Sync with master

notification-11094
Lasantha Dharmakeerthi 3 months ago
commit 2cc7f8ccb7

@ -33,6 +33,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermis
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.ServerStartupObserver; import org.wso2.carbon.core.ServerStartupObserver;
import java.util.ArrayList; import java.util.ArrayList;
@ -60,6 +61,7 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
@Override @Override
public void completedServerStartup() { public void completedServerStartup() {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
APIPublisherDataHolder.getInstance().setServerStarted(true); APIPublisherDataHolder.getInstance().setServerStarted(true);
currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis(); currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis();
Thread t = new Thread(() -> { Thread t = new Thread(() -> {
@ -107,7 +109,14 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
log.error("failed to update scope role mapping.", e); log.error("failed to update scope role mapping.", e);
} }
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
updateScopeMetadataEntryWithDefaultScopes(); updateScopeMetadataEntryWithDefaultScopes();
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
log.info("Successfully published : [" + publishedAPIs + "]. " + log.info("Successfully published : [" + publishedAPIs + "]. " +
"and failed : [" + failedAPIsStack + "] " + "and failed : [" + failedAPIsStack + "] " +
"Total successful count : [" + publishedAPIs.size() + "]. " + "Total successful count : [" + publishedAPIs.size() + "]. " +

@ -73,21 +73,24 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService() UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(getTenantId()); .getTenantUserRealm(getTenantId());
String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username); String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username);
boolean isAuthorized = true; boolean isAuthorized;
for (String groupPermission : groupPermissions) { for (String groupPermission : groupPermissions) {
isAuthorized = false;
for (String role : userRoles) { for (String role : userRoles) {
if (!userRealm.getAuthorizationManager(). if (userRealm.getAuthorizationManager().
isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) { isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) {
isAuthorized = false; isAuthorized = true;
break; break;
} }
} }
if (!isAuthorized) {
return false;
}
} }
return isAuthorized; return true;
} catch (UserStoreException e) { } catch (UserStoreException e) {
throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " + throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " +
groupId + " for the user : " + groupId + " for the user : " + username, e);
username, e);
} }
} }
} }

Loading…
Cancel
Save