From 4a31d80660d687f97d48a119a9340b326a28ef8b Mon Sep 17 00:00:00 2001 From: nishan Date: Thu, 15 Jun 2023 14:12:56 +0530 Subject: [PATCH 1/2] add api for get visible roles --- .../service/api/RoleManagementService.java | 98 +++++++++++++++++++ .../impl/RoleManagementServiceImpl.java | 93 +++++++++++++++++- 2 files changed, 190 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java index 07c2fe962f..8a3e4242cd 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java @@ -187,6 +187,104 @@ public interface RoleManagementService { defaultValue = "5") @QueryParam("limit") int limit); + @GET + @Path("/visible/{metaKey}") + @ApiOperation( + produces = MediaType.APPLICATION_JSON, + httpMethod = "GET", + value = "Getting the List of Visible Roles", + notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" + + "Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.", + tags = "Role Management", + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view") + }) + } + ) + @ApiResponses(value = { + @ApiResponse( + code = 200, + message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.", + response = RoleList.class, + responseHeaders = { + @ResponseHeader( + name = "Content-Type", + description = "The content type of the body"), + @ResponseHeader( + name = "ETag", + description = "Entity Tag of the response resource.\n" + + "Used by caches, or in conditional requests."), + @ResponseHeader( + name = "Last-Modified", + description = "Date and time the resource has been modified the last time.\n" + + "Used by caches, or in conditional requests."), + }), + @ApiResponse( + code = 304, + message = "Not Modified. \n Empty body because the client already has the latest version of the " + + "requested resource."), + @ApiResponse( + code = 404, + message = "Not Found. \n The specified resource does not exist.\n", + response = ErrorResponse.class), + @ApiResponse( + code = 406, + message = "Not Acceptable.\n The requested media type is not supported", + response = ErrorResponse.class), + @ApiResponse( + code = 500, + message = "Internal Server Error. \n Server error occurred while fetching the list of roles" + + " assigned to the specified user.", + response = ErrorResponse.class) + }) + Response getVisibleRole( + @ApiParam( + name = "filter", + value = "Provide a character or a few characters in the role name.", + required = false) + @QueryParam("filter") String filter, + @ApiParam( + name = "user-store", + value = "The name of the UserStore you wish to get the list of roles.", + required = false) + @QueryParam("user-store") String userStoreName, + @ApiParam( + name = "If-Modified-Since", + value = "Checks if the requested variant was modified, since the specified date-time." + + "Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" + + "Example: Mon, 05 Jan 2014 15:10:00 +0200", + required = false) + @HeaderParam("If-Modified-Since") String ifModifiedSince, + @ApiParam( + name = "offset", + value = "The starting pagination index for the complete list of qualified items.", + required = false, + defaultValue = "0") + @QueryParam("offset") int offset, + @ApiParam( + name = "limit", + value = "Provide how many role details you require from the starting pagination index/offset.", + required = false, + defaultValue = "5") + @QueryParam("limit") int limit, + @ApiParam( + name = "username", + value = "The username of the user.", + required = true, + defaultValue = "admin") + @QueryParam("username") String username, + @ApiParam( + name = "domain", + value = "The domain name of the user store.", + required = false) + @QueryParam("domain") String domain, + @ApiParam( + name = "metaKey", + value = "Key of the metadata", + required = true) + @PathParam("metaKey") String metaKey); + @GET @Path("/filter/{prefix}") @ApiOperation( diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 635d89afde..12b0b810da 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -17,7 +17,13 @@ */ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; +import org.apache.axis2.databinding.types.xsd._boolean; import org.apache.commons.logging.Log; +import org.json.simple.JSONObject; +import org.json.simple.parser.JSONParser; +import org.json.simple.parser.ParseException; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.base.MultitenantConstants; @@ -97,6 +103,91 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + @GET + @Path("/visible/{metaKey}") + @Override + public Response getVisibleRole( + @QueryParam("filter") String filter, + @QueryParam("user-store") String userStore, + @HeaderParam("If-Modified-Since") String ifModifiedSince, + @QueryParam("offset") int offset, @QueryParam("limit") int limit, + @QueryParam("username") String username, @QueryParam("domain") String domain, + @PathParam("metaKey") String metaKey) { + RequestValidationUtil.validatePaginationParameters(offset, limit); + if (limit == 0){ + limit = Constants.DEFAULT_PAGE_LIMIT; + } + if (domain != null && !domain.isEmpty()) { + username = domain + '/' + username; + } + Metadata metadata; + List visibleRoles; + RoleList visibleRoleList = new RoleList(); + try { + metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey); + String metaValue = metadata.getMetaValue(); + JSONParser parser = new JSONParser(); + JSONObject jsonObject = (JSONObject) parser.parse(metaValue); + boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles"); + if (decision) { + if(userStore == null || "".equals(userStore)){ + userStore = PRIMARY_USER_STORE; + } + try{ + visibleRoles =getRolesFromUserStore(filter, userStore); + visibleRoleList.setList(visibleRoles); + + visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit); + visibleRoleList.setList(visibleRoles); + + return Response.status(Response.Status.OK).entity(visibleRoleList).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving roles from the underlying user stores"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } + } else { + try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + if (!userStoreManager.isExistingUser(username)) { + if (log.isDebugEnabled()) { + log.debug("User by username: " + username + " does not exist for role retrieval."); + } + String msg = "User by username: " + username + " does not exist for role retrieval."; + return Response.status(Response.Status.NOT_FOUND).entity(msg).build(); + } + visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username)); + + return Response.status(Response.Status.OK).entity(visibleRoleList).build(); + }catch (UserStoreException e) { + String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } + } + } catch (MetadataManagementException e) { + String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); + } catch (ParseException e) { + throw new RuntimeException(e); + } + } + + private List getFilteredVisibleRoles(UserStoreManager userStoreManager, String username) + throws UserStoreException { + String[] roleListOfUser; + roleListOfUser = userStoreManager.getRoleListOfUser(username); + List filteredRoles = new ArrayList<>(); + for (String role : roleListOfUser) { + if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) { + filteredRoles.add(role); + } + } + return filteredRoles; + } + @GET @Path("/filter/{prefix}") @Override @@ -597,7 +688,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { userStoreManager.updateUserListOfRole(roleName, usersToDelete, usersToAdd); return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " + - "successfully been updated with the user list") + "successfully been updated with the user list") .build(); } catch (UserStoreException e) { String msg = "Error occurred while updating the users of the role '" + roleName + "'"; From cd962b8d24b9f02c1475d9e9b5c2bbdfa72c5f87 Mon Sep 17 00:00:00 2001 From: nishan Date: Mon, 26 Jun 2023 07:28:53 +0530 Subject: [PATCH 2/2] Remove the user has role validation --- .../application/mgt/core/impl/ApplicationManagerImpl.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java index b7fd8f23b5..1b718fa9d7 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java @@ -3658,13 +3658,6 @@ public class ApplicationManagerImpl implements ApplicationManager { log.error(msg); throw new ApplicationManagementException(msg); } - if (!hasUserRole(unrestrictedRoles, userName)) { - String msg = "You are trying to restrict the visibility of the application for a role set, but " - + "in order to perform the action at least one role should be assigned to user: " - + userName; - log.error(msg); - throw new BadRequestException(msg); - } } Filter filter = new Filter();