diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml index 32614e4fa6e..f29556baa91 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml @@ -311,6 +311,16 @@ org.wso2.carbon.identity.jwt.client.extension provided + + org.wso2.carbon + org.wso2.carbon.registry.core + provided + + + org.wso2.carbon.registry + org.wso2.carbon.registry.resource + provided + org.wso2.carbon.identity.framework org.wso2.carbon.identity.user.store.count diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java index e947c258c04..d396237df4b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -22,6 +22,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.RegistryType; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; @@ -30,6 +32,9 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer; +import org.wso2.carbon.registry.api.Registry; +import org.wso2.carbon.registry.core.session.UserRegistry; +import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil; import org.wso2.carbon.user.api.*; import org.wso2.carbon.user.core.common.AbstractUserStoreManager; import org.wso2.carbon.user.mgt.UserRealmProxy; @@ -296,6 +301,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions); + authorizeRoleForAppmgt(roleInfo.getRoleName(), roleInfo.getPermissions()); //TODO fix what's returned in the entity return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))). @@ -450,6 +456,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION); } } + authorizeRoleForAppmgt(roleName, roleInfo.getPermissions()); } //TODO: Need to send the updated role information in the entity back to the client return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " + @@ -467,6 +474,59 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + /** + * When presented with role and a set of permissions, if given role has permission to + * perform mobile app management, said role will be given rights mobile app collection in the + * governance registry. + * + * @param role + * @param permissions + * @return state of role update Operation + */ + private boolean authorizeRoleForAppmgt(String role, String[] permissions) { + String permissionString = + "ra^true:rd^false:wa^true:wd^false:da^true:dd^false:aa^true:ad^false"; + String resourcePath = "/_system/governance/mobileapps/"; + boolean appmPermAvailable = false; + + if (permissions != null) { + for (int i = 0; i < permissions.length; i++) + switch (permissions[i]) { + case "/permission/admin/manage/mobileapp": + appmPermAvailable = true; + break; + case "/permission/admin/manage/mobileapp/create": + appmPermAvailable = true; + break; + case "/permission/admin/manage/mobileapp/publish": + appmPermAvailable = true; + break; + } + } + + if (appmPermAvailable) { + try { + Registry registry = CarbonContext.getThreadLocalCarbonContext(). + getRegistry(RegistryType.SYSTEM_GOVERNANCE); + ChangeRolePermissionsUtil.changeRolePermissions((UserRegistry) registry, + resourcePath, role + ":" + permissionString); + + return true; + } catch (Exception e) { + String msg = "Error while retrieving user registry in order to update permissions " + + "for resource : " + resourcePath; + log.error(msg, e); + return false; + } + } else { + if (log.isDebugEnabled()) { + log.debug("Mobile App Management permissions not selected, therefore role : " + + role + " not given permission for registry collection : " + resourcePath); + } + return false; + } + } + @DELETE @Path("/{roleName}") @Override diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java index 14ac17dd956..f6a0a363b4a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/DeviceDAO.java @@ -420,5 +420,7 @@ public interface DeviceDAO { */ List getEnrolmentsByStatus(List deviceIds, Status status, int tenantId) throws DeviceManagementDAOException; + + List getDeviceEnrolledTenants() throws DeviceManagementDAOException; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java index 0b51ae0db57..202d514b679 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java @@ -1071,4 +1071,27 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { return devices; } + + public List getDeviceEnrolledTenants() throws DeviceManagementDAOException { + Connection conn; + PreparedStatement stmt = null; + ResultSet rs = null; + List tenants = new ArrayList<>(); + try { + conn = this.getConnection(); + String sql = "SELECT distinct(TENANT_ID) FROM DM_DEVICE"; + stmt = conn.prepareStatement(sql); + rs = stmt.executeQuery(); + while (rs.next()) { + tenants.add(rs.getInt("TENANT_ID")); + } + } catch (SQLException e) { + throw new DeviceManagementDAOException("Error occurred while retrieving tenants which have " + + "device registered.", e); + } finally { + DeviceManagementDAOUtil.cleanupResources(stmt, rs); + } + return tenants; + } + } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java index 176face7524..a82e5022570 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderService.java @@ -561,7 +561,7 @@ public interface DeviceManagementProviderService { */ boolean changeDeviceStatus(DeviceIdentifier deviceIdentifier, EnrolmentInfo.Status newStatus) throws DeviceManagementException; - + /** * This will handle add and update of device type services. * @param deviceManagementService @@ -587,4 +587,6 @@ public interface DeviceManagementProviderService { */ void notifyPullNotificationSubscriber(DeviceIdentifier deviceIdentifier, Operation operation) throws PullNotificationExecutionFailedException; + + List getDeviceEnrolledTenants() throws DeviceManagementException; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 6b4da5a6824..a1e5d31e35c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -1471,6 +1471,21 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv return isDeviceUpdated; } + @Override + public List getDeviceEnrolledTenants() throws DeviceManagementException { + try { + DeviceManagementDAOFactory.openConnection(); + return deviceDAO.getDeviceEnrolledTenants(); + } catch (DeviceManagementDAOException e) { + throw new DeviceManagementException("Error occurred while retrieving the tenants " + + "which have device enrolled.", e); + } catch (SQLException e) { + throw new DeviceManagementException("Error occurred while opening a connection to the data source", e); + } finally { + DeviceManagementDAOFactory.closeConnection(); + } + } + private boolean updateEnrollment(int deviceId, EnrolmentInfo enrolmentInfo, int tenantId) throws DeviceManagementException { boolean isUpdatedEnrollment = false; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java index 6d1228563c1..7b65a3b6ee5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/task/impl/DeviceDetailsRetrieverTask.java @@ -22,20 +22,26 @@ package org.wso2.carbon.device.mgt.core.task.impl; import com.google.gson.Gson; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.OperationMonitoringTaskConfig; +import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.core.task.DeviceMgtTaskException; import org.wso2.carbon.device.mgt.core.task.DeviceTaskManager; import org.wso2.carbon.ntask.core.Task; +import org.wso2.carbon.user.api.UserStoreException; +import java.util.List; import java.util.Map; public class DeviceDetailsRetrieverTask implements Task { private static Log log = LogFactory.getLog(DeviceDetailsRetrieverTask.class); -// private DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(); private String deviceType; private String oppConfig; private OperationMonitoringTaskConfig operationMonitoringTaskConfig; + private boolean executeForTenants = false; + private final String IS_CLOUD = "is.cloud"; @Override public void setProperties(Map map) { @@ -54,21 +60,62 @@ public class DeviceDetailsRetrieverTask implements Task { @Override public void execute() { - if (log.isDebugEnabled()) { - log.debug("Device details retrieving task started to run."); + + if(System.getProperty(IS_CLOUD) != null && Boolean.parseBoolean(System.getProperty(IS_CLOUD))){ + executeForTenants = true; } + if(executeForTenants){ + this.executeForAllTenants(); + } else { + if (log.isDebugEnabled()) { + log.debug("Device details retrieving task started to run."); + } + DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(deviceType, + operationMonitoringTaskConfig); + //pass the configurations also from here, monitoring tasks + try { + deviceTaskManager.addOperations(); + } catch (DeviceMgtTaskException e) { + log.error( + "Error occurred while trying to add the operations to device to retrieve device details.", e); + } + } + } - DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(deviceType, - operationMonitoringTaskConfig); - //pass the configurations also from here, monitoring tasks + private void executeForAllTenants() { + + if (log.isDebugEnabled()) { + log.debug("Device details retrieving task started to run for all tenants."); + } try { - deviceTaskManager.addOperations(); - } catch (DeviceMgtTaskException e) { - log.error( - "Error occurred while trying to add the operations to device to retrieve device details.", - e); + List tenants = DeviceManagementDataHolder.getInstance(). + getDeviceManagementProvider().getDeviceEnrolledTenants(); + for (Integer tenant : tenants) { + String tenantDomain = DeviceManagementDataHolder.getInstance(). + getRealmService().getTenantManager().getDomain(tenant); + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenant); + DeviceTaskManager deviceTaskManager = new DeviceTaskManagerImpl(deviceType, + operationMonitoringTaskConfig); + //pass the configurations also from here, monitoring tasks + try { + deviceTaskManager.addOperations(); + } catch (DeviceMgtTaskException e) { + log.error("Error occurred while trying to add the operations to " + + "device to retrieve device details.", e); + } + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } + } catch (UserStoreException e) { + log.error("Error occurred while trying to get the available tenants", e); + } catch (DeviceManagementException e) { + log.error("Error occurred while trying to get the available tenants " + + "from device manager provider service.", e); } - } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js index f8c420d58c6..24e7cc696d5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js @@ -115,7 +115,6 @@ var userModule = function () { var url = carbon.server.address('https') + "/admin/services"; var server = new carbon.server.Server(url); var userManager = new carbon.user.UserManager(server, tenantId); - try { if (userManager.userExists(username)) { if (log.isDebugEnabled()) { @@ -632,11 +631,17 @@ var userModule = function () { var url = carbon.server.address('https') + "/admin/services"; var server = new carbon.server.Server(url); var userManager = new carbon.user.UserManager(server, tenantId); + try { if (!userManager.roleExists(roleName)) { userManager.addRole(roleName, users, permissions); } else { - log.info("Role exist with name: " + roleName); + var array = Object.keys(permissions); + var i, permission; + for (i = 0; i < array.length; i++) { + permission = array[i]; + userManager.authorizeRole(roleName, permission, "ui.execute"); + } } } catch (e) { throw e; diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java index a70fb4db757..f489a1386a6 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/task/MonitoringTask.java @@ -21,14 +21,18 @@ package org.wso2.carbon.policy.mgt.core.task; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.Device; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.policy.mgt.PolicyMonitoringManager; import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.PolicyComplianceException; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl; import org.wso2.carbon.ntask.core.Task; import org.wso2.carbon.policy.mgt.core.internal.PolicyManagementDataHolder; import org.wso2.carbon.policy.mgt.core.mgt.MonitoringManager; +import org.wso2.carbon.user.api.UserStoreException; import java.util.ArrayList; import java.util.List; @@ -39,6 +43,8 @@ public class MonitoringTask implements Task { private static Log log = LogFactory.getLog(MonitoringTask.class); Map properties; + private boolean executeForTenants = false; + private final String IS_CLOUD = "is.cloud"; @Override @@ -56,6 +62,61 @@ public class MonitoringTask implements Task { if (log.isDebugEnabled()) { log.debug("Monitoring task started to run."); } + if(System.getProperty(IS_CLOUD) != null && Boolean.parseBoolean(System.getProperty(IS_CLOUD))){ + executeForTenants = true; + } + if(executeForTenants) { + this.executeforAllTenants(); + } else { + this.executeTask(); + } + } + + /** + * Check whether Device platform (ex: android) is exist in the cdm-config.xml file before adding a + * Monitoring operation to a specific device type. + * + * @param deviceType available device types. + * @return return platform is exist(true) or not (false). + */ + + private boolean isPlatformExist(String deviceType) { + PolicyMonitoringManager policyMonitoringManager = PolicyManagementDataHolder.getInstance() + .getDeviceManagementService().getPolicyMonitoringManager(deviceType); + if (policyMonitoringManager != null) { + return true; + } + return false; + } + + private void executeforAllTenants() { + + if (log.isDebugEnabled()) { + log.debug("Monitoring task started to run for all tenants."); + } + try { + DeviceManagementProviderService deviceManagementService = new DeviceManagementProviderServiceImpl(); + List tenants = deviceManagementService.getDeviceEnrolledTenants(); + for (Integer tenant : tenants) { + String tenantDomain = PolicyManagementDataHolder.getInstance(). + getRealmService().getTenantManager().getDomain(tenant); + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenant); + this.executeTask(); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } + } catch (UserStoreException e) { + log.error("Error occurred while trying to get the available tenants", e); + } catch (DeviceManagementException e) { + log.error("Error occurred while trying to get the available tenants from device manager service ", e); + } + } + + private void executeTask(){ MonitoringManager monitoringManager = PolicyManagementDataHolder.getInstance().getMonitoringManager(); List deviceTypes = new ArrayList<>(); @@ -121,23 +182,5 @@ public class MonitoringTask implements Task { } else { log.info("No device types registered currently. So did not run the monitoring task."); } - - } - - /** - * Check whether Device platform (ex: android) is exist in the cdm-config.xml file before adding a - * Monitoring operation to a specific device type. - * - * @param deviceType available device types. - * @return return platform is exist(true) or not (false). - */ - - private boolean isPlatformExist(String deviceType) { - PolicyMonitoringManager policyMonitoringManager = PolicyManagementDataHolder.getInstance() - .getDeviceManagementService().getPolicyMonitoringManager(deviceType); - if (policyMonitoringManager != null) { - return true; - } - return false; } } diff --git a/pom.xml b/pom.xml index 39f6a09d231..fe383cf9fc4 100644 --- a/pom.xml +++ b/pom.xml @@ -1583,6 +1583,11 @@ org.wso2.carbon.event.stream.stub ${carbon.analytics.common.version} + + org.wso2.carbon.registry + org.wso2.carbon.registry.resource + ${carbon.registry.resource.version} + @@ -1896,6 +1901,7 @@ 4.6.0 + 4.6.5 [4.4.8, 5.0.0)