From 878daae5c56cd8e75d22ded4db05eaae85ed7cf1 Mon Sep 17 00:00:00 2001 From: kamidu Date: Fri, 9 Sep 2016 17:47:42 +0530 Subject: [PATCH] Permission modifications --- .../src/main/webapp/META-INF/permissions.xml | 2 +- .../api/ActivityInfoProviderService.java | 4 +- .../api/ConfigurationManagementService.java | 4 +- .../service/api/DeviceManagementService.java | 16 +- .../api/DeviceTypeManagementService.java | 2 +- .../service/api/GroupManagementService.java | 2 +- .../admin/DeviceManagementAdminService.java | 2 +- .../api/admin/UserManagementAdminService.java | 2 +- .../src/main/webapp/META-INF/permissions.xml | 106 +++++----- .../group/mgt/DeviceGroupConstants.java | 2 +- .../DeviceAccessAuthorizationServiceImpl.java | 4 +- .../jaggeryapps/devicemgt/api/device-api.jag | 6 +- .../jaggeryapps/devicemgt/api/user-api.jag | 6 +- .../app/modules/business-controllers/user.js | 24 +-- .../cdmf.page.certificate.create/create.hbs | 110 +++++----- .../cdmf.page.certificate.create/create.js | 3 +- .../cdmf.page.certificates/certificates.hbs | 18 +- .../pages/cdmf.page.role.create/create.hbs | 11 + .../app/pages/cdmf.page.role.create/create.js | 20 +- .../pages/cdmf.page.user.create/create.hbs | 195 ++++++++++-------- .../app/pages/cdmf.page.user.create/create.js | 3 + .../units/cdmf.unit.policy.create/create.js | 2 + .../oauth/extensions/config/Permissions.java | 2 +- 23 files changed, 302 insertions(+), 244 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/META-INF/permissions.xml index df2b2cf629b..5a63c7f5331 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/META-INF/permissions.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/META-INF/permissions.xml @@ -32,7 +32,7 @@ get certificate in the database - /device-mgt/admin/certificate/GetSignCSR + /device-mgt/certificate/GetSignCSR /certificates/scep/signcsr POST emm_admin diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java index 2b8a075f9bd..1c23be25441 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java @@ -93,7 +93,7 @@ public interface ActivityInfoProviderService { message = "Internal Server Error. \n Server error occurred while fetching activity data.", response = ErrorResponse.class) }) - @Permission(name = "View Activities", permission = "/device-mgt/activities/view") + @Permission(name = "View Activities", permission = "/device-mgt/devices/owning/view") Response getActivity( @ApiParam( name = "id", @@ -154,7 +154,7 @@ public interface ActivityInfoProviderService { message = "Internal Server Error. \n Server error occurred while fetching activity data.", response = ErrorResponse.class) }) - @Permission(name = "View Activities", permission = "/device-mgt/activities/view") + @Permission(name = "View Activities", permission = "/device-mgt/devices/owning/view") Response getActivities( @ApiParam( name = "since", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java index b774a9598c5..0a450b6ec03 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java @@ -82,7 +82,7 @@ public interface ConfigurationManagementService { "platform configuration.", response = ErrorResponse.class) }) - @Permission(name = "View Configurations", permission = "/device-mgt/configuration/view") + @Permission(name = "View Configurations", permission = "/device-mgt/configurations/view") Response getConfiguration( @ApiParam( name = "If-Modified-Since", @@ -128,7 +128,7 @@ public interface ConfigurationManagementService { "Server error occurred while modifying general platform configuration.", response = ErrorResponse.class) }) - @Permission(name = "Manage configurations", permission = "/device-mgt/configuration/manage") + @Permission(name = "Manage configurations", permission = "/device-mgt/configurations/manage") Response updateConfiguration( @ApiParam( name = "configuration", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java index fd85ca7b274..e1240f9dd4b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java @@ -93,7 +93,7 @@ public interface DeviceManagementService { message = "Internal Server Error. \n Server error occurred while fetching the device list.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getDevices( @ApiParam( name = "name", @@ -200,7 +200,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving information requested device.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getDevice( @ApiParam( name = "type", @@ -282,7 +282,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving feature list of the device.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getFeaturesOfDevice( @ApiParam( name = "type", @@ -358,7 +358,7 @@ public interface DeviceManagementService { "Server error occurred while enrolling the device.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response searchDevices( @ApiParam( name = "offset", @@ -437,7 +437,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving installed application list of the device.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getInstalledApplications( @ApiParam( name = "type", @@ -533,7 +533,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving operation list scheduled for the device.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getDeviceOperations( @ApiParam( name = "type", @@ -631,7 +631,7 @@ public interface DeviceManagementService { response = ErrorResponse.class) } ) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getEffectivePolicyOfDevice( @ApiParam( name = "type", @@ -683,7 +683,7 @@ public interface DeviceManagementService { response = ErrorResponse.class) } ) - @Permission(name = "View Devices", permission = "/device-mgt/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getComplianceDataOfDevice( @ApiParam( name = "type", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java index b8141d45fa9..b9a24fbafe4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java @@ -79,7 +79,7 @@ public interface DeviceTypeManagementService { response = ErrorResponse.class) } ) - @Permission(name = "View Device Types", permission = "/device-mgt/devices/view") + @Permission(name = "View Device Types", permission = "/device-mgt/devices/owning/view") Response getDeviceTypes( @ApiParam( name = "If-Modified-Since", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java index 2fa4297881a..cf5b2882fa4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java @@ -82,7 +82,7 @@ public interface GroupManagementService { // // @GET // @Path("/{groupName}/devices") -// @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"}) +// @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/groups/roles"}) // Response getDevicesOfGroup(@PathParam("groupName") String groupName, @QueryParam("offset") int offset, // @QueryParam("limit") int limit); // diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java index 81449f4b133..e6732606592 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java @@ -86,7 +86,7 @@ public interface DeviceManagementAdminService { message = "Internal Server Error. \n Server error occurred while fetching the device list.", response = ErrorResponse.class) }) - @Permission(name = "View Devices", permission = "/device-mgt/admin/devices/view") + @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view") Response getDevicesByName( @ApiParam( name = "name", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java index 596f998845a..6b18ea83671 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java @@ -69,7 +69,7 @@ public interface UserManagementAdminService { "Server error occurred while updating credentials of the user.", response = ErrorResponse.class) }) - @Permission(name = "View Users", permission = "/device-mgt/admin/users/view") + @Permission(name = "View Users", permission = "/device-mgt/users/manage") Response resetUserPassword( @ApiParam( name = "username", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml index 050e9089cf2..7c77cd9bf44 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml @@ -45,334 +45,334 @@ Devices - /device-mgt/admin/devices + /device-mgt/devices / GET List devices - /device-mgt/admin/devices/List + /device-mgt/devices/List /devices GET Search devices - /device-mgt/admin/devices/Search + /device-mgt/devices/Search /devices/search-devices POST View device - /device-mgt/admin/devices/View + /device-mgt/devices/View /devices/*/* GET View device info - /device-mgt/admin/devices/View + /device-mgt/devices/View /devices/*/*/info GET View device applications - /device-mgt/admin/devices/View-Applications + /device-mgt/devices/View-Applications /devices/*/*/applications GET View device effective-policy - /device-mgt/admin/devices/View-Active-Policy + /device-mgt/devices/View-Active-Policy /devices/*/*/effective-policy GET View devices feature - /device-mgt/admin/devices/View-Features + /device-mgt/devices/View-Features /devices/*/*/features GET View device operations - /device-mgt/admin/devices/View-Operations + /device-mgt/devices/View-Operations /devices/*/*/operations GET View Compliance Data - /device-mgt/admin/devices/View-Compliance-Data + /device-mgt/devices/View-Compliance-Data /devices/*/*/compliance-data GET List all devices - /device-mgt/admin/devices/Admin-View + /device-mgt/devices/Admin-View /admin/devices GET View device types - /device-mgt/admin/devices/Admin-DeviceType-View + /device-mgt/devices/Admin-DeviceType-View /admin/device-types GET Policies - /device-mgt/admin/policies + /device-mgt/policies / GET List policies - /device-mgt/admin/policies/List + /device-mgt/policies/List /policies GET Add Policy - /device-mgt/admin/policies/Add + /device-mgt/policies/Add /policies POST Activate policy - /device-mgt/admin/policies/Activate-Policy + /device-mgt/policies/Activate-Policy /policies/activate-policy PUT Deactivate Policy - /device-mgt/admin/policies/Deactivate-Policy + /device-mgt/policies/Deactivate-Policy /policies/deactivate-policy PUT Remove Policy - /device-mgt/admin/policies/Remove + /device-mgt/policies/Remove /policies/remove-policy POST View Policy - /device-mgt/admin/policies/View + /device-mgt/policies/View /policies/* GET Update Policy - /device-mgt/admin/policies/Update + /device-mgt/policies/Update /policies/* PUT Update Policy - /device-mgt/admin/policies/Update + /device-mgt/policies/Update /policies/apply-changes PUT Update Policy - /device-mgt/admin/policies/Change-Priority + /device-mgt/policies/Change-Priority /policies/priorities PUT Notifications - /device-mgt/admin/notifications + /device-mgt/notifications / GET View notifications - /device-mgt/admin/notifications/View + /device-mgt/notifications/View /notifications GET Mark checked notifications - /device-mgt/admin/notifications/View + /device-mgt/notifications/View /notifications/*/mark-checked PUT Users - /device-mgt/admin/users + /device-mgt/users / GET List users - /device-mgt/admin/users/List + /device-mgt/users/List /users GET Add user - /device-mgt/admin/users/Add + /device-mgt/users/Add /users POST List users - /device-mgt/admin/users/Search + /device-mgt/users/Search /users/search/usernames GET Remove user - /device-mgt/admin/users/Remove + /device-mgt/users/Remove /users/* DELETE View user - /device-mgt/admin/users/View + /device-mgt/users/View /users/* GET Update user - /device-mgt/admin/users/Update + /device-mgt/users/Update /users/* PUT Update user credentials - /device-mgt/admin/users/Change-Password + /device-mgt/users/Change-Password /users/*/credentials PUT View assigned role - /device-mgt/admin/roles/Assigned-Roles + /device-mgt/roles/Assigned-Roles /users/*/roles GET Change any user credentials - /device-mgt/admin/users/Change-Password-Any + /device-mgt/users/Change-Password-Any /admin/users/*/credentials POST Send invitation mail - /device-mgt/admin/users/Send-invitations + /device-mgt/users/Send-invitations /users/send-invitation POST Roles - /device-mgt/admin/roles + /device-mgt/roles / GET List roles - /device-mgt/admin/roles/List + /device-mgt/roles/List /roles GET Add role - /device-mgt/admin/roles/Add + /device-mgt/roles/Add /roles POST Remove role - /device-mgt/admin/roles/Remove + /device-mgt/roles/Remove /roles/* DELETE View role - /device-mgt/admin/roles/View + /device-mgt/roles/View /roles/* GET Update role - /device-mgt/admin/roles/Update + /device-mgt/roles/Update /roles/* PUT View role permissions - /device-mgt/admin/roles/View-Permission + /device-mgt/roles/View-Permission /roles/*/permissions GET Add Users to role - /device-mgt/admin/roles/Add-Users + /device-mgt/roles/Add-Users /roles/*/users PUT Configurations - /device-mgt/admin/general-configs + /device-mgt/general-configs / GET View configuration - /device-mgt/admin/general-configuration/View + /device-mgt/general-configuration/View /configuration GET Update configuration - /device-mgt/admin/general-configuration/Update + /device-mgt/general-configuration/Update /configuration PUT Activities - /device-mgt/admin/activities + /device-mgt/activities / GET View Activities - /device-mgt/admin/activities/View + /device-mgt/devices/owning/view /activities GET View Activity Details - /device-mgt/admin/activities/View + /device-mgt/devices/owning/view /activities/* GET Applications - /device-mgt/admin/applications + /device-mgt/applications / GET Install Applications - /device-mgt/admin/application/Install + /device-mgt/application/Install /admin/applications/install-application POST Uninstall-Applications - /device-mgt/admin/application/Uninstall + /device-mgt/application/Uninstall /admin/applications/uninstall-application POST diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java index 24c4089b243..aab0fc16f3a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java @@ -67,7 +67,7 @@ public class DeviceGroupConstants { public static class Permissions { public static final String[] DEFAULT_ADMIN_PERMISSIONS = - {"/permission/device-mgt/admin/groups", "/permission/device-mgt/user/groups"}; + {"/permission/device-mgt/groups", "/permission/device-mgt/user/groups"}; public static final String[] DEFAULT_OPERATOR_PERMISSIONS = {"/permission/device-mgt/user/groups/device_operation"}; public static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS = diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index a5ac284b998..31d1be6658a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -47,7 +47,7 @@ import java.util.Map; */ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService { - private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin"; + private final static String CDM_ADMIN_PERMISSION = "/device-mgt/devices/any/permitted-actions-upon-owning-device"; private final static String CDM_ADMIN = "Device Management Administrator"; private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); @@ -246,7 +246,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori private boolean addAdminPermissionToRegistry() throws PermissionManagementException { Permission permission = new Permission(); permission.setName(CDM_ADMIN); - permission.setPath(CDM_ADMIN_PERMISSION); + permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION)); return PermissionUtils.putPermission(permission); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag index ecb9806b5d2..d0fc9c4f705 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag @@ -152,7 +152,7 @@ if (!user) { result = responsePayload.responseText; }); } else if (uriMatcher.match("/{context}/api/devices/")) { - if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) { + if (userModule.isAuthorized("/permission/admin/device-mgt/devices/list")) { result = deviceModule.listDevices(); } else { response.sendError(403); @@ -161,7 +161,7 @@ if (!user) { elements = uriMatcher.elements(); deviceId = elements.deviceId; type = elements.type; - if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) { + if (userModule.isAuthorized("/permission/admin/device-mgt/devices/list")) { result = deviceModule.viewDevice(type, deviceId); }else { response.sendError(403); @@ -171,7 +171,7 @@ if (!user) { deviceId = elements.deviceId; type = elements.type; operation = elements.operation; - if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/operation")) { + if (userModule.isAuthorized("/permission/admin/device-mgt/devices/operation")) { result = deviceModule.performOperation(deviceId, operation, [], type); } else { response.sendError(403); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag index 465e8961813..7303a5ee8c6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag @@ -98,7 +98,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) { /* @Deprecated */ - if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/invite")) { + if (userModule.isAuthorized("/permission/admin/device-mgt/user/invite")) { elements = uriMatcher.elements(); username = elements.username; userModule.inviteUser(username); @@ -109,7 +109,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) { /* @Deprecated */ - if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/add")) { + if (userModule.isAuthorized("/permission/admin/device-mgt/user/add")) { addUserFormData = request.getContent(); username = addUserFormData.username; firstname = addUserFormData.firstname; @@ -160,7 +160,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) { /* @Deprecated */ - if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/remove")) { + if (userModule.isAuthorized("/permission/admin/device-mgt/user/remove")) { elements = uriMatcher.elements(); username = elements.username; try { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js index dde8854bbbd..222db658b82 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js @@ -396,25 +396,25 @@ var userModule = function () { publicMethods.getUIPermissions = function () { var permissions = {}; - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/devices/list")) { permissions["LIST_DEVICES"] = true; } if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/devices/list")) { permissions["LIST_OWN_DEVICES"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/groups/list")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/groups/list")) { permissions["LIST_ALL_GROUPS"] = true; } if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/list")) { permissions["LIST_GROUPS"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/list")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/list")) { permissions["LIST_USERS"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/list")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/roles/list")) { permissions["LIST_ROLES"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/list")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/list")) { permissions["LIST_ALL_POLICIES"] = true; } if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/list")) { @@ -426,28 +426,28 @@ var userModule = function () { if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/add")) { permissions["ADD_GROUP"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/add")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/add")) { permissions["ADD_USER"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/remove")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/remove")) { permissions["REMOVE_USER"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/add")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/roles/add")) { permissions["ADD_ROLE"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/add")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/add")) { permissions["ADD_ADMIN_POLICY"] = true; } if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/add")) { permissions["ADD_POLICY"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/priority")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/priority")) { permissions["CHANGE_POLICY_PRIORITY"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/dashboard/view")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/dashboard/view")) { permissions["VIEW_DASHBOARD"] = true; } - if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/platform-configs/view")) { + if (publicMethods.isAuthorized("/permission/admin/device-mgt/platform-configs/view")) { permissions["TENANT_CONFIGURATION"] = true; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.hbs index b2411eac336..4d0f953422a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.hbs @@ -23,77 +23,87 @@ +
  • + + Certificates + +
  • - - - - - Add Certificate + Add
  • {{/zone}} {{#zone "content"}} - -
    -
    - -
    -
    -

    Add Certificate

    -

    Please note that * sign represents required fields of data.

    -
    -
    -
    - + {{#if isAuthorized}} + +
    +
    + +
    +
    +

    Add Certificate

    +

    Please note that * sign represents required fields of data.

    +
    +
    +
    + - -
    -
    - -
    - -
    - + +
    +
    + +
    + +
    + +
    -
    -
    -
    -
    - +
    +
    +
    + +
    -
    - -
    - + + {{else}} +

    + Permission Denied +

    +
    + You not authorized to enter Certificate Management Section. +
    + {{/if}} {{/zone}} {{#zone "bottomJs"}} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.js index 6244fc1f099..6099b8a845d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.js @@ -26,7 +26,8 @@ function onRequest(context) { // var log = new Log("units/user-create/create.js"); var userModule = require("/app/modules/business-controllers/user.js")["userModule"]; var mdmProps = require("/app/modules/conf-reader/main.js")["conf"]; - + var viewModel = {}; + viewModel.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/certificates/manage"); var response = userModule.getRolesByUserStore(); if (response["status"] == "success") { viewModel["roles"] = response["content"]; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificates/certificates.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificates/certificates.hbs index 86f161ae359..d17a3bd4d32 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificates/certificates.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificates/certificates.hbs @@ -24,14 +24,24 @@
  • - + + Certificate + +
  • +{{/zone}} + +{{#zone "navbarActions"}} + {{#if removePermitted}} +
  • + - Add Certificate - -
  • + Add Certificate + + + {{/if}} {{/zone}} {{#zone "content"}} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs index 5efc9b61e52..d3b2f15329a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs @@ -38,6 +38,7 @@ {{/zone}} {{#zone "content"}} + {{#if canManage}}
    @@ -96,6 +97,7 @@ Role name is required, should be in minimum 3 characters long and not include any whitespaces.
    + {{#if canViewUsers}} @@ -104,6 +106,7 @@
    + {{/if}}

    @@ -134,6 +137,14 @@
    + {{else}} +

    + Permission Denied +

    +
    + You not authorized to enter Role Management Section. +
    + {{/if}} {{/zone}} {{#zone "bottomJs"}} {{js "js/bottomJs.js"}} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.js index 909a3ee3038..ca91072d12c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.js @@ -20,16 +20,24 @@ * Returns the dynamic state to be populated by add-user page. * * @param context Object that gets updated with the dynamic state of this page to be presented - * @returns {*} A context object that returns the dynamic state of this page to be presented + * @returns {*} A displayData object that returns the dynamic state of this page to be presented */ function onRequest(context) { var userModule = require("/app/modules/business-controllers/user.js")["userModule"]; var deviceMgtProps = require("/app/modules/conf-reader/main.js")["conf"]; + var displayData = {}; - context["userStores"] = userModule.getSecondaryUserStores(); - context["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"]; - context["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"]; - context["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"]; + displayData["userStores"] = userModule.getSecondaryUserStores(); + displayData["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"]; + displayData["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"]; + displayData["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"]; - return context; + if (userModule.isAuthorized("/permission/admin/device-mgt/roles/manage")) { + displayData.canManage = true; + } + if (userModule.isAuthorized("/permission/admin/device-mgt/users/view")) { + displayData.canViewUsers = true; + } + + return displayData; } \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.hbs index f7fdaf470b6..9867540a558 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.hbs @@ -37,110 +37,123 @@ {{#zone "content"}} {{#if canManage}} - -
    -
    - -
    -
    -

    Add User

    -

    Please note that * sign represents required fields of data.

    -
    -
    -
    - - -
    - -
    - -
    - - - -
    - -
    - - - -
    - -
    - - - -
    - -
    - - - - -
    - -
    - + +
    +
    + +
    +
    +

    Add User

    +

    Please note that * sign represents required fields of data.

    +
    +
    +
    + + +
    + +
    + +
    + + + +
    + +
    + + + +
    + +
    + + + +
    + +
    + + + + +
    + + {{#if canViewRoles}} +
    + +
    + {{/if}}
    +
    +
    -
    -
    -
    - {{else}}

    Permission Denied diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.js index 978e12763f9..e1c4b583bd4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.js @@ -35,6 +35,9 @@ function onRequest() { if (userModule.isAuthorized("/permission/admin/device-mgt/users/manage")) { page.canManage = true; } + if (userModule.isAuthorized("/permission/admin/device-mgt/roles/view")) { + page.canViewRoles = true; + } var userStores = userModule.getSecondaryUserStores(); page["userStores"] = userStores; page["charLimit"] = devicemgtProps["usernameLength"]; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js index 3f6da524773..119f773318c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js @@ -26,6 +26,8 @@ function onRequest(context) { var types = {}; types.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/manage"); + types.isAuthorizedViewUsers = userModule.isAuthorized("/permission/admin/device-mgt/roles/view"); + types.isAuthorizedViewRoles = userModule.isAuthorized("/permission/admin/device-mgt/users/view"); types["types"] = []; var typesListResponse = deviceModule.getDeviceTypes(); if (typesListResponse["status"] == "success") { diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java index dd20c772aff..6733a42e8d5 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java @@ -23,7 +23,7 @@ import javax.xml.bind.annotation.XmlType; * <simpleType> * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> * <enumeration value="/permission/device-mgt/user/groups/device_operation"/> - * <enumeration value="/permission/device-mgt/admin/groups"/> + * <enumeration value="/permission/device-mgt/groups"/> * <enumeration value="/permission/device-mgt/user/groups"/> * <enumeration value="/permission/device-mgt/user/groups/device_monitor"/> * </restriction>