diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml index 32df9eb5abc..091d8a9ce1e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml @@ -311,6 +311,16 @@ org.wso2.carbon.identity.jwt.client.extension provided + + org.wso2.carbon + org.wso2.carbon.registry.core + provided + + + org.wso2.carbon.registry + org.wso2.carbon.registry.resource + provided + org.wso2.carbon.identity.framework org.wso2.carbon.identity.user.store.count diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java index e947c258c04..d396237df4b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -22,6 +22,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.RegistryType; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; @@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer; +import org.wso2.carbon.registry.api.Registry; +import org.wso2.carbon.registry.core.session.UserRegistry; +import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil; import org.wso2.carbon.user.api.*; import org.wso2.carbon.user.core.common.AbstractUserStoreManager; import org.wso2.carbon.user.mgt.UserRealmProxy; @@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions); + authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions()); //TODO fix what's returned in the entity return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))). @@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION); } } + authorizeRoleForAppmgt(roleName, roleInfo.getPermissions()); } //TODO: Need to send the updated role information in the entity back to the client return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " + @@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + /** + * When presented with role and a set of permissions, if given role has permission to + * perform mobile app management, said role will be given rights mobile app collection in the + * governance registry. + * + * @param role + * @param permissions + * @return state of role update Operation + */ + private boolean authorizeRoleForAppmgt(String role, String[] permissions) { + String permissionString = + "ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false"; + String resourcePath = "/_system/governance/mobileapps/"; + boolean appmPermAvailable = false; + + if (permissions != null) { + for (int i = 0; i < permissions.length; i++) + switch (permissions[i]) { + case "/permission/admin/manage/mobileapp": + appmPermAvailable = true; + break; + case "/permission/admin/manage/mobileapp/create": + appmPermAvailable = true; + break; + case "/permission/admin/manage/mobileapp/publish": + appmPermAvailable = true; + break; + } + } + + if (appmPermAvailable) { + try { + Registry registry = CarbonContext.getThreadLocalCarbonContext(). + getRegistry(RegistryType.SYSTEM_GOVERNANCE); + ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry, + resourcePath, role + ":" + permissionString); + + return true; + } catch (Exception e) { + String msg = "Error while retrieving user registry in order to update permissions " + + "for resource : " + resourcePath; + log.error(msg, e); + return false; + } + } else { + if (log.isDebugEnabled()) { + log.debug("Mobile App Management permissions not selected, therefore role : " + + role + " not given permission for registry collection : " + resourcePath); + } + return false; + } + } + @DELETE @Path("/{roleName}") @Override diff --git a/pom.xml b/pom.xml index f1d127c84dd..39fd6ba4c61 100644 --- a/pom.xml +++ b/pom.xml @@ -1538,6 +1538,11 @@ org.wso2.carbon.event.stream.stub ${carbon.analytics.common.version} + + org.wso2.carbon.registry + org.wso2.carbon.registry.resource + ${carbon.registry.resource.version} + @@ -1851,6 +1856,7 @@ 4.6.0 + 4.6.5 [4.4.8, 5.0.0)