From e7e8cb62b6ee2bc9a190d452da8c42a29e9d0a6a Mon Sep 17 00:00:00 2001 From: GPrathap Date: Sun, 29 Jan 2017 16:43:06 +0530 Subject: [PATCH] fixing permission issue when viewing device analytics dashboard --- .../pom.xml | 1 + .../dao/AbstractGadgetDataServiceDAO.java | 251 ++++++++++++++---- .../impl/GenericGadgetDataServiceDAOImpl.java | 164 +++++++++--- .../impl/MSSQLGadgetDataServiceDAOImpl.java | 10 +- .../impl/OracleGadgetDataServiceDAOImpl.java | 6 +- .../PostgreSQLGadgetDataServiceDAOImpl.java | 10 +- .../mgt/analytics/dashboard/util/APIUtil.java | 56 ++-- 7 files changed, 373 insertions(+), 125 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/pom.xml index 8f3729bc54b..05b36087e70 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/pom.xml @@ -62,6 +62,7 @@ org.wso2.carbon.device.mgt.analytics.dashboard, + org.wso2.carbon.device.mgt.analytics.dashboard.util, org.wso2.carbon.device.mgt.analytics.dashboard.exception, org.wso2.carbon.device.mgt.analytics.dashboard.bean diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/AbstractGadgetDataServiceDAO.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/AbstractGadgetDataServiceDAO.java index 80d0fbac51e..4cad3f22016 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/AbstractGadgetDataServiceDAO.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/AbstractGadgetDataServiceDAO.java @@ -18,13 +18,16 @@ package org.wso2.carbon.device.mgt.analytics.dashboard.dao; -import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.BasicFilterSet; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.DeviceWithDetails; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.DeviceCountByGroup; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.ExtendedFilterSet; import org.wso2.carbon.device.mgt.analytics.dashboard.exception.InvalidFeatureCodeValueException; import org.wso2.carbon.device.mgt.analytics.dashboard.exception.InvalidPotentialVulnerabilityValueException; +import org.wso2.carbon.device.mgt.analytics.dashboard.util.APIUtil; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.core.dao.util.DeviceManagementDAOUtil; import java.sql.Connection; @@ -37,9 +40,11 @@ import java.util.List; import java.util.Map; import static org.wso2.carbon.device.mgt.analytics.dashboard.util.APIUtil.getAuthenticatedUser; +import static org.wso2.carbon.device.mgt.analytics.dashboard.util.APIUtil.getAuthenticatedUserTenantDomainId; public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceDAO { + private static final Log log = LogFactory.getLog(AbstractGadgetDataServiceDAO.class); @Override public DeviceCountByGroup getTotalDeviceCount(String userName) throws SQLException { int totalDeviceCount; @@ -52,7 +57,6 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD deviceCountByGroup.setGroup("total"); deviceCountByGroup.setDisplayNameForGroup("Total"); deviceCountByGroup.setDeviceCount(totalDeviceCount); - return deviceCountByGroup; } @@ -75,24 +79,37 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); int filteredDeviceCount = 0; try { + String sql; con = this.getConnection(); - String sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ?"; + if (APIUtil.isDeviceAdminUser()) { + sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO WHERE TENANT_ID = ?"; + } else { + sql = "SELECT COUNT(POLICY__INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO INNER JOIN" + + " DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID AND " + + " POLICY__INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? "; + } // appending filters to support advanced filtering options // [1] appending filter columns if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - sql = sql + " AND " + column + " = ?"; + sql = sql + " AND POLICY__INFO." + column + " = ? "; } } - stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist + stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); + int index = 2; + if (!APIUtil.isDeviceAdminUser()) { + stmt.setString(2, userName); + index = 3; + } if (filters != null && filters.values().size() > 0) { - int i = 2; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -108,6 +125,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD while (rs.next()) { filteredDeviceCount = rs.getInt("DEVICE_COUNT"); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -127,25 +147,39 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); int filteredDeviceCount = 0; try { + String sql; con = this.getConnection(); - String sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? AND FEATURE_CODE = ?"; + if (APIUtil.isDeviceAdminUser()) { + sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO WHERE TENANT_ID =" + + " ? AND FEATURE_CODE = ?"; + } else { + sql = "SELECT COUNT(FEATURE_INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID AND " + + "FEATURE_INFO.TENANT_ID = ? AND FEATURE_INFO.FEATURE_CODE = ? AND ENR_DB.OWNER = ? "; + } // appending filters to support advanced filtering options // [1] appending filter columns if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - sql = sql + " AND " + column + " = ?"; + sql = sql + " AND FEATURE_INFO." + column + " = ?"; } } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); stmt.setString(2, featureCode); + int index = 3; + if (!APIUtil.isDeviceAdminUser()) { + stmt.setString(3, userName); + index = 4; + } if (filters != null && filters.values().size() > 0) { - int i = 3; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -161,6 +195,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD while (rs.next()) { filteredDeviceCount = rs.getInt("DEVICE_COUNT"); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -178,16 +215,28 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List deviceCountsByConnectivityStatuses = new ArrayList<>(); try { + String sql; con = this.getConnection(); - String sql = "SELECT CONNECTIVITY_STATUS, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + - " WHERE TENANT_ID = ? GROUP BY CONNECTIVITY_STATUS"; + if (APIUtil.isDeviceAdminUser()) { + sql = "SELECT CONNECTIVITY_STATUS, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + + " WHERE TENANT_ID = ? GROUP BY CONNECTIVITY_STATUS"; + } else { + sql = "SELECT POLICY__INFO.CONNECTIVITY_STATUS AS CONNECTIVITY_STATUS, " + + "COUNT(POLICY__INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO " + + "INNER JOIN DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID " + + " AND POLICY__INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? GROUP BY POLICY__INFO.CONNECTIVITY_STATUS"; + } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + } // executing query rs = stmt.executeQuery(); // fetching query results @@ -199,6 +248,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD deviceCountByConnectivityStatus.setDeviceCount(rs.getInt("DEVICE_COUNT")); deviceCountsByConnectivityStatuses.add(deviceCountByConnectivityStatus); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -258,7 +310,7 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDeviceCountsByPlatforms = new ArrayList<>(); try { con = this.getConnection(); @@ -267,16 +319,30 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - advancedSqlFiltering = advancedSqlFiltering + "AND " + column + " = ? "; + advancedSqlFiltering = advancedSqlFiltering + " AND POLICY__INFO." + column + " = ? "; } } - sql = "SELECT PLATFORM, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ? " + advancedSqlFiltering + "GROUP BY PLATFORM"; + if (APIUtil.isDeviceAdminUser()) { + sql = "SELECT PLATFORM, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO WHERE TENANT_ID = ? " + advancedSqlFiltering + + " GROUP BY PLATFORM"; + } else { + sql = "SELECT POLICY__INFO.PLATFORM, COUNT(POLICY__INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID AND " + + "POLICY__INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? " + advancedSqlFiltering + " GROUP BY " + + "POLICY__INFO.PLATFORM"; + } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); + int index = 2; + if (!APIUtil.isDeviceAdminUser()) { + stmt.setString(2, userName); + index = 3; + } if (filters != null && filters.values().size() > 0) { - int i = 2; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -297,6 +363,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD filteredDeviceCountByPlatform.setDeviceCount(rs.getInt("DEVICE_COUNT")); filteredDeviceCountsByPlatforms.add(filteredDeviceCountByPlatform); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -317,7 +386,7 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDeviceCountsByPlatforms = new ArrayList<>(); try { con = this.getConnection(); @@ -326,18 +395,32 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - advancedSqlFiltering = advancedSqlFiltering + "AND " + column + " = ? "; + advancedSqlFiltering = advancedSqlFiltering + " AND FEATURE_INFO." + column + " = ? "; } } - sql = "SELECT PLATFORM, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? AND FEATURE_CODE = ? " + - advancedSqlFiltering + "GROUP BY PLATFORM"; + if (APIUtil.isDeviceAdminUser()) { + sql = "SELECT PLATFORM, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO WHERE TENANT_ID = ? AND FEATURE_CODE = ? " + + advancedSqlFiltering + " GROUP BY PLATFORM"; + } else { + sql = "SELECT FEATURE_INFO.PLATFORM, COUNT(FEATURE_INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID " + + " AND FEATURE_INFO.TENANT_ID = ? AND FEATURE_INFO.FEATURE_CODE = ? AND ENR_DB.OWNER = ? " + + advancedSqlFiltering + " GROUP BY FEATURE_INFO.PLATFORM"; + } + stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); stmt.setString(2, featureCode); + int index = 3; + if (!APIUtil.isDeviceAdminUser()) { + stmt.setString(3, userName); + index = 4; + } if (filters != null && filters.values().size() > 0) { - int i = 3; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -358,6 +441,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD filteredDeviceCountByPlatform.setDeviceCount(rs.getInt("DEVICE_COUNT")); filteredDeviceCountsByPlatforms.add(filteredDeviceCountByPlatform); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -373,7 +459,7 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDeviceCountsByOwnershipTypes = new ArrayList<>(); try { con = this.getConnection(); @@ -382,17 +468,29 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - advancedSqlFiltering = advancedSqlFiltering + "AND " + column + " = ? "; + advancedSqlFiltering = advancedSqlFiltering + " AND POLICY__INFO." + column + " = ? "; } } - sql = "SELECT OWNERSHIP, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ? " + - advancedSqlFiltering + "GROUP BY OWNERSHIP"; + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT OWNERSHIP, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO WHERE TENANT_ID = ? " + + advancedSqlFiltering + "GROUP BY OWNERSHIP"; + }else{ + sql = "SELECT POLICY__INFO.OWNERSHIP, COUNT(POLICY__INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID AND POLICY__INFO.TENANT_ID" + + " = ? AND ENR_DB.OWNER = ? " + advancedSqlFiltering + " GROUP BY POLICY__INFO.OWNERSHIP"; + } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); + int index = 2; + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + index = 3; + } if (filters != null && filters.values().size() > 0) { - int i = 2; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -413,6 +511,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD filteredDeviceCountByOwnershipType.setDeviceCount(rs.getInt("DEVICE_COUNT")); filteredDeviceCountsByOwnershipTypes.add(filteredDeviceCountByOwnershipType); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -433,7 +534,7 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDeviceCountsByOwnershipTypes = new ArrayList<>(); try { con = this.getConnection(); @@ -442,18 +543,31 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - advancedSqlFiltering = advancedSqlFiltering + "AND " + column + " = ? "; + advancedSqlFiltering = advancedSqlFiltering + " AND FEATURE_INFO." + column + " = ? "; } } - sql = "SELECT OWNERSHIP, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? AND FEATURE_CODE = ? " + - advancedSqlFiltering + "GROUP BY OWNERSHIP"; + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT OWNERSHIP, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO WHERE TENANT_ID = ? AND FEATURE_CODE = ? " + + advancedSqlFiltering + "GROUP BY OWNERSHIP"; + }else{ + sql = "SELECT FEATURE_INFO.OWNERSHIP, COUNT(FEATURE_INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID AND FEATURE_INFO.TENANT_ID " + + "= ? AND FEATURE_INFO.FEATURE_CODE = ? AND ENR_DB.OWNER = ? " + advancedSqlFiltering + + " GROUP BY FEATURE_INFO.OWNERSHIP"; + } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); stmt.setString(2, featureCode); + int index = 3; + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(3, userName); + index = 4; + } if (filters != null && filters.values().size() > 0) { - int i = 3; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -474,6 +588,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD filteredDeviceCountByOwnershipType.setDeviceCount(rs.getInt("DEVICE_COUNT")); filteredDeviceCountsByOwnershipTypes.add(filteredDeviceCountByOwnershipType); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -489,25 +606,38 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDevicesWithDetails = new ArrayList<>(); try { con = this.getConnection(); String sql; - sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ?"; + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO WHERE TENANT_ID = ?"; + }else{ + sql = "SELECT POLICY__INFO.DEVICE_ID, POLICY__INFO.DEVICE_IDENTIFICATION, POLICY__INFO.PLATFORM," + + " POLICY__INFO.OWNERSHIP, POLICY__INFO.CONNECTIVITY_STATUS FROM "+ + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1+" POLICY__INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID AND " + + "POLICY__INFO.TENANT_ID = ? AND ENR_DB.OWNER = ?"; + } // appending filters to support advanced filtering options // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - sql = sql + " AND " + column + " = ?"; + sql = sql + " AND POLICY__INFO." + column + " = ?"; } } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); + int index = 2; + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + index = 3; + } if (filters != null && filters.values().size() > 0) { - int i = 2; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -530,6 +660,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD filteredDeviceWithDetails.setConnectivityStatus(rs.getString("CONNECTIVITY_STATUS")); filteredDevicesWithDetails.add(filteredDeviceWithDetails); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -549,27 +682,40 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDevicesWithDetails = new ArrayList<>(); try { con = this.getConnection(); String sql; - sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + - " WHERE TENANT_ID = ? AND FEATURE_CODE = ?"; + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + + " WHERE TENANT_ID = ? AND FEATURE_CODE = ?"; + }else{ + sql = "SELECT FEATURE_INFO.DEVICE_ID, FEATURE_INFO.DEVICE_IDENTIFICATION, FEATURE_INFO.PLATFORM, " + + "FEATURE_INFO.OWNERSHIP, FEATURE_INFO.CONNECTIVITY_STATUS FROM "+ + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2+" FEATURE_INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID AND FEATURE_INFO.TENANT_ID" + + " = ? AND FEATURE_INFO.FEATURE_CODE = ? AND ENR_DB.OWNER = ? "; + } // appending filters to support advanced filtering options // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - sql = sql + " AND " + column + " = ?"; + sql = sql + " AND FEATURE_INFO." + column + " = ?"; } } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); stmt.setString(2, featureCode); + int index = 3; + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(3, userName); + index = 4; + } if (filters != null && filters.values().size() > 0) { - int i = 3; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -592,6 +738,9 @@ public abstract class AbstractGadgetDataServiceDAO implements GadgetDataServiceD filteredDeviceWithDetails.setConnectivityStatus(rs.getString("CONNECTIVITY_STATUS")); filteredDevicesWithDetails.add(filteredDeviceWithDetails); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/GenericGadgetDataServiceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/GenericGadgetDataServiceDAOImpl.java index 4a0deb7d247..68defcc788c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/GenericGadgetDataServiceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/GenericGadgetDataServiceDAOImpl.java @@ -18,7 +18,8 @@ package org.wso2.carbon.device.mgt.analytics.dashboard.dao.impl; -import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.DeviceWithDetails; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.DeviceCountByGroup; import org.wso2.carbon.device.mgt.analytics.dashboard.bean.BasicFilterSet; @@ -26,7 +27,9 @@ import org.wso2.carbon.device.mgt.analytics.dashboard.bean.ExtendedFilterSet; import org.wso2.carbon.device.mgt.analytics.dashboard.dao.AbstractGadgetDataServiceDAO; import org.wso2.carbon.device.mgt.analytics.dashboard.dao.GadgetDataServiceDAOConstants; import org.wso2.carbon.device.mgt.analytics.dashboard.exception.*; +import org.wso2.carbon.device.mgt.analytics.dashboard.util.APIUtil; import org.wso2.carbon.device.mgt.common.PaginationResult; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.core.dao.util.DeviceManagementDAOUtil; import java.sql.Connection; @@ -37,10 +40,14 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import static org.wso2.carbon.device.mgt.analytics.dashboard.util.APIUtil.getAuthenticatedUserTenantDomainId; + public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO { + private static final Log log = LogFactory.getLog(GenericGadgetDataServiceDAOImpl.class); + @Override - public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount) + public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount, String userName) throws InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (startIndex < GadgetDataServiceDAOConstants.Pagination.MIN_START_INDEX) { @@ -56,19 +63,33 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredNonCompliantDeviceCountsByFeatures = new ArrayList<>(); int totalRecordsCount = 0; try { + String sql; con = this.getConnection(); - String sql = "SELECT FEATURE_CODE, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? GROUP BY FEATURE_CODE " + - "ORDER BY DEVICE_COUNT DESC LIMIT ?, ?"; + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT FEATURE_CODE, COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? GROUP BY FEATURE_CODE " + + "ORDER BY DEVICE_COUNT DESC LIMIT ?, ?"; + }else{ + sql = "SELECT FEATURE_INFO.FEATURE_CODE, COUNT(FEATURE_INFO.DEVICE_ID) AS DEVICE_COUNT " + + "FROM "+GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2+" FEATURE_INFO INNER JOIN " + + "DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID AND " + + "FEATURE_INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? GROUP BY FEATURE_INFO.FEATURE_CODE ORDER BY" + + " DEVICE_COUNT DESC LIMIT ?, ?"; + } stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); - stmt.setInt(2, startIndex); - stmt.setInt(3, resultCount); - + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + stmt.setInt(3, startIndex); + stmt.setInt(4, resultCount); + }else{ + stmt.setInt(2, startIndex); + stmt.setInt(3, resultCount); + } // executing query rs = stmt.executeQuery(); // fetching query results @@ -81,19 +102,30 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA filteredNonCompliantDeviceCountsByFeatures.add(filteredNonCompliantDeviceCountByFeature); } // fetching total records count - sql = "SELECT COUNT(FEATURE_CODE) AS NON_COMPLIANT_FEATURE_COUNT FROM (SELECT DISTINCT FEATURE_CODE FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ?) " + - "NON_COMPLIANT_FEATURE_CODE"; - + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT COUNT(FEATURE_CODE) AS NON_COMPLIANT_FEATURE_COUNT FROM (SELECT DISTINCT FEATURE_CODE FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ?) " + + "NON_COMPLIANT_FEATURE_CODE"; + }else{ + sql = "SELECT COUNT(FEATURE_CODE) AS NON_COMPLIANT_FEATURE_COUNT FROM (SELECT DISTINCT " + + "FEATURE_INFO.FEATURE_CODE FROM "+GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + +" FEATURE_INFO INNER JOIN DM_ENROLMENT ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID " + + "AND FEATURE_INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? ) NON_COMPLIANT_FEATURE_CODE"; + } stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); - + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + } // executing query rs = stmt.executeQuery(); // fetching query results while (rs.next()) { totalRecordsCount = rs.getInt("NON_COMPLIANT_FEATURE_COUNT"); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -105,7 +137,7 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA @Override public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, - int resultCount) throws InvalidPotentialVulnerabilityValueException, + int resultCount, String userName) throws InvalidPotentialVulnerabilityValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (startIndex < GadgetDataServiceDAOConstants.Pagination.MIN_START_INDEX) { @@ -123,7 +155,7 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDevicesWithDetails = new ArrayList<>(); int totalRecordsCount = 0; try { @@ -133,17 +165,31 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - advancedSqlFiltering = advancedSqlFiltering + "AND " + column + " = ? "; + advancedSqlFiltering = advancedSqlFiltering + " AND POLICY__INFO." + column + " = ? "; } } - sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + - GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ? " + - advancedSqlFiltering + "ORDER BY DEVICE_ID ASC LIMIT ?, ?"; + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO WHERE TENANT_ID = ? " + + advancedSqlFiltering + "ORDER BY DEVICE_ID ASC LIMIT ?, ?"; + }else{ + sql = "SELECT POLICY__INFO.DEVICE_ID, POLICY__INFO.DEVICE_IDENTIFICATION, POLICY__INFO.PLATFORM, " + + "POLICY__INFO.OWNERSHIP, POLICY__INFO.CONNECTIVITY_STATUS FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_1 + " POLICY__INFO INNER JOIN DM_ENROLMENT " + + "ENR_DB ON ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID AND " + + "POLICY__INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? " + advancedSqlFiltering + " ORDER BY " + + "POLICY__INFO.DEVICE_ID ASC LIMIT ?,?"; + } stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); + int index = 2; + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + index = 3; + } if (filters != null && filters.values().size() > 0) { - int i = 2; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -155,8 +201,8 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA stmt.setInt(i, startIndex); stmt.setInt(++i, resultCount); } else { - stmt.setInt(2, startIndex); - stmt.setInt(3, resultCount); + stmt.setInt(3, startIndex); + stmt.setInt(4, resultCount); } // executing query rs = stmt.executeQuery(); @@ -171,20 +217,28 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA filteredDeviceWithDetails.setConnectivityStatus(rs.getString("CONNECTIVITY_STATUS")); filteredDevicesWithDetails.add(filteredDeviceWithDetails); } - - // fetching total records count - sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ?"; - + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_1 + " WHERE TENANT_ID = ?"; + }else{ + sql = "SELECT COUNT(POLICY__INFO.DEVICE_ID) AS DEVICE_COUNT FROM "+GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_1+" POLICY__INFO INNER JOIN DM_ENROLMENT ENR_DB ON " + + "ENR_DB.DEVICE_ID = POLICY__INFO.DEVICE_ID AND POLICY__INFO.TENANT_ID = ? AND ENR_DB.OWNER = ? "; + } stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); - + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(2, userName); + } // executing query rs = stmt.executeQuery(); // fetching query results while (rs.next()) { totalRecordsCount = rs.getInt("DEVICE_COUNT"); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } @@ -196,7 +250,7 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA @Override public PaginationResult getFeatureNonCompliantDevicesWithDetails(String featureCode, - BasicFilterSet basicFilterSet, int startIndex, int resultCount) + BasicFilterSet basicFilterSet, int startIndex, int resultCount, String userName) throws InvalidFeatureCodeValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { @@ -219,7 +273,7 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA Connection con; PreparedStatement stmt = null; ResultSet rs = null; - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + int tenantId = getAuthenticatedUserTenantDomainId(); List filteredDevicesWithDetails = new ArrayList<>(); int totalRecordsCount = 0; try { @@ -229,19 +283,34 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA // [1] appending filter columns, if exist if (filters != null && filters.size() > 0) { for (String column : filters.keySet()) { - advancedSqlFiltering = advancedSqlFiltering + "AND " + column + " = ? "; + advancedSqlFiltering = advancedSqlFiltering + "AND FEATURE_INFO." + column + " = ? "; } } - sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT DEVICE_ID, DEVICE_IDENTIFICATION, PLATFORM, OWNERSHIP, CONNECTIVITY_STATUS FROM " + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + - " WHERE TENANT_ID = ? AND FEATURE_CODE = ? " + advancedSqlFiltering + + " FEATURE_INFO WHERE TENANT_ID = ? AND FEATURE_CODE = ? " + advancedSqlFiltering + "ORDER BY DEVICE_ID ASC LIMIT ?, ?"; + }else{ + sql = "SELECT FEATURE_INFO.DEVICE_ID, FEATURE_INFO.DEVICE_IDENTIFICATION, FEATURE_INFO.PLATFORM, " + + "FEATURE_INFO.OWNERSHIP, FEATURE_INFO.CONNECTIVITY_STATUS FROM " + + GadgetDataServiceDAOConstants.DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO INNER JOIN DM_ENROLMENT " + + "ENR_DB ON ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID " + + " AND FEATURE_INFO.TENANT_ID = ? AND FEATURE_INFO.FEATURE_CODE = ? AND ENR_DB.OWNER = ? " + + advancedSqlFiltering + " ORDER BY DEVICE_ID ASC LIMIT ?,?"; + } + stmt = con.prepareStatement(sql); // [2] appending filter column values, if exist stmt.setInt(1, tenantId); stmt.setString(2, featureCode); + int index = 3; + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(3, userName); + index = 4; + } if (filters != null && filters.values().size() > 0) { - int i = 3; + int i = index; for (Object value : filters.values()) { if (value instanceof Integer) { stmt.setInt(i, (Integer) value); @@ -253,8 +322,8 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA stmt.setInt(i, startIndex); stmt.setInt(++i, resultCount); } else { - stmt.setInt(3, startIndex); - stmt.setInt(4, resultCount); + stmt.setInt(index, startIndex); + stmt.setInt(++index, resultCount); } // executing query rs = stmt.executeQuery(); @@ -269,21 +338,30 @@ public class GenericGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDA filteredDeviceWithDetails.setConnectivityStatus(rs.getString("CONNECTIVITY_STATUS")); filteredDevicesWithDetails.add(filteredDeviceWithDetails); } - - // fetching total records count - sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. - DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? AND FEATURE_CODE = ?"; - + if(APIUtil.isDeviceAdminUser()){ + sql = "SELECT COUNT(DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_2 + " WHERE TENANT_ID = ? AND FEATURE_CODE = ?"; + }else{ + sql = "SELECT COUNT(FEATURE_INFO.DEVICE_ID) AS DEVICE_COUNT FROM " + GadgetDataServiceDAOConstants. + DatabaseView.DEVICES_VIEW_2 + " FEATURE_INFO INNER JOIN DM_ENROLMENT ENR_DB ON " + + "ENR_DB.DEVICE_ID = FEATURE_INFO.DEVICE_ID AND FEATURE_INFO.TENANT_ID = ? AND " + + "FEATURE_INFO.FEATURE_CODE = ? AND ENR_DB.OWNER = ? "; + } stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); stmt.setString(2, featureCode); - + if(!APIUtil.isDeviceAdminUser()){ + stmt.setString(3, userName); + } // executing query rs = stmt.executeQuery(); // fetching query results while (rs.next()) { totalRecordsCount = rs.getInt("DEVICE_COUNT"); } + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred while checking device access authorization"; + log.error(msg, e); } finally { DeviceManagementDAOUtil.cleanupResources(stmt, rs); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/MSSQLGadgetDataServiceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/MSSQLGadgetDataServiceDAOImpl.java index 396a596c9b2..536a0addfab 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/MSSQLGadgetDataServiceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/MSSQLGadgetDataServiceDAOImpl.java @@ -40,7 +40,7 @@ import java.util.Map; public class MSSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO { @Override - public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount) + public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount, String userName) throws InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (startIndex < GadgetDataServiceDAOConstants.Pagination.MIN_START_INDEX) { @@ -66,8 +66,8 @@ public class MSSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO "OFFSET ? ROWS FETCH NEXT ? ROWS ONLY"; stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); - stmt.setInt(2, startIndex); - stmt.setInt(3, resultCount); + /*stmt.setInt(2, startIndex); + stmt.setInt(3, resultCount);*/ // executing query rs = stmt.executeQuery(); @@ -104,7 +104,7 @@ public class MSSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO } @Override - public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, int resultCount) + public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, int resultCount, String userName) throws InvalidPotentialVulnerabilityValueException, InvalidStartIndexValueException, InvalidResultCountValueException, @@ -198,7 +198,7 @@ public class MSSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO @Override public PaginationResult getFeatureNonCompliantDevicesWithDetails(String featureCode, - BasicFilterSet basicFilterSet, int startIndex, int resultCount) + BasicFilterSet basicFilterSet, int startIndex, int resultCount, String userName) throws InvalidFeatureCodeValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/OracleGadgetDataServiceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/OracleGadgetDataServiceDAOImpl.java index b90a9046b09..4d58e508e76 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/OracleGadgetDataServiceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/OracleGadgetDataServiceDAOImpl.java @@ -40,7 +40,7 @@ import java.util.Map; public class OracleGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO { @Override - public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount) + public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount, String userName) throws InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (startIndex < GadgetDataServiceDAOConstants.Pagination.MIN_START_INDEX) { @@ -105,7 +105,7 @@ public class OracleGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO } @Override - public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, int resultCount) + public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, int resultCount, String userName) throws InvalidPotentialVulnerabilityValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { @@ -197,7 +197,7 @@ public class OracleGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO @Override public PaginationResult getFeatureNonCompliantDevicesWithDetails(String featureCode, BasicFilterSet basicFilterSet, - int startIndex, int resultCount) throws InvalidFeatureCodeValueException, + int startIndex, int resultCount, String userName) throws InvalidFeatureCodeValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (featureCode == null || featureCode.isEmpty()) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/PostgreSQLGadgetDataServiceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/PostgreSQLGadgetDataServiceDAOImpl.java index d44ad929eeb..1995336ab32 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/PostgreSQLGadgetDataServiceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/dao/impl/PostgreSQLGadgetDataServiceDAOImpl.java @@ -40,7 +40,7 @@ import java.util.Map; public class PostgreSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServiceDAO { @Override - public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount) + public PaginationResult getNonCompliantDeviceCountsByFeatures(int startIndex, int resultCount, String userName) throws InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (startIndex < GadgetDataServiceDAOConstants.Pagination.MIN_START_INDEX) { @@ -67,8 +67,8 @@ public class PostgreSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServic stmt = con.prepareStatement(sql); stmt.setInt(1, tenantId); - stmt.setInt(2, startIndex); - stmt.setInt(3, resultCount); + /*stmt.setInt(2, startIndex); + stmt.setInt(3, resultCount);*/ // executing query rs = stmt.executeQuery(); @@ -105,7 +105,7 @@ public class PostgreSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServic } @Override - public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, int resultCount) + public PaginationResult getDevicesWithDetails(ExtendedFilterSet extendedFilterSet, int startIndex, int resultCount, String userName) throws InvalidPotentialVulnerabilityValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { @@ -198,7 +198,7 @@ public class PostgreSQLGadgetDataServiceDAOImpl extends AbstractGadgetDataServic @Override public PaginationResult getFeatureNonCompliantDevicesWithDetails(String featureCode, BasicFilterSet basicFilterSet, - int startIndex, int resultCount) throws InvalidFeatureCodeValueException, + int startIndex, int resultCount, String userName) throws InvalidFeatureCodeValueException, InvalidStartIndexValueException, InvalidResultCountValueException, SQLException { if (featureCode == null || featureCode.isEmpty()) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/util/APIUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/util/APIUtil.java index 8d304bb4e2f..e9635e5d581 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/util/APIUtil.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/src/main/java/org/wso2/carbon/device/mgt/analytics/dashboard/util/APIUtil.java @@ -1,9 +1,31 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.wso2.carbon.device.mgt.analytics.dashboard.util; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.user.api.UserStoreException; import java.net.SocketException; @@ -19,32 +41,30 @@ public class APIUtil { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); String username = threadLocalCarbonContext.getUsername(); String tenantDomain = threadLocalCarbonContext.getTenantDomain(); - return username + "@" + tenantDomain; + if (username.endsWith(tenantDomain)) { + return username.substring(0, username.lastIndexOf("@")); + } + return username; } - public static String getAuthenticatedUserTenantDomain() { + public static int getAuthenticatedUserTenantDomainId() { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); - return threadLocalCarbonContext.getTenantDomain(); + return threadLocalCarbonContext.getTenantId(); + } + + public static boolean isDeviceAdminUser() throws DeviceAccessAuthorizationException { + return getDeviceAccessAuthorizationService().isDeviceAdminUser(); } - public static DeviceManagementProviderService getDeviceManagementService() { + private static DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() { PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); - DeviceManagementProviderService deviceManagementProviderService = - (DeviceManagementProviderService) ctx.getOSGiService(DeviceManagementProviderService.class, null); - if (deviceManagementProviderService == null) { - String msg = "Device Management service has not initialized."; + DeviceAccessAuthorizationService deviceAccessAuthorizationService = + (DeviceAccessAuthorizationService) ctx.getOSGiService(DeviceAccessAuthorizationService.class, null); + if (deviceAccessAuthorizationService == null) { + String msg = "DeviceAccessAuthorization service has not initialized."; log.error(msg); throw new IllegalStateException(msg); } - return deviceManagementProviderService; - } - - public static String getServerUrl() { - try { - return org.apache.axis2.util.Utils.getIpAddress(); - } catch (SocketException e) { - log.warn("Failed retrieving the hostname, therefore set to localhost", e); - return "localhost"; - } + return deviceAccessAuthorizationService; } }