diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension.api/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension.api/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/api/filter/ApiPermissionFilter.java index 50bab8861f..1d74e5f139 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension.api/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/api/filter/ApiPermissionFilter.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension.api/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/api/filter/ApiPermissionFilter.java @@ -58,9 +58,6 @@ public class ApiPermissionFilter implements Filter { PermissionConfiguration permissionConfiguration = (PermissionConfiguration) unmarshaller.unmarshal(permissionStream); permissions = permissionConfiguration.getPermissions(); - for (Permission permission : permissions) { - APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath()); - } } catch (JAXBException e) { log.error("invalid permissions.xml", e); } diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml index 82a630ed00..a0805b1605 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml @@ -184,6 +184,7 @@ io.entgra.device.mgt.core.device.mgt.common.metadata.mgt, io.entgra.device.mgt.core.device.mgt.core.config, io.entgra.device.mgt.core.device.mgt.core.config.permission, + io.entgra.device.mgt.core.device.mgt.core.permission.mgt.*;version="${io.entgra.device.mgt.core.version.range}", io.swagger.annotations;version="[1.6,2)", javax.servlet;version="[2.6,3)", javax.xml.bind;version="[0.0,1)", diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java index b66d723a1a..f73e93500b 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherService.java @@ -19,6 +19,8 @@ package io.entgra.device.mgt.core.apimgt.webapp.publisher; import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; +import java.util.List; /** * This interface represents all methods related to API manipulation that's done as part of API-Management tasks. @@ -39,7 +41,7 @@ public interface APIPublisherService { /** * Add default scopes defined in the cdm-config.xml */ - void addDefaultScopesIfNotExist() throws APIManagerPublisherException; + public void addDefaultScopesIfNotExist(List defaultPermissions) throws APIManagerPublisherException; /** * If the permissions are in the permission list, identify the relevant scopes of the supplied permission list diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java index c3e5a6bc54..ec36deb4c8 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java @@ -435,13 +435,11 @@ public class APIPublisherServiceImpl implements APIPublisherService { } @Override - public void addDefaultScopesIfNotExist() throws APIManagerPublisherException { + public void addDefaultScopesIfNotExist(List defaultPermissions) throws APIManagerPublisherException { WebappPublisherConfig config = WebappPublisherConfig.getInstance(); List tenants = new ArrayList<>(Collections.singletonList(APIConstants.SUPER_TENANT_DOMAIN)); tenants.addAll(config.getTenants().getTenant()); - DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); - DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); APIApplicationServices apiApplicationServices = APIPublisherDataHolder.getInstance().getApiApplicationServices(); PublisherRESTAPIServices publisherRESTAPIServices = APIPublisherDataHolder.getInstance().getPublisherRESTAPIServices(); @@ -460,7 +458,7 @@ public class APIPublisherServiceImpl implements APIPublisherService { apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); Scope scope = new Scope(); - for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) { + for (DefaultPermission defaultPermission : defaultPermissions) { if (!publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, defaultPermission.getScopeMapping().getKey())) { ScopeMapping scopeMapping = defaultPermission.getScopeMapping(); diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java index bd3451c4e3..e77abd3a8d 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherStartupHandler.java @@ -27,10 +27,12 @@ import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataKeyAlready import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; +import io.entgra.device.mgt.core.device.mgt.common.permission.mgt.PermissionManagementException; import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager; import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig; import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions; +import io.entgra.device.mgt.core.device.mgt.core.permission.mgt.PermissionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.PrivilegedCarbonContext; @@ -103,16 +105,20 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { } try { + DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); + DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); publisher.updateScopeRoleMapping(); - publisher.addDefaultScopesIfNotExist(); + publisher.addDefaultScopesIfNotExist(defaultPermissions.getDefaultPermissions()); } catch (APIManagerPublisherException e) { log.error("failed to update scope role mapping.", e); } try { + DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); + DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); - updateScopeMetadataEntryWithDefaultScopes(); + updateScopeMetadataEntryWithDefaultScopes(defaultPermissions.getDefaultPermissions()); } finally { PrivilegedCarbonContext.endTenantFlow(); } @@ -163,13 +169,11 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { * Update permission scope mapping entry with default scopes if perm-scope-mapping entry exists, otherwise this function * will create that entry and update the value with default permissions. */ - private void updateScopeMetadataEntryWithDefaultScopes() { + public static void updateScopeMetadataEntryWithDefaultScopes(List defaultPermissions) { Map permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping(); Metadata permScopeMapping; MetadataManagementService metadataManagementService = APIPublisherDataHolder.getInstance().getMetadataManagementService(); - DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig(); - DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions(); try { permScopeMapping = metadataManagementService.retrieveMetadata(Constants.PERM_SCOPE_MAPPING_META_KEY); @@ -179,11 +183,11 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { new HashMap<>(); } - for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) { + for (DefaultPermission defaultPermission : defaultPermissions) { permScopeMap.putIfAbsent(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey()); + PermissionUtils.putPermission(defaultPermission.getName()); } - permScopeMapping = new Metadata(); permScopeMapping.setMetaKey(Constants.PERM_SCOPE_MAPPING_META_KEY); permScopeMapping.setMetaValue(gson.toJson(permScopeMap)); @@ -200,6 +204,9 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { log.error("Metadata entry already exists for " + Constants.PERM_SCOPE_MAPPING_META_KEY); } catch (MetadataManagementException e) { log.error("Error encountered while updating permission scope mapping metadata with default scopes"); + } catch (PermissionManagementException e) { + String msg = "Error when adding default permission to the registry "; + log.error(msg, e); } } } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/pom.xml b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/pom.xml index 6fc308d4b6..6f2c1154fc 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/pom.xml +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/pom.xml @@ -65,6 +65,7 @@ io.entgra.device.mgt.core.device.mgt.common.app.mgt;version="${io.entgra.device.mgt.core.version.range}", io.entgra.device.mgt.core.device.mgt.common.operation.mgt;version="${io.entgra.device.mgt.core.version.range}", io.entgra.device.mgt.core.device.mgt.core.common.exception;version="${io.entgra.device.mgt.core.version.range}", + io.entgra.device.mgt.core.device.mgt.core.config.permission.*, io.swagger.annotations;version="[1.6,2)", javax.validation.constraints;version="[2.0,3)", javax.xml.bind.annotation;version="[0.0,1)" diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/LifecycleState.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/LifecycleState.java index b00dd8535d..01b311f748 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/LifecycleState.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/LifecycleState.java @@ -22,6 +22,7 @@ import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElementWrapper; import javax.xml.bind.annotation.XmlRootElement; import java.util.List; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping; /** * This class represents the lifecycle state config @@ -37,6 +38,16 @@ public class LifecycleState { private boolean isInitialState; private boolean isEndState; private boolean isDeletableState; + private ScopeMapping scopeMapping; + + @XmlElement(name = "MappedScopeDetails", required = true) + public ScopeMapping getScopeMapping() { + return scopeMapping; + } + + public void setScopeMapping(ScopeMapping scopeMapping) { + this.scopeMapping = scopeMapping; + } @XmlAttribute(name = "name") public String getName() { diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/ScopeMapping.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/ScopeMapping.java new file mode 100644 index 0000000000..9bda477b7a --- /dev/null +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/config/ScopeMapping.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2018 - 2024, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.application.mgt.common.config; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement(name = "MappedScopeDetails") +public class ScopeMapping { + + private String name; + private String key; + + private String defaultRoles; + + @XmlElement(name = "Name", required = true) + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @XmlElement(name = "Key", required = true) + public String getKey() { + return key; + } + + public void setKey(String key) { + this.key = key; + } + + @XmlElement(name = "DefaultRoles", required = true) + public String getDefaultRoles() { + return defaultRoles; + } + + public void setDefaultRoles(String defaultRoles) { + this.defaultRoles = defaultRoles; + } +} diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml index 5f663268d1..2eb55bbe75 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml @@ -60,6 +60,7 @@ io.entgra.device.mgt.core.apimgt.application.extension;version="${io.entgra.device.mgt.core.version.range}", io.entgra.device.mgt.core.apimgt.application.extension.dto;version="${io.entgra.device.mgt.core.version.range}", io.entgra.device.mgt.core.apimgt.application.extension.exception;version="${io.entgra.device.mgt.core.version.range}", + io.entgra.device.mgt.core.apimgt.webapp.publisher.* io.entgra.device.mgt.core.application.mgt.common;version="${io.entgra.device.mgt.core.version.range}", io.entgra.device.mgt.core.application.mgt.common.config;version="${io.entgra.device.mgt.core.version.range}", io.entgra.device.mgt.core.application.mgt.common.dto;version="${io.entgra.device.mgt.core.version.range}", @@ -443,6 +444,10 @@ jaxb-api provided + + io.entgra.device.mgt.core + io.entgra.device.mgt.core.apimgt.webapp.publisher + diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/lifecycle/LifecycleStateManager.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/lifecycle/LifecycleStateManager.java index 8e087eb7f5..d5996be225 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/lifecycle/LifecycleStateManager.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/lifecycle/LifecycleStateManager.java @@ -18,17 +18,22 @@ package io.entgra.device.mgt.core.application.mgt.core.lifecycle; +import io.entgra.device.mgt.core.apimgt.webapp.publisher.APIPublisherServiceImpl; +import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException; import io.entgra.device.mgt.core.application.mgt.common.config.LifecycleState; import io.entgra.device.mgt.core.application.mgt.common.exception.LifecycleManagementException; import io.entgra.device.mgt.core.application.mgt.core.internal.DataHolder; -import io.entgra.device.mgt.core.device.mgt.common.permission.mgt.PermissionManagementException; +import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission; import io.entgra.device.mgt.core.device.mgt.core.permission.mgt.PermissionUtils; import io.entgra.device.mgt.core.device.mgt.core.search.mgt.Constants; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; +import io.entgra.device.mgt.core.apimgt.webapp.publisher.APIPublisherStartupHandler; +import io.entgra.device.mgt.core.apimgt.webapp.publisher.APIPublisherService; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -43,20 +48,23 @@ public class LifecycleStateManager { public void init(List states) throws LifecycleManagementException { lifecycleStates = new HashMap<>(); + APIPublisherService publisher = new APIPublisherServiceImpl(); + List allDefaultPermissions = new ArrayList<>(); for (LifecycleState lifecycleState : states) { if (lifecycleState.getProceedingStates() != null) { lifecycleState.getProceedingStates().replaceAll(String::toUpperCase); } lifecycleStates.put(lifecycleState.getName().toUpperCase(), lifecycleState); - try { - PermissionUtils - .putPermission(PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + lifecycleState.getPermission()); - } catch (PermissionManagementException e) { - String msg = "Error when adding permission " + lifecycleState.getPermission() + " related to the " - + "state: " + lifecycleState.getName(); - log.error(msg, e); - throw new LifecycleManagementException(msg, e); - } + DefaultPermission defaultPermission = new DefaultPermission(); + defaultPermission.setName(PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + lifecycleState.getPermission()); + defaultPermission.setScopeMapping(lifecycleState.getScopeMapping()); + allDefaultPermissions.add(defaultPermission); + } + try { + APIPublisherStartupHandler.updateScopeMetadataEntryWithDefaultScopes(allDefaultPermissions); + publisher.addDefaultScopesIfNotExist(allDefaultPermissions); + } catch (APIManagerPublisherException e) { + log.error("Failed to update API publisher with default permissions.", e); } } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/test/resources/application-mgt.xml b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/test/resources/application-mgt.xml index dd9ef69fba..b19cdbc739 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/test/resources/application-mgt.xml +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/test/resources/application-mgt.xml @@ -81,6 +81,11 @@ In-Review + + Create Applications + am:admin:lc:app:create + Internal/devicemgt-user + /app-mgt/life-cycle/application/review @@ -89,6 +94,11 @@ Approved Created + + Review Applications + am:admin:lc:app:review + Internal/devicemgt-user + /app-mgt/life-cycle/application/approve @@ -96,6 +106,11 @@ In-Review Published + + Approve Applications + am:admin:lc:app:approve + Internal/devicemgt-user + true @@ -103,6 +118,11 @@ In-Review + + Reject Applications + am:admin:lc:app:reject + Internal/devicemgt-user + true @@ -111,6 +131,11 @@ Blocked Deprecated + + Publish Applications + am:admin:lc:app:publish + Internal/devicemgt-user + /app-mgt/life-cycle/application/block @@ -118,6 +143,11 @@ Published Deprecated + + Block Applications + am:admin:lc:app:block + Internal/devicemgt-user + /app-mgt/life-cycle/application/deprecate @@ -125,11 +155,21 @@ Published Retired + + Deprecate Application + am:admin:lc:app:deprecate + Internal/devicemgt-user + true /app-mgt/life-cycle/application/retire + + Retire Applications + am:admin:lc:app:retire + Internal/devicemgt-user + diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 137f79eb22..8c114984cf 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -49,11 +49,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); public DeviceAccessAuthorizationServiceImpl() { - try { - this.addAdminPermissionToRegistry(); - } catch (PermissionManagementException e) { - log.error("Unable to add the emm-admin permission to the registry.", e); - } + log.info("DeviceAccessAuthorizationServiceImpl initialized."); } @Override @@ -235,10 +231,4 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return CarbonContext.getThreadLocalCarbonContext().getTenantId(); } - private boolean addAdminPermissionToRegistry() throws PermissionManagementException { - Permission permission = new Permission(); - permission.setName(CDM_ADMIN); - permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION)); - return PermissionUtils.putPermission(permission); - } } \ No newline at end of file diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/GroupAccessAuthorizationServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/GroupAccessAuthorizationServiceImpl.java index 2f796f929f..a2d1b6b89a 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/GroupAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/GroupAccessAuthorizationServiceImpl.java @@ -45,11 +45,7 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); public GroupAccessAuthorizationServiceImpl() { - try { - this.addAdminPermissionToRegistry(); - } catch (PermissionManagementException e) { - log.error("Unable to add the group-admin permission to the registry.", e); - } + log.info("GroupAccessAuthorizationServiceImpl initialized."); } @Override @@ -166,11 +162,4 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza return CarbonContext.getThreadLocalCarbonContext().getTenantId(); } - private boolean addAdminPermissionToRegistry() throws PermissionManagementException { - Permission permission = new Permission(); - permission.setName(GROUP_ADMIN); - permission.setPath(PermissionUtils.getAbsolutePermissionPath(GROUP_ADMIN_PERMISSION)); - return PermissionUtils.putPermission(permission); - } - } diff --git a/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf/application-mgt.xml b/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf/application-mgt.xml index bb1e6144ac..c4d579f577 100644 --- a/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf/application-mgt.xml +++ b/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf/application-mgt.xml @@ -84,6 +84,11 @@ In-Review + + Create Applications + am:admin:lc:app:create + Internal/devicemgt-user + /app-mgt/life-cycle/application/review @@ -92,6 +97,11 @@ Approved Created + + Review Applications + am:admin:lc:app:review + Internal/devicemgt-user + /app-mgt/life-cycle/application/approve @@ -99,6 +109,11 @@ In-Review Published + + Approve Applications + am:admin:lc:app:approve + Internal/devicemgt-user + true @@ -106,6 +121,11 @@ In-Review + + Reject Applications + am:admin:lc:app:reject + Internal/devicemgt-user + true @@ -114,6 +134,11 @@ Blocked Deprecated + + Publish Applications + am:admin:lc:app:publish + Internal/devicemgt-user + /app-mgt/life-cycle/application/block @@ -121,6 +146,11 @@ Published Deprecated + + Block Applications + am:admin:lc:app:block + Internal/devicemgt-user + /app-mgt/life-cycle/application/deprecate @@ -128,10 +158,20 @@ Published Retired + + Deprecate Application + am:admin:lc:app:deprecate + Internal/devicemgt-user + true /app-mgt/life-cycle/application/retire + + Retire Applications + am:admin:lc:app:retire + Internal/devicemgt-user + diff --git a/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf_templates/templates/repository/conf/application-mgt.xml.j2 b/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf_templates/templates/repository/conf/application-mgt.xml.j2 index bc4d34b048..ce7711bf66 100644 --- a/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf_templates/templates/repository/conf/application-mgt.xml.j2 +++ b/features/application-mgt/io.entgra.device.mgt.core.application.mgt.server.feature/src/main/resources/conf_templates/templates/repository/conf/application-mgt.xml.j2 @@ -115,6 +115,11 @@ In-Review + + Create Applications + am:admin:lc:app:create + Internal/devicemgt-user + /app-mgt/life-cycle/application/review @@ -123,6 +128,11 @@ Approved Created + + Review Applications + am:admin:lc:app:review + Internal/devicemgt-user + /app-mgt/life-cycle/application/approve @@ -130,6 +140,11 @@ In-Review Published + + Approve Applications + am:admin:lc:app:approve + Internal/devicemgt-user + true @@ -137,6 +152,11 @@ In-Review + + Reject Applications + am:admin:lc:app:reject + Internal/devicemgt-user + true @@ -145,6 +165,11 @@ Blocked Deprecated + + Publish Applications + am:admin:lc:app:publish + Internal/devicemgt-user + /app-mgt/life-cycle/application/block @@ -152,6 +177,11 @@ Published Deprecated + + Block Applications + am:admin:lc:app:block + Internal/devicemgt-user + /app-mgt/life-cycle/application/deprecate @@ -159,11 +189,21 @@ Published Retired + + Deprecate Application + am:admin:lc:app:deprecate + Internal/devicemgt-user + true /app-mgt/life-cycle/application/retire + + Retire Applications + am:admin:lc:app:retire + Internal/devicemgt-user + diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml index a8946af8eb..af8d1a50f8 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml @@ -229,70 +229,6 @@ Internal/devicemgt-user - - /permission/admin/app-mgt/life-cycle/application/approve - - Approve Applications - am:admin:lc:app:approve - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/create - - Create Applications - am:admin:lc:app:create - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/reject - - Reject Applications - am:admin:lc:app:reject - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/block - - Block Applications - am:admin:lc:app:block - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/review - - Review Applications - am:admin:lc:app:review - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/retire - - Retire Applications - am:admin:lc:app:retire - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/deprecate - - Deprecate Application - am:admin:lc:app:deprecate - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/publish - - Publish Applications - am:admin:lc:app:publish - Internal/devicemgt-user - - /permission/admin/device-mgt/devices/any-group/permitted-actions-under-owning-group @@ -301,6 +237,14 @@ Internal/devicemgt-user + + /permission/admin/device-mgt/hide-unauthorized-functions + + Hide unauthorized functions from users + dm:hide:unauthorized:functions + Internal/devicemgt-user + + diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 index e8560353c3..eb756e9ab4 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 @@ -408,70 +408,6 @@ Internal/devicemgt-user - - /permission/admin/app-mgt/life-cycle/application/approve - - Approve Applications - am:admin:lc:app:approve - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/create - - Create Applications - am:admin:lc:app:create - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/reject - - Reject Applications - am:admin:lc:app:reject - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/block - - Block Applications - am:admin:lc:app:block - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/review - - Review Applications - am:admin:lc:app:review - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/retire - - Retire Applications - am:admin:lc:app:retire - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/deprecate - - Deprecate Application - am:admin:lc:app:deprecate - Internal/devicemgt-user - - - - /permission/admin/app-mgt/life-cycle/application/publish - - Publish Applications - am:admin:lc:app:publish - Internal/devicemgt-user - - /permission/admin/device-mgt/devices/any-group/permitted-actions-under-owning-group @@ -480,6 +416,14 @@ Internal/devicemgt-user + + /permission/admin/device-mgt/hide-unauthorized-functions + + Hide unauthorized functions from users + dm:hide:unauthorized:functions + Internal/devicemgt-user + +