diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
index 32df9eb5abc..091d8a9ce1e 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
@@ -311,6 +311,16 @@
org.wso2.carbon.identity.jwt.client.extension
provided
+
+ org.wso2.carbon
+ org.wso2.carbon.registry.core
+ provided
+
+
+ org.wso2.carbon.registry
+ org.wso2.carbon.registry.resource
+ provided
+
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.user.store.count
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
index e947c258c04..d396237df4b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
@@ -22,6 +22,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
+import org.wso2.carbon.registry.api.Registry;
+import org.wso2.carbon.registry.core.session.UserRegistry;
+import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy;
@@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
+ authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions());
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
@@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
+ authorizeRoleForAppmgt(roleName, roleInfo.getPermissions());
}
//TODO: Need to send the updated role information in the entity back to the client
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
+ /**
+ * When presented with role and a set of permissions, if given role has permission to
+ * perform mobile app management, said role will be given rights mobile app collection in the
+ * governance registry.
+ *
+ * @param role
+ * @param permissions
+ * @return state of role update Operation
+ */
+ private boolean authorizeRoleForAppmgt(String role, String[] permissions) {
+ String permissionString =
+ "ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false";
+ String resourcePath = "/_system/governance/mobileapps/";
+ boolean appmPermAvailable = false;
+
+ if (permissions != null) {
+ for (int i = 0; i < permissions.length; i++)
+ switch (permissions[i]) {
+ case "/permission/admin/manage/mobileapp":
+ appmPermAvailable = true;
+ break;
+ case "/permission/admin/manage/mobileapp/create":
+ appmPermAvailable = true;
+ break;
+ case "/permission/admin/manage/mobileapp/publish":
+ appmPermAvailable = true;
+ break;
+ }
+ }
+
+ if (appmPermAvailable) {
+ try {
+ Registry registry = CarbonContext.getThreadLocalCarbonContext().
+ getRegistry(RegistryType.SYSTEM_GOVERNANCE);
+ ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry,
+ resourcePath, role + ":" + permissionString);
+
+ return true;
+ } catch (Exception e) {
+ String msg = "Error while retrieving user registry in order to update permissions "
+ + "for resource : " + resourcePath;
+ log.error(msg, e);
+ return false;
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Mobile App Management permissions not selected, therefore role : " +
+ role + " not given permission for registry collection : " + resourcePath);
+ }
+ return false;
+ }
+ }
+
@DELETE
@Path("/{roleName}")
@Override
diff --git a/pom.xml b/pom.xml
index f1d127c84dd..39fd6ba4c61 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1538,6 +1538,11 @@
org.wso2.carbon.event.stream.stub
${carbon.analytics.common.version}
+
+ org.wso2.carbon.registry
+ org.wso2.carbon.registry.resource
+ ${carbon.registry.resource.version}
+
@@ -1851,6 +1856,7 @@
4.6.0
+ 4.6.5
[4.4.8, 5.0.0)