From de2f85de2eaf7224536e590bcc4e41e502e2a8ba Mon Sep 17 00:00:00 2001 From: Harshan Liyanage Date: Fri, 16 Dec 2016 19:30:41 +0530 Subject: [PATCH 1/2] IOTS-337:Fixed permission remove issue when updating role permissions. --- .../impl/RoleManagementServiceImpl.java | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java index 35ccabfab3..bf79d20be2 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -143,6 +143,28 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + private UIPermissionNode getAllRolePermissions(String roleName) { + try { + final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); + if (!userRealm.getUserStoreManager().isExistingRole(roleName)) { + throw new IllegalArgumentException("No role exists with the name '" + roleName + "'"); + } + org.wso2.carbon.user.core.UserRealm userRealmCore = null; + if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) { + userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm; + } + final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore); + final UIPermissionNode rolePermissions = + userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID); + return rolePermissions; + } catch (UserAdminException e) { + log.error("Error occurred while retrieving the permissions of user role : '" + roleName + "'", e); + } catch (UserStoreException e) { + log.error("Error occurred while retrieving the permissions of user role : '" + roleName + "'", e); + } + return null; + } + private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm) throws UserAdminException { org.wso2.carbon.user.core.UserRealm userRealmCore = null; @@ -228,6 +250,19 @@ public class RoleManagementServiceImpl implements RoleManagementService { return list; } + + private List getAuthorizedPermissions(UIPermissionNode uiPermissionNode, List list) { + for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) { + if (permissionNode.isSelected()) { + list.add(permissionNode.getResourcePath()); + } + if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) { + getAuthorizedPermissions(permissionNode, list); + } + } + return list; + } + @POST @Override public Response addRole(RoleInfo roleInfo) { @@ -377,6 +412,17 @@ public class RoleManagementServiceImpl implements RoleManagementService { } if (roleInfo.getPermissions() != null) { + // Get all role permissions + final UIPermissionNode rolePermissions = this.getAllRolePermissions(roleName); + List permissions = new ArrayList(); + this.getAuthorizedPermissions(rolePermissions, permissions); + for (String permission : roleInfo.getPermissions()) { + permissions.add(permission); + } + String [] allapplicablePerms = new String[permissions.size()]; + allapplicablePerms = permissions.toArray(allapplicablePerms); + roleInfo.setPermissions(allapplicablePerms); + // Delete all authorizations for the current role before authorizing the permission tree authorizationManager.clearRoleAuthorization(roleName); if (roleInfo.getPermissions().length > 0) { From a2a03a523ef17da1b8cf61f058631e56c065d928 Mon Sep 17 00:00:00 2001 From: Harshan Liyanage Date: Fri, 16 Dec 2016 19:46:14 +0530 Subject: [PATCH 2/2] Refactored RoleMgtServiceImpl. --- .../impl/RoleManagementServiceImpl.java | 40 ++++++++----------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java index bf79d20be2..ee664e2c63 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -143,26 +143,15 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } - private UIPermissionNode getAllRolePermissions(String roleName) { - try { - final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); - if (!userRealm.getUserStoreManager().isExistingRole(roleName)) { - throw new IllegalArgumentException("No role exists with the name '" + roleName + "'"); - } - org.wso2.carbon.user.core.UserRealm userRealmCore = null; - if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) { - userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm; - } - final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore); - final UIPermissionNode rolePermissions = - userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID); - return rolePermissions; - } catch (UserAdminException e) { - log.error("Error occurred while retrieving the permissions of user role : '" + roleName + "'", e); - } catch (UserStoreException e) { - log.error("Error occurred while retrieving the permissions of user role : '" + roleName + "'", e); + private UIPermissionNode getAllRolePermissions(String roleName, UserRealm userRealm) throws UserAdminException { + org.wso2.carbon.user.core.UserRealm userRealmCore = null; + if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) { + userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm; } - return null; + final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore); + final UIPermissionNode rolePermissions = + userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID); + return rolePermissions; } private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm) @@ -413,15 +402,15 @@ public class RoleManagementServiceImpl implements RoleManagementService { if (roleInfo.getPermissions() != null) { // Get all role permissions - final UIPermissionNode rolePermissions = this.getAllRolePermissions(roleName); + final UIPermissionNode rolePermissions = this.getAllRolePermissions(roleName, userRealm); List permissions = new ArrayList(); this.getAuthorizedPermissions(rolePermissions, permissions); for (String permission : roleInfo.getPermissions()) { permissions.add(permission); } - String [] allapplicablePerms = new String[permissions.size()]; - allapplicablePerms = permissions.toArray(allapplicablePerms); - roleInfo.setPermissions(allapplicablePerms); + String [] allApplicablePerms = new String[permissions.size()]; + allApplicablePerms = permissions.toArray(allApplicablePerms); + roleInfo.setPermissions(allApplicablePerms); // Delete all authorizations for the current role before authorizing the permission tree authorizationManager.clearRoleAuthorization(roleName); @@ -440,6 +429,11 @@ public class RoleManagementServiceImpl implements RoleManagementService { log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } catch (UserAdminException e) { + String msg = "Error occurred while updating permissions of the role '" + roleName + "'"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } }