From 49747efa180e5f47bd217d9326b19eaa18a5362e Mon Sep 17 00:00:00 2001 From: tcdlpds Date: Fri, 13 Oct 2023 07:08:35 +0530 Subject: [PATCH] Add default perm config --- .../pom.xml | 6 ++ .../publisher/APIPublisherServiceImpl.java | 31 +++---- .../APIPublisherLifecycleListener.java | 65 ++++++--------- .../core/config/DeviceManagementConfig.java | 12 +++ .../config/permission/DefaultPermission.java | 47 +++++++++++ .../config/permission/DefaultPermissions.java | 38 +++++++++ .../core/config/permission/ScopeMapping.java | 58 +++++++++++++ .../src/main/resources/conf/cdm-config.xml | 82 +++++++++++++++++++ .../repository/conf/cdm-config.xml.j2 | 82 +++++++++++++++++++ 9 files changed, 361 insertions(+), 60 deletions(-) create mode 100644 components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java create mode 100644 components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java create mode 100644 components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml index f40935568f9..c6ebef438fa 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml @@ -130,6 +130,10 @@ org.json.wso2 json + + io.entgra.device.mgt.core + io.entgra.device.mgt.core.device.mgt.core + @@ -187,6 +191,8 @@ io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util, io.entgra.device.mgt.core.device.mgt.common.exceptions, io.entgra.device.mgt.core.device.mgt.common.metadata.mgt, + io.entgra.device.mgt.core.device.mgt.core.config, + io.entgra.device.mgt.core.device.mgt.core.config.permission, org.wso2.carbon.base;version="1.0", org.wso2.carbon.context;version="4.6", org.wso2.carbon;version="4.6", diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java index d78de2c9013..e76631e0cbe 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java @@ -17,7 +17,6 @@ */ package io.entgra.device.mgt.core.apimgt.webapp.publisher; -import io.entgra.device.mgt.core.apimgt.annotations.Scopes; import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices; import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl; import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices; @@ -40,6 +39,11 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope; import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate; import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException; import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder; +import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager; +import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -437,18 +441,8 @@ public class APIPublisherServiceImpl implements APIPublisherService { } public void addDefaultScopesIfNotExist() { - ArrayList defaultScopes = new ArrayList<>(); - defaultScopes.add("dm:devices:any:permitted"); - defaultScopes.add("dm:device:api:subscribe"); - defaultScopes.add("am:admin:lc:app:approve"); - defaultScopes.add("am:admin:lc:app:create"); - defaultScopes.add("am:admin:lc:app:reject"); - defaultScopes.add("am:admin:lc:app:block"); - defaultScopes.add("am:admin:lc:app:review"); - defaultScopes.add("am:admin:lc:app:retire"); - defaultScopes.add("am:admin:lc:app:deprecate"); - defaultScopes.add("am:admin:lc:app:publish"); - + DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); + DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl(); try { APIApplicationKey apiApplicationKey = @@ -460,12 +454,13 @@ public class APIPublisherServiceImpl implements APIPublisherService { PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl(); Scope scope = new Scope(); - for (String defaultScope: defaultScopes) { + for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) { //todo check whether scope is available or not - scope.setName(defaultScope); - scope.setDescription(defaultScope); - scope.setKey(defaultScope); - scope.setRoles("Internal/devicemgt-user"); + ScopeMapping scopeMapping = defaultPermission.getScopeMapping(); + scope.setName(scopeMapping.getName()); + scope.setDescription(scopeMapping.getName()); + scope.setKey(scopeMapping.getKey()); + scope.setRoles(scopeMapping.getDefaultRoles()); publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope); } } catch (BadRequestException | UnexpectedResponseException | APIServicesException e) { diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java index 544b04637ff..bbd2fd952e7 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java @@ -18,17 +18,14 @@ package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener; import com.google.gson.Gson; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope; -import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo; import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; +import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager; +import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; import org.apache.catalina.Lifecycle; import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleListener; @@ -47,7 +44,10 @@ import org.wso2.carbon.user.api.UserStoreException; import javax.servlet.ServletContext; import java.io.IOException; -import java.util.*; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; @SuppressWarnings("unused") public class APIPublisherLifecycleListener implements LifecycleListener { @@ -128,45 +128,26 @@ public class APIPublisherLifecycleListener implements LifecycleListener { "' and version '" + apiConfig.getVersion() + "'", e); } } - apiPublisherDataHolder.setPermScopeMapping(permScopeMap); - Map permScopeMapping = apiPublisherDataHolder.getPermScopeMapping(); - if (!permScopeMapping.isEmpty()) { - Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" + - "-mapping"); - if (existingMetaData != null) { - existingMetaData.setMetaValue(new Gson().toJson(apiPublisherDataHolder.getPermScopeMapping() - )); - metadataManagementService.updateMetadata(existingMetaData); - } else { - Metadata newMetaData = new Metadata(); - newMetaData.setMetaKey("perm-scope-mapping"); - permScopeMapping = - apiPublisherDataHolder.getPermScopeMapping(); + Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" + + "-mapping"); + if (existingMetaData != null) { + existingMetaData.setMetaValue(new Gson().toJson(permScopeMap)); + metadataManagementService.updateMetadata(existingMetaData); + } else { + Metadata newMetaData = new Metadata(); + newMetaData.setMetaKey("perm-scope-mapping"); - //Todo fix this properly with a config - Map defaultScopePermMap = new HashMap<>(); - defaultScopePermMap.put("/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device", "dm:devices:any:permitted"); - defaultScopePermMap.put("/permission/admin/device-mgt/device/api/subscribe", "dm:device:api:subscribe"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/approve", "am:admin:lc:app:approve"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/create", "am:admin:lc:app:create"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/reject", "am:admin:lc:app:reject"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/block", "am:admin:lc:app:block"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/review", "am:admin:lc:app:review"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/retire", "am:admin:lc:app:retire"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/deprecate", "am:admin:lc:app:deprecate"); - defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/publish", "am:admin:lc:app:publish"); + DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); + DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); - for (Map.Entry mapElement : defaultScopePermMap.entrySet()) { - String key = mapElement.getKey(); - String value = mapElement.getValue(); - permScopeMapping.put(key,value); - } - apiPublisherDataHolder.setPermScopeMapping(permScopeMapping); - newMetaData.setMetaValue(new Gson().toJson(permScopeMapping)); - metadataManagementService.createMetadata(newMetaData); + for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) { + permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey()); } + newMetaData.setMetaValue(new Gson().toJson(permScopeMap)); + metadataManagementService.createMetadata(newMetaData); } + apiPublisherDataHolder.setPermScopeMapping(permScopeMap); } catch (IOException e) { log.error("Error encountered while discovering annotated classes", e); } catch (ClassNotFoundException e) { diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java index 08c08df5ed4..94d873b192e 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java @@ -39,6 +39,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.push.notification.PushNo import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration; import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig; import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; @@ -75,6 +76,8 @@ public final class DeviceManagementConfig { private MetaDataConfiguration metaDataConfiguration; private EnrollmentGuideConfiguration enrollmentGuideConfiguration; + private DefaultPermissions defaultPermissions; + @XmlElement(name = "ManagementRepository", required = true) public DeviceManagementConfigRepository getDeviceManagementConfigRepository() { return deviceManagementConfigRepository; @@ -287,5 +290,14 @@ public final class DeviceManagementConfig { public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) { this.enrollmentGuideConfiguration = enrollmentGuideConfiguration; } + + @XmlElement(name = "DefaultPermissions", required = true) + public DefaultPermissions getDefaultPermissions() { + return defaultPermissions; + } + + public void setDefaultPermissions(DefaultPermissions defaultPermissions) { + this.defaultPermissions = defaultPermissions; + } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java new file mode 100644 index 00000000000..d8ee628924a --- /dev/null +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.device.mgt.core.config.permission; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement(name = "DefaultPermission") +public class DefaultPermission { + + private String name; + private ScopeMapping scopeMapping; + + @XmlElement(name = "Name", required = true) + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @XmlElement(name = "MappedScopeDetails", required = true) + public ScopeMapping getScopeMapping() { + return scopeMapping; + } + + public void setScopeMapping(ScopeMapping scopeMapping) { + this.scopeMapping = scopeMapping; + } +} diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java new file mode 100644 index 00000000000..c04695b1117 --- /dev/null +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.device.mgt.core.config.permission; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.List; + +@XmlRootElement(name = "DefaultPermissions") +public class DefaultPermissions { + + private List defaultPermissions; + + @XmlElement(name = "DefaultPermission", required = true) + public List getDefaultPermissions() { + return defaultPermissions; + } + + public void setDefaultPermissions(List defaultPermissions) { + this.defaultPermissions = defaultPermissions; + } +} diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java new file mode 100644 index 00000000000..e745126502b --- /dev/null +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.device.mgt.core.config.permission; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement(name = "MappedScopeDetails") +public class ScopeMapping { + + private String name; + private String key; + + private String defaultRoles; + + @XmlElement(name = "Name", required = true) + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @XmlElement(name = "Key", required = true) + public String getKey() { + return key; + } + + public void setKey(String key) { + this.key = key; + } + + @XmlElement(name = "DefaultRoles", required = true) + public String getDefaultRoles() { + return defaultRoles; + } + + public void setDefaultRoles(String defaultRoles) { + this.defaultRoles = defaultRoles; + } +} diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml index c40cefc413a..97c4ca9a3e6 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml @@ -211,5 +211,87 @@ false Replace with mail + + + /permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device + + Apply permitted actions on any device + dm:devices:any:permitted + Internal/devicemgt-user + + + + /permission/admin/device-mgt/device/api/subscribe + + Subscribe APIs + dm:device:api:subscribe + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/approve + + Approve Applications + am:admin:lc:app:approve + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/create + + Create Applications + am:admin:lc:app:create + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/reject + + Reject Applications + am:admin:lc:app:reject + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/block + + Block Applications + am:admin:lc:app:block + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/review + + Review Applications + am:admin:lc:app:review + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/retire + + Retire Applications + am:admin:lc:app:retire + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/deprecate + + Deprecate Application + am:admin:lc:app:deprecate + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/publish + + Publish Applications + am:admin:lc:app:publish + Internal/devicemgt-user + + + diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 index 2fe1494e09a..bd6961e7d86 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 @@ -383,5 +383,87 @@ Replace with mail {% endif %} + + + /permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device + + Apply permitted actions on any device + dm:devices:any:permitted + Internal/devicemgt-user + + + + /permission/admin/device-mgt/device/api/subscribe + + Subscribe APIs + dm:device:api:subscribe + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/approve + + Approve Applications + am:admin:lc:app:approve + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/create + + Create Applications + am:admin:lc:app:create + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/reject + + Reject Applications + am:admin:lc:app:reject + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/block + + Block Applications + am:admin:lc:app:block + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/review + + Review Applications + am:admin:lc:app:review + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/retire + + Retire Applications + am:admin:lc:app:retire + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/deprecate + + Deprecate Application + am:admin:lc:app:deprecate + Internal/devicemgt-user + + + + /permission/admin/app-mgt/life-cycle/application/publish + + Publish Applications + am:admin:lc:app:publish + Internal/devicemgt-user + + +