Ace 8 years ago
parent 38b7689e28
commit dcbffac198

@ -301,6 +301,16 @@
<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.registry.core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.registry</groupId>
<artifactId>org.wso2.carbon.registry.resource</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.user.store.count</artifactId>

@ -22,6 +22,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
import org.wso2.carbon.registry.api.Registry;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy;
@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions());
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
authorizeRoleForAppmgt(roleName, roleInfo.getPermissions());
}
//TODO: Need to send the updated role information in the entity back to the client
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
/**
* When presented with role and a set of permissions, if given role has permission to
* perform mobile app management, said role will be given rights mobile app collection in the
* governance registry.
*
* @param role
* @param permissions
* @return state of role update Operation
*/
private boolean authorizeRoleForAppmgt(String role, String[] permissions) {
String permissionString =
"ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false";
String resourcePath = "/_system/governance/mobileapps/";
boolean appmPermAvailable = false;
if (permissions != null) {
for (int i = 0; i < permissions.length; i++)
switch (permissions[i]) {
case "/permission/admin/manage/mobileapp":
appmPermAvailable = true;
break;
case "/permission/admin/manage/mobileapp/create":
appmPermAvailable = true;
break;
case "/permission/admin/manage/mobileapp/publish":
appmPermAvailable = true;
break;
}
}
if (appmPermAvailable) {
try {
Registry registry = CarbonContext.getThreadLocalCarbonContext().
getRegistry(RegistryType.SYSTEM_GOVERNANCE);
ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry,
resourcePath, role + ":" + permissionString);
return true;
} catch (Exception e) {
String msg = "Error while retrieving user registry in order to update permissions "
+ "for resource : " + resourcePath;
log.error(msg, e);
return false;
}
} else {
if (log.isDebugEnabled()) {
log.debug("Mobile App Management permissions not selected, therefore role : " +
role + " not given permission for registry collection : " + resourcePath);
}
return false;
}
}
@DELETE
@Path("/{roleName}")
@Override

@ -1523,6 +1523,11 @@
<artifactId>org.wso2.carbon.event.stream.stub</artifactId>
<version>${carbon.analytics.common.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.registry</groupId>
<artifactId>org.wso2.carbon.registry.resource</artifactId>
<version>4.6.5</version>
</dependency>
</dependencies>
</dependencyManagement>

Loading…
Cancel
Save