From b04bb5f1f1c0e7f933391935c42e7ed7d6ba6a6e Mon Sep 17 00:00:00 2001
From: Menaka Jayawardena <menaka@wso2.com>
Date: Thu, 31 Aug 2017 16:10:07 +0530
Subject: [PATCH 1/3] Disabled edit button for admin role.

---
 .../app/pages/cdmf.page.roles/public/js/role-listing.js      | 5 ++++-
 .../devicemgt/app/pages/cdmf.page.user.view/view.js          | 5 ++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
index c1acb8e9f2..c9cbbb3e8d 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
@@ -150,6 +150,9 @@ function loadRoles() {
 
                 var innerhtml = '';
 
+                //TODO: Remove the hardcoded admin role name.
+                var isAdmin = data.name === 'admin';
+
                 var editLink = '<a onclick="javascript:loadRoleBasedActionURL(\'edit\', \'' + data.name + '\')" ' +
                     'data-role="' + data.name + '" ' +
                     'data-click-event="edit-form" ' +
@@ -196,7 +199,7 @@ function loadRoles() {
                     '<span class="hidden-xs hidden-on-grid-view">Remove</span>' +
                     '</a>';
 
-                if (!isCloud) {
+                if (!isCloud && !isAdmin) {
                     innerhtml = editLink + editPermissionLink + removeLink;
                 }
                 return innerhtml;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js
index 997711701c..63304c70b0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js
@@ -18,8 +18,6 @@
 
 function onRequest(context) {
     var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
-    var username = request.getParameter("username");
-    var user = userModule.getUser(username)["content"];
     var deviceMgtProps = require("/app/modules/conf-reader/main.js")["conf"];
     var isExsistingUser = false;
     var userName = request.getParameter("username");
@@ -48,8 +46,9 @@ function onRequest(context) {
         canView = true;
     }
 
+    //TODO: Remove hardcoded admin user name.
     var canEdit = false;
-    if (userModule.isAuthorized("/permission/admin/device-mgt/users/edit")) {
+    if (userModule.isAuthorized("/permission/admin/device-mgt/users/edit") && userName !== 'admin') {
         canEdit = true;
     }
 

From 21b0ed284b9df78541172e435cd7f5576473024b Mon Sep 17 00:00:00 2001
From: Menaka Jayawardena <menaka@wso2.com>
Date: Thu, 31 Aug 2017 17:24:12 +0530
Subject: [PATCH 2/3] Removed hardcoded admin user name.

---
 .../app/pages/cdmf.page.roles/public/js/role-listing.js      | 5 ++---
 .../devicemgt/app/pages/cdmf.page.user.view/view.js          | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
index c9cbbb3e8d..fa2eaffb6e 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
@@ -150,8 +150,7 @@ function loadRoles() {
 
                 var innerhtml = '';
 
-                //TODO: Remove the hardcoded admin role name.
-                var isAdmin = data.name === 'admin';
+                var isAdminRole = $("#role-table").data("role") === data.name;
 
                 var editLink = '<a onclick="javascript:loadRoleBasedActionURL(\'edit\', \'' + data.name + '\')" ' +
                     'data-role="' + data.name + '" ' +
@@ -199,7 +198,7 @@ function loadRoles() {
                     '<span class="hidden-xs hidden-on-grid-view">Remove</span>' +
                     '</a>';
 
-                if (!isCloud && !isAdmin) {
+                if (!isCloud && !isAdminRole) {
                     innerhtml = editLink + editPermissionLink + removeLink;
                 }
                 return innerhtml;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js
index 63304c70b0..f16ea8db7c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.view/view.js
@@ -46,9 +46,9 @@ function onRequest(context) {
         canView = true;
     }
 
-    //TODO: Remove hardcoded admin user name.
     var canEdit = false;
-    if (userModule.isAuthorized("/permission/admin/device-mgt/users/edit") && userName !== 'admin') {
+    if (userModule.isAuthorized("/permission/admin/device-mgt/users/edit") &&
+        userName !== deviceMgtProps['adminUser'].split("@")[0]) {
         canEdit = true;
     }
 

From 54b616985e53089c805e82962e42637f440dd6e6 Mon Sep 17 00:00:00 2001
From: Menaka Jayawardena <menaka@wso2.com>
Date: Thu, 31 Aug 2017 19:23:34 +0530
Subject: [PATCH 3/3] Added check for updating admin user by typing the url +
 code formatting.

---
 .../app/units/cdmf.unit.role.edit/edit.hbs    | 128 ++++++++++--------
 .../app/units/cdmf.unit.role.edit/edit.js     |   3 +
 2 files changed, 73 insertions(+), 58 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.hbs
index 76fc116776..428f1b8414 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.hbs
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.hbs
@@ -19,68 +19,80 @@
 <div class="row">
     <div class="col-md-12">
         <!-- content -->
-        <div id="role-create-form" data-cloud={{isCloud}} class="container col-centered wr-content">
-            <div class="wr-form">
-                <p class="page-sub-title">Edit Role</p>
-                <p>Please note that * sign represents required fields of data.</p>
-                <hr/>
-                <div class="row">
-                    <div class="col-lg-8">
-                        <div id="role-create-error-msg" class="alert alert-danger hidden" role="alert">
-                            <i class="icon fw fw-error"></i><span></span>
-                        </div>
-                        <label class="wr-input-label">Domain</label>
-                        <div class="wr-input-control">
-                            <select id="domain" class="form-control select" disabled>
-                                <option>{{userStore}}</option>
-                            </select>
-                        </div>
-                        <label class="wr-input-label">
-                            Role Name *
-                        </label>
-                        <br>
-                        <label class="wr-input-label" id="roleNameValidationText">
-                            ( {{roleNameHelpText}} )
-                        </label>
-                        {{#if isCloud}}
-                        <div id="roleNameField" class="form-group wr-input-control input-group">
-                            <!--suppress HtmlFormInputWithoutLabel -->
-                            <span class="input-group-addon" id="basic-addon1">devicemgt</span>
-                            <input aria-describedby="basic-addon1" type="text" id="rolename"
-                                   data-regex="{{roleNameJSRegEx}}"
-                                   data-errormsg="{{roleNameRegExViolationErrorMsg}}" class="form-control"
-                                   data-currentrole="{{role.roleName}}"
-                                   value="{{role.roleName}}"/>
-
-                        {{else}}
-                        <div id="roleNameField" class="form-group wr-input-control">
-                            <input type="text" id="rolename" data-regex="{{roleNameJSRegEx}}"
-                                   data-errormsg="{{roleNameRegExViolationErrorMsg}}" class="form-control"
-                                   data-currentrole="{{role.roleName}}"
-                                   value="{{role.roleName}}"/>
-                        {{/if}}
+        {{#if isAdminRole}}
+            <div class="container col-centered wr-content">
+                <div class="wr-form">
+                    <p class="page-sub-title">Attention!</p>
+                    <hr/>
+                    <br>This is an prohibited action.
+                </div>
+            </div>
+        {{else}}
+            <div id="role-create-form" data-cloud={{isCloud}} class="container">
+                <div class="wr-form">
+                    <p class="page-sub-title">Edit Role</p>
+                    <p>Please note that * sign represents required fields of data.</p>
+                    <hr/>
+                    <div class="row">
+                        <div class="col-lg-8">
+                            <div id="role-create-error-msg" class="alert alert-danger hidden" role="alert">
+                                <i class="icon fw fw-error"></i><span></span>
+                            </div>
+                            <label class="wr-input-label">Domain</label>
+                            <div class="wr-input-control">
+                                <select id="domain" class="form-control select" disabled>
+                                    <option>{{userStore}}</option>
+                                </select>
+                            </div>
+                            <label class="wr-input-label">
+                                Role Name *
+                            </label>
+                            <br>
+                            <label class="wr-input-label" id="roleNameValidationText">
+                                ( {{roleNameHelpText}} )
+                            </label>
+                            {{#if isCloud}}
+                                <div id="roleNameField" class="form-group wr-input-control input-group">
+                                    <!--suppress HtmlFormInputWithoutLabel -->
+                                    <span class="input-group-addon" id="basic-addon1">devicemgt</span>
+                                    <input aria-describedby="basic-addon1" type="text" id="rolename"
+                                           data-regex="{{roleNameJSRegEx}}"
+                                           data-errormsg="{{roleNameRegExViolationErrorMsg}}" class="form-control"
+                                           data-currentrole="{{role.roleName}}"
+                                           value="{{role.roleName}}"/>
+                                </div>
+                            {{else}}
+                                <div id="roleNameField" class="form-group wr-input-control">
+                                    <input type="text" id="rolename" data-regex="{{roleNameJSRegEx}}"
+                                           data-errormsg="{{roleNameRegExViolationErrorMsg}}" class="form-control"
+                                           data-currentrole="{{role.roleName}}"
+                                           value="{{role.roleName}}"/>
+                                </div>
+                            {{/if}}
                             <span class=" rolenameError hidden glyphicon glyphicon-remove form-control-feedback"></span>
                             <label class="error rolenameEmpty hidden" for="summary">Role name is required & Should be in
-                                minimum 3 characters long and do not
-                                include any whitespaces. </label>
+                                                                                    minimum 3 characters long and do not
+                                                                                    include any whitespaces. </label>
+
+                            <br>
+                            <button id="add-role-btn" class="wr-btn">Update Role</button>
+
+                            <div id="role-created-msg" class="container col-centered wr-content hidden">
+                                <div class="wr-form">
+                                    <p class="page-sub-title">Role was updated successfully.</p>
+                                    <br>You will be redirected to Roles Listing Page in a moment.
+                                </div>
+                            </div>
+                            <!-- /content -->
+                            <div id="app-context" data-app-context="{{@app.context}}" class="hidden"></div>
                         </div>
                     </div>
-                    </div>
-                    <br>
-                    <button id="add-role-btn" class="wr-btn">Update Role</button>
-                </div>
-            </div>
-            <div id="role-created-msg" class="container col-centered wr-content hidden">
-                <div class="wr-form">
-                    <p class="page-sub-title">Role was updated successfully.</p>
-                    <br>You will be redirected to Roles Listing Page in a moment.
                 </div>
             </div>
-            <!-- /content -->
-            <div id="app-context" data-app-context="{{@app.context}}" class="hidden"></div>
-        </div>
+        {{/if}}
     </div>
-    <!-- /content/body -->
-    {{#zone "bottomJs"}}
-        {{js "js/bottomJs.js"}}
-    {{/zone}}
+</div>
+<!-- /content/body -->
+{{#zone "bottomJs"}}
+    {{js "js/bottomJs.js"}}
+{{/zone}}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.js
index d5c363ef1f..86ff656737 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.js
@@ -31,6 +31,8 @@ function onRequest(context) {
     var userStore;
     context.isCloud = deviceMgtProps.isCloud;
 
+    var isAdminRole = deviceMgtProps["adminRole"] === roleName;
+
     if (roleName) {
         if (roleName.indexOf("/") > -1) {
             userStore = roleName.substr(0, roleName.indexOf("/"));
@@ -41,6 +43,7 @@ function onRequest(context) {
         if (response["status"] == "success") {
             context["role"] = response["content"];
         }
+        context["isAdminRole"] = isAdminRole;
         context["userStore"] = userStore;
         context["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"];
         context["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"];