Merge pull request #540 from menakaj/release-3.0.x

Adding permission updater for other device types.
revert-dabc3590
Rasika Perera 8 years ago committed by GitHub
commit 56ac0fd918

@ -16,9 +16,6 @@
package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants; package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.user.api.Permission;
public class AndroidSenseConstants { public class AndroidSenseConstants {
public final static String DEVICE_TYPE = "android_sense"; public final static String DEVICE_TYPE = "android_sense";
@ -47,26 +44,9 @@ public class AndroidSenseConstants {
public static final String SCOPE = "scope"; public static final String SCOPE = "scope";
public static Permission[] permissions; public static final String PERM_ENROLL_ANDROID_SENSE = "/permission/admin/device-mgt/devices/enroll/android-sense";
public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
static {
Permission enroll = new Permission("/permission/admin/device-mgt/devices/enroll", CarbonConstants
.UI_PERMISSION_ACTION);
Permission disEnroll = new Permission("/permission/admin/device-mgt/devices/disenroll", CarbonConstants
.UI_PERMISSION_ACTION);
Permission owningDevice = new Permission("/permission/admin/device-mgt/devices/owning-device",
CarbonConstants.UI_PERMISSION_ACTION);
Permission groups = new Permission("/permission/admin/device-mgt/groups", CarbonConstants.UI_PERMISSION_ACTION);
Permission notifications = new Permission("/permission/admin/device-mgt/notifications", CarbonConstants
.UI_PERMISSION_ACTION);
Permission policies = new Permission("/permission/admin/device-mgt/policies", CarbonConstants
.UI_PERMISSION_ACTION);
Permission subscribe = new Permission("/permission/admin/manage/api/subscribe", CarbonConstants
.UI_PERMISSION_ACTION);
permissions = new Permission[]{enroll, disEnroll, owningDevice, groups, notifications, policies, subscribe}; public static final String ROLE_NAME = "internal/devicemgt-user";
}
} }

@ -17,10 +17,11 @@ package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.AndroidSenseServiceImpl;
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants.AndroidSenseConstants; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants.AndroidSenseConstants;
import org.wso2.carbon.user.api.AuthorizationManager; import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
@ -28,11 +29,9 @@ import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener; import javax.servlet.ServletContextListener;
public class PermissionUpdateListener implements ServletContextListener { public class AndroidSensePermissionUpdateListener implements ServletContextListener {
private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class); private static Log log = LogFactory.getLog(AndroidSensePermissionUpdateListener.class);
private static final String ROLE_NAME = "internal/devicemgt-user";
@Override @Override
public void contextInitialized(ServletContextEvent servletContextEvent) { public void contextInitialized(ServletContextEvent servletContextEvent) {
@ -40,16 +39,16 @@ public class PermissionUpdateListener implements ServletContextListener {
UserStoreManager userStoreManager = getUserStoreManager(); UserStoreManager userStoreManager = getUserStoreManager();
try { try {
if (userStoreManager != null) { if (userStoreManager != null) {
if (!userStoreManager.isExistingRole(ROLE_NAME)) { if (!userStoreManager.isExistingRole(AndroidSenseConstants.ROLE_NAME)) {
userStoreManager.addRole(ROLE_NAME, null, AndroidSenseConstants.permissions); userStoreManager.addRole(AndroidSenseConstants.ROLE_NAME, null, getPermissions());
} else { } else {
getAuthorizationManager().authorizeRole(ROLE_NAME, getAuthorizationManager().authorizeRole(AndroidSenseConstants.ROLE_NAME,
"/permission/admin/device-mgt/devices/enroll/android-sense", "ui.execute"); AndroidSenseConstants.PERM_ENROLL_ANDROID_SENSE, CarbonConstants.UI_PERMISSION_ACTION);
getAuthorizationManager().authorizeRole(ROLE_NAME, getAuthorizationManager().authorizeRole(AndroidSenseConstants.ROLE_NAME,
"/permission/admin/device-mgt/devices/owning-device/view", "ui.execute"); AndroidSenseConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
} }
} } catch (UserStoreException e) { } } catch (UserStoreException e) {
// log.error("Error while creating a role and adding a user for Android Sense.", e);
} }
} }
@ -101,25 +100,14 @@ public class PermissionUpdateListener implements ServletContextListener {
return authorizationManager; return authorizationManager;
} }
private Permission[] getPermissions() {
Permission androidSense = new Permission(AndroidSenseConstants.PERM_ENROLL_ANDROID_SENSE,
CarbonConstants.UI_PERMISSION_ACTION);
Permission view = new Permission(AndroidSenseConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
.UI_PERMISSION_ACTION);
// public static void registerApiAccessRoles(String user) { return new Permission[]{androidSense, view};
// UserStoreManager userStoreManager = null; }
// try {
// userStoreManager = getUserStoreManager();
// String[] userList = new String[]{user};
// if (userStoreManager != null) {
// String rolesOfUser[] = userStoreManager.getRoleListOfUser(user);
// if (!userStoreManager.isExistingRole(Constants.DEFAULT_ROLE_NAME)) {
// userStoreManager.addRole(Constants.DEFAULT_ROLE_NAME, userList, Constants.DEFAULT_PERMISSION);
// } else if (rolesOfUser != null && Arrays.asList(rolesOfUser).contains(Constants.DEFAULT_ROLE_NAME)) {
// return;
// } else {
// userStoreManager.updateUserListOfRole(Constants.DEFAULT_ROLE_NAME, new String[0], userList);
// }
// }
// } catch (UserStoreException e) {
// log.error("Error while creating a role and adding a user for virtual_firealarm.", e);
// }
// }
} }

@ -32,6 +32,6 @@
</context-param> </context-param>
<listener> <listener>
<listener-class>org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.PermissionUpdateListener</listener-class> <listener-class>org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.AndroidSensePermissionUpdateListener</listener-class>
</listener> </listener>
</web-app> </web-app>

@ -29,4 +29,9 @@ public class ArduinoConstants {
public static final String SCOPE = "scope"; public static final String SCOPE = "scope";
public static final String PERM_ENROLL_ARDUINO = "/permission/admin/device-mgt/devices/enroll/arduino";
public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
public static final String ROLE_NAME = "internal/devicemgt-user";
} }

@ -0,0 +1,113 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.iot.arduino.service.impl.listener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.iot.arduino.service.impl.constants.ArduinoConstants;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
public class ArduinoPermissionUpdateListener implements ServletContextListener {
private static Log log = LogFactory.getLog(ArduinoPermissionUpdateListener.class);
@Override
public void contextInitialized(ServletContextEvent servletContextEvent) {
UserStoreManager userStoreManager = getUserStoreManager();
try {
if (userStoreManager != null) {
if (!userStoreManager.isExistingRole(ArduinoConstants.ROLE_NAME)) {
userStoreManager.addRole(ArduinoConstants.ROLE_NAME, null, getPermissions());
} else {
getAuthorizationManager().authorizeRole(ArduinoConstants.ROLE_NAME,
ArduinoConstants.PERM_ENROLL_ARDUINO, CarbonConstants.UI_PERMISSION_ACTION);
getAuthorizationManager().authorizeRole(ArduinoConstants.ROLE_NAME,
ArduinoConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
}
} } catch (UserStoreException e) {
log.error("Error while creating a role and adding a user for Arduino.", e);
}
}
@Override
public void contextDestroyed(ServletContextEvent servletContextEvent) {
}
public static UserStoreManager getUserStoreManager() {
RealmService realmService;
UserStoreManager userStoreManager;
try {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "Realm service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
int tenantId = ctx.getTenantId();
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving current user store manager";
log.error(msg, e);
throw new IllegalStateException(msg);
}
return userStoreManager;
}
public static AuthorizationManager getAuthorizationManager() {
RealmService realmService;
AuthorizationManager authorizationManager;
try {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "Realm service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
int tenantId = ctx.getTenantId();
authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving current user store manager";
log.error(msg, e);
throw new IllegalStateException(msg);
}
return authorizationManager;
}
private Permission[] getPermissions() {
Permission androidSense = new Permission(ArduinoConstants.PERM_ENROLL_ARDUINO,
CarbonConstants.UI_PERMISSION_ACTION);
Permission view = new Permission(ArduinoConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
.UI_PERMISSION_ACTION);
return new Permission[]{androidSense, view};
}
}

@ -31,4 +31,8 @@
<param-value>true</param-value> <param-value>true</param-value>
</context-param> </context-param>
<listener>
<listener-class>org.wso2.carbon.device.mgt.iot.arduino.service.impl.listener.ArduinoPermissionUpdateListener</listener-class>
</listener>
</web-app> </web-app>

@ -35,4 +35,9 @@ public class RaspberrypiConstants {
public static final String SCOPE = "scope"; public static final String SCOPE = "scope";
public static final String PERM_ENROLL_RASPBERRYPI = "/permission/admin/device-mgt/devices/enroll/raspberrypi";
public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
public static final String ROLE_NAME = "internal/devicemgt-user";
} }

@ -0,0 +1,113 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.listener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.constants.RaspberrypiConstants;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
public class RaspberryPIPermissionUpdateListener implements ServletContextListener {
private static Log log = LogFactory.getLog(RaspberryPIPermissionUpdateListener.class);
@Override
public void contextInitialized(ServletContextEvent servletContextEvent) {
UserStoreManager userStoreManager = getUserStoreManager();
try {
if (userStoreManager != null) {
if (!userStoreManager.isExistingRole(RaspberrypiConstants.ROLE_NAME)) {
userStoreManager.addRole(RaspberrypiConstants.ROLE_NAME, null, getPermissions());
} else {
getAuthorizationManager().authorizeRole(RaspberrypiConstants.ROLE_NAME,
RaspberrypiConstants.PERM_ENROLL_RASPBERRYPI, CarbonConstants.UI_PERMISSION_ACTION);
getAuthorizationManager().authorizeRole(RaspberrypiConstants.ROLE_NAME,
RaspberrypiConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
}
} } catch (UserStoreException e) {
log.error("Error while creating a role and adding a user for Raspberry PI.", e);
}
}
@Override
public void contextDestroyed(ServletContextEvent servletContextEvent) {
}
public static UserStoreManager getUserStoreManager() {
RealmService realmService;
UserStoreManager userStoreManager;
try {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "Realm service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
int tenantId = ctx.getTenantId();
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving current user store manager";
log.error(msg, e);
throw new IllegalStateException(msg);
}
return userStoreManager;
}
public static AuthorizationManager getAuthorizationManager() {
RealmService realmService;
AuthorizationManager authorizationManager;
try {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "Realm service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
int tenantId = ctx.getTenantId();
authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving current user store manager";
log.error(msg, e);
throw new IllegalStateException(msg);
}
return authorizationManager;
}
private Permission[] getPermissions() {
Permission androidSense = new Permission(RaspberrypiConstants.PERM_ENROLL_RASPBERRYPI,
CarbonConstants.UI_PERMISSION_ACTION);
Permission view = new Permission(RaspberrypiConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
.UI_PERMISSION_ACTION);
return new Permission[]{androidSense, view};
}
}

@ -31,4 +31,8 @@
<param-value>true</param-value> <param-value>true</param-value>
</context-param> </context-param>
<listener>
<listener-class>org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.listener.RaspberryPIPermissionUpdateListener</listener-class>
</listener>
</web-app> </web-app>

@ -81,4 +81,9 @@ public class VirtualFireAlarmConstants {
public static final String MQTT_ADAPTER_TOPIC_PROPERTY_NAME = "mqtt.adapter.topic"; public static final String MQTT_ADAPTER_TOPIC_PROPERTY_NAME = "mqtt.adapter.topic";
public static final String APIM_APPLICATION_TOKEN_VALIDITY_PERIOD = "3600"; public static final String APIM_APPLICATION_TOKEN_VALIDITY_PERIOD = "3600";
public static final String PERM_ENROLL_FIRE_ALARM = "/permission/admin/device-mgt/devices/enroll/firealarm";
public static final String PERM_OWNING_DEVICE_VIEW = "/permission/admin/device-mgt/devices/owning-device/view";
public static final String ROLE_NAME = "internal/devicemgt-user";
} }

@ -0,0 +1,113 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.listener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.constants.VirtualFireAlarmConstants;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
public class VirtualFireAlarmPermissionUpdateListener implements ServletContextListener {
private static Log log = LogFactory.getLog(VirtualFireAlarmPermissionUpdateListener.class);
@Override
public void contextInitialized(ServletContextEvent servletContextEvent) {
UserStoreManager userStoreManager = getUserStoreManager();
try {
if (userStoreManager != null) {
if (!userStoreManager.isExistingRole(VirtualFireAlarmConstants.ROLE_NAME)) {
userStoreManager.addRole(VirtualFireAlarmConstants.ROLE_NAME, null, getPermissions());
} else {
getAuthorizationManager().authorizeRole(VirtualFireAlarmConstants.ROLE_NAME,
VirtualFireAlarmConstants.PERM_ENROLL_FIRE_ALARM, CarbonConstants.UI_PERMISSION_ACTION);
getAuthorizationManager().authorizeRole(VirtualFireAlarmConstants.ROLE_NAME,
VirtualFireAlarmConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants.UI_PERMISSION_ACTION);
}
} } catch (UserStoreException e) {
log.error("Error while creating a role and adding a user for Raspberry PI.", e);
}
}
@Override
public void contextDestroyed(ServletContextEvent servletContextEvent) {
}
public static UserStoreManager getUserStoreManager() {
RealmService realmService;
UserStoreManager userStoreManager;
try {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "Realm service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
int tenantId = ctx.getTenantId();
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving current user store manager";
log.error(msg, e);
throw new IllegalStateException(msg);
}
return userStoreManager;
}
public static AuthorizationManager getAuthorizationManager() {
RealmService realmService;
AuthorizationManager authorizationManager;
try {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "Realm service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
int tenantId = ctx.getTenantId();
authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving current user store manager";
log.error(msg, e);
throw new IllegalStateException(msg);
}
return authorizationManager;
}
private Permission[] getPermissions() {
Permission androidSense = new Permission(VirtualFireAlarmConstants.PERM_ENROLL_FIRE_ALARM,
CarbonConstants.UI_PERMISSION_ACTION);
Permission view = new Permission(VirtualFireAlarmConstants.PERM_OWNING_DEVICE_VIEW, CarbonConstants
.UI_PERMISSION_ACTION);
return new Permission[]{androidSense, view};
}
}

@ -27,6 +27,8 @@
<param-value>true</param-value> <param-value>true</param-value>
</context-param> </context-param>
<listener>
<listener-class>org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.listener.VirtualFireAlarmPermissionUpdateListener</listener-class>
</listener>
</web-app> </web-app>
Loading…
Cancel
Save