Merge pull request 'Add api for get visible roles' (#146) from nishan/device-mgt-core:add-visible-role-api into master

Reviewed-on: community/device-mgt-core#146
api-performance
commit e0a1cd3dbb

@ -3658,13 +3658,6 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);
} }
if (!hasUserRole(unrestrictedRoles, userName)) {
String msg = "You are trying to restrict the visibility of the application for a role set, but "
+ "in order to perform the action at least one role should be assigned to user: "
+ userName;
log.error(msg);
throw new BadRequestException(msg);
}
} }
Filter filter = new Filter(); Filter filter = new Filter();

@ -187,6 +187,104 @@ public interface RoleManagementService {
defaultValue = "5") defaultValue = "5")
@QueryParam("limit") int limit); @QueryParam("limit") int limit);
@GET
@Path("/visible/{metaKey}")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting the List of Visible Roles",
notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" +
"Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.",
tags = "Role Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view")
})
}
)
@ApiResponses(value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.",
response = RoleList.class,
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource has been modified the last time.\n" +
"Used by caches, or in conditional requests."),
}),
@ApiResponse(
code = 304,
message = "Not Modified. \n Empty body because the client already has the latest version of the " +
"requested resource."),
@ApiResponse(
code = 404,
message = "Not Found. \n The specified resource does not exist.\n",
response = ErrorResponse.class),
@ApiResponse(
code = 406,
message = "Not Acceptable.\n The requested media type is not supported",
response = ErrorResponse.class),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while fetching the list of roles" +
" assigned to the specified user.",
response = ErrorResponse.class)
})
Response getVisibleRole(
@ApiParam(
name = "filter",
value = "Provide a character or a few characters in the role name.",
required = false)
@QueryParam("filter") String filter,
@ApiParam(
name = "user-store",
value = "The name of the UserStore you wish to get the list of roles.",
required = false)
@QueryParam("user-store") String userStoreName,
@ApiParam(
name = "If-Modified-Since",
value = "Checks if the requested variant was modified, since the specified date-time." +
"Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" +
"Example: Mon, 05 Jan 2014 15:10:00 +0200",
required = false)
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@ApiParam(
name = "offset",
value = "The starting pagination index for the complete list of qualified items.",
required = false,
defaultValue = "0")
@QueryParam("offset") int offset,
@ApiParam(
name = "limit",
value = "Provide how many role details you require from the starting pagination index/offset.",
required = false,
defaultValue = "5")
@QueryParam("limit") int limit,
@ApiParam(
name = "username",
value = "The username of the user.",
required = true,
defaultValue = "admin")
@QueryParam("username") String username,
@ApiParam(
name = "domain",
value = "The domain name of the user store.",
required = false)
@QueryParam("domain") String domain,
@ApiParam(
name = "metaKey",
value = "Key of the metadata",
required = true)
@PathParam("metaKey") String metaKey);
@GET @GET
@Path("/filter/{prefix}") @Path("/filter/{prefix}")
@ApiOperation( @ApiOperation(

@ -17,7 +17,13 @@
*/ */
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.apache.axis2.databinding.types.xsd._boolean;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.base.MultitenantConstants;
@ -97,6 +103,91 @@ public class RoleManagementServiceImpl implements RoleManagementService {
} }
} }
@GET
@Path("/visible/{metaKey}")
@Override
public Response getVisibleRole(
@QueryParam("filter") String filter,
@QueryParam("user-store") String userStore,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("limit") int limit,
@QueryParam("username") String username, @QueryParam("domain") String domain,
@PathParam("metaKey") String metaKey) {
RequestValidationUtil.validatePaginationParameters(offset, limit);
if (limit == 0){
limit = Constants.DEFAULT_PAGE_LIMIT;
}
if (domain != null && !domain.isEmpty()) {
username = domain + '/' + username;
}
Metadata metadata;
List<String> visibleRoles;
RoleList visibleRoleList = new RoleList();
try {
metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey);
String metaValue = metadata.getMetaValue();
JSONParser parser = new JSONParser();
JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles");
if (decision) {
if(userStore == null || "".equals(userStore)){
userStore = PRIMARY_USER_STORE;
}
try{
visibleRoles =getRolesFromUserStore(filter, userStore);
visibleRoleList.setList(visibleRoles);
visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit);
visibleRoleList.setList(visibleRoles);
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving roles from the underlying user stores";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
} else {
try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
if (log.isDebugEnabled()) {
log.debug("User by username: " + username + " does not exist for role retrieval.");
}
String msg = "User by username: " + username + " does not exist for role retrieval.";
return Response.status(Response.Status.NOT_FOUND).entity(msg).build();
}
visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username));
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
}catch (UserStoreException e) {
String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey;
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (ParseException e) {
throw new RuntimeException(e);
}
}
private List<String> getFilteredVisibleRoles(UserStoreManager userStoreManager, String username)
throws UserStoreException {
String[] roleListOfUser;
roleListOfUser = userStoreManager.getRoleListOfUser(username);
List<String> filteredRoles = new ArrayList<>();
for (String role : roleListOfUser) {
if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) {
filteredRoles.add(role);
}
}
return filteredRoles;
}
@GET @GET
@Path("/filter/{prefix}") @Path("/filter/{prefix}")
@Override @Override

Loading…
Cancel
Save