From 5c680b3f655b5419b62208d2fe60b7cb2ebba137 Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Wed, 4 May 2016 04:13:39 +0530
Subject: [PATCH 1/2] Fixing issue on group permission validating

---
 .../DeviceAccessAuthorizationServiceImpl.java            | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
index d3d3ed09c0..4707bcdd4c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
@@ -38,6 +38,7 @@ import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
 
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 
@@ -186,8 +187,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
                 DeviceManagementDataHolder.getInstance().getGroupManagementProviderService()
                         .getGroups(deviceIdentifier);
         for (DeviceGroup group : authorizedGroups) {
-            if (groupsWithDevice.contains(group)) {
-                return true;
+            Iterator<DeviceGroup> groupsWithDeviceIterator = groupsWithDevice.iterator();
+            while (groupsWithDeviceIterator.hasNext()) {
+                DeviceGroup deviceGroup = groupsWithDeviceIterator.next();
+                if (deviceGroup.getId() == group.getId()) {
+                    return true;
+                }
             }
         }
         return false;

From 18edc21a041fa7d2d79265d361386459baaac21a Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Wed, 4 May 2016 04:14:09 +0530
Subject: [PATCH 2/2] Adding group permissions validation for operations

---
 .../operation/mgt/OperationManagerImpl.java    | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java
index 9e156618b6..5ec27f4c7c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java
@@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.device.mgt.common.*;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
 import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
 import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
@@ -88,7 +89,8 @@ public class OperationManagerImpl implements OperationManager {
                 authorizedDeviceList = deviceIds;
             } else {
                 authorizedDeviceList = DeviceManagementDataHolder.getInstance().
-                        getDeviceAccessAuthorizationService().isUserAuthorized(deviceIds).getAuthorizedDevices();
+                        getDeviceAccessAuthorizationService().isUserAuthorized(deviceIds, DeviceGroupConstants.
+                        Permissions.DEFAULT_OPERATOR_PERMISSIONS).getAuthorizedDevices();
             }
             if (authorizedDeviceList.size() > 0) {
                 try {
@@ -146,7 +148,7 @@ public class OperationManagerImpl implements OperationManager {
         List<Operation> operations = new ArrayList<>();
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {
@@ -202,7 +204,7 @@ public class OperationManagerImpl implements OperationManager {
         List<Operation> operations = new ArrayList<>();
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {
@@ -266,7 +268,7 @@ public class OperationManagerImpl implements OperationManager {
         List<org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> dtoOperationList = new ArrayList<>();
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {
@@ -330,7 +332,7 @@ public class OperationManagerImpl implements OperationManager {
         int enrolmentId;
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {
@@ -400,7 +402,7 @@ public class OperationManagerImpl implements OperationManager {
         int enrolmentId;
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {
@@ -480,7 +482,7 @@ public class OperationManagerImpl implements OperationManager {
         }
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {
@@ -554,7 +556,7 @@ public class OperationManagerImpl implements OperationManager {
         int enrolmentId;
         try {
             boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
-                    isUserAuthorized(deviceId);
+                    isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
             if (isUserAuthorized) {
                 try {
                     try {