From acb2c38799077744a4bb21a9ca54d151d35f50cf Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Sat, 24 Dec 2016 00:40:24 +0530
Subject: [PATCH] Fixing user is not authorized to view devices

---
 .../mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java
index 7de6903180..846fbbb69b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceManagementServiceImpl.java
@@ -45,6 +45,7 @@ import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
 import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData;
 import org.wso2.carbon.policy.mgt.common.monitor.PolicyComplianceException;
 import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 
 import javax.validation.constraints.Size;
 import javax.ws.rs.*;
@@ -113,15 +114,16 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
             }
 
             // this is the user who initiates the request
-            String authorizedUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
+            String authorizedUser = MultitenantUtils.getTenantAwareUsername(CarbonContext.getThreadLocalCarbonContext().getUsername());
 
             // check whether the user is device-mgt admin
             if (deviceAccessAuthorizationService.isDeviceAdminUser()) {
                 if (user != null && !user.isEmpty()) {
-                    request.setOwner(user);
+                    request.setOwner(MultitenantUtils.getTenantAwareUsername(user));
                 }
             } else {
                 if (user != null && !user.isEmpty()) {
+                    user = MultitenantUtils.getTenantAwareUsername(user);
                     if (user.equals(authorizedUser)) {
                         request.setOwner(user);
                     } else {