From c722dfa7792c54d947f42fb43afb04a425be8dcf Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 7 Dec 2016 22:57:53 +0530 Subject: [PATCH 1/2] Adding ui permissions to the operations on android --- .../operation-bar.hbs | 4 +-- .../operation-bar.js | 27 ++++++++++----- .../private/config.json | 33 ++++++++++++------- 3 files changed, 42 insertions(+), 22 deletions(-) diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.hbs b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.hbs index ac9d9b0f11..c9f1d5c584 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.hbs +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.hbs @@ -15,7 +15,7 @@ specific language governing permissions and limitations under the License. }} -{{#if control_operations}} +{{#if controlOperations}}
- {{#each control_operations}} + {{#each controlOperations}} {{#if iconFont}} diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.js b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.js index cd5ead0ca2..a26d0a883e 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.js +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.operation-bar/operation-bar.js @@ -19,28 +19,37 @@ function onRequest(context) { var log = new Log("operation.js"); var operationModule = require("/app/modules/business-controllers/operation.js")["operationModule"]; + var userModule = require("/app/modules/business-controllers/user.js")["userModule"]; + var device = context.unit.params.device; var autoCompleteParams = context.unit.params.autoCompleteParams; - var encodedFeaturePayloads=context.unit.params.encodedFeaturePayloads; - var controlOperations = operationModule.getControlOperations(device.type); + var encodedFeaturePayloads = context.unit.params.encodedFeaturePayloads; + var allControlOps = operationModule.getControlOperations(device.type); + var filteredControlOps = []; var queryParams = []; var formParams = []; var pathParams = []; - for (var i = 0; i < controlOperations.length; i++) { - var currentParamList = controlOperations[i]["params"]; - var uiParamList = controlOperations[i]["uiParams"]; + for (var i = 0; i < allControlOps.length; i++) { + var controlOperation = {}; + var uiPermission = allControlOps[i]["uiPermission"]; + if (uiPermission && !userModule.isAuthorized("/permission/admin/" + uiPermission)) { + continue; + } + controlOperation = allControlOps[i]; + var currentParamList = allControlOps[i]["params"]; for (var j = 0; j < currentParamList.length; j++) { var currentParam = currentParamList[j]; currentParamList[j]["formParams"] = processParams(currentParam["formParams"], autoCompleteParams); currentParamList[j]["queryParams"] = processParams(currentParam["queryParams"], autoCompleteParams); currentParamList[j]["pathParams"] = processParams(currentParam["pathParams"], autoCompleteParams); } - controlOperations[i]["uiParams"] = uiParamList; + controlOperation["params"] = currentParamList; if (encodedFeaturePayloads) { - controlOperations[i]["payload"] = getPayload(encodedFeaturePayloads, controlOperations[i]["operation"]); + allControlOps[i]["payload"] = getPayload(encodedFeaturePayloads, allControlOps[i]["operation"]); } + filteredControlOps.push(controlOperation); } - return {"control_operations": controlOperations, "device": device}; + return {"controlOperations": filteredControlOps, "device": device}; } function processParams(paramsList, autoCompleteParams) { @@ -59,7 +68,7 @@ function processParams(paramsList, autoCompleteParams) { return paramsList; } -function getPayload(featuresPayload, featureCode){ +function getPayload(featuresPayload, featureCode) { var featuresJSONPayloads = JSON.parse(featuresPayload); return featuresJSONPayloads[featureCode]; } \ No newline at end of file diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.type-view/private/config.json b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.type-view/private/config.json index 16531f0c47..230cb4a934 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.type-view/private/config.json +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.type-view/private/config.json @@ -6,7 +6,8 @@ "groupingEnabled": "false", "features": { "DEVICE_RING": { - "icon": "fw-dial-up" + "icon": "fw-dial-up", + "permission": "/device-mgt/devices/owning-device/operations/android/ring" }, "DEVICE_LOCK": { "icon": "fw-lock", @@ -22,16 +23,20 @@ "optional": true, "label": "Hard lock enabled" } - ] + ], + "permission": "/device-mgt/devices/owning-device/operations/android/lock" }, "DEVICE_LOCATION": { - "icon": "fw-map-location" + "icon": "fw-map-location", + "permission": "/device-mgt/devices/owning-device/operations/android/location" }, "CLEAR_PASSWORD": { - "icon": "fw-clear" + "icon": "fw-clear", + "permission": "/device-mgt/devices/owning-device/operations/android/clear-password" }, "DEVICE_REBOOT": { - "icon": "fw-refresh" + "icon": "fw-refresh", + "permission": "/device-mgt/devices/owning-device/operations/android/reboot" }, "UPGRADE_FIRMWARE": { "icon": "fw-hardware", @@ -55,10 +60,12 @@ "optional": true, "label": "Enter firmware upgrade server URL (ie. http://abc.com or http://abc.com/ota)" } - ] + ], + "permission": "/device-mgt/devices/owning-device/operations/android/upgrade" }, "DEVICE_MUTE": { - "icon": "fw-mute" + "icon": "fw-mute", + "permission": "/device-mgt/devices/owning-device/operations/android/mute" }, "NOTIFICATION": { "icon": "fw-message", @@ -75,7 +82,8 @@ "optional": false, "label": "Message Here..." } - ] + ], + "permission": "/device-mgt/devices/owning-device/operations/android/send-notification" }, "CHANGE_LOCK_CODE": { "icon": "fw-security", @@ -86,10 +94,12 @@ "optional": false, "label": "Lock Code" } - ] + ], + "permission": "/device-mgt/devices/owning-device/operations/android/change-lock-code" }, "ENTERPRISE_WIPE": { - "icon": "fw-block" + "icon": "fw-block", + "permission": "/device-mgt/devices/owning-device/operations/android/enterprise-wipe" }, "WIPE_DATA": { "icon": "fw-delete", @@ -100,7 +110,8 @@ "optional": false, "label": "Enter PIN code* of the device." } - ] + ], + "permission": "/device-mgt/devices/owning-device/operations/android/wipe" } } } From 600e2529bd9072400b7e5f55cce5ecdcd01508d4 Mon Sep 17 00:00:00 2001 From: Megala Date: Fri, 16 Dec 2016 14:10:38 +0530 Subject: [PATCH 2/2] Fixing race conditions in refresh token generation --- .../authorization/client/OAuthRequestInterceptor.java | 2 +- .../authorization/client/OAuthRequestInterceptor.java | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index 1458c85ab5..76466b09d1 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -96,7 +96,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } - synchronized(tokenInfo) { + synchronized(this) { if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java index 9c8832f007..886daa9124 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -79,9 +79,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor { tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } - if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { - tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); - tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + synchronized (this) { + if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } } String headerValue = "Bearer " + tokenInfo.getAccess_token(); template.header("Authorization", headerValue);