revert-70aa11f8
madhawap 9 years ago
commit f12d2a5d69

@ -28,18 +28,24 @@ import java.lang.annotation.Target;
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
public @interface Scope {
/**
* Represents the scope key which should be unique.
* @return Returns scope key.
*/
String key();
/**
* Represents the scope name.
* @return Returns scope name.
*/
String scope();
String name();
/**
* Represents the associated permissions.
* @return Returns list of permissions.
* Represents the scope description.
* @return Returns scope description.
*/
String[] permissions();
String description();
}

@ -107,6 +107,10 @@
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.device.mgt.common</artifactId>
</dependency>
</dependencies>

@ -18,7 +18,6 @@
package org.wso2.carbon.apimgt.webapp.publisher;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
@ -30,6 +29,10 @@ import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.WebappPublisherConfig;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import javax.servlet.ServletContext;
import java.util.*;
@ -121,16 +124,18 @@ public class APIPublisherUtil {
if (scope != null) {
if (apiScopes.get(scope.getKey()) == null) {
apiScopes.put(scope.getKey(), scope);
} else {
existingScope = apiScopes.get(scope.getKey());
existingPermissions = existingScope.getRoles();
existingPermissions = getDistinctPermissions(existingPermissions + "," + scope.getRoles());
existingScope.setRoles(existingPermissions);
apiScopes.put(scope.getKey(), existingScope);
}
}
}
Set<Scope> scopes = new HashSet<>(apiScopes.values());
// adding existing persisted roles to the scopes
try {
setExistingRoles(scopes);
} catch (ScopeManagementException | UserStoreException e) {
throw new APIManagementException("Error occurred while retrieving roles for the existing scopes");
}
// set current scopes to API
api.setScopes(scopes);
// this has to be done because of the use of pass by reference
@ -307,9 +312,34 @@ public class APIPublisherUtil {
return apiConfig;
}
private static String getDistinctPermissions(String permissions) {
String[] unique = new HashSet<String>(Arrays.asList(permissions.split(","))).toArray(new String[0]);
return StringUtils.join(unique, ",");
/**
* This method is used to set the existing roles of the given scope.
*
* @param scopes List of scopes.
* @throws ScopeManagementException
*/
private static void setExistingRoles(Set<Scope> scopes) throws ScopeManagementException, UserStoreException {
String scopeKey;
String roles;
ScopeManagementService scopeManagementService = WebappPublisherUtil.getScopeManagementService();
UserRealm userRealm = WebappPublisherUtil.getUserRealm();
if (scopeManagementService == null) {
throw new ScopeManagementException("Error occurred while initializing scope management service");
} else if (userRealm == null) {
throw new UserStoreException("Error occurred while initializing realm service");
} else {
String adminRole = userRealm.getRealmConfiguration().getAdminRoleName();
for (Scope scope : scopes) {
scopeKey = scope.getKey();
roles = scopeManagementService.getRolesOfScope(scopeKey);
if (roles == null) {
roles = adminRole;
}
scope.setRoles(roles);
}
}
}
}

@ -18,7 +18,16 @@
package org.wso2.carbon.apimgt.webapp.publisher;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
@ -31,6 +40,10 @@ import java.io.File;
*/
public class WebappPublisherUtil {
private static Log log = LogFactory.getLog(WebappPublisherUtil.class);
private static final int CARBON_SUPER = -1234;
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
@ -44,4 +57,32 @@ public class WebappPublisherUtil {
}
}
public static ScopeManagementService getScopeManagementService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ScopeManagementService scopeManagementService =
(ScopeManagementService) ctx.getOSGiService(ScopeManagementService.class, null);
if (scopeManagementService == null) {
String msg = "Scope Management Service has not been initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return scopeManagementService;
}
/**
* Getting the current tenant's user realm
*/
public static UserRealm getUserRealm() throws UserStoreException {
RealmService realmService;
UserRealm realm;
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
throw new IllegalStateException("Realm service not initialized");
}
realm = realmService.getTenantUserRealm(CARBON_SUPER);
return realm;
}
}

@ -1,60 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
/**
* Custom exception class of Permission related operations.
*/
public class PermissionManagementException extends Exception {
private static final long serialVersionUID = -3151279311929070298L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public PermissionManagementException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public PermissionManagementException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public PermissionManagementException(String msg) {
super(msg);
setErrorMessage(msg);
}
public PermissionManagementException() {
super();
}
public PermissionManagementException(Throwable cause) {
super(cause);
}
}

@ -19,20 +19,13 @@
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.apache.catalina.core.StandardContext;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.scannotation.AnnotationDB;
import org.scannotation.WarUrlFinder;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
@ -61,11 +54,9 @@ public class AnnotationProcessor {
private static final String WILD_CARD = "/*";
private static final String AUTH_TYPE = "Any";
private static final String PROTOCOL_HTTP = "http";
private static final String SERVER_HOST = "carbon.local.ip";
private static final String HTTP_PORT = "httpPort";
private static final String STRING_ARR = "string_arr";
private static final String STRING = "string";
Class<API> apiClazz;
private StandardContext context;
private Method[] pathClazzMethods;
@ -75,7 +66,6 @@ public class AnnotationProcessor {
public AnnotationProcessor(final StandardContext context) {
this.context = context;
servletContext = context.getServletContext();
classLoader = servletContext.getClassLoader();
}
@ -141,7 +131,7 @@ public class AnnotationProcessor {
pathClazzMethods = pathClazz.getMethods();
Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
String subContext = "";
String subContext;
if (rootContectAnno != null) {
subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
if (subContext != null && !subContext.isEmpty()) {
@ -150,8 +140,6 @@ public class AnnotationProcessor {
} else {
rootContext = rootContext + "/" + subContext;
}
} else {
subContext = "";
}
if (log.isDebugEnabled()) {
log.debug("API Root Context = " + rootContext);
@ -166,7 +154,7 @@ public class AnnotationProcessor {
}
}
} catch (ClassNotFoundException e) {
log.error("Error when passing the api annotation for device type apis.");
log.error("Error when passing the api annotation for device type apis.", e);
}
return apiResourceConfig;
}
@ -251,15 +239,9 @@ public class AnnotationProcessor {
Annotation producesAnno = method.getAnnotation(producesClass);
resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
}
if (annotations[i].annotationType().getName().equals(Permission.class.getName())) {
PermissionConfiguration permissionConf = this.getPermission(method);
if (permissionConf != null) {
Scope scope = new Scope();
scope.setKey(permissionConf.getScopeName());
scope.setDescription(permissionConf.getScopeName());
scope.setName(permissionConf.getScopeName());
String roles = StringUtils.join(permissionConf.getPermissions(), ",");
scope.setRoles(roles);
if (annotations[i].annotationType().getName().equals(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName())) {
org.wso2.carbon.apimgt.api.model.Scope scope = this.getScope(method);
if (scope != null) {
resource.setScope(scope);
}
}
@ -357,35 +339,32 @@ public class AnnotationProcessor {
return ((String[]) methodHandler.invoke(annotation, method, null));
}
private PermissionConfiguration getPermission(Method currentMethod) throws Throwable {
Class<Permission> permissionClass = (Class<Permission>) classLoader.loadClass(Permission.class.getName());
Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass);
if (permissionClass != null) {
Method[] permissionClassMethods = permissionClass.getMethods();
PermissionConfiguration permissionConf = new PermissionConfiguration();
private org.wso2.carbon.apimgt.api.model.Scope getScope(Method currentMethod) throws Throwable {
Class<org.wso2.carbon.apimgt.annotations.api.Scope> scopeClass =
(Class<org.wso2.carbon.apimgt.annotations.api.Scope>) classLoader.
loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
Annotation permissionAnnotation = currentMethod.getAnnotation(scopeClass);
if (scopeClass != null) {
Method[] permissionClassMethods = scopeClass.getMethods();
org.wso2.carbon.apimgt.api.model.Scope scope = new org.wso2.carbon.apimgt.api.model.Scope();
for (Method method : permissionClassMethods) {
switch (method.getName()) {
case "scope":
permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING));
case "key":
scope.setKey(invokeMethod(method, permissionAnnotation, STRING));
break;
case "name":
scope.setName(invokeMethod(method, permissionAnnotation, STRING));
break;
case "permissions":
String permissions[] = invokeMethod(method, permissionAnnotation);
this.addPermission(permissions);
permissionConf.setPermissions(permissions);
case "description":
scope.setDescription(invokeMethod(method, permissionAnnotation, STRING));
break;
}
}
return permissionConf;
return scope;
}
return null;
}
private void addPermission(String[] permissions) throws PermissionManagementException {
for (String permission : permissions) {
PermissionUtils.addPermission(permission);
}
}
/**
* Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
* if your servlet container does not extract the /WEB-INF/classes into a real file-based directory

@ -15,6 +15,7 @@
*/
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.scannotation.archiveiterator.DirectoryIteratorFactory;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.JarIterator;

@ -1,91 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.Registry;
import java.util.StringTokenizer;
/**
* Utility class which holds necessary utility methods required for persisting permissions in
* registry.
*/
public class PermissionUtils {
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return APIPublisherDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static void addPermission(String permission) throws PermissionManagementException {
String resourcePermission = getAbsolutePermissionPath(permission);
try {
StringTokenizer tokenizer = new StringTokenizer(resourcePermission, "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
}
lastToken = tempPath;
}
} catch (RegistryException e) {
throw new PermissionManagementException("Error occurred while persisting permission : " +
resourcePermission, e);
}
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
private static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
}

@ -76,7 +76,7 @@
<tasks>
<copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
<fileset dir="${basedir}/target">
<include name="api#scep-mgt#v1.0.war" />
<include name="api-scep-mgt-v1.0.war"/>
</fileset>
</copy>
</tasks>

@ -4,7 +4,7 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
import javax.ws.rs.*;
@ -46,7 +46,7 @@ public interface CertificateMgtService {
message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
response = ErrorResponse.class)
})
@Permission(scope = "sign-csr", permissions = {"/permission/admin/device-mgt/scep/sign-csr"})
@Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
Response getSignedCertFromCSR(
@ApiParam(
name = "If-Modified-Since",

@ -72,7 +72,7 @@
<tasks>
<copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
<fileset dir="${basedir}/target">
<include name="api#certificate-mgt#v1.0.war" />
<include name="api#certificate-mgt#v1.0.war"/>
</fileset>
</copy>
</tasks>

@ -1,7 +1,8 @@
package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@ -11,6 +12,10 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "Certificate Management", version = "1.0.0",
context = "api/certificate-mgt/v1.0/admin/certificates",
tags = {"devicemgt_admin"})
@Api(value = "Certificate Management", description = "This API carries all certificate management related operations " +
"such as get all the available devices, etc.")
@Path("/admin/certificates")
@ -72,7 +77,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n Server error occurred while adding certificates.",
response = ErrorResponse.class)
})
@Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"})
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
Response addCertificate(
@ApiParam(
name = "enrollmentCertificates",
@ -130,7 +135,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving information requested certificate.",
response = ErrorResponse.class)
})
@Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
@Scope(key = "certificate:view", name = "View certificates", description = "")
Response getCertificate(
@ApiParam(name = "serialNumber",
value = "Provide the serial number of the certificate that you wish to get the details of",
@ -202,7 +207,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving all certificates enrolled in the system.",
response = ErrorResponse.class)
})
@Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
@Scope(key = "certificate:view", name = "View certificates", description = "")
Response getAllCertificates(
@ApiParam(
name = "offset",
@ -245,7 +250,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n " +
"Server error occurred while removing the certificate.",
response = ErrorResponse.class)})
@Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"})
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
Response removeCertificate(
@ApiParam(
name = "serialNumber",

@ -44,7 +44,7 @@
<property name="version" value="1.0.0"/>
<property name="host" value="localhost:9443"/>
<property name="schemes" value="https" />
<property name="basePath" value="/api/certificate-mgt/v1.0"/>
<property name="basePath" value="/api-certificate-mgt-v1.0"/>
<property name="title" value="Certificate Management Admin Service API Definitions"/>
<property name="contact" value="dev@wso2.org"/>
<property name="license" value="Apache 2.0"/>

@ -110,14 +110,17 @@
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
@ -237,6 +240,7 @@
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
@ -248,6 +252,14 @@
<artifactId>jackson-annotations</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</dependency>
</dependencies>
</project>

@ -34,7 +34,7 @@ public class ErrorResponse {
private String moreInfo = null;
private List<ErrorListItem> errorItems = new ArrayList<>();
private ErrorResponse() {
public ErrorResponse() {
}
@JsonProperty(value = "code")

@ -22,6 +22,7 @@ import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import javax.validation.constraints.Size;
import java.util.List;
@ApiModel(value = "PolicyWrapper", description = "This class carries all information related to Policy "
@ -29,9 +30,11 @@ import java.util.List;
public class PolicyWrapper {
@ApiModelProperty(name = "policyName", value = "The name of the policy", required = true)
@Size(max = 45)
private String policyName;
@ApiModelProperty(name = "description", value = "Gives a description on the policy", required = true)
@Size(max = 1000)
private String description;
@ApiModelProperty(name = "compliance", value = "Provides the non-compliance rules. WSO2 EMM provides the"
@ -41,6 +44,7 @@ public class PolicyWrapper {
+ "Monitor - If the device does not adhere to the given policies the server is notified of the "
+ "violation unknown to the user and the administrator can take the necessary actions with regard"
+ " to the reported", required = true)
@Size(max = 100)
private String compliance;
@ApiModelProperty(name = "ownershipType", value = "The policy ownership type. It can be any of the "
@ -49,6 +53,7 @@ public class PolicyWrapper {
+ "BYOD (Bring Your Own Device) - The policy will only be applied on the BYOD device type\n"
+ "COPE (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE "
+ "device type", required = true)
@Size(max = 45)
private String ownershipType;
@ApiModelProperty(name = "active", value = "If the value is true it indicates that the policy is active. "

@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.device.mgt.core.dto.DeviceType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;

@ -20,7 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import java.util.List;
@ApiModel(value = "RoleInfo", description = "Role details including permission and the users in the roles are " +
"wrapped here.")
@ -28,19 +29,12 @@ public class RoleInfo {
@ApiModelProperty(name = "roleName", value = "The name of the role.", required = true)
private String roleName;
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
required = true, dataType = "List[java.lang.String]")
private String[] permissions;
@ApiModelProperty(name = "scopes", value = "Lists out all the scopes associated with roles.",
required = true, dataType = "List[org.wso2.carbon.device.mgt.jaxrs.beans.Scope]")
private List<Scope> scopes;
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
required = true, dataType = "List[java.lang.String]")
private String[] users;
@ApiModelProperty(name = "permissionList", value = "This contain the following, " +
"\n resourcePath\tThe path related to the API.\n " +
"displayName\tThe name of the permission that is shown " +
"in the UI.\n" +
"nodeList\tLists out the nested permissions.",
required = true)
private UIPermissionNode permissionList;
public String getRoleName() {
return roleName;
@ -50,12 +44,12 @@ public class RoleInfo {
this.roleName = roleName;
}
public String[] getPermissions() {
return permissions;
public List<Scope> getScopes() {
return scopes;
}
public void setPermissions(String[] permissions) {
this.permissions = permissions;
public void setScopes(List<Scope> scopes) {
this.scopes = scopes;
}
public String[] getUsers() {
@ -66,11 +60,4 @@ public class RoleInfo {
this.users = users;
}
public UIPermissionNode getPermissionList() {
return permissionList;
}
public void setPermissionList(UIPermissionNode permissionList) {
this.permissionList = permissionList;
}
}

@ -0,0 +1,71 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
@ApiModel(value = "Scope", description = "Template of the authorization scope")
public class Scope {
@ApiModelProperty(name = "scope key", value = "An unique string as a key.", required = true)
private String key;
@ApiModelProperty(name = "scope name", value = "Scope name.", required = true)
private String name;
@ApiModelProperty(name = "roles", value = "List of roles to be associated with the scope", required = true)
private String roles;
@ApiModelProperty(name = "scope description", value = "A description of the scope", required = true)
private String description;
public Scope() {
}
public String getKey() {
return this.key;
}
public void setKey(String key) {
this.key = key;
}
public String getName() {
return this.name;
}
public void setName(String name) {
this.name = name;
}
public String getRoles() {
return this.roles;
}
public void setRoles(String roles) {
this.roles = roles;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
}

@ -16,30 +16,19 @@
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
package org.wso2.carbon.device.mgt.jaxrs.exception;
/**
* This class represents the information related to permissions.
*/
public class PermissionConfiguration {
private String scopeName;
private String[] permissions;
public String getScopeName() {
return scopeName;
}
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
public void setScopeName(String scope) {
this.scopeName = scope;
}
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
public String[] getPermissions() {
return permissions;
}
/**
* Custom exception class for wrapping BadRequest related exceptions.
*/
public class BadRequestException extends WebApplicationException {
public void setPermissions(String[] permissions) {
this.permissions = permissions;
public BadRequestException(ErrorResponse error) {
super(Response.status(Response.Status.BAD_REQUEST).entity(error).build());
}
}
}

@ -0,0 +1,55 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import javax.validation.ConstraintViolation;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import java.util.Set;
public class ConstraintViolationException extends WebApplicationException {
private String message;
public <T> ConstraintViolationException(Set<ConstraintViolation<T>> violations) {
super(Response.status(Response.Status.BAD_REQUEST)
.entity(DeviceMgtUtil.getConstraintViolationErrorDTO(violations))
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
//Set the error message
StringBuilder stringBuilder = new StringBuilder();
for (ConstraintViolation violation : violations) {
stringBuilder.append(violation.getRootBeanClass().getSimpleName());
stringBuilder.append(".");
stringBuilder.append(violation.getPropertyPath());
stringBuilder.append(": ");
stringBuilder.append(violation.getMessage());
stringBuilder.append(", ");
}
message = stringBuilder.toString();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,86 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import java.util.ArrayList;
import java.util.List;
public class ErrorDTO {
private Long code = null;
private String message = null;
private String description = null;
public void setMoreInfo(String moreInfo) {
this.moreInfo = moreInfo;
}
public void setCode(Long code) {
this.code = code;
}
public void setMessage(String message) {
this.message = message;
}
public void setDescription(String description) {
this.description = description;
}
public void setError(List<ErrorDTO> error) {
this.error = error;
}
private String moreInfo = null;
public String getMessage() {
return message;
}
public Long getCode() {
return code;
}
public String getDescription() {
return description;
}
public String getMoreInfo() {
return moreInfo;
}
public List<ErrorDTO> getError() {
return error;
}
public String toString() {
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append("class ErrorDTO {\n");
stringBuilder.append(" code: ").append(code).append("\n");
stringBuilder.append(" message: ").append(message).append("\n");
stringBuilder.append(" description: ").append(description).append("\n");
stringBuilder.append(" moreInfo: ").append(moreInfo).append("\n");
stringBuilder.append(" error: ").append(error).append("\n");
stringBuilder.append("}\n");
return stringBuilder.toString();
}
private List<ErrorDTO> error = new ArrayList<>();
}

@ -0,0 +1,51 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
/**
* Exception class that is corresponding to 401 Forbidden response
*/
public class ForbiddenException extends WebApplicationException {
private String message;
public ForbiddenException() {
super(Response.status(Response.Status.FORBIDDEN)
.build());
}
public ForbiddenException(ErrorDTO errorDTO) {
super(Response.status(Response.Status.FORBIDDEN)
.entity(errorDTO)
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
message = errorDTO.getDescription();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,113 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import com.google.gson.JsonParseException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import javax.naming.AuthenticationException;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
/**
* Handle the cxf level exceptions.
*/
public class GlobalThrowableMapper implements ExceptionMapper {
private static final Log log = LogFactory.getLog(GlobalThrowableMapper.class);
private ErrorDTO e500 = new ErrorDTO();
GlobalThrowableMapper() {
e500.setCode((long) 500);
e500.setMessage("Internal server error.");
e500.setMoreInfo("");
e500.setDescription("The server encountered an internal error. Please contact administrator.");
}
@Override
public Response toResponse(Throwable e) {
if (e instanceof JsonParseException) {
String errorMessage = "Malformed request body.";
if (log.isDebugEnabled()) {
log.error(errorMessage, e);
}
return DeviceMgtUtil.buildBadRequestException(errorMessage).getResponse();
}
if (e instanceof NotFoundException) {
return ((NotFoundException) e).getResponse();
}
if (e instanceof UnexpectedServerErrorException) {
if (log.isDebugEnabled()) {
log.error("Unexpected server error.", e);
}
return ((UnexpectedServerErrorException) e).getResponse();
}
if (e instanceof ConstraintViolationException) {
if (log.isDebugEnabled()) {
log.error("Constraint violation.", e);
}
return ((ConstraintViolationException) e).getResponse();
}
if (e instanceof IllegalArgumentException) {
ErrorDTO errorDetail = new ErrorDTO();
errorDetail.setCode((long) 400);
errorDetail.setMoreInfo("");
errorDetail.setMessage("");
errorDetail.setDescription(e.getMessage());
return Response
.status(Response.Status.BAD_REQUEST)
.entity(errorDetail)
.build();
}
if (e instanceof ClientErrorException) {
if (log.isDebugEnabled()) {
log.error("Client error.", e);
}
return ((ClientErrorException) e).getResponse();
}
if (e instanceof AuthenticationException) {
ErrorDTO errorDetail = new ErrorDTO();
errorDetail.setCode((long) 401);
errorDetail.setMoreInfo("");
errorDetail.setMessage("");
errorDetail.setDescription(e.getMessage());
return Response
.status(Response.Status.UNAUTHORIZED)
.entity(errorDetail)
.build();
}
if (e instanceof ForbiddenException) {
if (log.isDebugEnabled()) {
log.error("Resource forbidden.", e);
}
return ((ForbiddenException) e).getResponse();
}
//unknown exception log and return
if (log.isDebugEnabled()) {
log.error("An Unknown exception has been captured by global exception mapper.", e);
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json")
.entity(e500).build();
}
}

@ -0,0 +1,47 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
public class NotFoundException extends WebApplicationException {
private String message;
private static final long serialVersionUID = 147943572342342340L;
public NotFoundException(ErrorResponse error) {
super(Response.status(Response.Status.NOT_FOUND).entity(error).build());
}
public NotFoundException(ErrorDTO errorDTO) {
super(Response.status(Response.Status.NOT_FOUND)
.entity(errorDTO)
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
message = errorDTO.getDescription();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,49 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
public class UnexpectedServerErrorException extends WebApplicationException {
private String message;
private static final long serialVersionUID = 147943579458906890L;
public UnexpectedServerErrorException(ErrorResponse error) {
super(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build());
}
public UnexpectedServerErrorException(ErrorDTO errorDTO) {
super(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(errorDTO)
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
message = errorDTO.getDescription();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,122 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.lifecycle.ResourceProvider;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.jaxrs.model.OperationResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.validation.ValidatorFactory;
import javax.validation.executable.ExecutableValidator;
import java.lang.reflect.Method;
import java.util.List;
import java.util.Set;
public class ValidationInterceptor extends AbstractPhaseInterceptor<Message> {
private Log log = LogFactory.getLog(getClass());
private Validator validator = null; //validator interface is thread-safe
public ValidationInterceptor() {
super(Phase.PRE_INVOKE);
ValidatorFactory defaultFactory = Validation.buildDefaultValidatorFactory();
validator = defaultFactory.getValidator();
if (validator == null) {
log.warn("Bean Validation provider could not be found, no validation will be performed");
} else {
log.debug("Validation In-Interceptor initialized successfully");
}
}
@Override
public void handleMessage(Message message) throws Fault {
final OperationResourceInfo operationResource = message.getExchange().get(OperationResourceInfo.class);
if (operationResource == null) {
log.info("OperationResourceInfo is not available, skipping validation");
return;
}
final ClassResourceInfo classResource = operationResource.getClassResourceInfo();
if (classResource == null) {
log.info("ClassResourceInfo is not available, skipping validation");
return;
}
final ResourceProvider resourceProvider = classResource.getResourceProvider();
if (resourceProvider == null) {
log.info("ResourceProvider is not available, skipping validation");
return;
}
final List<Object> arguments = MessageContentsList.getContentsList(message);
final Method method = operationResource.getAnnotatedMethod();
final Object instance = resourceProvider.getInstance(message);
if (method != null && arguments != null) {
//validate the parameters(arguments) over the invoked method
validate(method, arguments.toArray(), instance);
//validate the fields of each argument
for (Object arg : arguments) {
if (arg != null)
validate(arg);
}
}
}
public <T> void validate(final Method method, final Object[] arguments, final T instance) {
if (validator == null) {
log.warn("Bean Validation provider could not be found, no validation will be performed");
return;
}
ExecutableValidator methodValidator = validator.forExecutables();
Set<ConstraintViolation<T>> violations = methodValidator.validateParameters(instance,
method, arguments);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
public <T> void validate(final T object) {
if (validator == null) {
log.warn("Bean Validation provider could be found, no validation will be performed");
return;
}
Set<ConstraintViolation<T>> violations = validator.validate(object);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
public void handleFault(org.apache.cxf.message.Message messageParam) {
}
}

@ -20,11 +20,12 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -32,7 +33,7 @@ import javax.ws.rs.core.Response;
/**
* Activity related REST-API implementation.
*/
@API(name = "Activities", version = "1.0.0", context = "/devicemgt_admin/activities", tags = {"devicemgt_admin"})
@API(name = "Activity Info Provider", version = "1.0.0", context = "/api/device-mgt/v1.0/activities", tags = {"devicemgt_admin"})
@Path("/activities")
@Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example operation details " +
@ -91,16 +92,15 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Permission(
scope = "activity-view",
permissions = {"/permission/admin/device-mgt/admin/activities/view"}
)
@Scope(key = "activity:view", name = "View Activities", description = "")
Response getActivity(
@ApiParam(
name = "id",
value = "Activity id of the operation/activity to be retrieved.",
required = true)
@PathParam("id") String id,
@PathParam("id")
@Size(max = 45)
String id,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
@ -153,10 +153,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Permission(
scope = "activity-view",
permissions = {"/permission/admin/device-mgt/admin/activities/view"}
)
@Scope(key = "activity:view", name = "View Activities", description = "")
Response getActivities(
@ApiParam(
name = "since",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -31,7 +31,7 @@ import javax.ws.rs.core.Response;
/**
* General Tenant Configuration REST-API.
*/
@API(name = "Configuration", version = "1.0.0", context = "/devicemgt_admin/configuration", tags = {"devicemgt_admin"})
@API(name = "Configuration Management", version = "1.0.0", context = "/api/device-mgt/v1.0/configuration", tags = {"devicemgt_admin"})
@Path("/configuration")
@Api(value = "Configuration Management", description = "General Tenant Configuration management capabilities are exposed " +
@ -80,12 +80,8 @@ public interface ConfigurationManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the general " +
"platform configuration.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "configuration-view",
permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"}
)
})
@Scope(key = "configuration:view", name = "View Configurations", description = "")
Response getConfiguration(
@ApiParam(
name = "If-Modified-Since",
@ -130,12 +126,8 @@ public interface ConfigurationManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while modifying general platform configuration.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "configuration-modify",
permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"}
)
})
@Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
Response updateConfiguration(
@ApiParam(
name = "configuration",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.Feature;
import org.wso2.carbon.device.mgt.common.app.mgt.Application;
@ -31,6 +31,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.policy.mgt.common.Policy;
import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -38,7 +39,7 @@ import javax.ws.rs.core.Response;
/**
* Device related REST-API. This can be used to manipulated device related details.
*/
@API(name = "Device", version = "1.0.0", context = "/api/device-mgt/admin/devices", tags = {"devicemgt_admin"})
@API(name = "Device Management", version = "1.0.0", context = "/api/device-mgt/v1.0/devices", tags = {"devicemgt_admin"})
@Path("/devices")
@Api(value = "Device Management", description = "This API carries all device management related operations " +
@ -91,71 +92,74 @@ public interface DeviceManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-list",
permissions = {"/permission/admin/device-mgt/admin/devices/list"}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getDevices(
@ApiParam(
name = "name",
value = "The device name, such as shamu, bullhead or angler.",
required = false)
String name,
@Size(max = 45)
String name,
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = false)
@QueryParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "user",
value = "Username of owner of the devices.",
required = false)
@QueryParam("user")
String user,
@Size(max = 45)
String user,
@ApiParam(
name = "roleName",
value = "Role name of the devices to be fetched.",
required = false)
@QueryParam("roleName")
String roleName,
@Size(max = 45)
String roleName,
@ApiParam(
name = "ownership",
allowableValues = "BYOD, COPE",
value = "Ownership of the devices to be fetched registered under.",
required = false)
@QueryParam("ownership")
String ownership,
@Size(max = 45)
String ownership,
@ApiParam(
name = "status",
value = "Enrollment status of devices to be fetched.",
required = false)
@QueryParam("status")
String status,
@Size(max = 45)
String status,
@ApiParam(
name = "since",
value = "Last modified timestamp",
required = false)
@QueryParam("since")
String since,
String since,
@ApiParam(
name = "If-Modified-Since",
value = "Timestamp of the last modified date",
required = false)
@HeaderParam("If-Modified-Since")
String timestamp,
String timestamp,
@ApiParam(
name = "offset",
value = "Starting point within the complete list of items qualified.",
required = false)
@QueryParam("offset")
int offset,
int offset,
@ApiParam(
name = "limit",
value = "Maximum size of resource array to return.",
required = false)
@QueryParam("limit")
int limit);
int limit);
@GET
@ -203,32 +207,28 @@ public interface DeviceManagementService {
"Server error occurred while retrieving information requested device.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-view",
permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getDevice(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = true)
@PathParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "id",
value = "The device identifier of the device.",
required = true)
@PathParam("id")
String id,
@Size(max = 45)
String id,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
required = false)
@HeaderParam("If-Modified-Since")
String ifModifiedSince);
String ifModifiedSince);
@GET
@Path("/{type}/{id}/features")
@ -289,31 +289,28 @@ public interface DeviceManagementService {
"Server error occurred while retrieving feature list of the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-search",
permissions = {"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getFeaturesOfDevice(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = true)
@PathParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "id",
value = "The device identifier of the device.",
required = true)
@PathParam("id")
String id,
@Size(max = 45)
String id,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
required = false)
@HeaderParam("If-Modified-Since")
String ifModifiedSince);
String ifModifiedSince);
@POST
@Path("/search-devices")
@ -368,28 +365,25 @@ public interface DeviceManagementService {
"Server error occurred while enrolling the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-search",
permissions = {"/permission/admin/device-mgt/admin/devices/list" }
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response searchDevices(
@ApiParam(
name = "offset",
value = "Starting point within the complete list of items qualified.",
required = false)
@QueryParam("offset")
int offset,
int offset,
@ApiParam(
name = "limit",
value = "Maximum size of resource array to return.",
required = false)
@QueryParam("limit")
int limit,
int limit,
@ApiParam(
name = "searchContext",
value = "List of search conditions.",
required = true)
SearchContext searchContext);
SearchContext searchContext);
@GET
@Path("/{type}/{id}/applications")
@ -450,43 +444,40 @@ public interface DeviceManagementService {
"Server error occurred while retrieving installed application list of the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "operation-view",
permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getInstalledApplications(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.", required = true)
@PathParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "id",
value = "The device identifier of the device.",
required = true)
@PathParam("id")
String id,
@Size(max = 45)
String id,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
required = false)
@HeaderParam("If-Modified-Since")
String ifModifiedSince,
String ifModifiedSince,
@ApiParam(
name = "offset",
value = "Starting point within the complete list of items qualified.",
required = false)
@QueryParam("offset")
int offset,
int offset,
@ApiParam(
name = "limit",
value = "Maximum size of resource array to return.",
required = false)
@QueryParam("limit")
int limit);
int limit);
@GET
@ -550,45 +541,41 @@ public interface DeviceManagementService {
"Server error occurred while retrieving operation list scheduled for the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "operation-view",
permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getDeviceOperations(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = true)
@PathParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "id",
value = "The device identifier of the device.",
required = true)
@PathParam("id")
String id,
@Size(max = 45)
String id,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time "
+ "specified",
required = false)
@HeaderParam("If-Modified-Since")
String ifModifiedSince,
String ifModifiedSince,
@ApiParam(
name = "offset",
value = "Starting point within the complete list of items qualified.",
required = false)
@QueryParam("offset")
int offset,
int offset,
@ApiParam(
name = "limit",
value = "Maximum size of resource array to return.",
required = false)
@QueryParam("limit")
int limit);
int limit);
@GET
@Path("/{type}/{id}/effective-policy")
@ -652,27 +639,29 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getEffectivePolicyOfDevice(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = true)
@PathParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "id",
value = "Device Identifier",
required = true)
@PathParam("id")
String id,
@Size(max = 45)
String id,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time "
+ "specified",
required = false)
@HeaderParam("If-Modified-Since")
String ifModifiedSince);
String ifModifiedSince);
@GET
@ -702,16 +691,20 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getComplianceDataOfDevice(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = true)
@PathParam("type")
String type,
@Size(max = 45)
String type,
@ApiParam(
name = "id",
value = "Device Identifier",
required = true)
@PathParam("id") String id);
@PathParam("id")
@Size(max = 45)
String id);
}

@ -18,7 +18,7 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.api;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;

@ -20,13 +20,13 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationContext;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.validation.constraints.Max;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -34,7 +34,7 @@ import javax.ws.rs.core.Response;
/**
* Notifications related REST-API.
*/
@API(name = "Device Notification Management API", version = "1.0.0", context = "/devicemgt_admin/notifications",
@API(name = "Device Notification Management", version = "1.0.0", context = "/api/device-mgt/v1.0/notifications",
tags = {"devicemgt_admin"})
@Api(value = "Device Notification Management", description = "Device notification related operations can be found here.")
@Path("/notifications")
@ -89,21 +89,15 @@ public interface NotificationManagementService {
message = "Internal Server Error. " +
"\n Server error occurred while fetching the notification list.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "device-notification-view",
permissions = {
"/permission/admin/device-mgt/admin/notifications/view",
"/permission/admin/device-mgt/user/notifications/view" }
)
})
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
Response getNotifications(
@ApiParam(
name = "status",
value = "Status of the notification.",
allowableValues = "NEW, CHECKED",
required = false)
@QueryParam("status")
@QueryParam("status") @Size(max = 45)
String status,
@ApiParam(
name = "If-Modified-Since",
@ -148,15 +142,12 @@ public interface NotificationManagementService {
message = "Error occurred while updating notification status.")
}
)
@Permission(
scope = "",
permissions = { "" }
)
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
Response updateNotificationStatus(
@ApiParam(
name = "id",
value = "Notification ID.",
required = true)
@PathParam("id")
@PathParam("id") @Max(45)
int id);
}

@ -19,12 +19,14 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.policy.mgt.common.Policy;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
import org.wso2.carbon.policy.mgt.common.Policy;
import javax.validation.Valid;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -34,6 +36,9 @@ import java.util.List;
* Policy related REST-API. This can be used to manipulated policies and associate them with devices, users, roles,
* groups.
*/
@API(name = "Device Policy Management", version = "1.0.0", context = "/api/device-mgt/v1.0/policies",
tags = {"devicemgt_admin"})
@Api(value = "Device Policy Management", description = "This API carries all the necessary functionalities " +
"around device policy management")
@Path("/policies")
@ -94,18 +99,14 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while adding a new policy.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/add"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response addPolicy(
@ApiParam(
name = "policy",
value = "Policy details related to the operation.",
required = true)
PolicyWrapper policy);
@Valid PolicyWrapper policy);
@GET
@ApiOperation(
@ -152,12 +153,8 @@ public interface PolicyManagementService {
message = ("Internal Server Error. \n Server error occurred while fetching " +
"policies."),
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-view",
permissions = {"/permission/admin/device-mgt/admin/policies/list"}
)
})
@Scope(key = "policy:view", name = "Views policies", description = "")
Response getPolicies(
@ApiParam(
name = "If-Modified-Since",
@ -223,10 +220,7 @@ public interface PolicyManagementService {
"policy.",
response = ErrorResponse.class)
})
@Permission(
scope = "policy-view",
permissions = {"/permission/admin/device-mgt/admin/policies/list"}
)
@Scope(key = "policy:view", name = "View policies", description = "")
Response getPolicy(
@ApiParam(
name = "id",
@ -289,12 +283,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while updating the policy.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/update"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response updatePolicy(
@ApiParam(
name = "id",
@ -306,7 +296,7 @@ public interface PolicyManagementService {
name = "policy",
value = "Policy details related to the operation.",
required = true)
PolicyWrapper policy);
@Valid PolicyWrapper policy);
@POST
@Path("/remove-policy")
@ -339,12 +329,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while bulk removing policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/remove"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response removePolicies(
@ApiParam(
name = "policyIds",
@ -379,13 +365,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in activating policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify", permissions = {
"/permission/admin/device-mgt/admin/policies/update",
"/permission/admin/device-mgt/admin/policies/add"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response activatePolicies(
@ApiParam(
name = "policyIds",
@ -420,14 +401,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {
"/permission/admin/device-mgt/admin/policies/update",
"/permission/admin/device-mgt/admin/policies/add"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response deactivatePolicies(
@ApiParam(
name = "policyIds",
@ -459,12 +434,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/update"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response applyChanges();
@ -492,11 +463,8 @@ public interface PolicyManagementService {
code = 500,
message = "Exception in updating policy priorities.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "",
permissions = {})
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response updatePolicyPriorities(
@ApiParam(
name = "priorityUpdatedPolicies",

@ -20,18 +20,17 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
@API(name = "Role", version = "1.0.0", context = "/devicemgt_admin/roles", tags = {"devicemgt_admin"})
@API(name = "Role Management", version = "1.0.0", context = "/api/device-mgt/v1.0/roles", tags = {"devicemgt_admin"})
@Path("/roles")
@Api(value = "Role Management", description = "Role management related operations can be found here.")
@ -77,11 +76,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-view", permissions = {
"/permission/admin/device-mgt/admin/roles/list",
"/permission/admin/device-mgt/admin/users/view",
"/permission/admin/device-mgt/admin/policies/add",
"/permission/admin/device-mgt/admin/policies/update"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getRoles(
@ApiParam(
name = "filter",
@ -110,16 +105,16 @@ public interface RoleManagementService {
@QueryParam("limit") int limit);
@GET
@Path("/{roleName}/permissions")
@Path("/scopes")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting permission details of a role.",
value = "Getting authorization scopes.",
notes = "In an organization an individual is associated a with set of responsibilities based on their " +
"role. In EMM you are able to configure permissions based on the responsibilities carried " +
"out by a role. Therefore if you wish to retrieve the permission details of a role, you can do " +
"role. In EMM you are able to configure scopes based on the responsibilities carried " +
"out by a role. Therefore if you wish to retrieve the scopes details of roles, you can do " +
"so using this REST API.",
response = UIPermissionNode.class,
response = List.class,
responseContainer = "List",
tags = "Role Management"
)
@ -127,8 +122,8 @@ public interface RoleManagementService {
value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the permission list of the given role.",
response = UIPermissionNode.class,
message = "OK. \n Successfully fetched the scopes list.",
response = List.class,
responseContainer = "List",
responseHeaders = {
@ResponseHeader(
@ -163,19 +158,63 @@ public interface RoleManagementService {
message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
Response getPermissionsOfRole(
@ApiParam(
name = "roleName",
value = "Name of the role.",
required = true)
@PathParam("roleName") String roleName,
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getScopes(
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
required = false)
@HeaderParam("If-Modified-Since") String ifModifiedSince);
@PUT
@Path("/scopes")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "PUT",
value = "Updating authorization scopes.",
notes = "This REST API can be used to update the associated roles of the scopes",
tags = "Role Management"
)
@ApiResponses(value = {
@ApiResponse(
code = 200,
message = "OK. \n Scopes has been updated successfully",
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "Content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource has been modified the last time.\n" +
"Used by caches, or in conditional requests.")}),
@ApiResponse(
code = 400,
message = "Bad Request. \n Invalid request or validation error.",
response = ErrorResponse.class),
@ApiResponse(
code = 404,
message = "Not Found. \n Scopes to be updated does not exist.",
response = ErrorResponse.class),
@ApiResponse(
code = 415,
message = "Unsupported media type. \n The entity of the request was in a not supported format.",
response = ErrorResponse.class),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while updating the scopes.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateScopes(
@ApiParam(
name = "Scopes",
value = "List of scopes to be updated",
required = true) List<Scope> scopes);
@GET
@Path("/{roleName}")
@ApiOperation(
@ -226,7 +265,7 @@ public interface RoleManagementService {
"requested role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getRole(
@ApiParam(
name = "roleName",
@ -286,7 +325,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response addRole(
@ApiParam(
name = "role",
@ -336,7 +375,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while updating the role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateRole(
@ApiParam(
name = "roleName",
@ -373,13 +412,17 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while removing the role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response deleteRole(
@ApiParam(
name = "roleName",
value = "Name of the role to de deleted.",
required = true)
@PathParam("roleName") String roleName);
@PathParam("roleName") String roleName,
@ApiParam(
name = "role",
value = "Details about the role to be added.",
required = true) RoleInfo role);
@PUT
@Path("/{roleName}/users")
@ -431,7 +474,7 @@ public interface RoleManagementService {
"Server error occurred while updating the user list of the role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateUsersOfRole(
@ApiParam(
name = "roleName",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.*;
import javax.ws.rs.*;
@ -29,7 +29,7 @@ import javax.ws.rs.core.Response;
import java.util.List;
@API(name = "User Management API", version = "1.0.0", context = "/devicemgt_admin/users", tags = {"devicemgt_admin"})
@API(name = "User Management", version = "1.0.0", context = "/api/device-mgt/v1.0/users", tags = {"devicemgt_admin"})
@Path("/users")
@Api(value = "User Management", description = "User management related operations can be found here.")
@ -83,7 +83,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response addUser(
@ApiParam(
name = "user",
@ -135,7 +135,7 @@ public interface UserManagementService {
" fetching the requested user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
@Scope(key = "user:view", name = "View users", description = "")
Response getUser(
@ApiParam(
name = "username",
@ -192,7 +192,7 @@ public interface UserManagementService {
"Server error occurred while updating the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response updateUser(
@ApiParam(
name = "username",
@ -227,7 +227,7 @@ public interface UserManagementService {
response = ErrorResponse.class
)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response removeUser(
@ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
@PathParam("username") String username);
@ -276,7 +276,7 @@ public interface UserManagementService {
" assigned to the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
@Scope(key = "user:view", name = "View users", description = "")
Response getRolesOfUser(
@ApiParam(name = "username", value = "Username of the user.", required = true)
@PathParam("username") String username);
@ -319,7 +319,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the user list.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
@Scope(key = "user:view", name = "View users", description = "")
Response getUsers(
@ApiParam(
name = "filter",
@ -386,7 +386,7 @@ public interface UserManagementService {
"list that matches the given filter.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
@Scope(key = "user:view", name = "View users", description = "")
Response getUserNames(
@ApiParam(
name = "filter",
@ -440,7 +440,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
@Scope(key = "user:view", name = "View users", description = "")
Response resetPassword(
@ApiParam(
name = "username",
@ -483,7 +483,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-invite", permissions = {"/permission/admin/device-mgt/admin/user/invite"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response inviteExistingUsersToEnrollDevice(
@ApiParam(
name = "users",

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -31,7 +32,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "Application", version = "1.0.0", context = "/devicemgt_admin/applications", tags = {"devicemgt_admin"})
@API(name = "Application Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/applications", tags = {"devicemgt_admin"})
@Path("/admin/applications")
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
@ -73,6 +74,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response installApplication(
@ApiParam(
name = "applicationWrapper",
@ -111,6 +113,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response uninstallApplication(
@ApiParam(
name = "applicationWrapper",

@ -20,14 +20,16 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "DeviceManagementAdmin", version = "1.0.0", context = "/devicemgt_admin/applications",
@API(name = "Device Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/devices",
tags = {"devicemgt_admin"})
@Path("/admin/devices")
@Api(value = "Device Management Administrative Service", description = "This an API intended to be used by " +
@ -83,17 +85,22 @@ public interface DeviceManagementAdminService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Scope(key = "device:admin:view", name = "View Devices", description = "")
Response getDevicesByName(
@ApiParam(
name = "name",
value = "Name of the device.",
required = true)
@QueryParam("name") String name,
@QueryParam("name")
@Size(max = 45)
String name,
@ApiParam(
name = "type",
value = "Type of the device.",
required = true)
@QueryParam("type") String type,
@QueryParam("type")
@Size(min = 2, max = 45)
String type,
@ApiParam(
name = "tenant-domain",
value = "Name of the tenant.",

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -28,7 +28,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "Device Type Management", version = "1.0.0", context = "/admin/device-types", tags = {"devicemgt_admin"})
@API(name = "Device Type Management", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/device-types", tags = {"devicemgt_admin"})
@Path("/admin/device-types")
@Api(value = "Device Type Management", description = "This API corresponds to all tasks related to device " +
@ -78,10 +78,7 @@ public interface DeviceTypeManagementService {
response = ErrorResponse.class)
}
)
@Permission(
scope = "read:device-types",
permissions = {"/permission/admin/device-mgt/admin/device-types/view"}
)
@Scope(key = "device-type:admin:view", name = "View device types", description = "")
Response getDeviceTypes(
@ApiParam(
name = "If-Modified-Since",

@ -19,7 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.policy.mgt.common.DeviceGroupWrapper;
import javax.ws.rs.*;

@ -19,14 +19,18 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "User Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/users", tags = {"devicemgt_admin"})
@Path("/admin/users")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ -64,13 +68,15 @@ public interface UserManagementAdminService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
@Scope(key = "user:admin:reset-password", name = "View users", description = "")
Response resetUserPassword(
@ApiParam(
name = "username",
value = "Username of the user.",
required = true)
@PathParam("username") String username,
@PathParam("username")
@Size(max = 45)
String username,
@ApiParam(
name = "credentials",
value = "Credential.",

@ -29,6 +29,7 @@ import org.wso2.carbon.device.mgt.jaxrs.service.api.ActivityInfoProviderService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -47,7 +48,8 @@ public class ActivityProviderServiceImpl implements ActivityInfoProviderService
@GET
@Override
@Path("/{id}")
public Response getActivity(@PathParam("id") String id,
public Response getActivity(@PathParam("id")
@Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
Activity activity;
DeviceManagementProviderService dmService;

@ -26,7 +26,6 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.service.api.ConfigurationManagementService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnexpectedServerErrorException;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.MDMAppConstants;
import org.wso2.carbon.policy.mgt.common.PolicyManagementException;

@ -44,6 +44,7 @@ import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData;
import org.wso2.carbon.policy.mgt.common.monitor.PolicyComplianceException;
import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -62,12 +63,12 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@GET
@Override
public Response getDevices(
@QueryParam("name") String name,
@QueryParam("type") String type,
@QueryParam("user") String user,
@QueryParam("roleName") String roleName,
@QueryParam("ownership") String ownership,
@QueryParam("status") String status,
@QueryParam("name") @Size(max = 45) String name,
@QueryParam("type") @Size(max = 45) String type,
@QueryParam("user") @Size(max = 45) String user,
@QueryParam("roleName") @Size(max = 45) String roleName,
@QueryParam("ownership") @Size(max = 45) String ownership,
@QueryParam("status") @Size(max = 45) String status,
@QueryParam("since") String since,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset,
@ -80,7 +81,7 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
PaginationResult result;
DeviceList devices = new DeviceList();
if(name != null && !name.isEmpty()){
if (name != null && !name.isEmpty()) {
request.setDeviceName(name);
}
if (type != null && !type.isEmpty()) {
@ -180,8 +181,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}")
@Override
public Response getDevice(
@PathParam("type") String type,
@PathParam("id") String id,
@PathParam("type") @Size(max = 45) String type,
@PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
Device device;
try {
@ -207,8 +208,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}/features")
@Override
public Response getFeaturesOfDevice(
@PathParam("type") String type,
@PathParam("id") String id,
@PathParam("type") @Size(max = 45) String type,
@PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
List<Feature> features;
DeviceManagementProviderService dms;
@ -258,8 +259,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}/applications")
@Override
public Response getInstalledApplications(
@PathParam("type") String type,
@PathParam("id") String id,
@PathParam("type") @Size(max = 45) String type,
@PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset,
@QueryParam("limit") int limit) {
@ -287,8 +288,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}/operations")
@Override
public Response getDeviceOperations(
@PathParam("type") String type,
@PathParam("id") String id,
@PathParam("type") @Size(max = 45) String type,
@PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset,
@QueryParam("limit") int limit) {
@ -318,8 +319,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@GET
@Path("/{type}/{id}/effective-policy")
@Override
public Response getEffectivePolicyOfDevice(@PathParam("type") String type,
@PathParam("id") String id,
public Response getEffectivePolicyOfDevice(@PathParam("type") @Size(max = 45) String type,
@PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
try {
RequestValidationUtil.validateDeviceIdentifier(type, id);
@ -339,8 +340,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@GET
@Path("{type}/{id}/compliance-data")
public Response getComplianceDataOfDevice(@PathParam("type") String type,
@PathParam("id") String id) {
public Response getComplianceDataOfDevice(@PathParam("type") @Size(max = 45) String type,
@PathParam("id") @Size(max = 45) String id) {
RequestValidationUtil.validateDeviceIdentifier(type, id);
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();

@ -31,6 +31,8 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnexpectedServerErrorException;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import javax.validation.constraints.Max;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -46,7 +48,7 @@ public class NotificationManagementServiceImpl implements NotificationManagement
@GET
@Override
public Response getNotifications(
@QueryParam("status") String status,
@QueryParam("status") @Size(max = 45) String status,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("limit") int limit) {
@ -79,7 +81,7 @@ public class NotificationManagementServiceImpl implements NotificationManagement
@PUT
@Path("/{id}/mark-checked")
public Response updateNotificationStatus(
@PathParam("id") int id) {
@PathParam("id") @Max(45)int id) {
String msg;
Notification.Status status = Notification.Status.CHECKED;
Notification notification;

@ -41,6 +41,7 @@ import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint;
import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
import javax.validation.Valid;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -59,7 +60,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
@POST
@Override
public Response addPolicy(PolicyWrapper policyWrapper) {
public Response addPolicy(@Valid PolicyWrapper policyWrapper) {
RequestValidationUtil.validatePolicyDetails(policyWrapper);
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
@ -111,7 +112,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
}
}
private Policy getPolicyFromWrapper(PolicyWrapper policyWrapper) throws DeviceManagementException {
private Policy getPolicyFromWrapper(@Valid PolicyWrapper policyWrapper) throws DeviceManagementException {
Policy policy = new Policy();
policy.setPolicyName(policyWrapper.getPolicyName());
policy.setDescription(policyWrapper.getDescription());
@ -187,7 +188,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
@PUT
@Path("/{id}")
@Override
public Response updatePolicy(@PathParam("id") int id, PolicyWrapper policyWrapper) {
public Response updatePolicy(@PathParam("id") int id, @Valid PolicyWrapper policyWrapper) {
RequestValidationUtil.validatePolicyDetails(policyWrapper);
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
try {

@ -20,21 +20,23 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.device.mgt.jaxrs.service.api.RoleManagementService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.user.mgt.common.UserAdminException;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@ -88,64 +90,47 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
@GET
@Path("/{roleName}/permissions")
@Path("/scopes")
@Override
public Response getPermissionsOfRole(
@PathParam("roleName") String roleName,
public Response getScopes(
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
RequestValidationUtil.validateRoleName(roleName);
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse.ErrorResponseBuilder().setMessage(
"No role exists with the name '" + roleName + "'").build()).build();
}
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
if (rolePermissions == null) {
if (log.isDebugEnabled()) {
log.debug("No permissions found for the role '" + roleName + "'");
}
List<Scope> scopes = new ArrayList<>();
try {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
} else {
scopes = DeviceMgtUtil.convertAPIScopestoScopes(scopeManagementService.getAllScopes());
}
return Response.status(Response.Status.OK).entity(rolePermissions).build();
} catch (UserAdminException e) {
String msg = "Error occurred while retrieving the permissions of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving the underlying user realm attached to the " +
"current logged in user";
return Response.status(Response.Status.OK).entity(scopes).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while retrieving the scopes";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm)
throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
}
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
final UIPermissionNode rolePermissions =
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[2];
for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) {
if ("/permission/admin".equals(permissionNode.getResourcePath())) {
for (UIPermissionNode node : permissionNode.getNodeList()) {
if ("/permission/admin/device-mgt".equals(node.getResourcePath())) {
deviceMgtPermissions[0] = node;
} else if ("/permission/admin/login".equals(node.getResourcePath())) {
deviceMgtPermissions[1] = node;
}
}
@PUT
@Path("/scopes")
@Override
public Response updateScopes(List<Scope> scopes) {
RequestValidationUtil.validateScopes(scopes);
try {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
} else {
scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(scopes));
}
return Response.status(Response.Status.OK).entity("Scopes has been successfully updated").build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating the scopes";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
rolePermissions.setNodeList(deviceMgtPermissions);
return rolePermissions;
}
@GET
@ -160,7 +145,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
RoleInfo roleInfo = new RoleInfo();
try {
final UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userStoreManager.isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
@ -168,16 +152,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
roleInfo.setRoleName(roleName);
roleInfo.setUsers(userStoreManager.getUserListOfRole(roleName));
// Get the permission nodes and hand picking only device management and login perms
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
List<String> permList = new ArrayList<>();
this.iteratePermissions(rolePermissions, permList);
roleInfo.setPermissionList(rolePermissions);
String[] permListAr = new String[permList.size()];
roleInfo.setPermissions(permList.toArray(permListAr));
return Response.status(Response.Status.OK).entity(roleInfo).build();
} catch (UserStoreException | UserAdminException e) {
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving the user role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
@ -185,35 +162,18 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
private List<String> iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
list.add(permissionNode.getResourcePath());
if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) {
iteratePermissions(permissionNode, list);
}
}
return list;
}
@POST
@Override
public Response addRole(RoleInfo roleInfo) {
RequestValidationUtil.validateRoleDetails(roleInfo);
RequestValidationUtil.validateRoleName(roleInfo.getRoleName());
try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (log.isDebugEnabled()) {
log.debug("Persisting the role in the underlying user store");
}
Permission[] permissions = null;
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
permissions = new Permission[roleInfo.getPermissions().length];
for (int i = 0; i < permissions.length; i++) {
String permission = roleInfo.getPermissions()[i];
permissions[i] = new Permission(permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), null);
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
@ -269,14 +229,12 @@ public class RoleManagementServiceImpl implements RoleManagementService {
userStoreManager.updateUserListOfRole(newRoleName, usersToDelete, usersToAdd);
}
if (roleInfo.getPermissions() != null) {
// Delete all authorizations for the current role before authorizing the permission tree
authorizationManager.clearRoleAuthorization(roleName);
if (roleInfo.getPermissions().length > 0) {
for (int i = 0; i < roleInfo.getPermissions().length; i++) {
String permission = roleInfo.getPermissions()[i];
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
}
if (roleInfo.getScopes() != null) {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be updated");
} else {
scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(roleInfo.getScopes()));
}
}
//TODO: Need to send the updated role information in the entity back to the client
@ -287,14 +245,21 @@ public class RoleManagementServiceImpl implements RoleManagementService {
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating scopes of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@DELETE
@Path("/{roleName}")
@Override
public Response deleteRole(@PathParam("roleName") String roleName) {
public Response deleteRole(@PathParam("roleName") String roleName, RoleInfo roleInfo) {
RequestValidationUtil.validateRoleName(roleName);
RequestValidationUtil.validateScopes(roleInfo.getScopes());
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
@ -312,12 +277,25 @@ public class RoleManagementServiceImpl implements RoleManagementService {
// Delete all authorizations for the current role before deleting
authorizationManager.clearRoleAuthorization(roleName);
//updating scopes
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be updated");
} else {
scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(roleInfo.getScopes()));
}
return Response.status(Response.Status.OK).build();
} catch (UserStoreException e) {
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating scopes of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}

@ -31,6 +31,7 @@ import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceManagementAdminS
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -45,8 +46,8 @@ public class DeviceManagementAdminServiceImpl implements DeviceManagementAdminSe
@Override
@GET
public Response getDevicesByName(@QueryParam("name") String name,
@QueryParam("type") String type,
public Response getDevicesByName(@QueryParam("name") @Size(max = 45) String name,
@QueryParam("type") @Size(min = 2, max = 45) String type,
@QueryParam("tenant-domain") String tenantDomain,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset,

@ -22,6 +22,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.UserManagementAdminService;
import org.wso2.carbon.device.mgt.jaxrs.util.CredentialManagementResponseBuilder;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -34,7 +35,9 @@ public class UserManagementAdminServiceImpl implements UserManagementAdminServic
@POST
@Path("/{username}/credentials")
@Override
public Response resetUserPassword(@PathParam("username") String user, PasswordResetWrapper credentials) {
public Response resetUserPassword(@PathParam("username")
@Size(max = 45)
String user, PasswordResetWrapper credentials) {
return CredentialManagementResponseBuilder.buildResetPasswordResponse(user, credentials);
}

@ -18,11 +18,12 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.impl.util;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.PaginationRequest;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.beans.*;
import java.util.ArrayList;
import java.util.List;
@ -313,17 +314,31 @@ public class RequestValidationUtil {
}
}
public static void validateScopes(List<Scope> scopes) {
if (scopes == null || scopes.isEmpty()) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Scope details of the request body" +
" is incorrect or empty").build());
}
}
public static void validatePaginationParameters(int offset, int limit) {
if (offset < 0) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request parameter offset is s " +
"negative value.").build());
"negative value.").build());
}
if (limit < 0) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request parameter limit is a " +
"negative value.").build());
"negative value.").build());
}
if (limit - offset > 100) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request results list should" +
" be less than or equal 100 values.").build());
}
}
}

@ -29,7 +29,7 @@ import java.util.HashMap;
import java.util.Map;
@SwaggerDefinition(
basePath = "/api/device-mgt/v1.0",
basePath = "/api-device-mgt-v1.0",
host = "localhost:9443"
)
public class SecurityDefinitionConfigurator implements ReaderListener {

@ -27,4 +27,18 @@ public class Constants {
public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname";
public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname";
public final class ErrorMessages {
private ErrorMessages () { throw new AssertionError(); }
public static final String STATUS_BAD_REQUEST_MESSAGE_DEFAULT = "Bad Request";
}
public final class DeviceConstants {
private DeviceConstants () { throw new AssertionError(); }
public static final String APPLICATION_JSON = "application/json";
public static final String HEADER_CONTENT_TYPE = "Content-Type";
}
}

@ -28,6 +28,7 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfigurationManagementService;
import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagementService;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService;
import org.wso2.carbon.device.mgt.core.device.details.mgt.DeviceInformationManager;
import org.wso2.carbon.device.mgt.core.search.mgt.SearchManagerService;
@ -248,6 +249,16 @@ public class DeviceMgtAPIUtils {
return gadgetDataService;
}
public static ScopeManagementService getScopeManagementService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ScopeManagementService scopeManagementService =
(ScopeManagementService) ctx.getOSGiService(ScopeManagementService.class, null);
if (scopeManagementService == null) {
throw new IllegalStateException("Scope Management Service has not been initialized.");
}
return scopeManagementService;
}
public static int getTenantId(String tenantDomain) throws DeviceManagementException {
RealmService realmService =
(RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class, null);

@ -18,11 +18,17 @@
package org.wso2.carbon.device.mgt.jaxrs.util;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorListItem;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.ProfileFeature;
import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
import org.wso2.carbon.policy.mgt.common.Profile;
import javax.validation.ConstraintViolation;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
public class DeviceMgtUtil {
@ -58,4 +64,77 @@ public class DeviceMgtUtil {
return profileFeature;
}
public static List<Scope> convertScopestoAPIScopes(List<org.wso2.carbon.device.mgt.jaxrs.beans.Scope> scopes) {
List<Scope> convertedScopes = new ArrayList<>();
Scope convertedScope;
for (org.wso2.carbon.device.mgt.jaxrs.beans.Scope scope : scopes) {
convertedScope = new Scope();
convertedScope.setKey(scope.getKey());
convertedScope.setName(scope.getName());
convertedScope.setDescription(scope.getDescription());
convertedScope.setRoles(scope.getRoles());
convertedScopes.add(convertedScope);
}
return convertedScopes;
}
public static List<org.wso2.carbon.device.mgt.jaxrs.beans.Scope> convertAPIScopestoScopes(List<Scope> scopes) {
List<org.wso2.carbon.device.mgt.jaxrs.beans.Scope> convertedScopes = new ArrayList<>();
org.wso2.carbon.device.mgt.jaxrs.beans.Scope convertedScope;
for (Scope scope : scopes) {
convertedScope = new org.wso2.carbon.device.mgt.jaxrs.beans.Scope();
convertedScope.setKey(scope.getKey());
convertedScope.setName(scope.getName());
convertedScope.setDescription(scope.getDescription());
convertedScope.setRoles(scope.getRoles());
convertedScopes.add(convertedScope);
}
return convertedScopes;
}
/**
* Returns a new BadRequestException
*
* @param description description of the exception
* @return a new BadRequestException with the specified details as a response DTO
*/
public static BadRequestException buildBadRequestException(String description) {
ErrorResponse errorResponse = getErrorResponse(Constants.
ErrorMessages.STATUS_BAD_REQUEST_MESSAGE_DEFAULT,400l, description);
return new BadRequestException(errorResponse);
}
/**
* Returns generic ErrorResponse.
* @param message specific error message
* @param code
* @param description
* @return generic Response with error specific details.
*/
public static ErrorResponse getErrorResponse(String message, Long code, String description) {
ErrorResponse errorResponse = new ErrorResponse();
errorResponse.setCode(code);
errorResponse.setMoreInfo("");
errorResponse.setMessage(message);
errorResponse.setDescription(description);
return errorResponse;
}
public static <T> ErrorResponse getConstraintViolationErrorDTO(Set<ConstraintViolation<T>> violations) {
ErrorResponse errorResponse = new ErrorResponse();
errorResponse.setDescription("Validation Error");
errorResponse.setMessage("Bad Request");
errorResponse.setCode(400l);
errorResponse.setMoreInfo("");
List<ErrorListItem> errorListItems = new ArrayList<>();
for (ConstraintViolation violation : violations) {
ErrorListItem errorListItemDTO = new ErrorListItem();
errorListItemDTO.setCode(400 + "_" + violation.getPropertyPath());
errorListItemDTO.setMessage(violation.getPropertyPath() + ": " + violation.getMessage());
errorListItems.add(errorListItemDTO);
}
errorResponse.setErrorItems(errorListItems);
return errorResponse;
}
}

@ -17,12 +17,11 @@
~ under the License.
-->
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd">
<jaxrs:server id="services" address="/">
<jaxrs:serviceBeans>
@ -51,6 +50,8 @@
<bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" />
<bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" />
<bean id="ValidationInterceptor" class="org.wso2.carbon.device.mgt.jaxrs.exception.ValidationInterceptor"/>
<bean id="GlobalExceptionMapper" class="org.wso2.carbon.device.mgt.jaxrs.exception.GlobalThrowableMapper"/>
<bean id="swaggerConfig" class="io.swagger.jaxrs.config.BeanConfig">
<property name="resourcePackage" value="org.wso2.carbon.device.mgt.jaxrs"/>
@ -80,6 +81,12 @@
<bean id="dashboardServiceBean" class="org.wso2.carbon.device.mgt.jaxrs.service.impl.DashboardImpl"/>
<bean id="deviceTypeManagementAdminService" class="org.wso2.carbon.device.mgt.jaxrs.service.impl.admin.DeviceTypeManagementServiceImpl"/>
<bean id="jsonProvider" class="org.wso2.carbon.device.mgt.jaxrs.common.GsonMessageBodyHandler"/>
<!--<bean id="errorHandler" class="org.wso2.carbon.device.mgt.jaxrs.common.ErrorHandler"/>-->
<cxf:bus>
<cxf:inInterceptors>
<ref bean="ValidationInterceptor"/>
</cxf:inInterceptors>
</cxf:bus>
</beans>

@ -50,6 +50,7 @@
<Import-Package>
javax.xml.bind.annotation,
com.fasterxml.jackson.annotation,
org.wso2.carbon.apimgt.api.model,
io.swagger.annotations.*;resolution:=optional
</Import-Package>
</instructions>
@ -68,6 +69,10 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.api</artifactId>
</dependency>
</dependencies>
</project>

@ -24,47 +24,25 @@ import javax.xml.bind.annotation.XmlRootElement;
/**
* This class represents the information related to permission.
*/
@XmlRootElement (name = "Permission")
public class Permission {
private String name; // permission name
private String path; // permission string
private String url; // url of the resource
private String urlTemplate; // resource template
private String method; // http method
private String scope; //scope of the resource
private String context;
public String getName() {
return name;
public String getContext() {
return context;
}
@XmlElement (name = "name", required = true)
public void setName(String name) {
this.name = name;
public void setContext(String context) {
this.context = context;
}
public String getPath() {
return path;
}
@XmlElement (name = "path", required = true)
public void setPath(String path) {
this.path = path;
}
public String getScope() {
return scope;
}
@XmlElement(name = "scope", required = false)
public void setScope(String scope) {
this.scope = scope;
}
public String getUrl() {
return url;
}
@XmlElement (name = "url", required = true)
public void setUrl(String url) {
this.url = url;
}
@ -73,8 +51,15 @@ public class Permission {
return method;
}
@XmlElement (name = "method", required = true)
public void setMethod(String method) {
this.method = method;
}
public String getUrlTemplate() {
return urlTemplate;
}
public void setUrlTemplate(String urlTemplate) {
this.urlTemplate = urlTemplate;
}
}

@ -29,11 +29,10 @@ public interface PermissionManagerService {
/**
*
* @param permission - Permission to be added
* @return The status of the operation.
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
* permission.
*/
boolean addPermission(Permission permission) throws PermissionManagementException;
void addPermission(Permission permission) throws PermissionManagementException;
/**
*

@ -0,0 +1,57 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.common.scope.mgt;
/**
* This exception is used to throw when there is an issue in scope management service.
*/
public class ScopeManagementException extends Exception {
private static final long serialVersionUID = -315127931137779899L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public ScopeManagementException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public ScopeManagementException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public ScopeManagementException(String msg) {
super(msg);
setErrorMessage(msg);
}
public ScopeManagementException() {
super();
}
public ScopeManagementException(Throwable cause) {
super(cause);
}
}

@ -0,0 +1,53 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.common.scope.mgt;
import java.util.List;
import org.wso2.carbon.apimgt.api.model.Scope;
/**
* This interface contains the basic operations related to scope management.
*/
public interface ScopeManagementService {
/**
* This method is used to update the given list of scopes.
*
* @param scopes List of scopes to be updated.
* @throws ScopeManagementException
*/
void updateScopes(List<Scope> scopes) throws ScopeManagementException;
/**
* This method is used to retrieve all the scopes.
*
* @return List of scopes.
* @throws ScopeManagementException
*/
List<Scope> getAllScopes() throws ScopeManagementException;
/**
* This method is to retrieve the roles of the given scope
* @param scopeKey key of the scope
* @return List of roles
* @throws ScopeManagementException
*/
String getRolesOfScope(String scopeKey) throws ScopeManagementException;
}

@ -91,6 +91,10 @@
!org.wso2.carbon.device.mgt.core.internal,
org.wso2.carbon.device.mgt.core.*
</Export-Package>
<Embed-Dependency>
javax.ws.rs-api,
scribe;scope=compile|runtime;inline=false;
</Embed-Dependency>
<DynamicImport-Package>*</DynamicImport-Package>
</instructions>
</configuration>
@ -228,6 +232,7 @@
<groupId>commons-collections.wso2</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.email.sender.core</artifactId>
@ -236,15 +241,12 @@
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.34</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>1.7.1</version>
</dependency>
<dependency>
@ -253,6 +255,26 @@
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.orbit.org.scannotation</groupId>
<artifactId>scannotation</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
</dependency>
</dependencies>
</project>

@ -63,7 +63,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
throws DeviceAccessAuthorizationException {
int tenantId = this.getTenantId();
if (username == null || username.isEmpty()) {
return false;
return !DeviceManagementDataHolder.getInstance().requireDeviceAuthorization(deviceIdentifier.getType());
}
//check for admin and ownership permissions
if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) {
@ -243,9 +243,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
}
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
Permission permission = new Permission();
permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
return PermissionUtils.putPermission(permission);
return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
}
private Map<String, String> getOwnershipOfDevices(List<Device> devices) {

@ -0,0 +1,332 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.apache.catalina.core.StandardContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.scannotation.AnnotationDB;
import org.wso2.carbon.apimgt.annotations.api.API;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
public class AnnotationProcessor {
private static final Log log = LogFactory.getLog(AnnotationProcessor.class);
private static final String PACKAGE_ORG_APACHE = "org.apache";
private static final String PACKAGE_ORG_CODEHAUS = "org.codehaus";
private static final String PACKAGE_ORG_SPRINGFRAMEWORK = "org.springframework";
private static final String WILD_CARD = "/*";
private static final String URL_SEPARATOR = "/";
private static final String STRING_ARR = "string_arr";
private static final String STRING = "string";
private Method[] pathClazzMethods;
private Class<Path> pathClazz;
Class<API> apiClazz;
private ClassLoader classLoader;
private ServletContext servletContext;
public AnnotationProcessor(final StandardContext context) {
servletContext = context.getServletContext();
classLoader = servletContext.getClassLoader();
}
/**
* Scan the context for classes with annotations
*
* @return
* @throws IOException
*/
public Set<String> scanStandardContext(String className) throws IOException {
ExtendedAnnotationDB db = new ExtendedAnnotationDB();
db.addIgnoredPackages(PACKAGE_ORG_APACHE);
db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS);
db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK);
URL classPath = findWebInfClassesPath(servletContext);
db.scanArchives(classPath);
//Returns a list of classes with given Annotation
return db.getAnnotationIndex().get(className);
}
/**
* Method identifies the URL templates and context by reading the annotations of a class
*
* @param entityClasses
* @return
*/
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
extractPermissions(Set<String> entityClasses) {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
if (entityClasses != null && !entityClasses.isEmpty()) {
for (final String className : entityClasses) {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourcePermissions =
AccessController.doPrivileged(new PrivilegedAction<List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>>() {
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> run() {
Class<?> clazz;
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> apiPermissions =
new ArrayList<>();
try {
clazz = classLoader.loadClass(className);
apiClazz = (Class<API>)
classLoader.loadClass(org.wso2.carbon.apimgt.annotations.api.API
.class.getName());
Annotation apiAnno = clazz.getAnnotation(apiClazz);
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourceList;
if (apiAnno != null) {
if (log.isDebugEnabled()) {
log.debug("Application Context root = " + servletContext.getContextPath());
}
try {
String rootContext = servletContext.getContextPath();
pathClazz = (Class<Path>) classLoader.loadClass(Path.class.getName());
pathClazzMethods = pathClazz.getMethods();
Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
String subContext = "";
if (rootContectAnno != null) {
subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
if (subContext != null && !subContext.isEmpty()) {
if (subContext.trim().startsWith("/")) {
rootContext = rootContext + subContext;
} else {
rootContext = rootContext + "/" + subContext;
}
}
if (log.isDebugEnabled()) {
log.debug("API Root Context = " + rootContext);
}
}
Method[] annotatedMethods = clazz.getDeclaredMethods();
apiPermissions = getApiResources(rootContext, annotatedMethods);
} catch (Throwable throwable) {
log.error("Error encountered while scanning for annotations", throwable);
}
}
} catch (ClassNotFoundException e) {
log.error("Error when passing the api annotation for device type apis.");
}
return apiPermissions;
}
});
permissions.addAll(resourcePermissions);
}
}
return permissions;
}
/**
* Get Resources for each API
*
* @param resourceRootContext
* @param annotatedMethods
* @return
* @throws Throwable
*/
private List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
String subCtx;
for (Method method : annotatedMethods) {
Annotation[] annotations = method.getDeclaredAnnotations();
org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission =
new org.wso2.carbon.device.mgt.common.permission.mgt.Permission();
if (isHttpMethodAvailable(annotations)) {
Annotation methodContextAnno = method.getAnnotation(pathClazz);
if (methodContextAnno != null) {
subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
} else {
subCtx = WILD_CARD;
}
permission.setContext(makeContextURLReady(resourceRootContext));
permission.setUrlTemplate(makeContextURLReady(subCtx));
// this check is added to avoid url resolving conflict which happens due
// to adding of '*' notation for dynamic path variables.
if (WILD_CARD.equals(subCtx)) {
subCtx = makeContextURLReady(resourceRootContext);
} else {
subCtx = makeContextURLReady(resourceRootContext) + makeContextURLReady(subCtx);
}
permission.setUrl(replaceDynamicPathVariables(subCtx));
String httpMethod;
for (int i = 0; i < annotations.length; i++) {
httpMethod = getHTTPMethodAnnotation(annotations[i]);
if (httpMethod != null) {
permission.setMethod(httpMethod);
break;
}
}
permissions.add(permission);
}
}
return permissions;
}
/**
* Read Method annotations indicating HTTP Methods
* @param annotation
*/
private String getHTTPMethodAnnotation(Annotation annotation) {
if (annotation.annotationType().getName().equals(GET.class.getName())) {
return HttpMethod.GET;
} else if (annotation.annotationType().getName().equals(POST.class.getName())) {
return HttpMethod.POST;
} else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
return HttpMethod.OPTIONS;
} else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
return HttpMethod.DELETE;
} else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
return HttpMethod.PUT;
}
return null;
}
private boolean isHttpMethodAvailable(Annotation[] annotations) {
for (Annotation annotation : annotations) {
if (annotation.annotationType().getName().equals(GET.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(POST.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
return true;
}
}
return false;
}
/**
* Append '/' to the context and make it URL ready
*
* @param context
* @return
*/
private String makeContextURLReady(String context) {
if (context != null && ! context.isEmpty()) {
if (context.startsWith("/")) {
return context;
} else {
return "/" + context;
}
}
return "";
}
/**
* When an annotation and method is passed, this method invokes that executes said method against the annotation
*
* @param method
* @param annotation
* @param returnType
* @return
* @throws Throwable
*/
private String invokeMethod(Method method, Annotation annotation, String returnType) throws Throwable {
InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation);
switch (returnType) {
case STRING:
return (String) methodHandler.invoke(annotation, method, null);
case STRING_ARR:
return ((String[]) methodHandler.invoke(annotation, method, null))[0];
default:
return null;
}
}
/**
* Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
* if your servlet container does not extract the /WEB-INF/classes into a real file-based directory
*
* @param servletContext
* @return null if cannot determin /WEB-INF/classes
*/
public static URL findWebInfClassesPath(ServletContext servletContext)
{
String path = servletContext.getRealPath("/WEB-INF/classes");
if (path == null) return null;
File fp = new File(path);
if (fp.exists() == false) return null;
try
{
URI uri = fp.toURI();
return uri.toURL();
}
catch (MalformedURLException e)
{
throw new RuntimeException(e);
}
}
private String replaceDynamicPathVariables(String path) {
StringBuilder replacedPath = new StringBuilder();
StringTokenizer st = new StringTokenizer(path, URL_SEPARATOR);
String currentToken;
while (st.hasMoreTokens()) {
currentToken = st.nextToken();
if (currentToken.charAt(0) == '{') {
if (currentToken.charAt(currentToken.length() - 1) == '}') {
replacedPath.append(WILD_CARD);
}
} else {
replacedPath.append(URL_SEPARATOR);
replacedPath.append(currentToken);
}
}
return replacedPath.toString();
}
}

@ -0,0 +1,92 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.scannotation.AnnotationDB;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.StreamIterator;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
public class ExtendedAnnotationDB extends AnnotationDB {
public ExtendedAnnotationDB() {
super();
}
public void scanArchives(URL... urls) throws IOException {
URL[] arr$ = urls;
int len$ = urls.length;
for(int i$ = 0; i$ < len$; ++i$) {
URL url = arr$[i$];
Filter filter = new Filter() {
public boolean accepts(String filename) {
if(filename.endsWith(".class")) {
if(filename.startsWith("/") || filename.startsWith("\\")) {
filename = filename.substring(1);
}
if(!ExtendedAnnotationDB.this.ignoreScan(filename.replace('/', '.'))) {
return true;
}
}
return false;
}
};
StreamIterator it = ExtendedIteratorFactory.create(url, filter);
InputStream stream;
while((stream = it.next()) != null) {
this.scanClass(stream);
}
}
}
private boolean ignoreScan(String intf) {
String[] arr$;
int len$;
int i$;
String ignored;
if(this.scanPackages != null) {
arr$ = this.scanPackages;
len$ = arr$.length;
for(i$ = 0; i$ < len$; ++i$) {
ignored = arr$[i$];
if(intf.startsWith(ignored + ".")) {
return false;
}
}
return true;
} else {
arr$ = this.ignoredPackages;
len$ = arr$.length;
for(i$ = 0; i$ < len$; ++i$) {
ignored = arr$[i$];
if(intf.startsWith(ignored + ".")) {
return true;
}
}
return false;
}
}
}

@ -0,0 +1,32 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.scannotation.archiveiterator.*;
import java.io.File;
import java.io.IOException;
import java.net.URL;
public class ExtendedFileProtocolIteratorFactory implements DirectoryIteratorFactory {
@Override
public StreamIterator create(URL url, Filter filter) throws IOException {
File f = new File(java.net.URLDecoder.decode(url.getPath(), "UTF-8"));
return f.isDirectory()?new FileIterator(f, filter):new JarIterator(url.openStream(), filter);
}
}

@ -0,0 +1,54 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.scannotation.archiveiterator.DirectoryIteratorFactory;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.JarIterator;
import org.scannotation.archiveiterator.StreamIterator;
import java.io.IOException;
import java.net.URL;
import java.util.concurrent.ConcurrentHashMap;
public class ExtendedIteratorFactory {
private static final ConcurrentHashMap<String, DirectoryIteratorFactory> registry = new ConcurrentHashMap();
public static StreamIterator create(URL url, Filter filter) throws IOException {
String urlString = url.toString();
if(urlString.endsWith("!/")) {
urlString = urlString.substring(4);
urlString = urlString.substring(0, urlString.length() - 2);
url = new URL(urlString);
}
if(!urlString.endsWith("/")) {
return new JarIterator(url.openStream(), filter);
} else {
DirectoryIteratorFactory factory = registry.get(url.getProtocol());
if(factory == null) {
throw new IOException("Unable to scan directory of protocol: " + url.getProtocol());
} else {
return factory.create(url, filter);
}
}
}
static {
registry.put("file", new ExtendedFileProtocolIteratorFactory());
}
}

@ -25,29 +25,27 @@ import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
/**
* This class represents the information related to permission configuration.
* This class represents the information related to permissions.
*/
@XmlRootElement (name = "PermissionConfiguration")
public class PermissionConfiguration {
private List<Permission> permissions;
private String apiVersion;
private String scopeName;
private String[] permissions;
public String getApiVersion() {
return apiVersion;
public String getScopeName() {
return scopeName;
}
@XmlElement (name = "APIVersion", required = true)
public void setApiVersion(String apiVersion) {
this.apiVersion = apiVersion;
public void setScopeName(String scope) {
this.scopeName = scope;
}
public List<Permission> getPermissions() {
public String[] getPermissions() {
return permissions;
}
@XmlElement (name = "Permission", required = true)
public void setPermissions(List<Permission> permissions) {
public void setPermissions(String[] permissions) {
this.permissions = permissions;
}
}

@ -26,6 +26,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor;
import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
@ -35,8 +37,10 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.Set;
/**
* This listener class will initiate the permission addition of permissions defined in
@ -45,7 +49,8 @@ import java.util.List;
@SuppressWarnings("unused")
public class WebAppDeploymentLifecycleListener implements LifecycleListener {
private static final String PERMISSION_CONFIG_PATH = "META-INF" + File.separator + "permissions.xml";
private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled";
private static final Log log = LogFactory.getLog(WebAppDeploymentLifecycleListener.class);
@Override
@ -54,34 +59,27 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
ServletContext servletContext = context.getServletContext();
String contextPath = context.getServletContext().getContextPath();
try {
InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH);
if (permissionStream != null) {
/* Un-marshaling Device Management configuration */
JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream);
List<Permission> permissions = permissionConfiguration.getPermissions();
String apiVersion = permissionConfiguration.getApiVersion();
if (permissionConfiguration != null && permissions != null) {
String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
if (isManagedApi) {
try {
AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
Set<String> annotatedAPIClasses = annotationProcessor.
scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
List<Permission> permissions = annotationProcessor.extractPermissions(annotatedAPIClasses);
PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance();
if (permissions != null) {
for (Permission permission : permissions) {
// update the permission path to absolute permission path
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
permission.setUrl(PermissionUtils.getAbsoluteContextPathOfAPI(contextPath, apiVersion,
permission.getUrl()).toLowerCase());
permission.setMethod(permission.getMethod().toUpperCase());
PermissionManagerServiceImpl.getInstance().addPermission(permission);
permissionManagerService.addPermission(permission);
}
}
} catch (PermissionManagementException e) {
log.error("Exception occurred while adding the permissions from webapp : "
+ servletContext.getContextPath(), e);
} catch (IOException e) {
log.error("Cannot find API annotation Class in the webapp '" + contextPath + "' class path", e);
}
} catch (JAXBException e) {
log.error(
"Exception occurred while parsing the permission configuration of webapp : "
+ context.getServletContext().getContextPath(), e);
} catch (PermissionManagementException e) {
log.error("Exception occurred while adding the permissions from webapp : "
+ servletContext.getContextPath(), e);
}
}

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.core.internal;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManager;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.license.mgt.LicenseManager;
@ -56,6 +57,16 @@ public class DeviceManagementDataHolder {
private EmailSenderService emailSenderService;
private PushNotificationProviderRepository pushNotificationProviderRepository;
public APIManagerConfiguration getApiManagerConfiguration() {
return apiManagerConfiguration;
}
public void setApiManagerConfiguration(APIManagerConfiguration apiManagerConfiguration) {
this.apiManagerConfiguration = apiManagerConfiguration;
}
private APIManagerConfiguration apiManagerConfiguration;
private DeviceManagementDataHolder() {}
public static DeviceManagementDataHolder getInstance() {

@ -21,6 +21,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.APIManagerConfigurationService;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
@ -30,6 +31,7 @@ import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagement
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository;
@ -50,6 +52,8 @@ import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.push.notification.mgt.PushNotificationProviderRepository;
import org.wso2.carbon.device.mgt.core.scope.mgt.ScopeManagementServiceImpl;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
@ -59,8 +63,10 @@ import org.wso2.carbon.email.sender.core.service.EmailSenderService;
import org.wso2.carbon.ndatasource.core.DataSourceService;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ConfigurationContextService;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
@ -117,6 +123,9 @@ public class DeviceManagementServiceComponent {
private static List<DeviceManagementService> deviceManagers = new ArrayList<>();
private static List<DeviceManagerStartupListener> startupListeners = new ArrayList<>();
private DeviceManagementPluginRepository pluginRepository = new DeviceManagementPluginRepository();
private static final String APIM_CONFIGURATION_PATH = CarbonUtils.getCarbonHome() + File.separator + "repository" +
File.separator + "conf" + File.separator + "api-manager.xml";
private static final String DATA_SOURCE_NAME = "DataSourceName";
public static void registerPluginInitializationListener(PluginInitializationListener listener) {
synchronized (LOCK) {
@ -149,12 +158,19 @@ public class DeviceManagementServiceComponent {
DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DataSourceConfig dsConfig = config.getDeviceManagementConfigRepository().getDataSourceConfig();
APIManagerConfiguration apiManagerConfiguration = new APIManagerConfiguration();
apiManagerConfiguration.load(APIM_CONFIGURATION_PATH);
DeviceManagementDataHolder.getInstance().setApiManagerConfiguration(apiManagerConfiguration);
DeviceManagementDAOFactory.init(dsConfig);
GroupManagementDAOFactory.init(dsConfig);
NotificationManagementDAOFactory.init(dsConfig);
OperationManagementDAOFactory.init(dsConfig);
String apiManagerDataSource = apiManagerConfiguration.getFirstProperty(DATA_SOURCE_NAME);
ScopeManagementDAOFactory.init(apiManagerDataSource);
/* Initialize Operation Manager */
this.initOperationsManager();
@ -227,10 +243,9 @@ public class DeviceManagementServiceComponent {
= new NotificationManagementServiceImpl();
bundleContext.registerService(NotificationManagementService.class.getName(), notificationManagementService, null);
/* Registering PermissionManager Service */
PermissionManagerService permissionManagerService
= PermissionManagerServiceImpl.getInstance();
bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
/* Registering Scope Management Service */
ScopeManagementService scopeManagementService = new ScopeManagementServiceImpl();
bundleContext.registerService(ScopeManagementService.class.getName(), scopeManagementService, null);
/* Registering DeviceAccessAuthorization Service */
DeviceAccessAuthorizationService deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl();

@ -22,8 +22,9 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import java.util.List;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
/**
* This class will add, update custom permissions defined in permission.xml in webapps and it will
@ -52,16 +53,19 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
}
@Override
public boolean addPermission(Permission permission) throws PermissionManagementException {
public void addPermission(Permission permission) throws PermissionManagementException {
// adding a permission to the tree
permissionTree.addPermission(permission);
return PermissionUtils.putPermission(permission);
}
@Override
public Permission getPermission(Properties properties) throws PermissionManagementException {
String url = (String) properties.get(URL_PROPERTY);
String httpMethod = (String) properties.get(HTTP_METHOD_PROPERTY);
if (url == null || url.isEmpty() || httpMethod == null || httpMethod.isEmpty()) {
throw new PermissionManagementException("Resource URI/HTTP method is empty");
}
return permissionTree.getPermission(url, httpMethod);
}
}

@ -54,9 +54,6 @@ public class PermissionTree {
tempRoot = addPermissionNode(tempRoot, tempChild);
}
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
if (log.isDebugEnabled()) {
log.debug("Added permission '" + permission.getName() + "'");
}
}
/**

@ -39,84 +39,82 @@ import java.util.StringTokenizer;
*/
public class PermissionUtils {
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return DeviceManagementDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return DeviceManagementDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
public static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
public static String getAbsoluteContextPathOfAPI(String contextPath, String version, String url) {
if((version != null) && !version.isEmpty()) {
return contextPath + "/" + version + url;
if ((version != null) && !version.isEmpty()) {
return contextPath + "/" + version + url;
}
return contextPath + url;
}
public static Permission getPermission(String path) throws PermissionManagementException {
try {
Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
Permission permission = new Permission();
permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
permission.setPath(resource.getPath());
return permission;
} catch (RegistryException e) {
throw new PermissionManagementException("Error in retrieving registry resource : " +
e.getMessage(), e);
}
}
public static boolean putPermission(Permission permission)
throws PermissionManagementException {
boolean status;
try {
StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
String lastToken = "", currentToken, tempPath;
while(tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if(!checkResourceExists(tempPath)) {
// public static Permission getPermission(String path) throws PermissionManagementException {
// try {
// Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
// Permission permission = new Permission();
// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
// permission.setPath(resource.getPath());
// return permission;
// } catch (RegistryException e) {
// throw new PermissionManagementException("Error in retrieving registry resource : " +
// e.getMessage(), e);
// }
// }
//
public static boolean putPermission(String permissionPath)
throws PermissionManagementException {
boolean status;
try {
StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
}
lastToken = tempPath;
}
status = true;
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error occurred while persisting permission : " +
permission.getName(), e);
}
return status;
}
}
lastToken = tempPath;
}
status = true;
} catch (RegistryException e) {
throw new PermissionManagementException("Error occurred while persisting permission", e);
}
return status;
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
public static Document convertToDocument(File file) throws PermissionManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

@ -0,0 +1,97 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.common.TransactionManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAO;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOException;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import java.lang.annotation.Inherited;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
/**
* This is an implementation of a Scope Management Service.
*/
public class ScopeManagementServiceImpl implements ScopeManagementService {
private ScopeManagementDAO scopeManagementDAO;
public ScopeManagementServiceImpl() {
this.scopeManagementDAO = ScopeManagementDAOFactory.getScopeManagementDAO();
}
@Override
public void updateScopes(List<Scope> scopes) throws ScopeManagementException {
try{
ScopeManagementDAOFactory.beginTransaction();
scopeManagementDAO.updateScopes(scopes);
ScopeManagementDAOFactory.commitTransaction();
} catch (TransactionManagementException e) {
ScopeManagementDAOFactory.rollbackTransaction();
throw new ScopeManagementException("Transactional error occurred while adding the scopes.", e);
} catch (ScopeManagementDAOException e) {
ScopeManagementDAOFactory.rollbackTransaction();
throw new ScopeManagementException("Error occurred while adding the scopes to database.", e);
} finally {
ScopeManagementDAOFactory.closeConnection();
}
}
@Override
public List<Scope> getAllScopes() throws ScopeManagementException {
List<Scope> scopes = new ArrayList<>();
try{
ScopeManagementDAOFactory.openConnection();
scopes = scopeManagementDAO.getAllScopes();
} catch (SQLException e) {
throw new ScopeManagementException("SQL error occurred while retrieving scopes from database.", e);
} catch (ScopeManagementDAOException e) {
throw new ScopeManagementException("Error occurred while retrieving scopes from database.", e);
} finally {
ScopeManagementDAOFactory.closeConnection();
}
return scopes;
}
@Override
public String getRolesOfScope(String scopeKey) throws ScopeManagementException {
String roles;
if (scopeKey == null || scopeKey.isEmpty()) {
throw new ScopeManagementException("Scope key is null or empty");
}
try {
ScopeManagementDAOFactory.openConnection();
roles = scopeManagementDAO.getRolesOfScope(scopeKey);
} catch (SQLException e) {
throw new ScopeManagementException("SQL error occurred while retrieving roles of scope from database.", e);
} catch (ScopeManagementDAOException e) {
throw new ScopeManagementException("Error occurred while retrieving roles of scope from database.", e);
} finally {
ScopeManagementDAOFactory.closeConnection();
}
return roles;
}
}

@ -0,0 +1,54 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
import org.wso2.carbon.apimgt.api.model.Scope;
import java.util.List;
/**
* This interface contains the basic database operations related to scope management.
*/
public interface ScopeManagementDAO {
/**
* This method is used to update the list of scopes.
*
* @param scopes List of scopes to be updated.
* @throws ScopeManagementDAOException
*/
void updateScopes(List<Scope> scopes) throws ScopeManagementDAOException;
/**
* This method is used to retrieve all the scopes.
*
* @return List of scopes.
* @throws ScopeManagementDAOException
*/
List<Scope> getAllScopes() throws ScopeManagementDAOException;
/**
* This method is to retrieve the roles of the given scope
* @param scopeKey key of the scope
* @return List of roles
* @throws ScopeManagementDAOException
*/
String getRolesOfScope(String scopeKey) throws ScopeManagementDAOException;
}

@ -0,0 +1,57 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
public class ScopeManagementDAOException extends Exception {
private static final long serialVersionUID = -315127931137771199L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public ScopeManagementDAOException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public ScopeManagementDAOException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public ScopeManagementDAOException(String msg) {
super(msg);
setErrorMessage(msg);
}
public ScopeManagementDAOException() {
super();
}
public ScopeManagementDAOException(Throwable cause) {
super(cause);
}
}

@ -0,0 +1,139 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.IllegalTransactionStateException;
import org.wso2.carbon.device.mgt.common.TransactionManagementException;
import org.wso2.carbon.device.mgt.core.dao.util.DeviceManagementDAOUtil;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.impl.ScopeManagementDAOImpl;
import javax.sql.DataSource;
import java.sql.Connection;
import java.sql.SQLException;
public class ScopeManagementDAOFactory {
private static final Log log = LogFactory.getLog(ScopeManagementDAOFactory.class);
private static DataSource dataSource;
private static String databaseEngine;
private static ThreadLocal<Connection> currentConnection = new ThreadLocal<Connection>();
public static ScopeManagementDAO getScopeManagementDAO() {
return new ScopeManagementDAOImpl();
}
public static void init(String dataSourceName) {
dataSource = resolveDataSource(dataSourceName);
try {
databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName();
} catch (SQLException e) {
log.error("Error occurred while retrieving config.datasource connection", e);
}
}
public static void beginTransaction() throws TransactionManagementException {
try {
Connection conn = dataSource.getConnection();
conn.setAutoCommit(false);
currentConnection.set(conn);
} catch (SQLException e) {
throw new TransactionManagementException(
"Error occurred while retrieving config.datasource connection", e);
}
}
public static void openConnection() throws SQLException {
currentConnection.set(dataSource.getConnection());
}
public static Connection getConnection() throws SQLException {
if (currentConnection.get() == null) {
throw new IllegalTransactionStateException("No connection is associated with the current transaction. " +
"This might have ideally caused by not properly initiating the transaction via " +
"'beginTransaction'/'openConnection' methods");
}
return currentConnection.get();
}
public static void closeConnection() {
Connection con = currentConnection.get();
if (con != null) {
try {
con.close();
} catch (SQLException e) {
log.error("Error occurred while close the connection");
}
currentConnection.remove();
}
}
public static void commitTransaction() {
try {
Connection conn = currentConnection.get();
if (conn != null) {
conn.commit();
} else {
if (log.isDebugEnabled()) {
log.debug("Datasource connection associated with the current thread is null, hence commit " +
"has not been attempted");
}
}
} catch (SQLException e) {
log.error("Error occurred while committing the transaction", e);
}
}
public static void rollbackTransaction() {
try {
Connection conn = currentConnection.get();
if (conn != null) {
conn.rollback();
} else {
if (log.isDebugEnabled()) {
log.debug("Datasource connection associated with the current thread is null, hence rollback " +
"has not been attempted");
}
}
} catch (SQLException e) {
log.error("Error occurred while roll-backing the transaction", e);
}
}
/**
* Resolve data source from the data source name.
*
* @param dataSourceName data source name
* @return data source resolved from the data source definition
*/
private static DataSource resolveDataSource(String dataSourceName) {
DataSource dataSource;
if (dataSourceName == null || dataSourceName.isEmpty()) {
throw new RuntimeException("Scope Management Repository data source configuration is null and " +
"thus, is not initialized");
}
if (log.isDebugEnabled()) {
log.debug("Initializing Scope Management Repository data source using the JNDI Lookup Definition");
}
dataSource = DeviceManagementDAOUtil.lookupDataSource(dataSourceName, null);
return dataSource;
}
}

@ -0,0 +1,57 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class ScopeManagementDAOUtil {
private static final Log log = LogFactory.getLog(ScopeManagementDAOUtil.class);
public static void cleanupResources(Statement stmt, ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
log.warn("Error occurred while closing the result set", e);
}
}
if (stmt != null) {
try {
stmt.close();
} catch (SQLException e) {
log.warn("Error occurred while closing the statement", e);
}
}
}
public static void cleanupResources(Statement stmt) {
if (stmt != null) {
try {
stmt.close();
} catch (SQLException e) {
log.warn("Error occurred while closing the statement", e);
}
}
}
}

@ -0,0 +1,121 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao.impl;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAO;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOException;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOUtil;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
public class ScopeManagementDAOImpl implements ScopeManagementDAO {
@Override
public void updateScopes(List<Scope> scopes) throws ScopeManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
conn = this.getConnection();
String sql = "UPDATE IDN_OAUTH2_SCOPE SET ROLES=? WHERE SCOPE_KEY=?";
stmt = conn.prepareStatement(sql);
// creating a batch request
for (Scope scope : scopes) {
stmt.setString(1, scope.getRoles());
stmt.setString(2, scope.getKey());
stmt.addBatch();
}
stmt.executeBatch();
} catch (SQLException e) {
throw new ScopeManagementDAOException("Error occurred while updating the details of the scopes.", e);
} finally {
ScopeManagementDAOUtil.cleanupResources(stmt, rs);
}
}
public List<Scope> getAllScopes() throws ScopeManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet rs = null;
List<Scope> scopes = new ArrayList<>();
Scope scope;
try {
conn = this.getConnection();
String sql = "SELECT * FROM IDN_OAUTH2_SCOPE";
stmt = conn.prepareStatement(sql);
rs = stmt.executeQuery();
while (rs.next()) {
scope = new Scope();
scope.setKey(rs.getString("SCOPE_KEY"));
scope.setName(rs.getString("NAME"));
scope.setDescription(rs.getString("DESCRIPTION"));
scope.setRoles(rs.getString("ROLES"));
scopes.add(scope);
}
return scopes;
} catch (SQLException e) {
throw new ScopeManagementDAOException("Error occurred while fetching the details of the scopes.", e);
} finally {
ScopeManagementDAOUtil.cleanupResources(stmt, rs);
}
}
@Override
public String getRolesOfScope(String scopeKey) throws ScopeManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet rs = null;
String roles = null;
try {
conn = this.getConnection();
String sql = "SELECT ROLES FROM IDN_OAUTH2_SCOPE WHERE SCOPE_KEY = ?";
stmt = conn.prepareStatement(sql);
stmt.setString(1, scopeKey);
rs = stmt.executeQuery();
if (rs.next()) {
roles = rs.getString("ROLES");
}
return roles;
} catch (SQLException e) {
throw new ScopeManagementDAOException("Error occurred while fetching the details of the scopes.", e);
} finally {
ScopeManagementDAOUtil.cleanupResources(stmt, rs);
}
}
private Connection getConnection() throws SQLException {
return ScopeManagementDAOFactory.getConnection();
}
}

@ -39,18 +39,26 @@ if (uriMatcher.match("/{context}/api/data-tables/invoker")) {
for (var key in allParams) {
if (allParams.hasOwnProperty(key)) {
if (key == "limit" || key == "offset" || key == "filter") {
if(key == "limit" || key == "offset"){
targetURL = appendQueryParam(targetURL, key, allParams[key]);
}
if(key == "filter"){
if(allParams[key]){
var searchPayload = JSON.parse(allParams[key]);
for (var key in searchPayload) {
targetURL = appendQueryParam(targetURL, key, searchPayload[key]);
}
}
}
}
}
serviceInvokers.XMLHttp.get(
targetURL,
// response callback
function (backendResponse) {
response["status"] = backendResponse["status"];
response["content"] = backendResponse["responseText"];
}
targetURL,
// response callback
function (backendResponse) {
response["status"] = backendResponse["status"];
response["content"] = backendResponse["responseText"];
}
);
}

@ -218,7 +218,8 @@ var userModule = function () {
}
try {
utility.startTenantFlow(carbonUser);
var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] + "/roles";
var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] +
"/roles?offset=0&limit=100";
var response = privateMethods.callBackend(url, constants["HTTP_GET"]);
if (response.status == "success") {
response.content = parse(response.content).roles;

@ -2,20 +2,21 @@
Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
WSO2 Inc. licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file except
in compliance with the License.
You may obtain a copy of the License at
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may
obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
}}
{{unit "cdmf.unit.ui.title" pageTitle="Policy Management"}}
{{unit "cdmf.unit.ui.title" pageTitle="Policy Management | Edit Policy"}}
{{#zone "breadcrumbs"}}
<li>
@ -24,6 +25,7 @@
</a>
</li>
<li>
<!--suppress HtmlUnknownTarget -->
<a href="{{@app.context}}/policies">
Policies
</a>
@ -36,5 +38,6 @@
{{/zone}}
{{#zone "content"}}
{{unit deviceTypePolicyEdit}}
{{unit "cdmf.unit.device.operation-mod"}}
{{unit "cdmf.unit.policy.edit"}}
{{/zone}}

@ -16,8 +16,8 @@
* under the License.
*/
function onRequest(context) {
var utility = require("/app/modules/utility.js").utility;
var deviceType = request.getParameter("type");
return {"deviceTypePolicyEdit": utility.getTenantedDeviceUnitName(deviceType, "policy-edit")};
}
//function onRequest(context) {
// var utility = require("/app/modules/utility.js").utility;
// var deviceType = request.getParameter("type");
// return {"deviceTypePolicyEdit": utility.getTenantedDeviceUnitName(deviceType, "policy-edit")};
//}

@ -1,5 +1,5 @@
{
"version": "1.0.0",
"uri": "/policy/edit",
"uri": "/policy/edit",
"layout": "cdmf.layout.default"
}

@ -2,20 +2,21 @@
Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
WSO2 Inc. licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file except
in compliance with the License.
You may obtain a copy of the License at
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may
obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
}}
{{unit "cdmf.unit.ui.title" pageTitle="Policy Management"}}
{{unit "cdmf.unit.ui.title" pageTitle="Policy Management | View Policy"}}
{{#zone "breadcrumbs"}}
<li>
@ -24,6 +25,7 @@
</a>
</li>
<li>
<!--suppress HtmlUnknownTarget -->
<a href="{{@app.context}}/policies">
Policies
</a>
@ -36,5 +38,6 @@
{{/zone}}
{{#zone "content"}}
{{unit deviceTypePolicyView}}
{{unit "cdmf.unit.device.operation-mod"}}
{{unit "cdmf.unit.policy.view"}}
{{/zone}}

@ -16,8 +16,8 @@
* under the License.
*/
function onRequest(context) {
var utility = require("/app/modules/utility.js").utility;
var deviceType = request.getParameter("type");
return {"deviceTypePolicyView": utility.getTenantedDeviceUnitName(deviceType, "policy-view")};
}
//function onRequest(context) {
// var utility = require("/app/modules/utility.js")["utility"];
// var deviceType = request.getParameter("type");
// return {"deviceTypePolicyView": utility.getTenantedDeviceUnitName(deviceType, "policy-view")};
//}

@ -1,5 +1,5 @@
{
"version": "1.0.0",
"uri": "/policy/view",
"uri": "/policy/view",
"layout": "cdmf.layout.default"
}

@ -20,7 +20,6 @@ function onRequest(context) {
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var username = request.getParameter("username");
var user = userModule.getUser(username)["content"];
var userModule = require("/app/modules/user.js")["userModule"];
var userName = request.getParameter("username");

@ -1,54 +1,37 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
var deviceMgtAPIsBasePath = "/api/device-mgt/v1.0";
/**
* Checks if provided input is valid against RegEx input.
*
* @param regExp Regular expression
* @param inputString Input string to check
* @returns {boolean} Returns true if input matches RegEx
*/
function inputIsValid(regExp, inputString) {
regExp = new RegExp(regExp);
return regExp.test(inputString);
}
/**
* Sorting function of users
* listed on User Management page in WSO2 Devicemgt Console.
*/
$(function () {
var sortableElem = '.wr-sortable';
$(sortableElem).sortable({
beforeStop: function () {
$(this).sortable('toArray');
var sortedIDs = $(this).sortable('toArray');
}
});
$(sortableElem).disableSelection();
});
var apiBasePath = "/api/device-mgt/v1.0";
var modalPopup = ".wr-modalpopup";
var modalPopupContainer = modalPopup + " .modalpopup-container";
var modalPopupContent = modalPopup + " .modalpopup-content";
var body = "body";
//var isInit = true;
var isInit = true;
$(".icon .text").res_text(0.2);
/*
@ -90,11 +73,11 @@ function getSelectedUsernames() {
/**
* Following click function would execute
* when a user clicks on "Invite" link
* on User Management page in WSO2 Devicemgt Console.
* on User Management page in WSO2 MDM Console.
*/
$("a.invite-user-link").click(function () {
var usernameList = getSelectedUsernames();
var inviteUserAPI = deviceMgtAPIsBasePath + "/users/send-invitation";
var inviteUserAPI = apiBasePath + "/users/send-invitation";
if (usernameList.length == 0) {
$(modalPopupContent).html($("#errorUsers").html());
@ -108,18 +91,13 @@ $("a.invite-user-link").click(function () {
invokerUtil.post(
inviteUserAPI,
usernameList,
// success callback
function (data, textStatus, jqXHR) {
if (jqXHR.status == 200) {
$(modalPopupContent).html($('#invite-user-success-content').html());
$("a#invite-user-success-link").click(function () {
hidePopup();
});
}
function () {
$(modalPopupContent).html($('#invite-user-success-content').html());
$("a#invite-user-success-link").click(function () {
hidePopup();
});
},
// error callback
function (jqXHR) {
console.log("error in invite-user API, status code: " + jqXHR.status);
function () {
$(modalPopupContent).html($('#invite-user-error-content').html());
$("a#invite-user-error-link").click(function () {
hidePopup();
@ -136,30 +114,31 @@ $("a.invite-user-link").click(function () {
/**
* Following click function would execute
* when a user clicks on "Remove" link
* on User Listing page in WSO2 Devicemgt Console.
* on User Listing page in WSO2 MDM Console.
*/
function removeUser(username) {
var removeUserAPI = deviceMgtAPIsBasePath + "/users/" + username;
function removeUser(uname, uid) {
var username = uname;
var userid = uid;
var removeUserAPI = apiBasePath + "/users/" + username;
$(modalPopupContent).html($('#remove-user-modal-content').html());
showPopup();
$("a#remove-user-yes-link").click(function () {
invokerUtil.delete(
removeUserAPI,
// success callback
function (data, textStatus, jqXHR) {
if (jqXHR.status == 200) {
// update modal-content with success message
$(modalPopupContent).html($('#remove-user-success-content').html());
$("a#remove-user-success-link").click(function () {
hidePopup();
location.reload();
});
}
function () {
$("#" + userid).remove();
// get new user-list-count
var newUserListCount = $(".user-list > span").length;
// update user-listing-status-msg with new user-count
$("#user-listing-status-msg").text("Total number of Users found : " + newUserListCount);
// update modal-content with success message
$(modalPopupContent).html($('#remove-user-success-content').html());
$("a#remove-user-success-link").click(function () {
hidePopup();
});
},
// error callback
function (jqXHR) {
console.log("error in remove-user API, status code: " + jqXHR.status);
function () {
$(modalPopupContent).html($('#remove-user-error-content').html());
$("a#remove-user-error-link").click(function () {
hidePopup();
@ -207,23 +186,19 @@ function resetPassword(uname) {
//resetPasswordFormData.username = user;
resetPasswordFormData.newPassword = unescape(confirmedPassword);
var resetPasswordServiceURL = deviceMgtAPIsBasePath + "/admin/users/"+ user +"/credentials";
var resetPasswordServiceURL = apiBasePath + "/admin/users/"+ user +"/credentials";
invokerUtil.post(
resetPasswordServiceURL,
resetPasswordFormData,
// success callback
function (data, textStatus, jqXHR) {
function (data, textStatus, jqXHR) { // The success callback
if (jqXHR.status == 200) {
$(modalPopupContent).html($('#reset-password-success-content').html());
$("a#reset-password-success-link").click(function () {
hidePopup();
});
}
},
// error callback
function (jqXHR) {
console.log("error in reset-password API, status code: " + jqXHR.status);
}, function (jqXHR) { // The error callback
var payload = JSON.parse(jqXHR.responseText);
$(errorMsg).text(payload.message);
$(errorMsgWrapper).removeClass("hidden");
@ -253,7 +228,7 @@ $("#search-btn").click(function () {
* when a user clicks on the list item
* initial mode and with out select mode.
*/
function initiateViewOption() {
function InitiateViewOption() {
if ($("#can-view").val()) {
$(location).attr('href', $(this).data("url"));
} else {
@ -262,137 +237,172 @@ function initiateViewOption() {
}
}
function loadUsers() {
var loadingContentIcon = "#loading-content";
$(loadingContentIcon).show();
function loadUsers(searchParam) {
$("#loading-content").show();
var dataFilter = function (data) {
var dataFilter = function(data){
data = JSON.parse(data);
var objects = [];
$(data.users).each(
function (index) {
objects.push(
{
username: data.users[index].username,
firstname: data.users[index].firstname ? data.users[index].firstname: '' ,
lastname: data.users[index].lastname ? data.users[index].lastname : '',
emailAddress : data.users[index].emailAddress ? data.users[index].emailAddress: '',
DT_RowId : "user-" + data.users[index].username
}
)
}
);
$(data.users).each(function( index ) {
objects.push({
filter: data.users[index].username,
firstname: data.users[index].firstname ? data.users[index].firstname: '' ,
lastname: data.users[index].lastname ? data.users[index].lastname : '',
emailAddress : data.users[index].emailAddress ? data.users[index].emailAddress: '',
DT_RowId : "role-" + data.users[index].username})
});
var json = {
json = {
"recordsTotal": data.count,
"recordsFiltered": data.count,
"data": objects
};
return JSON.stringify(json);
};
return JSON.stringify( json );
}
var fnCreatedRow = function(nRow, aData, iDataIndex) {
console.log(JSON.stringify(aData));
var fnCreatedRow = function( nRow, aData, iDataIndex ) {
$(nRow).attr('data-type', 'selectable');
$(nRow).attr('data-username', aData["username"]);
};
}
var columns = [
{
class: "remove-padding icon-only content-fill",
data: null,
defaultContent:
'<div class="thumbnail icon">' +
'<i class="square-element text fw fw-user" style="font-size: 30px;"></i>' +
'</div>'
defaultContent: '<div class="thumbnail icon"> <i class="square-element text fw fw-user" style="font-size: 30px;"></i> </div>'
},
{
class: "fade-edge",
data: null,
render: function (data, type, row, meta) {
render: function ( data, type, row, meta ) {
return '<h4>' + data.firstname + ' ' + data.lastname + '</h4>';
}
},
{
class: "fade-edge remove-padding-top",
data: null,
render: function (data, type, row, meta) {
return '<i class="fw-user"></i> ' + data.username;
data: 'filter',
render: function ( filter, type, row, meta ) {
return '<i class="fw-user"></i> ' + filter;
}
},
{
class: "fade-edge remove-padding-top",
data: null,
render: function (data, type, row, meta) {
return '<a href="mailto:' + data.emailAddress + ' " class="wr-list-email"><i class="fw-mail"></i> ' +
data.emailAddress + ' </a>';
render: function ( data, type, row, meta ) {
return '<a href="mailto:' + data.emailAddress + ' " class="wr-list-email"> <i class="fw-mail"></i> ' + data.emailAddress + ' </a>';
}
},
{
class: "text-right content-fill text-left-on-grid-view no-wrap",
data: null,
render: function (data, type, row, meta) {
return '<a href="/emm/users/edit-user?username=' + data.username + '" ' +
'data-username="' + data.username + '" ' +
'data-click-event="edit-form" ' +
'class="btn padding-reduce-on-grid-view edit-user-link">' +
'<span class="fw-stack">' +
'<i class="fw fw-ring fw-stack-2x"></i>' +
'<i class="fw fw-edit fw-stack-1x"></i>' +
'</span>' +
'<span class="hidden-xs hidden-on-grid-view">&nbsp;&nbsp;Edit</span>' +
'</a>' +
'<a href="#" ' +
'data-username="' + data.username + '" ' +
'data-user-id="' + data.username + '" ' +
'data-click-event="edit-form" ' +
'onclick="javascript:resetPassword(\'' + data.username + '\')" ' +
'class="btn padding-reduce-on-grid-view remove-user-link">' +
'<span class="fw-stack">' +
'<i class="fw fw-ring fw-stack-2x"></i>' +
'<i class="fw fw-key fw-stack-1x"></i>' +
'<span class="fw-stack fw-move-right fw-move-bottom">' +
'<i class="fw fw-circle fw-stack-2x fw-stroke fw-inverse"></i> ' +
'<i class="fw fw-circle fw-stack-2x"></i>' +
'<i class="fw fw-refresh fw-stack-1x fw-inverse"></i> ' +
'</span>' +
'</span>' +
'<span class="hidden-xs hidden-on-grid-view">&nbsp;&nbsp;Reset Password</span>' +
'</a>' +
'<a href="#" ' +
'data-username="' + data.username + '" ' +
'data-user-id=' + data.username + ' ' +
'data-click-event="remove-form" ' +
'onclick="javascript:removeUser(\'' + data.username + '\', \'' + data.username + '\')" ' +
'class="btn padding-reduce-on-grid-view remove-user-link">' +
'<span class="fw-stack">' +
'<i class="fw fw-ring fw-stack-2x"></i>' +
'<i class="fw fw-delete fw-stack-1x"></i>' +
'</span>' +
'<span class="hidden-xs hidden-on-grid-view">&nbsp;&nbsp;Remove</span> ' +
'</a>'
render: function ( data, type, row, meta ) {
return '<a href="/emm/users/edit-user?username=' + data.username + '" data-username="' + data.username +
'" data-click-event="edit-form" class="btn padding-reduce-on-grid-view edit-user-link"> ' +
'<span class="fw-stack"> <i class="fw fw-ring fw-stack-2x"></i> <i class="fw fw-edit fw-stack-1x"></i>' +
' </span> <span class="hidden-xs hidden-on-grid-view">Edit</span> </a>' +
'<a href="#" data-username="' + data.username + '" data-userid=' + data.username +
' data-click-event="remove-form" onclick="javascript:removeUser(\'' + data.username + '\', \'' +
data.username + '\')" class="btn padding-reduce-on-grid-view remove-user-link">' +
'<span class="fw-stack"> <i class="fw fw-ring fw-stack-2x"></i> <i class="fw fw-delete fw-stack-1x">' +
'</i> </span> <span class="hidden-xs hidden-on-grid-view">Remove</span> </a>' +
'<a href="#" data-username="' + data.username + '" data-userid="' + data.username +
'" data-click-event="edit-form" onclick="javascript:resetPassword(\'' + data.username +
'\')" class="btn padding-reduce-on-grid-view remove-user-link"> <span class="fw-stack"> <i class="fw fw-ring fw-stack-2x">' +
'</i> <i class="fw fw-key fw-stack-1x"></i> <span class="fw-stack fw-move-right fw-move-bottom"> <i class="fw fw-circle fw-stack-2x fw-stroke fw-inverse"><' +
'/i> <i class="fw fw-circle fw-stack-2x"></i> <i class="fw fw-refresh fw-stack-1x fw-inverse">' +
'</i> </span> </span> <span class="hidden-xs hidden-on-grid-view">Reset</span> </a>'
}
}
];
$("#user-grid").datatables_extended_serverside_paging(
null, '/api/device-mgt/v1.0/users', dataFilter, columns, fnCreatedRow, null
);
var options = {
"placeholder": "Search By Username",
"searchKey" : "filter"
};
$('#user-grid').datatables_extended_serverside_paging(null, '/api/device-mgt/v1.0/users', dataFilter, columns, fnCreatedRow, null, options);
$("#loading-content").hide();
// $("#loading-content").show();
// var userListing = $("#user-listing");
// var userListingSrc = userListing.attr("src");
// $.template("user-listing", userListingSrc, function (template) {
// var serviceURL = apiBasePath + "/users";
// if (searchParam) {
// serviceURL = serviceURL + "?filter=" + searchParam;
// }
// var successCallback = function (data) {
// if (!data) {
// $('#ast-container').addClass('hidden');
// $('#user-listing-status-msg').text('No users are available to be displayed.');
// return;
// }
// var canRemove = $("#can-remove").val();
// var canEdit = $("#can-edit").val();
// var canResetPassword = $("#can-reset-password").val();
// data = JSON.parse(data);
// var viewModel = {};
// viewModel.users = data.users;
// for (var i = 0; i < viewModel.users.length; i++) {
// viewModel.users[i].userid = viewModel.users[i].username.replace(/[^\w\s]/gi, '');
// if (canRemove) {
// viewModel.users[i].canRemove = true;
// }
// if (canEdit) {
// viewModel.users[i].canEdit = true;
// }
// if (canResetPassword) {
// viewModel.users[i].canResetPassword = true;
// }
// viewModel.users[i].adminUser = $("#user-table").data("user");
// }
// if (data.count > 0) {
// $('#ast-container').removeClass('hidden');
// $('#user-listing-status-msg').text("");
// var content = template(viewModel);
// $("#ast-container").html(content);
// } else {
// $('#ast-container').addClass('hidden');
// $('#user-listing-status-msg').text('No users are available to be displayed.');
// }
// $("#loading-content").hide();
// if (isInit) {
// $('#user-grid').datatables_extended();
// isInit = false;
// }
// $(".icon .text").res_text(0.2);
// };
// invokerUtil.get(serviceURL,
// successCallback,
// function (message) {
// $('#ast-container').addClass('hidden');
// $('#user-listing-status-msg').
// text('Invalid search query. Try again with a valid search query');
// }
// );
// });
}
$(document).ready(function () {
loadUsers();
$(".viewEnabledIcon").click(function () {
initiateViewOption();
InitiateViewOption();
});
if (!$("#can-invite").val()) {
$("#invite-user-button").remove();
}

@ -81,31 +81,58 @@
</div>
<div id="user-table" data-user={{adminUser}}>
<table class="table table-striped table-hover list-table display responsive nowrap data-table grid-view"
id="user-grid">
<!--<table class="table table-striped table-hover list-table display responsive nowrap data-table grid-view"-->
<!--id="user-grid">-->
<!--<thead>-->
<!--<tr class="sort-row">-->
<!--<th class="no-sort"></th>-->
<!--<th class="no-sort"></th>-->
<!--<th>By Username</th>-->
<!--<th class="no-sort"></th>-->
<!--<th class="no-sort"></th>-->
<!--</tr>-->
<!--<tr class="filter-row filter-box">-->
<!--<th colspan="4">-->
<!--<label class="wr-input-label" for="search-by-username">-->
<!--By Username-->
<!--</label>-->
<!--<input id="search-by-username" type="text" class="form-control"-->
<!--placeholder="Search By Username">-->
<!--</th>-->
<!--<th style="vertical-align:bottom;">-->
<!--<button id="search-btn" class="wr-btn">-->
<!--Search-->
<!--</button>-->
<!--</th>-->
<!--</tr>-->
<!--<tr class="bulk-action-row" id="invite-user-button">-->
<!--<th colspan="5">-->
<!--<ul class="tiles">-->
<!--<li class="square">-->
<!--<a href="#" data-click-event="remove-form" class="btn square-element invite-user-link"-->
<!--data-toggle="modal" data-target="#modalDemo">-->
<!--<span class="icon fw-stack">-->
<!--<i class="fw fw-ring fw-stack-2x"></i>-->
<!--<i class="fw fw-invitation fw-stack-1x"></i>-->
<!--</span>-->
<!--Invite Selected-->
<!--</a>-->
<!--</li>-->
<!--</ul>-->
<!--</th>-->
<!--</tr>-->
<!--</thead>-->
<!--<tbody id="ast-container">-->
<!--<br class="c-both"/>-->
<!--</tbody>-->
<!--</table>-->
<table class="table table-striped table-hover list-table display responsive nowrap data-table grid-view" id="user-grid">
<thead>
<tr class="sort-row">
<th class="no-sort"></th>
<th class="no-sort"></th>
<th>By Username</th>
<th class="no-sort"></th>
<th class="no-sort"></th>
</tr>
<tr class="filter-row filter-box">
<th colspan="4">
<label class="wr-input-label" for="search-by-username">
By Username
</label>
<input id="search-by-username" type="text" class="form-control"
placeholder="Search By Username">
</th>
<th style="vertical-align:bottom;">
<button id="search-btn" class="wr-btn">
Search
</button>
</th>
</tr>
<tr class="bulk-action-row" id="invite-user-button">
<tr class="bulk-action-row">
<th colspan="5">
<ul class="tiles">
<li class="square">
@ -124,7 +151,7 @@
</thead>
<tbody id="ast-container">
<br class="c-both"/>
<br class="c-both" />
</tbody>
</table>
</div>

@ -28,7 +28,7 @@ function onRequest(context) {
});
var page = {};
var userModule = require("/app/modules/user.js")["userModule"];
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var deviceMgtProps = require("/app/modules/conf-reader/main.js")["conf"];
page["adminUser"] = deviceMgtProps["adminUser"];

@ -29,33 +29,41 @@
* For ex: $(this) means jQuery(this) and S.fn.x means jQuery.fn.x
*/
$.fn.datatables_extended_serverside_paging = function (settings , url, dataFilter,
columns, fnCreatedRow, fnDrawCallback) {
$.fn.datatables_extended_serverside_paging = function (settings , url, dataFilter,
columns, fnCreatedRow, fnDrawCallback, options) {
var elem = $(this);
// EMM related function
if (initiateViewOption) {
$(".viewEnabledIcon").bind("click", initiateViewOption);
if (InitiateViewOption) {
$(".viewEnabledIcon").bind("click", InitiateViewOption);
}
//--- End of EMM related codes
$(elem).DataTable(
$.extend({},{
serverSide: true,
processing: false,
searching: true,
ordering: false,
filter: false,
bSortCellsTop: true,
ajax : {
url: "/emm/api/data-tables/invoker",
data : function (params) {
var filter = "";
var i;
var searchParams = {};
for (i = 0; i < params.columns.length; i++) {
// console.log(i);
filter += "&" + params.columns[i].data + "=" + params.columns[i].search.value;
searchParams[params.columns[i].data] = encodeURIComponent(params.columns[i].search.value);
}
// console.log(filter);
if(options) {
searchParams[options.searchKey] = encodeURIComponent(params.search.value);
}
params.filter = JSON.stringify(searchParams);
params.offset = params.start;
params.limit = params.length;
params.filter = filter;
// if(params.search.value){
// params.filter = params.search.value;
// }
params.url = url;
},
dataFilter: dataFilter
@ -64,15 +72,15 @@
responsive: false,
autoWidth: false,
dom:'<"dataTablesTop"' +
'f' +
'<"dataTables_toolbar">' +
'>' +
'rt' +
'<"dataTablesBottom"' +
'lip' +
'>',
'f' +
'<"dataTables_toolbar">' +
'>' +
'rt' +
'<"dataTablesBottom"' +
'lip' +
'>',
language: {
searchPlaceholder: 'Search by Role name',
searchPlaceholder: options.placeholder,
search: ''
},
fnCreatedRow: fnCreatedRow,
@ -216,7 +224,7 @@
$(button).addClass("active").html('Select');
$(button).parent().next().children().addClass("disabled");
// EMM related function
$(".viewEnabledIcon").bind("click", initiateViewOption);
$(".viewEnabledIcon").bind("click", InitiateViewOption);
//--- End of EMM related codes
}
});

@ -0,0 +1,233 @@
{{#zone "content"}}
<div class="row">
<div class="col-md-12">
<div class="wr-steps hidden">
<div class="col-md-3 col-xs-3">
<div class="itm-wiz itm-wiz-current" data-step="policy-profile"><div class="wiz-no">1</div><div class="wiz-lbl hidden-xs"><span>Edit current profile</span></div></div>
<br class="c-both" />
</div>
<div class="col-md-3 col-xs-3">
<div class="itm-wiz" data-step="policy-criteria"><div class="wiz-no">2</div><div class="wiz-lbl hidden-xs"><span>Edit assignment groups</span></div></div>
<br class="c-both" />
</div>
<div class="col-md-3 col-xs-3">
<div class="itm-wiz" data-step="policy-naming"><div class="wiz-no">3</div><div class="wiz-lbl hidden-xs"><span>Republish to devices</span></div></div>
<br class="c-both" />
</div>
</div>
<div class="container col-centered wr-content policy-message hidden">
<div class="wr-form">
<h1 id="policy-message-page-wizard-title" class="page-sub-title">Policy is successfully re-configured.</h1>
<br>Please click <b>"Add Another Policy"</b>, if you wish to add another policy or click
<b>"View policy list"</b> to complete the process and go back to the policy list.
<hr>
<button class="wr-btn wizard-stepper" data-current="policy-message" data-direct="/emm/policies/">
View policy list
</button>
<a href="/emm/policies/add-policy" class="cu-btn-inner">
<span class="fw-stack">
<i class="fw fw-ring fw-stack-2x"></i>
<i class="fw fw-add fw-stack-1x"></i>
</span>
Add another policy
</a>
</div>
</div>
<div class="container col-centered wr-content policy-naming hidden">
<div class="wr-form">
<h1 id="policy-naming-page-wizard-title" class="page-sub-title">EDIT POLICY</h1>
<hr>
<div id="policy-naming-wizard-steps" class="row wr-wizard"></div>
<hr>
<div class="row">
<div class="col-lg-12">
<h4 class="visible-xs">Step 3: Republish to devices</h4>
<br>
<div id="policy-naming-main-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<div>
<label class="wr-input-label">
Set a name * to your policy<br>
( should be 1-to-30 characters long )
</label>
<div id="policy-name-field" class="form-group wr-input-control">
<div class="cus-col-50">
<input id="policy-name-input" class="form-control" type="text" value="" placeholder="[ Required field ]"/>
</div>
<br class="c-both"/>
<span class=" nameError hidden glyphicon glyphicon-remove form-control-feedback"></span>
<label class="error nameEmpty hidden" for="summary">Policy name is required & Should be be 1-to-30 characters long.</label>
</div>
<label class="wr-input-label">
Add a description
</label>
<div class="wr-input-control">
<div class="cus-col-50">
<textarea id="policy-description-input" class="form-control" rows="10" placeholder="[ Optional field ]"></textarea>
</div>
<br class="c-both" />
</div>
</div>
<div class="wr-input-control wr-btn-grp">
<a href="#" class="wr-btn wizard-stepper" data-is-back-btn="true" data-current="policy-naming" data-next="policy-criteria">
Back
</a>
<a href="#" class="wr-btn wizard-stepper" data-current="policy-naming-publish" data-next="policy-message" data-validate="true">
Save & Publish
</a>
<a href="#" class="wr-btn wizard-stepper" data-current="policy-naming" data-next="policy-message" data-validate="true">
Save
</a>
</div>
</div>
</div>
</div>
</div>
<div class="container col-centered wr-content policy-criteria hidden">
<div class="wr-form">
<h1 id="policy-criteria-page-wizard-title" class="page-sub-title">EDIT POLICY</h1>
<hr>
<div id="policy-criteria-wizard-steps" class="row wr-wizard"></div>
<hr>
<div class="row">
<div class="col-lg-12">
<h4 class="visible-xs">Step 2: Edit assignment groups</h4>
<br>
<div id="policy-criteria-main-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<div>
<label class="wr-input-label">
Set device ownership type
</label>
<div class="wr-input-control">
<div class="cus-col-50">
<select id="ownership-input" class="form-control">
<option value="ANY" selected>ANY</option>
<option value="BYOD">BYOD (Bring Your Own Device) </option>
<option value="COPE">COPE (Corporate-Owned, Personally Enabled)</option>
</select>
</div>
<br class="c-both" />
</div>
<div class="wr-input-control">
<label class="wr-input-control radio light">
<input id="user-roles-radio-btn" type="radio" name="select-users-radio-btn" class="select-users-radio" checked/>
<span class="helper">&nbsp;Set user role(s)</span>
</label>
<label class="wr-input-control radio light" rel="assetfilter">
<input id="users-radio-btn" type="radio" name="select-users-radio-btn" class="select-users-radio" />
<span class="helper">&nbsp;Set user(s)</span>
</label>
</div>
<div id="user-roles-select-field" class="select-users">
<div class="wr-input-control">
<div class="cus-col-50">
<select id="user-roles-input" class="form-control select2" multiple="multiple">
<option value="ANY" selected>ANY</option>
{{#each roles}}
<option>{{this}}</option>
{{/each}}
</select>
</div>
<br class="c-both" />
</div>
</div>
<div id="users-select-field" class="select-users">
<div class="wr-input-control">
<div class="cus-col-50">
<select id="users-input" class="form-control select2" multiple="multiple">
<option value="ANY" selected>ANY</option>
{{#each users}}
<option>{{username}}</option>
{{/each}}
</select>
</div>
<br class="c-both" />
</div>
</div>
<br>
<label class="wr-input-label" title="">
Set an action upon non-compliance
</label>
<div class="wr-input-control">
<div class="cus-col-50">
<select id="action-input" class="form-control">
<option value="enforce" data-action="enforce" selected>Enforce</option>
<option value="warn" data-action="warn">Warn</option>
<option value="monitor" data-action="monitor">Monitor</option>
</select>
</div>
<br class="c-both" />
</div>
</div>
<div class="wr-input-control wr-btn-grp">
<a href="#" class="wr-btn wizard-stepper" data-is-back-btn="true" data-current="policy-criteria" data-next="policy-profile">
Back
</a>
<a href="#" class="wr-btn wizard-stepper" data-current="policy-criteria" data-next="policy-naming" data-validate="true">
Continue
</a>
</div>
</div>
</div>
</div>
</div>
<div class="container col-centered wr-content policy-profile">
<div class="wr-form">
<h1 id="policy-profile-page-wizard-title" class="page-sub-title">EDIT POLICY</h1>
<hr>
<div id="policy-profile-wizard-steps" class="row wr-wizard"></div>
<hr>
<div class="row">
<div class="col-lg-12">
<h4 class="visible-xs">Step 1: Edit current profile</h4>
<br>
<div id="policy-profile-main-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<div class="wr-advance-operations">
<div class="wr-advance-operations-init">
<br>
&nbsp;&nbsp;
<i class="fw fw-settings fw-spin fw-2x"></i>
&nbsp;Loading platform features . . .
<br>
<br>
</div>
</div>
<div class="wr-input-control wr-btn-grp">
<a href="#" class="wr-btn wizard-stepper" data-current="policy-profile" data-next="policy-criteria" data-validate="true">
Continue
</a>
</div>
</div>
</div>
</div>
</div>
<!-- content -->
</div>
</div>
{{/zone}}
{{#zone "bottomJs"}}
<!--suppress HtmlUnknownTarget -->
<script id="hidden-operations-ios" src="{{@unit.publicUri}}/templates/hidden-operations-ios.hbs"
type="text/x-handlebars-template"></script>
<!--suppress HtmlUnknownTarget -->
<script id="hidden-operations-android" src="{{@unit.publicUri}}/templates/hidden-operations-android.hbs"
type="text/x-handlebars-template"></script>
<!--suppress HtmlUnknownTarget -->
<script id="hidden-operations-windows" src="{{@unit.publicUri}}/templates/hidden-operations-windows.hbs"
type="text/x-handlebars-template"></script>
{{js "js/edit.js"}}
{{/zone}}

@ -0,0 +1,36 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
function onRequest(context) {
var log = new Log("policy-view-edit-unit backend js");
log.debug("calling policy-view-edit-unit");
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var rolesResult = userModule.getRoles();
if (rolesResult.status == "success") {
context.roles = rolesResult.content;
}
var usersResult = userModule.getUsers();
if (usersResult.status == "success") {
context.users = usersResult.content;
}
return context;
}

@ -0,0 +1,568 @@
<div class="row no-gutter">
<div class="wr-hidden-operations-nav col-lg-4">
<a href="javascript:void(0)" onclick="showAdvanceOperation('passcode-policy', this)" class="selected">
<span class="wr-hidden-operations-icon fw-stack">
<i class="fw fw-key fw-stack-2x"></i>
</span>
Passcode Policy
<span id="passcode-policy-configured" class="has-configured status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="passcode-policy-ok" class="has-success status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="passcode-policy-error" class="has-error status-icon hidden"><i class="fw fw-error"></i></span>
</a>
<a href="javascript:void(0)" onclick="showAdvanceOperation('camera', this)">
<span class="wr-hidden-operations-icon fw-stack">
<i class="fw fw-block fw-stack-2x"></i>
</span>
Restrictions on Camera
<span id="camera-configured" class="has-configured status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="camera-ok" class="has-success status-icon hidden"><i class="fw fw-ok"></i></span>
<span class="camera-error status-icon hidden"><i class="fw fw-error"></i></span>
</a>
<a href="javascript:void(0)" onclick="showAdvanceOperation('encrypt-storage', this)">
<span class="wr-hidden-operations-icon fw-stack">
<i class="fw fw-security fw-stack-2x"></i>
</span>
Encryption Settings
<span id="encrypt-storage-configured" class="has-configured status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="encrypt-storage-ok" class="has-success status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="encrypt-storage-error" class="encryption-error status-icon hidden"><i class="fw fw-error"></i></span>
</a>
<a href="javascript:void(0)" onclick="showAdvanceOperation('app-restriction', this)">
<span class="fw-stack fw-lg">
<i class="fw fw-application fw-stack-1x"></i>
<i class="fw fw-block fw-stack-2x"></i>
</span>
Applications Restrictions
<span id="app-restriction-configured" class="has-configured status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="app-restriction-ok" class="has-success status-icon hidden"><i class="fw fw-ok"></i></span>
<span id="app-restriction-error" class="has-error status-icon hidden"><i class="fw fw-error"></i></span>
</a>
<!--<a href="javascript:void(0)" onclick="showAdvanceOperation('wifi', this)">-->
<!--<span class="wr-hidden-operations-icon fw-stack">-->
<!--<i class="fw fw-wifi fw-stack-2x"></i>-->
<!--</span>-->
<!--Wi-Fi Settings-->
<!--<span id="wifi-configured" class="has-configured status-icon hidden"><i class="fw fw-ok"></i></span>-->
<!--<span id="wifi-ok" class="has-success status-icon hidden"><i class="fw fw-ok"></i></span>-->
<!--<span id="wifi-error" class="has-error status-icon hidden"><i class="fw fw-error"></i></span>-->
<!--</a>-->
<!--<a href="javascript:void(0)" onclick="showAdvanceOperation('install-apps', this)">-->
<!--<span class="wr-hidden-operations-icon fw-stack">-->
<!--<i class="fw fw-application fw-stack-2x"></i>-->
<!--</span>-->
<!--App Installations-->
<!--</a>-->
<!--<a href="javascript:void(0)" onclick="showAdvanceOperation('blacklist-apps', this)">-->
<!--<span class="wr-hidden-operations-icon fw-stack">-->
<!--<i class="fw fw-block fw-stack-2x"></i>-->
<!--</span>-->
<!--App Blacklisting-->
<!--</a>-->
<!--<a href="javascript:void(0)" onclick="showAdvanceOperation('web-clips', this)">-->
<!--<span class="wr-hidden-operations-icon fw-stack">-->
<!--<i class="fw fw-website fw-stack-2x"></i>-->
<!--</span>-->
<!--Web clips-->
<!--</a>-->
</div>
<div class="wr-hidden-operations-content col-lg-8">
<!-- passcode-policy -->
<div class="wr-hidden-operation" data-operation="passcode-policy" style="display: block">
<div class="panel panel-default operation-data" data-operation="passcode-policy" data-operation-code="PASSCODE_POLICY">
<div id="passcode-policy-heading" class="panel-heading" role="tab">
<h2 class="sub-title panel-title">
Passcode Policy
<label id="passcode-policy-lbl" class="wr-input-control switch" data-toggle="collapse" data-target="#passcode-policy-body">
<input type="checkbox" />
<span class="helper"></span>
<span class="text"></span>
</label>
<hr>
<div class="panel-title-description">
This configuration can be used to set a passcode policy to an Windows Device.
Once this configuration profile is installed on a device, corresponding users will not be able
to modify these settings on their devices.
</div>
</h2>
</div>
<div id="passcode-policy-body" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="passcode-policy-body">
<div id="passcode-policy-feature-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<div class="wr-input-control">
<label class="wr-input-control checkbox">
<input id="passcode-policy-allow-simple" type="checkbox" class="form-control operationDataKeys" data-key="passcodePolicyAllowSimple" checked="checked" />
<span class="helper" title="Permit the use of repeating, ascending and descending character sequences">
&nbsp;&nbsp;&nbsp;Allow simple value
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
</div>
<div class="wr-input-control">
<label class="wr-input-control checkbox">
<input id="passcode-policy-require-alphanumeric" type="checkbox" class="form-control operationDataKeys" data-key="passcodePolicyRequireAlphanumeric" checked="checked" />
<span class="helper" title="Require passcode to contain both letters and numbers">
&nbsp;&nbsp;&nbsp;Require alphanumeric value
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
</div>
<div class="wr-input-control">
<label class="wr-input-label" for="passcode-policy-min-length">
Minimum passcode length
<span class="helper" title="Minimum number of characters allowed in a passcode">
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
<select id="passcode-policy-min-length" class="form-control operationDataKeys" data-key="passcodePolicyMinLength" data-default="0">
<option value="" selected="selected">
None
</option>
<option value="4">04</option>
<option value="5">05</option>
<option value="6">06</option>
<option value="7">07</option>
<option value="8">08</option>
<option value="9">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
</select>
</div>
<div class="wr-input-control">
<label class="wr-input-label" for="passcode-policy-min-complex-chars">
Minimum number of complex characters
<span class="helper" title="Minimum number of complex or non-alphanumeric characters allowed in a passcode">
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
<select id="passcode-policy-min-complex-chars" class="form-control operationDataKeys" data-key="passcodePolicyMinComplexChars" data-default="0">
<option value="" selected="selected">
None
</option>
<option value="1">01</option>
<option value="2">02</option>
<option value="3">03</option>
<option value="4">04</option>
<option value="5">05</option>
</select>
</div>
<div class="wr-input-control">
<label class="wr-input-label" for="passcode-policy-max-passcode-age-in-days">
Maximum passcode age in days
<span class="helper" title="Number of days after which a passcode must be changed">
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
<br>
( Should be in between 1-to-730 days or none )
</label>
<input id="passcode-policy-max-passcode-age-in-days" type="text" class="form-control operationDataKeys" data-key="passcodePolicyMaxPasscodeAgeInDays" maxlength="3" placeholder="[ Requires Number Input ]">
</div>
<div class="wr-input-control">
<label class="wr-input-label" for="passcode-policy-passcode-history">
Passcode history
<span class="helper" title="Number of consequent unique passcodes to be used before reuse">
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
<br>
( Should be in between 1-to-50 passcodes or none )
</label>
<input id="passcode-policy-passcode-history" type="text" class="form-control operationDataKeys" data-key="passcodePolicyPasscodeHistory" maxlength="2" placeholder="[ Requires Number Input ]">
</div>
<div class="wr-input-control">
<label class="wr-input-label" for="passcodePolicyMaxFailedAttempts">
Maximum number of failed attempts
<span class="helper" title="Maximum number of passcode entry attempts allowed before all data on a device will be erased">
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
<select id="passcode-policy-max-failed-attempts" class="form-control operationDataKeys" data-key="passcodePolicyMaxFailedAttempts" data-default="0">
<option value="" selected="selected">
None
</option>
<option value="3">03</option>
<option value="4">04</option>
<option value="5">05</option>
<option value="6">06</option>
<option value="7">07</option>
<option value="8">08</option>
<option value="9">09</option>
<option value="10">10</option>
</select>
</div>
</div>
</div>
</div>
<!-- /passcode-policy -->
<!-- camera -->
<div class="wr-hidden-operation" data-operation="camera">
<div class="panel panel-default operation-data" data-operation="camera" data-operation-code="CAMERA">
<div id="camera-heading" class="panel-heading" role="tab">
<h2 class="sub-title panel-title">
Restrictions on Camera
<label class="wr-input-control switch" data-toggle="collapse" data-target="#camera-body">
<input type="checkbox" />
<span class="helper"></span>
<span class="text"></span>
</label>
<hr>
<div class="panel-title-description">
This configuration can be used to restrict the usage of camera on an Windows device together with all the applications using the camera.
Once this configuration profile is installed on a device, corresponding users will not be able
to modify these settings on their devices.
</div>
</h2>
</div>
<div id="camera-body" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="camera-body">
<div id="camera-feature-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
Un-check following checkbox in case you need to disable camera.
<br>
<br>
<div class="wr-input-control">
<label class="wr-input-control checkbox">
<input id="camera-enabled" type="checkbox" class="operationDataKeys" data-key="cameraEnabled" checked="checked" />
<span class="helper" title="Having this checked would enable Usage of phone camera in the device.">
&nbsp;&nbsp;&nbsp;Allow use of camera
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
</div>
<br>
</div>
</div>
</div>
<!-- /camera -->
<!-- encrypt-storage -->
<div class="wr-hidden-operation" data-operation="encrypt-storage">
<div class="panel panel-default operation-data" data-operation="encrypt-storage" data-operation-code="ENCRYPT_STORAGE">
<div id="encrypt-storage-heading" class="panel-heading" role="tab">
<h2 class="sub-title panel-title">
Encryption Settings
<label class="wr-input-control switch" data-toggle="collapse" data-target="#encrypt-storage-body">
<input type="checkbox" />
<span class="helper"></span>
<span class="text"></span>
</label>
<hr>
<div class="panel-title-description">
This configuration can be used to encrypt data on an Windows device, when the device is locked and
make it readable when the passcode is entered. Once this configuration profile is installed on a device,
corresponding users will not be able to modify these settings on their devices.
</div>
</h2>
</div>
<div id="encrypt-storage-body" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="encrypt-storage-body">
<div id="encrypt-storage-feature-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
Un-check following checkbox in case you need to disable storage-encryption.
<br>
<br>
<div class="wr-input-control">
<label class="wr-input-control checkbox">
<input id="encrypt-storage-enabled" type="checkbox" class="operationDataKeys" data-key="encryptStorageEnabled" checked="checked" />
<span class="helper" title="Having this checked would enable Storage-encryption in the device">
&nbsp;&nbsp;&nbsp;Enable storage-encryption
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
</label>
</div>
<br>
</div>
</div>
</div>
<!-- /encrypt-storage -->
<!--app-restriction-->
<div class="wr-hidden-operation" data-operation="app-restriction">
<div class="panel panel-default operation-data" data-operation="app-restriction" data-operation-code="APP-RESTRICTION">
<div id="app-restriction-heading" class="panel-heading" role="tab">
<h2 class="sub-title panel-title">
Application Restriction Settings
<label class="wr-input-control switch" data-toggle="collapse" data-target="#app-restriction-body">
<input type="checkbox" />
<span class="helper"></span>
<span class="text"></span>
</label>
<hr>
<div class="panel-title-description">
This configuration can be used to create a black list or white list of applications.
</div>
</h2>
</div>
<div id="app-restriction-body" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="app-restriction-body">
<div id="app-restriction-feature-error-msg" class="alert alert-danger hidden" role="alert">
<i class="icon fw fw-error"></i><span></span>
</div>
<select id="app-restriction-type" class="form-control operationDataKeys" data-key="restrictionType">
<option value="" selected="selected">
None
</option>
<option value="black-list">Black List</option>
<option value="white-list">White List</option>
</select>
<div class="wr-input-control">
<label class="wr-input-label" for="restricted-applications">
Restricted Application List
<span class="helper" title="Add an application to restrict.">
<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
</span>
<br>
<a href="#restricted-applications-grid" class="grid-input-add" data-click-event="add-form">
<span class="icon fw-stack">
<i class="fw fw-add fw-stack-1x"></i>
<i class="fw fw-ring fw-stack-2x"></i>
</span>
&nbsp;
Add Application
</a>
</label>
<div id="restricted-applications" class="operationDataKeys grouped-array-input multi-column-key-value-pair-array" data-key="restrictedApplications" data-column-count="2">
<table class="table table-responsive table-striped">
<thead>
<tr>
<th>No:</th>
<th>Application Name/Description</th>
<th>Package Name</th>
<th></th>
</tr>
</thead>
<tbody data-add-form-container="#restricted-applications-grid">
<tr data-help-text="add-form">
<td colspan="4">
No entries added yet .
</td>
</tr>
</tbody>
</table>
<table class="template hidden">
<tbody data-add-form="#restricted-applications-grid">
<tr data-add-form-element="clone">
<td data-title="No:">
<span class="index"></span>
</td>
<td data-title="App Name">
<input type="text" class="form-control grid-input-text" data-child-key="appName" maxlength="100" data-default="" placeholder="[ Application Name or Description ]" />
</td>
<td data-title="Package Name">
<input type="text" class="form-control grid-input-text" data-child-key="packageName" maxlength="100" data-default="" placeholder="[ Package Name of Application ]" />
</td>
<td>
<span class="list-group-item-actions">
<a href="#restricted-applications-grid" class="grid-input-remove" data-click-event="remove-form">
<span class="fw-stack helper" title="Remove Entry">
<i class="fw fw-ring fw-stack-2x"></i>
<i class="fw fw-delete fw-stack-1x"></i>
</span>
</a>
</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<!--/app-restriction-->
<!-- wi-fi -->
<!--<div class="wr-hidden-operation" data-operation="wifi">-->
<!--<div class="panel panel-default operation-data" data-operation="wifi" data-operation-code="WIFI">-->
<!--<div id="wifi-heading" class="panel-heading" role="tab">-->
<!--<h2 class="sub-title panel-title">-->
<!--Wi-Fi Settings-->
<!--<label class="wr-input-control switch" data-toggle="collapse" data-target="#wifi-body">-->
<!--<input type="checkbox" />-->
<!--<span class="helper"></span>-->
<!--<span class="text"></span>-->
<!--</label>-->
<!--<hr>-->
<!--<div class="panel-title-description">-->
<!--This configurations can be used to configure Wi-Fi access on an Android device.-->
<!--Once this configuration profile is installed on a device, corresponding users will not be able-->
<!--to modify these settings on their devices.-->
<!--</div>-->
<!--</h2>-->
<!--</div>-->
<!--<div id="wifi-body" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="wifi-body">-->
<!--&lt;!&ndash;<div class="cloneable">&ndash;&gt;-->
<!--&lt;!&ndash;<a href="#" class="multi-view add enabled">&ndash;&gt;-->
<!--&lt;!&ndash;<span class="icon fw-stack">&ndash;&gt;-->
<!--&lt;!&ndash;<i class="fw fw-add fw-stack-1x"></i>&ndash;&gt;-->
<!--&lt;!&ndash;<i class="fw fw-ring fw-stack-2x"></i>&ndash;&gt;-->
<!--&lt;!&ndash;</span>&ndash;&gt;-->
<!--&lt;!&ndash;</a>&ndash;&gt;-->
<!--&lt;!&ndash;<a href="#" class="multi-view remove disabled">&ndash;&gt;-->
<!--&lt;!&ndash;<span class="icon fw-stack">&ndash;&gt;-->
<!--&lt;!&ndash;<i class="fw fw-minus fw-stack-1x"></i>&ndash;&gt;-->
<!--&lt;!&ndash;<i class="fw fw-ring fw-stack-2x"></i>&ndash;&gt;-->
<!--&lt;!&ndash;</span>&ndash;&gt;-->
<!--&lt;!&ndash;</a>&ndash;&gt;-->
<!--&lt;!&ndash;Wi-Fi Setting :&ndash;&gt;-->
<!--&lt;!&ndash;<br>&ndash;&gt;-->
<!--&lt;!&ndash;<br>&ndash;&gt;-->
<!--Please note that * sign represents required fields of data.-->
<!--<br>-->
<!--<br>-->
<!--<div id="wifi-feature-error-msg" class="alert alert-danger hidden" role="alert">-->
<!--<i class="icon fw fw-error"></i><span></span>-->
<!--</div>-->
<!--<div class="wr-input-control">-->
<!--<label class="wr-input-label" for="wifi-ssid">-->
<!--Service Set Identifier (SSID) *-->
<!--<span class="helper" title="Identification of the wireless network to be configured.">-->
<!--<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>-->
<!--</span>-->
<!--<br>-->
<!--( should be 1-to-30 characters long )-->
<!--</label>-->
<!--<input id="wifi-ssid" type="text" class="form-control operationDataKeys" data-key="wifiSSID" maxlength="100" placeholder="[ Required field ]"/>-->
<!--</div>-->
<!--<div class="wr-input-control">-->
<!--<label class="wr-input-label" for="wifi-password">-->
<!--Password-->
<!--<span class="helper" title="Password for the wireless network.">-->
<!--<span class="wr-help-tip glyphicon glyphicon-question-sign"></span>-->
<!--</span>-->
<!--</label>-->
<!--<input id="wifi-password" type="text" class="form-control operationDataKeys" data-key="wifiPassword" maxlength="100" placeholder="[ Optional field ]"/>-->
<!--</div>-->
<!--&lt;!&ndash;</div>&ndash;&gt;-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!-- /wi-fi -->
<!-- install-applications -->
<!--<div class="wr-hidden-operation" data-operation="install-apps">-->
<!--<div class="panel panel-default operation-data" data-operation="INSTALL_APPLICATION">-->
<!--<div class="panel-heading" role="tab">-->
<!--<h2 class="sub-title panel-title">-->
<!--<br>-->
<!--&nbsp;&nbsp;&nbsp;App Installations-->
<!--<label class="wr-input-control switch" data-toggle="collapse" data-target="#installApp">-->
<!--<input type="checkbox" />-->
<!--<span class="helper"></span>-->
<!--<span class="text"></span>-->
<!--</label>-->
<!--<br>-->
<!--<br>-->
<!--</h2>-->
<!--</div>-->
<!--<div id="installApp" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="installApp">-->
<!--<div id="install-app-feature-error-msg" class="alert alert-danger hidden" role="alert">-->
<!--<i class="icon fw fw-error"></i><span></span>-->
<!--</div>-->
<!--<label class="wr-input-label" title="Application Identifier">App Identifier<span class="wr-help-tip glyphicon glyphicon-question-sign"></span></label>-->
<!--<div class="wr-input-control">-->
<!--<input type="text" class="form-control operationDataKeys" id="package-name" data-key="packageName" placeholder="Enter App Identifier"/>-->
<!--</div>-->
<!--<div class="wr-input-control">-->
<!--<label class="wr-input-control dropdown">-->
<!--<span class="helper" title="App Type">App Type<span class="wr-help-tip glyphicon glyphicon-question-sign"></span></span>-->
<!--<select class="form-control col-sm-8 operationDataKeys appTypesInput" id="type" data-key="type">-->
<!--<option>Public</option>-->
<!--<option>Enterprise</option>-->
<!--</select>-->
<!--</label>-->
<!--</div>-->
<!--<label class="wr-input-label" title="URL">URL<span class="wr-help-tip glyphicon glyphicon-question-sign"></span></label>-->
<!--<div class="wr-input-control">-->
<!--<input type="text" class="form-control operationDataKeys" id="url" data-key="url" placeholder="Enter URL"/>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!-- /install-applications -->
<!-- /uninstall-applications -->
<!--<div class="wr-hidden-operation" data-operation="uninstall-apps">-->
<!--<div class="panel panel-default operation-data" data-operation="UNINSTALL_APPLICATION">-->
<!--<div class="panel-heading" role="tab">-->
<!--<h2 class="sub-title panel-title">-->
<!--<br>-->
<!--&nbsp;&nbsp;&nbsp;App Uninstallations-->
<!--<label class="wr-input-control switch" data-toggle="collapse" data-target="#uninstallApp">-->
<!--<input type="checkbox" />-->
<!--<span class="helper"></span>-->
<!--<span class="text"></span>-->
<!--</label>-->
<!--<br>-->
<!--<br>-->
<!--</h2>-->
<!--</div>-->
<!--<div id="uninstallApp" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="uninstallApp">-->
<!--<div id="uninstall-app-feature-error-msg" class="alert alert-danger hidden" role="alert">-->
<!--<i class="icon fw fw-error"></i><span></span>-->
<!--</div>-->
<!--<label class="wr-input-label" title="Application Identifier">App Identifier<span class="wr-help-tip glyphicon glyphicon-question-sign"></span></label>-->
<!--<!--span>Identification of the wireless network to connect to</span-->
<!--<div class="wr-input-control">-->
<!--<input type="text" class="form-control operationDataKeys" id="package-name" data-key="packageName" placeholder="Enter App Identifier"/>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!-- /uninstall-applications -->
<!-- /web-clips -->
<!--<div class="wr-hidden-operation" data-operation="web-clips">-->
<!--<div class="panel panel-default operation-data" data-operation="WEBCLIP">-->
<!--<div class="panel-heading" role="tab">-->
<!--<h2 class="sub-title panel-title">-->
<!--<br>-->
<!--&nbsp;&nbsp;&nbsp;Web clips-->
<!--<label class="wr-input-control switch" data-toggle="collapse" data-target="#installWebClip">-->
<!--<input type="checkbox" />-->
<!--<span class="helper"></span>-->
<!--<span class="text"></span>-->
<!--</label>-->
<!--<br>-->
<!--<br>-->
<!--</h2>-->
<!--</div>-->
<!--<div id="installWebClip" class="panel-collapse panel-body collapse" role="tabpanel" aria-labelledby="installWebClip">-->
<!--<div id="install-webclip-feature-error-msg" class="alert alert-danger hidden" role="alert">-->
<!--<i class="icon fw fw-error"></i><span></span>-->
<!--</div>-->
<!--<label class="wr-input-label" title="Title of the web clip">Title<span class="wr-help-tip glyphicon glyphicon-question-sign"></span></label>-->
<!--<div class="wr-input-control">-->
<!--<input type="text" class="form-control operationDataKeys" id="title" data-key="title" placeholder="Enter Title"/>-->
<!--</div>-->
<!--<label class="wr-input-label" title="URL">URL<span class="wr-help-tip glyphicon glyphicon-question-sign"></span></label>-->
<!--<div class="wr-input-control">-->
<!--<input type="text" class="form-control operationDataKeys" id="url" data-key="url" placeholder="Enter URL"/>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!-- /web-clips -->
</div>
</div>

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save