diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java index acd9e987141..cc0aa56dd9d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java @@ -22,14 +22,15 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.PaginationResult; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyEixistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.jaxrs.api.util.DeviceMgtAPIUtils; +import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -42,26 +43,13 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; +import java.util.Arrays; import java.util.Date; import java.util.List; @SuppressWarnings("NonJaxWsWebServices") public class Group { - private static final String DEFAULT_ADMIN_ROLE = "admin"; - private static final String DEFAULT_OPERATOR_ROLE = "invoke-device-operations"; - private static final String DEFAULT_STATS_MONITOR_ROLE = "view-statistics"; - private static final String DEFAULT_VIEW_POLICIES = "view-policies"; - private static final String DEFAULT_MANAGE_POLICIES = "mange-policies"; - private static final String DEFAULT_VIEW_EVENTS = "view-events"; - private static final String[] DEFAULT_ADMIN_PERMISSIONS = {"/permission/device-mgt/admin/groups", - "/permission/device-mgt/user/groups"}; - private static final String[] DEFAULT_OPERATOR_PERMISSIONS = {"/permission/device-mgt/user/groups/device_operation"}; - private static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS = {"/permission/device-mgt/user/groups/device_monitor"}; - private static final String[] DEFAULT_MANAGE_POLICIES_PERMISSIONS = {"/permission/device-mgt/user/groups/device_policies/add"}; - private static final String[] DEFAULT_VIEW_POLICIES_PERMISSIONS = {"/permission/device-mgt/user/groups/device_policies/view"}; - private static final String[] DEFAULT_VIEW_EVENTS_PERMISSIONS = {"/permission/device-mgt/user/groups/device_events"}; - private static Log log = LogFactory.getLog(Group.class); @POST @@ -76,18 +64,18 @@ public class Group { group.setDateOfLastUpdate(new Date().getTime()); try { GroupManagementProviderService groupManagementService = DeviceMgtAPIUtils.getGroupManagementProviderService(); - groupManagementService.createGroup(group, DEFAULT_ADMIN_ROLE, DEFAULT_ADMIN_PERMISSIONS); + groupManagementService.createGroup(group, DeviceGroupConstants.Roles.DEFAULT_ADMIN_ROLE, DeviceGroupConstants.Permissions.DEFAULT_ADMIN_PERMISSIONS); groupManagementService.addGroupSharingRole(owner, group.getName(), owner, - DEFAULT_OPERATOR_ROLE, - DEFAULT_OPERATOR_PERMISSIONS); - groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_STATS_MONITOR_ROLE, - DEFAULT_STATS_MONITOR_PERMISSIONS); - groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_VIEW_POLICIES, - DEFAULT_VIEW_POLICIES_PERMISSIONS); - groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_MANAGE_POLICIES, - DEFAULT_MANAGE_POLICIES_PERMISSIONS); - groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DEFAULT_VIEW_EVENTS, - DEFAULT_VIEW_EVENTS_PERMISSIONS); + DeviceGroupConstants.Roles.DEFAULT_OPERATOR_ROLE, + DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); + groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_STATS_MONITOR_ROLE, + DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS); + groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_VIEW_POLICIES, + DeviceGroupConstants.Permissions.DEFAULT_VIEW_POLICIES_PERMISSIONS); + groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_MANAGE_POLICIES, + DeviceGroupConstants.Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS); + groupManagementService.addGroupSharingRole(owner, group.getName(), owner, DeviceGroupConstants.Roles.DEFAULT_VIEW_EVENTS, + DeviceGroupConstants.Permissions.DEFAULT_VIEW_EVENTS_PERMISSIONS); return Response.status(Response.Status.CREATED).build(); } catch (GroupAlreadyEixistException e) { return Response.status(Response.Status.CONFLICT).entity(e.getMessage()).build(); @@ -275,8 +263,10 @@ public class Group { if (isShared) { return Response.status(Response.Status.OK).build(); } else { - return Response.status(Response.Status.NOT_FOUND).build(); + return Response.status(Response.Status.NOT_FOUND).entity("Group not found").build(); } + } catch (UserDoesNotExistException e) { + return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build(); } catch (GroupManagementException e) { log.error(e.getMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); @@ -295,8 +285,10 @@ public class Group { if (isUnShared) { return Response.status(Response.Status.OK).build(); } else { - return Response.status(Response.Status.NOT_FOUND).build(); + return Response.status(Response.Status.NOT_FOUND).entity("Group not found").build(); } + } catch (UserDoesNotExistException e) { + return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build(); } catch (GroupManagementException e) { log.error(e.getMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); @@ -360,6 +352,34 @@ public class Group { String[] rolesArray = new String[roles.size()]; roles.toArray(rolesArray); return Response.status(Response.Status.OK).entity(rolesArray).build(); + } catch (UserDoesNotExistException e) { + return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build(); + } catch (GroupManagementException e) { + log.error(e.getMessage(), e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } + } + + @PUT + @Path("/owner/{owner}/name/{groupName}/user/{userName}/share/roles") + @Produces("application/json") + public Response setRoles(@PathParam("groupName") String groupName, + @PathParam("owner") String owner, @PathParam("userName") String userName, + List selectedRoles) { + try { + List allRoles = DeviceMgtAPIUtils.getGroupManagementProviderService().getRoles(groupName, owner); + for (String role : allRoles) { + if (selectedRoles.contains(role)) { + DeviceMgtAPIUtils.getGroupManagementProviderService() + .shareGroup(userName, groupName, owner, role); + } else { + DeviceMgtAPIUtils.getGroupManagementProviderService() + .unshareGroup(userName, groupName, owner, role); + } + } + return Response.status(Response.Status.OK).build(); + } catch (UserDoesNotExistException e) { + return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build(); } catch (GroupManagementException e) { log.error(e.getMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); @@ -466,6 +486,8 @@ public class Group { String[] permissions = DeviceMgtAPIUtils.getGroupManagementProviderService() .getPermissions(userName, groupName, owner); return Response.status(Response.Status.OK).entity(permissions).build(); + } catch (UserDoesNotExistException e) { + return Response.status(Response.Status.NOT_FOUND).entity(e.getMessage()).build(); } catch (GroupManagementException e) { log.error(e.getMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml index e00d1a93ac7..89aa3f02f24 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml @@ -1035,6 +1035,13 @@ GET + + Group Roles + /device-mgt/user/groups/roles + /groups/owner/*/name/*/user/*/share/roles + PUT + + Group Permissions /device-mgt/admin/groups/roles/permissions diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/authorization/DeviceAccessAuthorizationService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/authorization/DeviceAccessAuthorizationService.java index 5c6b9b4b4bc..610727edb07 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/authorization/DeviceAccessAuthorizationService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/authorization/DeviceAccessAuthorizationService.java @@ -28,7 +28,6 @@ import java.util.List; * accessing the device information and performing MDM operations on devices. */ public interface DeviceAccessAuthorizationService { - /** * This method will check whether the currently logged-in user has the access to the device identified by the given * DeviceIdentifier. @@ -39,24 +38,77 @@ public interface DeviceAccessAuthorizationService { */ boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException; + /** + * This method will check whether the currently logged-in user has the access to the device identified by the given + * DeviceIdentifier. + * + * @param deviceIdentifier - DeviceIdentifier of the device to be checked. + * @param groupPermissions - Group Permissions. + * @return Boolean authorization result. + * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. + */ + boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String[] groupPermissions) + throws DeviceAccessAuthorizationException; + /** * This method will check whether the currently logged-in user has the access to the devices identified by the given * DeviceIdentifier list. * * @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization. - * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & - * unauthorized devices. + * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized + * devices. * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. */ DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers) throws - DeviceAccessAuthorizationException; + DeviceAccessAuthorizationException; + + /** + * This method will check whether the currently logged-in user has the access to the devices identified by the given + * DeviceIdentifier list. + * + * @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization. + * @param groupPermissions - Group Permissions + * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized + * devices. + * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. + */ + DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String[] groupPermissions) + throws DeviceAccessAuthorizationException; /** * This method will check whether the given user has the access to the device identified by the given * DeviceIdentifier. * * @param deviceIdentifier - DeviceIdentifier of the device to be checked. - * @param username - Username of the user to be checked for authorization. + * @param username - Username of the user to be checked for authorization. + * @param groupPermissions - Group Permissions + * @return Boolean authorization result. + * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. + */ + boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username, String[] groupPermissions) + throws DeviceAccessAuthorizationException; + + /** + * This method will check whether the given user has the access to the devices identified by the given + * DeviceIdentifier list. + * + * @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization. + * @param username - User name + * @param groupPermissions - Group Permissions + * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized + * devices. + * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. + */ + DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username, + String[] groupPermissions) throws + DeviceAccessAuthorizationException; + + /** + * This method will check whether the given user has the access to the device identified by the given + * DeviceIdentifier. + * + * @param deviceIdentifier - DeviceIdentifier of the device to be checked. + * @param username - Username of the user to be checked for authorization. * @return Boolean authorization result. * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. */ @@ -68,12 +120,11 @@ public interface DeviceAccessAuthorizationService { * DeviceIdentifier list. * * @param deviceIdentifiers - List of DeviceIdentifiers to be checked for authorization. - * @param username - Username of the user to be checked for authorization. - * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & - * unauthorized devices. + * @param username - Username of the user to be checked for authorization. + * @return DeviceAuthorizationResult - Authorization result including the list of authorized devices & unauthorized + * devices. * @throws DeviceAccessAuthorizationException if something goes wrong when checking the authorization. */ DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username) throws - DeviceAccessAuthorizationException; - + DeviceAccessAuthorizationException; } \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java new file mode 100644 index 00000000000..24c4089b243 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.device.mgt.common.group.mgt; + + +/** + * Holds Device Group constants and expose to external access + */ +public class DeviceGroupConstants { + public enum RolePermissions { + DEFAULT_ADMIN_ROLE(Roles.DEFAULT_ADMIN_ROLE), + DEFAULT_OPERATOR_ROLE(Roles.DEFAULT_OPERATOR_ROLE), + DEFAULT_STATS_MONITOR_ROLE(Roles.DEFAULT_STATS_MONITOR_ROLE), + DEFAULT_VIEW_POLICIES(Roles.DEFAULT_VIEW_POLICIES), + DEFAULT_MANAGE_POLICIES(Roles.DEFAULT_MANAGE_POLICIES), + DEFAULT_VIEW_EVENTS(Roles.DEFAULT_VIEW_EVENTS); + + private String value; + private String[] permissions; + + RolePermissions(String value) { + this.value = value; + } + + static { + DEFAULT_ADMIN_ROLE.permissions = Permissions.DEFAULT_ADMIN_PERMISSIONS; + DEFAULT_OPERATOR_ROLE.permissions = Permissions.DEFAULT_OPERATOR_PERMISSIONS; + DEFAULT_STATS_MONITOR_ROLE.permissions = Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS; + DEFAULT_VIEW_POLICIES.permissions = Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS; + DEFAULT_MANAGE_POLICIES.permissions = Permissions.DEFAULT_VIEW_POLICIES_PERMISSIONS; + DEFAULT_VIEW_EVENTS.permissions = Permissions.DEFAULT_VIEW_EVENTS_PERMISSIONS; + } + + @Override + public String toString(){ + return this.value; + } + + public String[] getPermissions(){ + return permissions; + } + } + + public static class Roles { + public static final String DEFAULT_ADMIN_ROLE = "admin"; + public static final String DEFAULT_OPERATOR_ROLE = "invoke-device-operations"; + public static final String DEFAULT_STATS_MONITOR_ROLE = "view-statistics"; + public static final String DEFAULT_VIEW_POLICIES = "view-policies"; + public static final String DEFAULT_MANAGE_POLICIES = "mange-policies"; + public static final String DEFAULT_VIEW_EVENTS = "view-events"; + } + + public static class Permissions { + public static final String[] DEFAULT_ADMIN_PERMISSIONS = + {"/permission/device-mgt/admin/groups", "/permission/device-mgt/user/groups"}; + public static final String[] DEFAULT_OPERATOR_PERMISSIONS = + {"/permission/device-mgt/user/groups/device_operation"}; + public static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS = + {"/permission/device-mgt/user/groups/device_monitor"}; + public static final String[] DEFAULT_MANAGE_POLICIES_PERMISSIONS = + {"/permission/device-mgt/user/groups/device_policies/add"}; + public static final String[] DEFAULT_VIEW_POLICIES_PERMISSIONS = + {"/permission/device-mgt/user/groups/device_policies/view"}; + public static final String[] DEFAULT_VIEW_EVENTS_PERMISSIONS = + {"/permission/device-mgt/user/groups/device_events"}; + } +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 857f0f63e94..d3d3ed09c00 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -1,17 +1,17 @@ /* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. - * you may obtain a copy of the License at + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -21,17 +21,21 @@ package org.wso2.carbon.device.mgt.core.authorization; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.device.mgt.common.*; +import org.wso2.carbon.device.mgt.common.Device; +import org.wso2.carbon.device.mgt.common.DeviceIdentifier; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; +import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; +import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; -import org.wso2.carbon.user.api.UserStoreManager; import java.util.HashMap; import java.util.List; @@ -45,18 +49,6 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori private final static String EMM_ADMIN_PERMISSION = "/device-mgt/admin-device-access"; private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); - public static final class PermissionMethod { - private PermissionMethod() { - throw new AssertionError(); - } - - public static final String READ = "read"; - public static final String WRITE = "write"; - public static final String DELETE = "delete"; - public static final String ACTION = "action"; - public static final String UI_EXECUTE = "ui.execute"; - } - public DeviceAccessAuthorizationServiceImpl() { try { this.addAdminPermissionToRegistry(); @@ -66,158 +58,166 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } @Override - public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { - boolean status; - String username = this.getUserName(); + public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username, String[] groupPermissions) + throws DeviceAccessAuthorizationException { int tenantId = this.getTenantId(); if (username == null || username.isEmpty()) { - return !DeviceManagementDataHolder.getInstance().requireDeviceAuthorization(deviceIdentifier.getType()); + return false; } - try { - //Check for admin users. If the user is an admin user we authorize the access to that device. - status = isAdminUser(username, tenantId); - } catch (UserStoreException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + - deviceIdentifier.getId() + " for the user : " + username, e); + //check for admin and ownership permissions + if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { + return true; } - //Check for device ownership. If the user is the owner of the device we allow the access. - if (!status) { - try { - Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). - getDevice(deviceIdentifier); - EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo(); - if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { - status = true; + //check for group permissions + try { + if (groupPermissions == null || groupPermissions.length == 0) { + return false; + } + for (String groupPermission : groupPermissions) { + if (!isAuthorizedViaGroup(username, deviceIdentifier, groupPermission)) { + //if at least one fails, authorization fails + return false; } - } catch (DeviceManagementException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + - deviceIdentifier.getId() + " for the user : " + username, e); } + return true; + } catch (GroupManagementException | UserStoreException e) { + throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + + deviceIdentifier.getId() + " for the user : " + + username, e); } - return status; } @Override - public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers) throws - DeviceAccessAuthorizationException { - boolean status; - DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); - String username = this.getUserName(); + public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username) + throws DeviceAccessAuthorizationException { + return isUserAuthorized(deviceIdentifier, username, null); + } + + @Override + public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String[] groupPermissions) + throws DeviceAccessAuthorizationException { + return isUserAuthorized(deviceIdentifier, this.getUserName(), groupPermissions); + } + + @Override + public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { + return isUserAuthorized(deviceIdentifier, this.getUserName(), null); + } + + @Override + public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username, + String[] groupPermissions) + throws DeviceAccessAuthorizationException { int tenantId = this.getTenantId(); if (username == null || username.isEmpty()) { - return deviceAuthorizationResult; - } - try { - //Check for admin users. If the user is an admin user we authorize the access to that device. - status = isAdminUser(username, tenantId); - } catch (UserStoreException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : " + - username, e); + return null; } - //Check for device ownership. If the user is the owner of the device we allow the access. - if (!status) { - try { - //Get the list of devices of the user - List devicesOfUser = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). - getDevicesOfUser(username); - //Convert device-list to a Map - Map ownershipData = this.getOwnershipOfDevices(devicesOfUser); - for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { - if (ownershipData.containsKey(deviceIdentifier.getId())) { + DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); + for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { + //check for admin and ownership permissions + if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { + deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier); + } else { + try { + if (groupPermissions == null || groupPermissions.length == 0) { + return null; + } + //check for group permissions + boolean isAuthorized = true; + for (String groupPermission : groupPermissions) { + if (!isAuthorizedViaGroup(username, deviceIdentifier, groupPermission)) { + //if at least one failed, authorizations fails and break the loop + isAuthorized = false; + break; + } + } + if (isAuthorized) { deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier); } else { deviceAuthorizationResult.addUnauthorizedDevice(deviceIdentifier); } + } catch (GroupManagementException | UserStoreException e) { + throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + + deviceIdentifier.getId() + " for the user : " + + username, e); } - } catch (DeviceManagementException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : " - + username, e); } - } else { - deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers); } return deviceAuthorizationResult; } @Override - public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username) + public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username) + throws DeviceAccessAuthorizationException { + return isUserAuthorized(deviceIdentifiers, username, null); + } + + @Override + public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers) + throws DeviceAccessAuthorizationException { + return isUserAuthorized(deviceIdentifiers, this.getUserName(), null); + } + + @Override + public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String[] groupPermissions) + throws DeviceAccessAuthorizationException { + return isUserAuthorized(deviceIdentifiers, this.getUserName(), groupPermissions); + } + + private boolean isAdminOrDeviceOwner(String username, int tenantId, DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { - boolean status; - int tenantId = this.getTenantId(); - if (username == null || username.isEmpty()) { - return false; - } try { - //Check for admin users. If the user is an admin user we authorize the access to that device. - status = isAdminUser(username, tenantId); + //First Check for admin users. If the user is an admin user we authorize the access to that device. + //Secondly Check for device ownership. If the user is the owner of the device we allow the access. + return (isAdminUser(username, tenantId) || isDeviceOwner(deviceIdentifier, username)); } catch (UserStoreException e) { throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + - deviceIdentifier.getId() + " for the user : " + username, e); + deviceIdentifier.getId() + " for the user : " + + username, e); } - //Check for device ownership. If the user is the owner of the device we allow the access. - if (!status) { - try { - Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). - getDevice(deviceIdentifier); - EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo(); - if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { - status = true; - } - } catch (DeviceManagementException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + - deviceIdentifier.getId() + " for the user : " + username, e); + } + + private boolean isAuthorizedViaGroup(String username, DeviceIdentifier deviceIdentifier, String groupPermission) + throws GroupManagementException, UserStoreException { + List authorizedGroups = + DeviceManagementDataHolder.getInstance().getGroupManagementProviderService() + .getGroups(username, groupPermission); + List groupsWithDevice = + DeviceManagementDataHolder.getInstance().getGroupManagementProviderService() + .getGroups(deviceIdentifier); + for (DeviceGroup group : authorizedGroups) { + if (groupsWithDevice.contains(group)) { + return true; } } - return status; + return false; } - @Override - public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username) - throws DeviceAccessAuthorizationException { - boolean status; - int tenantId = this.getTenantId(); - DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); - if (username == null || username.isEmpty()) { - return null; - } - try { - //Check for admin users. If the user is an admin user we authorize the access to that device. - status = isAdminUser(username, tenantId); - } catch (UserStoreException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : " + - username, e); - } + private boolean isDeviceOwner(DeviceIdentifier deviceIdentifier, String username) + throws DeviceAccessAuthorizationException { //Check for device ownership. If the user is the owner of the device we allow the access. - if (!status) { - try { - Device device; - EnrolmentInfo enrolmentInfo; - for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { - device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). - getDevice(deviceIdentifier); - enrolmentInfo = device.getEnrolmentInfo(); - if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { - deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier); - } else { - deviceAuthorizationResult.addUnauthorizedDevice(deviceIdentifier); - } - } - } catch (DeviceManagementException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to devices for the user : " - + username, e); + try { + Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). + getDevice(deviceIdentifier); + EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo(); + if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { + return true; } - } else { - deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers); + } catch (DeviceManagementException e) { + throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + + deviceIdentifier.getId() + " for the user : " + + username, e); } - return deviceAuthorizationResult; + return false; } private boolean isAdminUser(String username, int tenantId) throws UserStoreException { UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId); if (userRealm != null && userRealm.getAuthorizationManager() != null) { return userRealm.getAuthorizationManager() - .isUserAuthorized(removeTenantDomain(username), PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION), - PermissionMethod.UI_EXECUTE); + .isUserAuthorized(removeTenantDomain(username), + PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION), + PermissionMethod.UI_EXECUTE); } return false; } @@ -263,4 +263,16 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } return ownershipData; } + + public static final class PermissionMethod { + public static final String READ = "read"; + public static final String WRITE = "write"; + public static final String DELETE = "delete"; + public static final String ACTION = "action"; + public static final String UI_EXECUTE = "ui.execute"; + + private PermissionMethod() { + throw new AssertionError(); + } + } } \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java index ee594bc6577..b09c1e8149c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java @@ -25,6 +25,7 @@ import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager; import org.wso2.carbon.device.mgt.core.app.mgt.config.AppManagementConfig; import org.wso2.carbon.device.mgt.core.config.license.LicenseConfig; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.ntask.core.service.TaskService; import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.user.core.service.RealmService; @@ -47,6 +48,7 @@ public class DeviceManagementDataHolder { private ConfigurationContextService configurationContextService; private HashMap requireDeviceAuthorization = new HashMap<>(); private DeviceAccessAuthorizationService deviceAccessAuthorizationService; + private GroupManagementProviderService groupManagementProviderService; private TaskService taskService; //private EmailSenderService emailSenderService; @@ -91,6 +93,15 @@ public class DeviceManagementDataHolder { this.deviceManagerProvider = deviceManagerProvider; } + public GroupManagementProviderService getGroupManagementProviderService() { + return groupManagementProviderService; + } + + public void setGroupManagementProviderService( + GroupManagementProviderService groupManagementProviderService) { + this.groupManagementProviderService = groupManagementProviderService; + } + public RegistryService getRegistryService() { if (registryService == null) { throw new IllegalStateException("Registry service is not initialized properly"); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java index 96cebe50dbe..35f7e50f006 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java @@ -195,6 +195,7 @@ public class DeviceManagementServiceComponent { /* Registering Group Management Service */ GroupManagementProviderService groupManagementProvider = new GroupManagementProviderServiceImpl(); + DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(groupManagementProvider); bundleContext.registerService(GroupManagementProviderService.class.getName(), groupManagementProvider, null); /* Registering Tenant Configuration Management Service */ diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java index b9ffa03340f..82564aec36f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java @@ -25,7 +25,7 @@ import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyEixistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser; -import org.wso2.carbon.device.mgt.core.group.mgt.DeviceGroupBuilder; +import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException; import java.util.List; @@ -77,6 +77,7 @@ public interface GroupManagementProviderService { /** * Get the device group provided the device group id. + * * @param groupId * @return * @throws GroupManagementException @@ -97,7 +98,7 @@ public interface GroupManagementProviderService { * Get paginated device groups in tenant * * @param startIndex for pagination. - * @param rowCount for pagination. + * @param rowCount for pagination. * @return paginated list of groups * @throws GroupManagementException */ @@ -106,9 +107,9 @@ public interface GroupManagementProviderService { /** * Get paginated device groups in tenant * - * @param username of user. + * @param username of user. * @param startIndex for pagination. - * @param rowCount for pagination. + * @param rowCount for pagination. * @return paginated list of groups * @throws GroupManagementException */ @@ -148,10 +149,10 @@ public interface GroupManagementProviderService { * @param owner of the group * @param sharingRole to be shared * @return is group shared - * @throws GroupManagementException + * @throws GroupManagementException UserDoesNotExistException */ boolean shareGroup(String username, String groupName, String owner, String sharingRole) - throws GroupManagementException; + throws GroupManagementException, UserDoesNotExistException; /** * Un share existing group sharing with user specified by role @@ -161,10 +162,10 @@ public interface GroupManagementProviderService { * @param owner of the group * @param sharingRole to be un shared * @return is group un shared - * @throws GroupManagementException + * @throws GroupManagementException UserDoesNotExistException */ boolean unshareGroup(String userName, String groupName, String owner, String sharingRole) - throws GroupManagementException; + throws GroupManagementException, UserDoesNotExistException; /** * Add new sharing role for device group @@ -183,9 +184,9 @@ public interface GroupManagementProviderService { /** * Remove existing sharing role for device group * - * @param groupName of the group - * @param owner of the group - * @param roleName to remove + * @param groupName of the group + * @param owner of the group + * @param roleName to remove * @return is role removed * @throws GroupManagementException */ @@ -194,8 +195,8 @@ public interface GroupManagementProviderService { /** * Get all sharing roles for device group * - * @param groupName of the group - * @param owner of the group + * @param groupName of the group + * @param owner of the group * @return list of roles * @throws GroupManagementException */ @@ -204,19 +205,20 @@ public interface GroupManagementProviderService { /** * Get specific device group sharing roles for user * - * @param userName of the user - * @param groupName of the group - * @param owner of the group + * @param userName of the user + * @param groupName of the group + * @param owner of the group * @return list of roles - * @throws GroupManagementException + * @throws GroupManagementException UserDoesNotExistException */ - List getRoles(String userName, String groupName, String owner) throws GroupManagementException; + List getRoles(String userName, String groupName, String owner) + throws GroupManagementException, UserDoesNotExistException; /** * Get device group users * - * @param groupName of the group - * @param owner of the group + * @param groupName of the group + * @param owner of the group * @return list of group users * @throws GroupManagementException */ @@ -225,8 +227,8 @@ public interface GroupManagementProviderService { /** * Get all devices in device group. * - * @param groupName of the group. - * @param owner of the group. + * @param groupName of the group. + * @param owner of the group. * @return list of group devices. * @throws GroupManagementException */ @@ -235,10 +237,10 @@ public interface GroupManagementProviderService { /** * Get all devices in device group as paginated result. * - * @param groupName of the group. - * @param owner of the group. + * @param groupName of the group. + * @param owner of the group. * @param startIndex for pagination. - * @param rowCount for pagination. + * @param rowCount for pagination. * @return Paginated list of devices. * @throws GroupManagementException */ @@ -248,8 +250,8 @@ public interface GroupManagementProviderService { /** * This method is used to retrieve the device count of a given group. * - * @param groupName of the group. - * @param owner of the group. + * @param groupName of the group. + * @param owner of the group. * @return returns the device count. * @throws GroupManagementException */ @@ -258,9 +260,9 @@ public interface GroupManagementProviderService { /** * Add device to device group. * - * @param deviceId of the device. - * @param groupName of the group. - * @param owner of the group. + * @param deviceId of the device. + * @param groupName of the group. + * @param owner of the group. * @return is device added. * @throws GroupManagementException */ @@ -269,9 +271,9 @@ public interface GroupManagementProviderService { /** * Remove device from device group. * - * @param deviceId of the device. - * @param groupName of the group. - * @param owner of the group. + * @param deviceId of the device. + * @param groupName of the group. + * @param owner of the group. * @return is device removed. * @throws GroupManagementException */ @@ -280,13 +282,14 @@ public interface GroupManagementProviderService { /** * Get device group permissions of user. * - * @param username of the user. - * @param groupName of the group. - * @param owner of the group. + * @param username of the user. + * @param groupName of the group. + * @param owner of the group. * @return array of permissions. - * @throws GroupManagementException + * @throws GroupManagementException UserDoesNotExistException */ - String[] getPermissions(String username, String groupName, String owner) throws GroupManagementException; + String[] getPermissions(String username, String groupName, String owner) + throws GroupManagementException, UserDoesNotExistException; /** * Get device groups of user with permission. @@ -300,6 +303,7 @@ public interface GroupManagementProviderService { /** * Get the group of device. + * * @param deviceIdentifier * @return * @throws GroupManagementException diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java index e20e0337352..6cecc185e00 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java @@ -41,6 +41,7 @@ import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException; import org.wso2.carbon.user.core.util.UserCoreUtil; import java.sql.SQLException; @@ -379,7 +380,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid */ @Override public boolean shareGroup(String username, String groupName, String owner, String sharingRole) - throws GroupManagementException { + throws GroupManagementException, UserDoesNotExistException { int groupId = getGroupId(groupName, owner); return modifyGroupShare(username, groupId, sharingRole, true); } @@ -389,14 +390,14 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid */ @Override public boolean unshareGroup(String username, String groupName, String owner, String sharingRole) - throws GroupManagementException { + throws GroupManagementException, UserDoesNotExistException { int groupId = getGroupId(groupName, owner); return modifyGroupShare(username, groupId, sharingRole, false); } private boolean modifyGroupShare(String username, int groupId, String sharingRole, boolean isAddNew) - throws GroupManagementException { + throws GroupManagementException, UserDoesNotExistException { if (groupId == -1) { return false; } @@ -407,14 +408,21 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm( tenantId).getUserStoreManager(); + if (!userStoreManager.isExistingUser(username)) { + throw new UserDoesNotExistException("User not exists with name " + username); + } roles[0] = "Internal/group-" + groupId + "-" + sharingRole; - if (isAddNew) { + List currentRoles = getRoles(username, groupId); + if (isAddNew && !currentRoles.contains(sharingRole)) { userStoreManager.updateRoleListOfUser(username, null, roles); - } else { + } else if (!isAddNew && currentRoles.contains(sharingRole)) { userStoreManager.updateRoleListOfUser(username, roles, null); } return true; } catch (UserStoreException e) { + if (e instanceof UserDoesNotExistException) { + throw (UserDoesNotExistException) e; + } throw new GroupManagementException("User store error in adding user " + username + " to group name:" + groupId, e); } @@ -532,18 +540,23 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid * {@inheritDoc} */ @Override - public List getRoles(String username, String groupName, String owner) throws GroupManagementException { + public List getRoles(String username, String groupName, String owner) + throws GroupManagementException, UserDoesNotExistException { int groupId = getGroupId(groupName, owner); return getRoles(username, groupId); } - private List getRoles(String username, int groupId) throws GroupManagementException { + private List getRoles(String username, int groupId) + throws GroupManagementException, UserDoesNotExistException { UserStoreManager userStoreManager; List groupRoleList = new ArrayList<>(); try { int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId) .getUserStoreManager(); + if (!userStoreManager.isExistingUser(username)) { + throw new UserDoesNotExistException("User not exists with name " + username); + } String[] roleList = userStoreManager.getRoleListOfUser(username); for (String role : roleList) { if (role != null && role.contains("Internal/group-" + groupId)) { @@ -553,6 +566,9 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } return groupRoleList; } catch (UserStoreException e) { + if (e instanceof UserDoesNotExistException) { + throw (UserDoesNotExistException) e; + } throw new GroupManagementException("Error occurred while getting user store manager.", e); } } @@ -723,7 +739,8 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid * {@inheritDoc} */ @Override - public String[] getPermissions(String username, String groupName, String owner) throws GroupManagementException { + public String[] getPermissions(String username, String groupName, String owner) + throws GroupManagementException, UserDoesNotExistException { UserRealm userRealm; int groupId = getGroupId(groupName, owner); List roles = getRoles(username, groupId); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/groups.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/groups.hbs index 259daf255fb..71c940b6a2e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/groups.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/groups.hbs @@ -81,8 +81,12 @@
-

Select user to manage group sharing

-
Loading...
+

Enter user name to manage group sharing

+
+
+ + +
+ +
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js index 9d4b89a8f0e..86f6768c0e7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.groups/public/js/listing.js @@ -100,10 +100,10 @@ function loadGroups() { var currentUser = groupListing.data("currentUser"); var serviceURL; if ($.hasPermission("LIST_ALL_GROUPS")) { - serviceURL = "/devicemgt_admin/groups?start=0&rowCount=1000"; + serviceURL = "/devicemgt_admin/groups"; } else if ($.hasPermission("LIST_GROUPS")) { //Get authenticated users groups - serviceURL = "/devicemgt_admin/groups/user/" + currentUser + "?start=0&rowCount=1000"; + serviceURL = "/devicemgt_admin/groups/user/" + currentUser; } else { $("#loading-content").remove(); $('#device-table').addClass('hidden'); @@ -133,32 +133,30 @@ function loadGroups() { { targets: 0, data: 'id', className: 'remove-padding icon-only content-fill' , render: function ( data, type, row, meta ) { return '
'; }}, - { targets: 1, data: 'name', className: 'fade-edge' , render: function ( name, type, row, meta ) { - return '

' + name + '

'; - }}, + {targets: 1, data: 'name', className: 'fade-edge'}, { targets: 2, data: 'owner', className: 'fade-edge remove-padding-top'}, { targets: 3, data: 'id', className: 'text-right content-fill text-left-on-grid-view no-wrap' , render: function ( id, type, row, meta ) { var html; html = '' + - '' + - ''; + '' + + ''; html += '' + - '' + - ''; + '' + + ''; html += ''; + 'data-group-owner="' + row.owner + '">' + + ''; html += '' + - ''; + 'data-group-owner="' + row.owner + '" data-group-description="' + row.description + '">' + + ''; html += '' + - ''; + 'data-group-owner="' + row.owner + '">' + + ''; return html; }} @@ -221,12 +219,12 @@ $(document).ready(function () { /* for device list sorting drop down */ $(".ctrl-filter-type-switcher").popover( - { - html: true, - content: function () { - return $("#content-filter-types").html(); - } + { + html: true, + content: function () { + return $("#content-filter-types").html(); } + } ); /* for data tables*/ @@ -235,20 +233,20 @@ $(document).ready(function () { $("[data-toggle=popover]").popover(); $(".ctrl-filter-type-switcher").popover( - { - html: true, - content: function () { - return $('#content-filter-types').html(); - } + { + html: true, + content: function () { + return $('#content-filter-types').html(); } + } ); $('#nav').affix( - { - offset: { - top: $('header').height() - } + { + offset: { + top: $('header').height() } + } ); }); @@ -293,58 +291,23 @@ function attachEvents() { * on Group Management page in WSO2 Device Management Server Console. */ $("a.share-group-link").click(function () { - var username = $("#group-listing").data("current-user"); var groupName = $(this).data("group-name"); var groupOwner = $(this).data("group-owner"); $(modalPopupContent).html($('#share-group-w1-modal-content').html()); - $('#user-names').html('
'); + $("a#share-group-next-link").show(); showPopup(); - $("a#share-group-next-link").hide(); - var userRequest = $.ajax( - { - url: "api/user/all", - method: "GET", - contentType: "application/json", - accept: "application/json" - } - ); - userRequest.done(function (data, txtStatus, jqxhr) { - var users = JSON.parse(data); - var status = jqxhr.status; - if (status == 200) { - var str = '
'; - if (!hasUsers) { - str = "There is no any other users registered"; - $('#user-names').html(str); - return; - } - $('#user-names').html(str); - $("a#share-group-next-link").show(); - $("a#share-group-next-link").click(function () { - var selectedUser = $('#share-user-selector').val(); - getAllRoles(groupName, groupOwner, selectedUser); - }); + $("a#share-group-next-link").click(function () { + var selectedUser = $('#share-user-selector').val(); + if (selectedUser == $("#group-listing").data("current-user")) { + $("#user-names").html("Please specify a user other than current user."); + $("a#share-group-next-link").hide(); } else { - displayErrors(status); + getAllRoles(groupName, groupOwner, selectedUser); } }); - userRequest.fail(function (jqXHR) { - displayErrors(jqXHR); - }); - $("a#share-group-w1-cancel-link").click(function () { hidePopup(); }); - }); /** @@ -360,23 +323,23 @@ function attachEvents() { showPopup(); $("a#remove-group-yes-link").click(function () { - var successCallback = function (data) { + var successCallback = function (data, textStatus, xhr) { data = JSON.parse(data); - if (data.status == 200) { + if (xhr.status == 200) { $(modalPopupContent).html($('#remove-group-200-content').html()); setTimeout(function () { hidePopup(); location.reload(false); }, 2000); } else { - displayErrors(status); + displayErrors(xhr); } }; invokerUtil.delete("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName, - successCallback, function (message) { - displayErrors(message.content); - }); + successCallback, function (message) { + displayErrors(message); + }); }); $("a#remove-group-cancel-link").click(function () { @@ -405,22 +368,22 @@ function attachEvents() { var newGroupDescription = $('#edit-group-description').val(); var group = {"name": newGroupName, "description": newGroupDescription, "owner": groupOwner}; - var successCallback = function (data) { + var successCallback = function (data, textStatus, xhr) { data = JSON.parse(data); - if (data.status == 200) { + if (xhr.status == 200) { setTimeout(function () { hidePopup(); location.reload(false); }, 2000); } else { - displayErrors(status); + displayErrors(xhr); } }; invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName, group, - successCallback, function (message) { - displayErrors(message.content); - }); + successCallback, function (message) { + displayErrors(message); + }); }); $("a#edit-group-cancel-link").click(function () { @@ -433,23 +396,23 @@ function getAllRoles(groupName, groupOwner, selectedUser) { $(modalPopupContent).html($('#share-group-w2-modal-content').html()); $('#user-roles').html('
'); $("a#share-group-yes-link").hide(); - var successCallback = function (data) { + var successCallback = function (data, textStatus, xhr) { data = JSON.parse(data); - if (data.status == 200) { - if (data.data.length > 0) { - generateRoleMap(groupName, groupOwner, selectedUser, data.data); + if (xhr.status == 200) { + if (data.length > 0) { + generateRoleMap(groupName, groupOwner, selectedUser, data); } else { $('#user-roles').html("There is no any roles for this group."); } } else { - displayErrors(status); + displayErrors(xhr); } }; invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles", - successCallback, function (message) { - displayErrors(message.content); - }); + successCallback, function (message) { + displayErrors(message); + }); $("a#share-group-w2-cancel-link").click(function () { hidePopup(); @@ -457,77 +420,63 @@ function getAllRoles(groupName, groupOwner, selectedUser) { } function generateRoleMap(groupName, groupOwner, selectedUser, allRoles) { - var successCallback = function (data) { + var successCallback = function (data, textStatus, xhr) { data = JSON.parse(data); - if (data.status == 200) { - var userRoles = data.data; - var roleMap = []; + if (xhr.status == 200) { + var userRoles = data; var str = ''; - var isChecked = ''; - for (var role in allRoles) { - var objRole = {"role": allRoles[role], "assigned": false}; - for (var usrRole in userRoles) { - if (allRoles[role] == userRoles[usrRole]) { - objRole.assigned = true; + for (var i = 0; i < allRoles.length; i++) { + var isChecked = ''; + for (var j = 0; j < userRoles.length; j++) { + if (allRoles[i] == userRoles[j]) { isChecked = 'checked'; break; } } - str += '    '; - roleMap.push(objRole); + str += '    '; } $('#user-roles').html(str); $("a#share-group-yes-link").show(); - var isOngoing; + $("a#share-group-yes-link").show(); $("a#share-group-yes-link").click(function () { - if (isOngoing) { - return false; - } - $("a#share-group-yes-link").html("Wait..."); - isOngoing = true; - for (var role in roleMap) { - if ($('#user-role-' + roleMap[role].role).is(':checked') != roleMap[role].assigned) { - roleMap[role].assigned = $('#user-role-' + roleMap[role].role).is(':checked'); - updateGroupShare(groupName, groupOwner, selectedUser, roleMap[role]); + var roles = []; + for (var i = 0; i < allRoles.length; i++) { + if ($('#user-role-' + allRoles[i]).is(':checked')) { + roles.push(allRoles[i]); } } + updateGroupShare(groupName, groupOwner, selectedUser, roles); }); } else { - displayErrors(status); + displayErrors(xhr); } }; invokerUtil.get("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser, - successCallback, function (message) { - displayErrors(message.content); - }); + successCallback, function (message) { + displayErrors(message); + }); $("a#share-group-w2-cancel-link").click(function () { hidePopup(); }); } -function updateGroupShare(groupName, groupOwner, selectedUser, role) { +function updateGroupShare(groupName, groupOwner, selectedUser, roles) { var successCallback = function (data) { - data = JSON.parse(data); - var status = data.status; - if (status == 200) { - $(modalPopupContent).html($('#share-group-200-content').html()); - setTimeout(function () { - hidePopup(); - location.reload(false); - }, 2000); - } else { - displayErrors(status); - } + $(modalPopupContent).html($('#share-group-200-content').html()); + setTimeout(function () { + hidePopup(); + location.reload(false); + }, 2000); }; - invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/share/roles?userName=" + selectedUser, - role, successCallback, function (message) { - displayErrors(message.content); + invokerUtil.put("/devicemgt_admin/groups/owner/" + groupOwner + "/name/" + groupName + "/user/" + selectedUser + "/share/roles", + roles, successCallback, function (message) { + displayErrors(message); }); } @@ -543,6 +492,12 @@ function displayErrors(jqXHR) { $("a#group-403-link").click(function () { hidePopup(); }); + } else if (jqXHR.status == 404) { + $(modalPopupContent).html($('#group-404-content').html()); + $("#group-404-message").html(jqXHR.responseText); + $("a#group-404-link").click(function () { + hidePopup(); + }); } else if (jqXHR.status == 409) { $(modalPopupContent).html($('#group-409-content').html()); $("a#group-409-link").click(function () { @@ -555,4 +510,4 @@ function displayErrors(jqXHR) { }); console.log("Error code: " + jqXHR.status); } -} +} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.service-invoker-utility/public/js/invoker-lib.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.service-invoker-utility/public/js/invoker-lib.js index 15679db0630..cd9d2e5d29f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.service-invoker-utility/public/js/invoker-lib.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.service-invoker-utility/public/js/invoker-lib.js @@ -50,7 +50,6 @@ var invokerUtil = function () { accept: acceptType, success: successCallback }; - console.log(data); var paramValue = {}; paramValue.actionMethod = methoad; paramValue.actionUrl = url; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf index d18daaa1723..10170e94574 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf @@ -8,7 +8,7 @@ "path": "/api/device-api.jag" }, { - "url": "/api/group/*", + "url": "/api/groups/*", "path": "/api/group-api.jag" }, {