mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Add improvements for default permission handling
This commit is contained in:
nipuni
parent
7d91cfff3c
commit
21c9184c62
@ -58,9 +58,6 @@ public class ApiPermissionFilter implements Filter {
|
||||
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
|
||||
unmarshaller.unmarshal(permissionStream);
|
||||
permissions = permissionConfiguration.getPermissions();
|
||||
for (Permission permission : permissions) {
|
||||
APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
|
||||
}
|
||||
} catch (JAXBException e) {
|
||||
log.error("invalid permissions.xml", e);
|
||||
}
|
||||
|
||||
@ -184,6 +184,7 @@
|
||||
io.entgra.device.mgt.core.device.mgt.common.metadata.mgt,
|
||||
io.entgra.device.mgt.core.device.mgt.core.config,
|
||||
io.entgra.device.mgt.core.device.mgt.core.config.permission,
|
||||
io.entgra.device.mgt.core.device.mgt.core.permission.mgt.*;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.swagger.annotations;version="[1.6,2)",
|
||||
javax.servlet;version="[2.6,3)",
|
||||
javax.xml.bind;version="[0.0,1)",
|
||||
|
||||
@ -19,6 +19,8 @@ package io.entgra.device.mgt.core.apimgt.webapp.publisher;
|
||||
|
||||
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* This interface represents all methods related to API manipulation that's done as part of API-Management tasks.
|
||||
@ -39,7 +41,7 @@ public interface APIPublisherService {
|
||||
/**
|
||||
* Add default scopes defined in the cdm-config.xml
|
||||
*/
|
||||
void addDefaultScopesIfNotExist() throws APIManagerPublisherException;
|
||||
public void addDefaultScopesIfNotExist(List<DefaultPermission> defaultPermissions) throws APIManagerPublisherException;
|
||||
|
||||
/**
|
||||
* If the permissions are in the permission list, identify the relevant scopes of the supplied permission list
|
||||
|
||||
@ -435,13 +435,11 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addDefaultScopesIfNotExist() throws APIManagerPublisherException {
|
||||
public void addDefaultScopesIfNotExist(List<DefaultPermission> defaultPermissions) throws APIManagerPublisherException {
|
||||
WebappPublisherConfig config = WebappPublisherConfig.getInstance();
|
||||
List<String> tenants = new ArrayList<>(Collections.singletonList(APIConstants.SUPER_TENANT_DOMAIN));
|
||||
tenants.addAll(config.getTenants().getTenant());
|
||||
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
|
||||
APIApplicationServices apiApplicationServices = APIPublisherDataHolder.getInstance().getApiApplicationServices();
|
||||
PublisherRESTAPIServices publisherRESTAPIServices = APIPublisherDataHolder.getInstance().getPublisherRESTAPIServices();
|
||||
|
||||
@ -460,7 +458,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
|
||||
|
||||
Scope scope = new Scope();
|
||||
for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
|
||||
for (DefaultPermission defaultPermission : defaultPermissions) {
|
||||
if (!publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo,
|
||||
defaultPermission.getScopeMapping().getKey())) {
|
||||
ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
|
||||
|
||||
@ -27,10 +27,12 @@ import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataKeyAlready
|
||||
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.permission.mgt.PermissionUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
@ -103,16 +105,20 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
|
||||
}
|
||||
|
||||
try {
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
|
||||
publisher.updateScopeRoleMapping();
|
||||
publisher.addDefaultScopesIfNotExist();
|
||||
publisher.addDefaultScopesIfNotExist(defaultPermissions.getDefaultPermissions());
|
||||
} catch (APIManagerPublisherException e) {
|
||||
log.error("failed to update scope role mapping.", e);
|
||||
}
|
||||
|
||||
try {
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
|
||||
updateScopeMetadataEntryWithDefaultScopes();
|
||||
updateScopeMetadataEntryWithDefaultScopes(defaultPermissions.getDefaultPermissions());
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
@ -163,13 +169,11 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
|
||||
* Update permission scope mapping entry with default scopes if perm-scope-mapping entry exists, otherwise this function
|
||||
* will create that entry and update the value with default permissions.
|
||||
*/
|
||||
private void updateScopeMetadataEntryWithDefaultScopes() {
|
||||
public static void updateScopeMetadataEntryWithDefaultScopes(List<DefaultPermission> defaultPermissions) {
|
||||
Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping();
|
||||
Metadata permScopeMapping;
|
||||
|
||||
MetadataManagementService metadataManagementService = APIPublisherDataHolder.getInstance().getMetadataManagementService();
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
|
||||
|
||||
try {
|
||||
permScopeMapping = metadataManagementService.retrieveMetadata(Constants.PERM_SCOPE_MAPPING_META_KEY);
|
||||
@ -179,11 +183,11 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
|
||||
new HashMap<>();
|
||||
}
|
||||
|
||||
for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
|
||||
for (DefaultPermission defaultPermission : defaultPermissions) {
|
||||
permScopeMap.putIfAbsent(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
|
||||
PermissionUtils.putPermission(defaultPermission.getName());
|
||||
}
|
||||
|
||||
|
||||
permScopeMapping = new Metadata();
|
||||
permScopeMapping.setMetaKey(Constants.PERM_SCOPE_MAPPING_META_KEY);
|
||||
permScopeMapping.setMetaValue(gson.toJson(permScopeMap));
|
||||
@ -200,6 +204,9 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
|
||||
log.error("Metadata entry already exists for " + Constants.PERM_SCOPE_MAPPING_META_KEY);
|
||||
} catch (MetadataManagementException e) {
|
||||
log.error("Error encountered while updating permission scope mapping metadata with default scopes");
|
||||
} catch (PermissionManagementException e) {
|
||||
String msg = "Error when adding default permission to the registry ";
|
||||
log.error(msg, e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,6 +65,7 @@
|
||||
io.entgra.device.mgt.core.device.mgt.common.app.mgt;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.device.mgt.common.operation.mgt;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.device.mgt.core.common.exception;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.device.mgt.core.config.permission.*,
|
||||
io.swagger.annotations;version="[1.6,2)",
|
||||
javax.validation.constraints;version="[2.0,3)",
|
||||
javax.xml.bind.annotation;version="[0.0,1)"
|
||||
|
||||
@ -22,6 +22,7 @@ import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlElementWrapper;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.util.List;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
|
||||
|
||||
/**
|
||||
* This class represents the lifecycle state config
|
||||
@ -37,6 +38,16 @@ public class LifecycleState {
|
||||
private boolean isInitialState;
|
||||
private boolean isEndState;
|
||||
private boolean isDeletableState;
|
||||
private ScopeMapping scopeMapping;
|
||||
|
||||
@XmlElement(name = "MappedScopeDetails", required = true)
|
||||
public ScopeMapping getScopeMapping() {
|
||||
return scopeMapping;
|
||||
}
|
||||
|
||||
public void setScopeMapping(ScopeMapping scopeMapping) {
|
||||
this.scopeMapping = scopeMapping;
|
||||
}
|
||||
|
||||
@XmlAttribute(name = "name")
|
||||
public String getName() {
|
||||
|
||||
@ -0,0 +1,58 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2024, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.application.mgt.common.config;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement(name = "MappedScopeDetails")
|
||||
public class ScopeMapping {
|
||||
|
||||
private String name;
|
||||
private String key;
|
||||
|
||||
private String defaultRoles;
|
||||
|
||||
@XmlElement(name = "Name", required = true)
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
@XmlElement(name = "Key", required = true)
|
||||
public String getKey() {
|
||||
return key;
|
||||
}
|
||||
|
||||
public void setKey(String key) {
|
||||
this.key = key;
|
||||
}
|
||||
|
||||
@XmlElement(name = "DefaultRoles", required = true)
|
||||
public String getDefaultRoles() {
|
||||
return defaultRoles;
|
||||
}
|
||||
|
||||
public void setDefaultRoles(String defaultRoles) {
|
||||
this.defaultRoles = defaultRoles;
|
||||
}
|
||||
}
|
||||
@ -60,6 +60,7 @@
|
||||
io.entgra.device.mgt.core.apimgt.application.extension;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.apimgt.application.extension.dto;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.apimgt.application.extension.exception;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.apimgt.webapp.publisher.*
|
||||
io.entgra.device.mgt.core.application.mgt.common;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.application.mgt.common.config;version="${io.entgra.device.mgt.core.version.range}",
|
||||
io.entgra.device.mgt.core.application.mgt.common.dto;version="${io.entgra.device.mgt.core.version.range}",
|
||||
@ -443,6 +444,10 @@
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.entgra.device.mgt.core</groupId>
|
||||
<artifactId>io.entgra.device.mgt.core.apimgt.webapp.publisher</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
||||
|
||||
@ -18,17 +18,22 @@
|
||||
|
||||
package io.entgra.device.mgt.core.application.mgt.core.lifecycle;
|
||||
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.APIPublisherServiceImpl;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
|
||||
import io.entgra.device.mgt.core.application.mgt.common.config.LifecycleState;
|
||||
import io.entgra.device.mgt.core.application.mgt.common.exception.LifecycleManagementException;
|
||||
import io.entgra.device.mgt.core.application.mgt.core.internal.DataHolder;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.permission.mgt.PermissionUtils;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.search.mgt.Constants;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.user.api.UserRealm;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.APIPublisherStartupHandler;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.APIPublisherService;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -43,20 +48,23 @@ public class LifecycleStateManager {
|
||||
|
||||
public void init(List<LifecycleState> states) throws LifecycleManagementException {
|
||||
lifecycleStates = new HashMap<>();
|
||||
APIPublisherService publisher = new APIPublisherServiceImpl();
|
||||
List<DefaultPermission> allDefaultPermissions = new ArrayList<>();
|
||||
for (LifecycleState lifecycleState : states) {
|
||||
if (lifecycleState.getProceedingStates() != null) {
|
||||
lifecycleState.getProceedingStates().replaceAll(String::toUpperCase);
|
||||
}
|
||||
lifecycleStates.put(lifecycleState.getName().toUpperCase(), lifecycleState);
|
||||
try {
|
||||
PermissionUtils
|
||||
.putPermission(PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + lifecycleState.getPermission());
|
||||
} catch (PermissionManagementException e) {
|
||||
String msg = "Error when adding permission " + lifecycleState.getPermission() + " related to the "
|
||||
+ "state: " + lifecycleState.getName();
|
||||
log.error(msg, e);
|
||||
throw new LifecycleManagementException(msg, e);
|
||||
}
|
||||
DefaultPermission defaultPermission = new DefaultPermission();
|
||||
defaultPermission.setName(PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + lifecycleState.getPermission());
|
||||
defaultPermission.setScopeMapping(lifecycleState.getScopeMapping());
|
||||
allDefaultPermissions.add(defaultPermission);
|
||||
}
|
||||
try {
|
||||
APIPublisherStartupHandler.updateScopeMetadataEntryWithDefaultScopes(allDefaultPermissions);
|
||||
publisher.addDefaultScopesIfNotExist(allDefaultPermissions);
|
||||
} catch (APIManagerPublisherException e) {
|
||||
log.error("Failed to update API publisher with default permissions.", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -81,6 +81,11 @@
|
||||
<ProceedingStates>
|
||||
<State>In-Review</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="In-Review">
|
||||
<Permission>/app-mgt/life-cycle/application/review</Permission>
|
||||
@ -89,6 +94,11 @@
|
||||
<State>Approved</State>
|
||||
<State>Created</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Approved">
|
||||
<Permission>/app-mgt/life-cycle/application/approve</Permission>
|
||||
@ -96,6 +106,11 @@
|
||||
<State>In-Review</State>
|
||||
<State>Published</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Rejected">
|
||||
<IsDeletableState>true</IsDeletableState>
|
||||
@ -103,6 +118,11 @@
|
||||
<ProceedingStates>
|
||||
<State>In-Review</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Published">
|
||||
<IsAppInstallable>true</IsAppInstallable>
|
||||
@ -111,6 +131,11 @@
|
||||
<State>Blocked</State>
|
||||
<State>Deprecated</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Blocked">
|
||||
<Permission>/app-mgt/life-cycle/application/block</Permission>
|
||||
@ -118,6 +143,11 @@
|
||||
<State>Published</State>
|
||||
<State>Deprecated</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Deprecated">
|
||||
<Permission>/app-mgt/life-cycle/application/deprecate</Permission>
|
||||
@ -125,11 +155,21 @@
|
||||
<State>Published</State>
|
||||
<State>Retired</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Retired">
|
||||
<IsEndState>true</IsEndState>
|
||||
<Permission>/app-mgt/life-cycle/application/retire</Permission>
|
||||
</LifecycleState>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleStates>
|
||||
|
||||
<AppCategories>
|
||||
|
||||
@ -49,11 +49,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
|
||||
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
|
||||
|
||||
public DeviceAccessAuthorizationServiceImpl() {
|
||||
try {
|
||||
this.addAdminPermissionToRegistry();
|
||||
} catch (PermissionManagementException e) {
|
||||
log.error("Unable to add the emm-admin permission to the registry.", e);
|
||||
}
|
||||
log.info("DeviceAccessAuthorizationServiceImpl initialized.");
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -235,10 +231,4 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
|
||||
return CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
}
|
||||
|
||||
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
|
||||
Permission permission = new Permission();
|
||||
permission.setName(CDM_ADMIN);
|
||||
permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
|
||||
return PermissionUtils.putPermission(permission);
|
||||
}
|
||||
}
|
||||
@ -45,11 +45,7 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
|
||||
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
|
||||
|
||||
public GroupAccessAuthorizationServiceImpl() {
|
||||
try {
|
||||
this.addAdminPermissionToRegistry();
|
||||
} catch (PermissionManagementException e) {
|
||||
log.error("Unable to add the group-admin permission to the registry.", e);
|
||||
}
|
||||
log.info("GroupAccessAuthorizationServiceImpl initialized.");
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -166,11 +162,4 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
|
||||
return CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
}
|
||||
|
||||
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
|
||||
Permission permission = new Permission();
|
||||
permission.setName(GROUP_ADMIN);
|
||||
permission.setPath(PermissionUtils.getAbsolutePermissionPath(GROUP_ADMIN_PERMISSION));
|
||||
return PermissionUtils.putPermission(permission);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -84,6 +84,11 @@
|
||||
<ProceedingStates>
|
||||
<State>In-Review</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="In-Review">
|
||||
<Permission>/app-mgt/life-cycle/application/review</Permission>
|
||||
@ -92,6 +97,11 @@
|
||||
<State>Approved</State>
|
||||
<State>Created</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Approved">
|
||||
<Permission>/app-mgt/life-cycle/application/approve</Permission>
|
||||
@ -99,6 +109,11 @@
|
||||
<State>In-Review</State>
|
||||
<State>Published</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Rejected">
|
||||
<IsDeletableState>true</IsDeletableState>
|
||||
@ -106,6 +121,11 @@
|
||||
<ProceedingStates>
|
||||
<State>In-Review</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Published">
|
||||
<IsAppInstallable>true</IsAppInstallable>
|
||||
@ -114,6 +134,11 @@
|
||||
<State>Blocked</State>
|
||||
<State>Deprecated</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Blocked">
|
||||
<Permission>/app-mgt/life-cycle/application/block</Permission>
|
||||
@ -121,6 +146,11 @@
|
||||
<State>Published</State>
|
||||
<State>Deprecated</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Deprecated">
|
||||
<Permission>/app-mgt/life-cycle/application/deprecate</Permission>
|
||||
@ -128,10 +158,20 @@
|
||||
<State>Published</State>
|
||||
<State>Retired</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Retired">
|
||||
<IsEndState>true</IsEndState>
|
||||
<Permission>/app-mgt/life-cycle/application/retire</Permission>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
</LifecycleStates>
|
||||
|
||||
|
||||
@ -115,6 +115,11 @@
|
||||
<ProceedingStates>
|
||||
<State>In-Review</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="In-Review">
|
||||
<Permission>/app-mgt/life-cycle/application/review</Permission>
|
||||
@ -123,6 +128,11 @@
|
||||
<State>Approved</State>
|
||||
<State>Created</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Approved">
|
||||
<Permission>/app-mgt/life-cycle/application/approve</Permission>
|
||||
@ -130,6 +140,11 @@
|
||||
<State>In-Review</State>
|
||||
<State>Published</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Rejected">
|
||||
<IsDeletableState>true</IsDeletableState>
|
||||
@ -137,6 +152,11 @@
|
||||
<ProceedingStates>
|
||||
<State>In-Review</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Published">
|
||||
<IsAppInstallable>true</IsAppInstallable>
|
||||
@ -145,6 +165,11 @@
|
||||
<State>Blocked</State>
|
||||
<State>Deprecated</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Blocked">
|
||||
<Permission>/app-mgt/life-cycle/application/block</Permission>
|
||||
@ -152,6 +177,11 @@
|
||||
<State>Published</State>
|
||||
<State>Deprecated</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Deprecated">
|
||||
<Permission>/app-mgt/life-cycle/application/deprecate</Permission>
|
||||
@ -159,11 +189,21 @@
|
||||
<State>Published</State>
|
||||
<State>Retired</State>
|
||||
</ProceedingStates>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleState>
|
||||
<LifecycleState name="Retired">
|
||||
<IsEndState>true</IsEndState>
|
||||
<Permission>/app-mgt/life-cycle/application/retire</Permission>
|
||||
</LifecycleState>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</LifecycleStates>
|
||||
|
||||
<AppCategories>
|
||||
|
||||
@ -229,70 +229,6 @@
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/devices/any-group/permitted-actions-under-owning-group</Name>
|
||||
<MappedScopeDetails>
|
||||
@ -301,6 +237,14 @@
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/hide-unauthorized-functions</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Hide unauthorized functions from users</Name>
|
||||
<Key>dm:hide:unauthorized:functions</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
</DefaultPermissions>
|
||||
</DeviceMgtConfiguration>
|
||||
|
||||
|
||||
@ -408,70 +408,6 @@
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/devices/any-group/permitted-actions-under-owning-group</Name>
|
||||
<MappedScopeDetails>
|
||||
@ -480,6 +416,14 @@
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/hide-unauthorized-functions</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Hide unauthorized functions from users</Name>
|
||||
<Key>dm:hide:unauthorized:functions</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
</DefaultPermissions>
|
||||
</DeviceMgtConfiguration>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user