ],
"isOAuthEnabled" : true, "isOAuthEnabled" : true,
"backendRestEndpoints" : { "backendRestEndpoints" : {

@ -1870,7 +1870,7 @@
<properties> <properties>
<servelet.jsp.version>2.2.1</servelet.jsp.version> <servelet.jsp.version>2.2.1</servelet.jsp.version>
<testng.version>6.1.1</testng.version> <testng.version>6.1.1</testng.version>
<carbon.kernel.version>4.4.10</carbon.kernel.version> <carbon.kernel.version>4.4.11</carbon.kernel.version>
<carbon.kernel.449.version>4.4.9</carbon.kernel.449.version> <carbon.kernel.449.version>4.4.9</carbon.kernel.449.version>
<carbon.kernel.version.range>[4.4.0, 5.0.0)</carbon.kernel.version.range> <carbon.kernel.version.range>[4.4.0, 5.0.0)</carbon.kernel.version.range>
<carbon.p2.plugin.version>1.5.4</carbon.p2.plugin.version> <carbon.p2.plugin.version>1.5.4</carbon.p2.plugin.version>
@ -1914,12 +1914,12 @@
<carbon.deployment.version>4.7.2</carbon.deployment.version> <carbon.deployment.version>4.7.2</carbon.deployment.version>
<!-- Carbon Identity --> <!-- Carbon Identity -->
<carbon.identity.framework.version>5.6.89</carbon.identity.framework.version> <carbon.identity.framework.version>5.7.0</carbon.identity.framework.version>
<identity.inbound.auth.oauth.version>5.2.33</identity.inbound.auth.oauth.version> <identity.inbound.auth.oauth.version>5.3.1</identity.inbound.auth.oauth.version>
<identity.inbound.auth.saml.version>5.2.14</identity.inbound.auth.saml.version> <identity.inbound.auth.saml.version>5.3.0</identity.inbound.auth.saml.version>
<!-- Carbon Identity import version ranges --> <!-- Carbon Identity import version ranges -->
<carbon.identity.imp.pkg.version>[5.6.0, 6.0.0)</carbon.identity.imp.pkg.version> <carbon.identity.imp.pkg.version>[5.7.0, 6.0.0)</carbon.identity.imp.pkg.version>
<carbon.identity-inbound-auth-oauth.imp.pkg.version>[5.2.0, 6.0.0)</carbon.identity-inbound-auth-oauth.imp.pkg.version> <carbon.identity-inbound-auth-oauth.imp.pkg.version>[5.2.0, 6.0.0)</carbon.identity-inbound-auth-oauth.imp.pkg.version>
<carbon.identity-user-ws.imp.pkg.version>[5.1.0, 6.0.0)</carbon.identity-user-ws.imp.pkg.version> <carbon.identity-user-ws.imp.pkg.version>[5.1.0, 6.0.0)</carbon.identity-user-ws.imp.pkg.version>
@ -1945,7 +1945,7 @@
<commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range> <commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range>
<!-- Carbon API Management --> <!-- Carbon API Management -->
<carbon.api.mgt.version>6.1.2</carbon.api.mgt.version> <carbon.api.mgt.version>6.1.35</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(6.0.0,7.0.0]</carbon.api.mgt.version.range> <carbon.api.mgt.version.range>(6.0.0,7.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Analytics Commons --> <!-- Carbon Analytics Commons -->

Loading…
Cancel
Save