diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
index 32614e4fa6e..f29556baa91 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
@@ -311,6 +311,16 @@
org.wso2.carbon.identity.jwt.client.extension
provided
+
+ org.wso2.carbon
+ org.wso2.carbon.registry.core
+ provided
+
+
+ org.wso2.carbon.registry
+ org.wso2.carbon.registry.resource
+ provided
+
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.user.store.count
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
index e947c258c04..d396237df4b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
@@ -22,6 +22,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
+import org.wso2.carbon.registry.api.Registry;
+import org.wso2.carbon.registry.core.session.UserRegistry;
+import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy;
@@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
+ authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions());
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
@@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
+ authorizeRoleForAppmgt(roleName, roleInfo.getPermissions());
}
//TODO: Need to send the updated role information in the entity back to the client
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
@@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
+ /**
+ * When presented with role and a set of permissions, if given role has permission to
+ * perform mobile app management, said role will be given rights mobile app collection in the
+ * governance registry.
+ *
+ * @param role
+ * @param permissions
+ * @return state of role update Operation
+ */
+ private boolean authorizeRoleForAppmgt(String role, String[] permissions) {
+ String permissionString =
+ "ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false";
+ String resourcePath = "/_system/governance/mobileapps/";
+ boolean appmPermAvailable = false;
+
+ if (permissions != null) {
+ for (int i = 0; i < permissions.length; i++)
+ switch (permissions[i]) {
+ case "/permission/admin/manage/mobileapp":
+ appmPermAvailable = true;
+ break;
+ case "/permission/admin/manage/mobileapp/create":
+ appmPermAvailable = true;
+ break;
+ case "/permission/admin/manage/mobileapp/publish":
+ appmPermAvailable = true;
+ break;
+ }
+ }
+
+ if (appmPermAvailable) {
+ try {
+ Registry registry = CarbonContext.getThreadLocalCarbonContext().
+ getRegistry(RegistryType.SYSTEM_GOVERNANCE);
+ ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry,
+ resourcePath, role + ":" + permissionString);
+
+ return true;
+ } catch (Exception e) {
+ String msg = "Error while retrieving user registry in order to update permissions "
+ + "for resource : " + resourcePath;
+ log.error(msg, e);
+ return false;
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Mobile App Management permissions not selected, therefore role : " +
+ role + " not given permission for registry collection : " + resourcePath);
+ }
+ return false;
+ }
+ }
+
@DELETE
@Path("/{roleName}")
@Override
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java
index 14ac17dd956..f6a0a363b4a 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java
@@ -420,5 +420,7 @@ public interface DeviceDAO {
*/
List getEnrolmentsByStatus(List deviceIds, Status status,
int tenantId) throws DeviceManagementDAOException;
+
+ List getDeviceEnrolledTenants() throws DeviceManagementDAOException;
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java
index 0b51ae0db57..202d514b679 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java
@@ -1071,4 +1071,27 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
return devices;
}
+
+ public List getDeviceEnrolledTenants() throws DeviceManagementDAOException {
+ Connection conn;
+ PreparedStatement stmt = null;
+ ResultSet rs = null;
+ List tenants = new ArrayList<>();
+ try {
+ conn = this.getConnection();
+ String sql = "SELECT distinct(TENANT_ID) FROM DM_DEVICE";
+ stmt = conn.prepareStatement(sql);
+ rs = stmt.executeQuery();
+ while (rs.next()) {
+ tenants.add(rs.getInt("TENANT_ID"));
+ }
+ } catch (SQLException e) {
+ throw new DeviceManagementDAOException("Error occurred while retrieving tenants which have " +
+ "device registered.", e);
+ } finally {
+ DeviceManagementDAOUtil.cleanupResources(stmt, rs);
+ }
+ return tenants;
+ }
+
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java
index 176face7524..a82e5022570 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java
@@ -561,7 +561,7 @@ public interface DeviceManagementProviderService {
*/
boolean changeDeviceStatus(DeviceIdentifier deviceIdentifier, EnrolmentInfo.Status newStatus)
throws DeviceManagementException;
-
+
/**
* This will handle add and update of device type services.
* @param deviceManagementService
@@ -587,4 +587,6 @@ public interface DeviceManagementProviderService {
*/
void notifyPullNotificationSubscriber(DeviceIdentifier deviceIdentifier, Operation operation)
throws PullNotificationExecutionFailedException;
+
+ List getDeviceEnrolledTenants() throws DeviceManagementException;
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
index 6b4da5a6824..a1e5d31e35c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
@@ -1471,6 +1471,21 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
return isDeviceUpdated;
}
+ @Override
+ public List getDeviceEnrolledTenants() throws DeviceManagementException {
+ try {
+ DeviceManagementDAOFactory.openConnection();
+ return deviceDAO.getDeviceEnrolledTenants();
+ } catch (DeviceManagementDAOException e) {
+ throw new DeviceManagementException("Error occurred while retrieving the tenants " +
+ "which have device enrolled.", e);
+ } catch (SQLException e) {
+ throw new DeviceManagementException("Error occurred while opening a connection to the data source", e);
+ } finally {
+ DeviceManagementDAOFactory.closeConnection();
+ }
+ }
+
private boolean updateEnrollment(int deviceId, EnrolmentInfo enrolmentInfo, int tenantId)
throws DeviceManagementException {
boolean isUpdatedEnrollment = false;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java
index 6d1228563c1..7b65a3b6ee5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java
@@ -22,20 +22,26 @@ package org.wso2.carbon.device.mgt.core.task.impl;
import com.google.gson.Gson;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.OperationMonitoringTaskConfig;
+import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
import org.wso2.carbon.device.mgt.core.task.DeviceMgtTaskException;
import org.wso2.carbon.device.mgt.core.task.DeviceTaskManager;
import org.wso2.carbon.ntask.core.Task;
+import org.wso2.carbon.user.api.UserStoreException;
+import java.util.List;
import java.util.Map;
public class DeviceDetailsRetrieverTask implements Task {
private static Log log = LogFactory.getLog(DeviceDetailsRetrieverTask.class);
-// private DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl();
private String deviceType;
private String oppConfig;
private OperationMonitoringTaskConfig operationMonitoringTaskConfig;
+ private boolean executeForTenants = false;
+ private final String IS_CLOUD = "is.cloud";
@Override
public void setProperties(Map map) {
@@ -54,21 +60,62 @@ public class DeviceDetailsRetrieverTask implements Task {
@Override
public void execute() {
- if (log.isDebugEnabled()) {
- log.debug("Device details retrieving task started to run.");
+
+ if(System.getProperty(IS_CLOUD) != null && Boolean.parseBoolean(System.getProperty(IS_CLOUD))){
+ executeForTenants = true;
}
+ if(executeForTenants){
+ this.executeForAllTenants();
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Device details retrieving task started to run.");
+ }
+ DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(deviceType,
+ operationMonitoringTaskConfig);
+ //pass the configurations also from here, monitoring tasks
+ try {
+ deviceTaskManager.addOperations();
+ } catch (DeviceMgtTaskException e) {
+ log.error(
+ "Error occurred while trying to add the operations to device to retrieve device details.", e);
+ }
+ }
+ }
- DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(deviceType,
- operationMonitoringTaskConfig);
- //pass the configurations also from here, monitoring tasks
+ private void executeForAllTenants() {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Device details retrieving task started to run for all tenants.");
+ }
try {
- deviceTaskManager.addOperations();
- } catch (DeviceMgtTaskException e) {
- log.error(
- "Error occurred while trying to add the operations to device to retrieve device details.",
- e);
+ List tenants = DeviceManagementDataHolder.getInstance().
+ getDeviceManagementProvider().getDeviceEnrolledTenants();
+ for (Integer tenant : tenants) {
+ String tenantDomain = DeviceManagementDataHolder.getInstance().
+ getRealmService().getTenantManager().getDomain(tenant);
+ try {
+ PrivilegedCarbonContext.startTenantFlow();
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenant);
+ DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(deviceType,
+ operationMonitoringTaskConfig);
+ //pass the configurations also from here, monitoring tasks
+ try {
+ deviceTaskManager.addOperations();
+ } catch (DeviceMgtTaskException e) {
+ log.error("Error occurred while trying to add the operations to " +
+ "device to retrieve device details.", e);
+ }
+ } finally {
+ PrivilegedCarbonContext.endTenantFlow();
+ }
+ }
+ } catch (UserStoreException e) {
+ log.error("Error occurred while trying to get the available tenants", e);
+ } catch (DeviceManagementException e) {
+ log.error("Error occurred while trying to get the available tenants " +
+ "from device manager provider service.", e);
}
-
}
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js
index f8c420d58c6..24e7cc696d5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js
@@ -115,7 +115,6 @@ var userModule = function () {
var url = carbon.server.address('https') + "/admin/services";
var server = new carbon.server.Server(url);
var userManager = new carbon.user.UserManager(server, tenantId);
-
try {
if (userManager.userExists(username)) {
if (log.isDebugEnabled()) {
@@ -632,11 +631,17 @@ var userModule = function () {
var url = carbon.server.address('https') + "/admin/services";
var server = new carbon.server.Server(url);
var userManager = new carbon.user.UserManager(server, tenantId);
+
try {
if (!userManager.roleExists(roleName)) {
userManager.addRole(roleName, users, permissions);
} else {
- log.info("Role exist with name: " + roleName);
+ var array = Object.keys(permissions);
+ var i, permission;
+ for (i = 0; i < array.length; i++) {
+ permission = array[i];
+ userManager.authorizeRole(roleName, permission, "ui.execute");
+ }
}
} catch (e) {
throw e;
diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java
index a70fb4db757..f489a1386a6 100644
--- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java
+++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java
@@ -21,14 +21,18 @@ package org.wso2.carbon.policy.mgt.core.task;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.Device;
+import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
import org.wso2.carbon.device.mgt.common.policy.mgt.PolicyMonitoringManager;
import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.PolicyComplianceException;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
import org.wso2.carbon.ntask.core.Task;
import org.wso2.carbon.policy.mgt.core.internal.PolicyManagementDataHolder;
import org.wso2.carbon.policy.mgt.core.mgt.MonitoringManager;
+import org.wso2.carbon.user.api.UserStoreException;
import java.util.ArrayList;
import java.util.List;
@@ -39,6 +43,8 @@ public class MonitoringTask implements Task {
private static Log log = LogFactory.getLog(MonitoringTask.class);
Map properties;
+ private boolean executeForTenants = false;
+ private final String IS_CLOUD = "is.cloud";
@Override
@@ -56,6 +62,61 @@ public class MonitoringTask implements Task {
if (log.isDebugEnabled()) {
log.debug("Monitoring task started to run.");
}
+ if(System.getProperty(IS_CLOUD) != null && Boolean.parseBoolean(System.getProperty(IS_CLOUD))){
+ executeForTenants = true;
+ }
+ if(executeForTenants) {
+ this.executeforAllTenants();
+ } else {
+ this.executeTask();
+ }
+ }
+
+ /**
+ * Check whether Device platform (ex: android) is exist in the cdm-config.xml file before adding a
+ * Monitoring operation to a specific device type.
+ *
+ * @param deviceType available device types.
+ * @return return platform is exist(true) or not (false).
+ */
+
+ private boolean isPlatformExist(String deviceType) {
+ PolicyMonitoringManager policyMonitoringManager = PolicyManagementDataHolder.getInstance()
+ .getDeviceManagementService().getPolicyMonitoringManager(deviceType);
+ if (policyMonitoringManager != null) {
+ return true;
+ }
+ return false;
+ }
+
+ private void executeforAllTenants() {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Monitoring task started to run for all tenants.");
+ }
+ try {
+ DeviceManagementProviderService deviceManagementService = new DeviceManagementProviderServiceImpl();
+ List tenants = deviceManagementService.getDeviceEnrolledTenants();
+ for (Integer tenant : tenants) {
+ String tenantDomain = PolicyManagementDataHolder.getInstance().
+ getRealmService().getTenantManager().getDomain(tenant);
+ try {
+ PrivilegedCarbonContext.startTenantFlow();
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenant);
+ this.executeTask();
+ } finally {
+ PrivilegedCarbonContext.endTenantFlow();
+ }
+ }
+ } catch (UserStoreException e) {
+ log.error("Error occurred while trying to get the available tenants", e);
+ } catch (DeviceManagementException e) {
+ log.error("Error occurred while trying to get the available tenants from device manager service ", e);
+ }
+ }
+
+ private void executeTask(){
MonitoringManager monitoringManager = PolicyManagementDataHolder.getInstance().getMonitoringManager();
List deviceTypes = new ArrayList<>();
@@ -121,23 +182,5 @@ public class MonitoringTask implements Task {
} else {
log.info("No device types registered currently. So did not run the monitoring task.");
}
-
- }
-
- /**
- * Check whether Device platform (ex: android) is exist in the cdm-config.xml file before adding a
- * Monitoring operation to a specific device type.
- *
- * @param deviceType available device types.
- * @return return platform is exist(true) or not (false).
- */
-
- private boolean isPlatformExist(String deviceType) {
- PolicyMonitoringManager policyMonitoringManager = PolicyManagementDataHolder.getInstance()
- .getDeviceManagementService().getPolicyMonitoringManager(deviceType);
- if (policyMonitoringManager != null) {
- return true;
- }
- return false;
}
}
diff --git a/pom.xml b/pom.xml
index 39f6a09d231..fe383cf9fc4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1583,6 +1583,11 @@
org.wso2.carbon.event.stream.stub
${carbon.analytics.common.version}
+
+ org.wso2.carbon.registry
+ org.wso2.carbon.registry.resource
+ ${carbon.registry.resource.version}
+
@@ -1896,6 +1901,7 @@
4.6.0
+ 4.6.5
[4.4.8, 5.0.0)