mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Implemented permission-scope mapping for IoTs
This commit is contained in:
Milan Perera
parent
dd353e1bfb
commit
36ee55f493
@ -134,6 +134,7 @@ public class AnnotationProcessor {
|
||||
try {
|
||||
clazz = classLoader.loadClass(className);
|
||||
Annotation swaggerDefinition = clazz.getAnnotation(apiClazz);
|
||||
Annotation Scopes = clazz.getAnnotation(scopesClass);
|
||||
List<APIResource> resourceList;
|
||||
if (swaggerDefinition != null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
@ -141,7 +142,9 @@ public class AnnotationProcessor {
|
||||
}
|
||||
try {
|
||||
apiResourceConfig = processAPIAnnotation(swaggerDefinition);
|
||||
apiScopes = processAPIScopes(swaggerDefinition);
|
||||
if (Scopes != null) {
|
||||
apiScopes = processAPIScopes(Scopes);
|
||||
}
|
||||
if(apiResourceConfig != null){
|
||||
String rootContext = servletContext.getContextPath();
|
||||
pathClazzMethods = pathClazz.getMethods();
|
||||
@ -214,7 +217,7 @@ public class AnnotationProcessor {
|
||||
aggregatedPermissions.append(permission);
|
||||
aggregatedPermissions.append(" ");
|
||||
}
|
||||
scope.setRoles(aggregatedPermissions.toString());
|
||||
scope.setRoles(aggregatedPermissions.toString().trim());
|
||||
scopes.put(scope.getKey(), scope);
|
||||
}
|
||||
return scopes;
|
||||
|
||||
@ -19,9 +19,12 @@
|
||||
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.POST;
|
||||
@ -49,6 +52,16 @@ import javax.ws.rs.core.Response;
|
||||
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
|
||||
"'internal' components to log in as an admin user and do a selected number of operations. " +
|
||||
"Further, this is strictly restricted to admin users only ")
|
||||
@Scopes(
|
||||
scopes = {
|
||||
@Scope(
|
||||
name = "Manage application",
|
||||
description = "",
|
||||
key = "cdmf:manage-application",
|
||||
permissions = {"/device-mgt/applications/manage"}
|
||||
)
|
||||
}
|
||||
)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
public interface ApplicationManagementAdminService {
|
||||
@ -63,12 +76,10 @@ public interface ApplicationManagementAdminService {
|
||||
notes = "This is an internal API that can be used to install an application on a device.",
|
||||
response = Activity.class,
|
||||
tags = "Application Management Administrative Service",
|
||||
authorizations = {
|
||||
@Authorization(
|
||||
value="permission",
|
||||
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description
|
||||
= "Install/Uninstall applications") }
|
||||
)
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ApiResponses(value = {
|
||||
@ -109,12 +120,10 @@ public interface ApplicationManagementAdminService {
|
||||
notes = "This is an internal API that can be used to uninstall an application.",
|
||||
response = Activity.class,
|
||||
tags = "Application Management Administrative Service",
|
||||
authorizations = {
|
||||
@Authorization(
|
||||
value="permission",
|
||||
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description
|
||||
= "Install/Uninstall applications") }
|
||||
)
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ApiResponses(value = {
|
||||
|
||||
@ -31,8 +31,11 @@ import io.swagger.annotations.ApiParam;
|
||||
import io.swagger.annotations.ApiResponse;
|
||||
import io.swagger.annotations.ApiResponses;
|
||||
import io.swagger.annotations.ResponseHeader;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scopes;
|
||||
import org.wso2.carbon.device.mgt.common.Device;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
|
||||
|
||||
import javax.validation.constraints.Size;
|
||||
import javax.ws.rs.*;
|
||||
@ -60,6 +63,16 @@ import javax.ws.rs.core.Response;
|
||||
"Further, this is strictly restricted to admin users only ")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Scopes(
|
||||
scopes = {
|
||||
@Scope(
|
||||
name = "Manage device",
|
||||
description = "",
|
||||
key = "cdmf:manage-own-device",
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
)
|
||||
}
|
||||
)
|
||||
public interface DeviceManagementAdminService {
|
||||
|
||||
@GET
|
||||
@ -71,12 +84,10 @@ public interface DeviceManagementAdminService {
|
||||
response = Device.class,
|
||||
responseContainer = "List",
|
||||
tags = "Device Management Administrative Service",
|
||||
authorizations = {
|
||||
@Authorization(
|
||||
value="permission",
|
||||
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", description
|
||||
= "View Devices") }
|
||||
)
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-own-device")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ApiResponses(value = {
|
||||
|
||||
@ -33,8 +33,11 @@ import io.swagger.annotations.ApiResponse;
|
||||
import io.swagger.annotations.ApiResponses;
|
||||
import io.swagger.annotations.ResponseHeader;
|
||||
import org.apache.axis2.transport.http.HTTPConstants;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scopes;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
@ -61,6 +64,16 @@ import javax.ws.rs.core.Response;
|
||||
@Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " +
|
||||
"'internal' components to log in as an admin user and do a selected number of operations. " +
|
||||
"Further, this is strictly restricted to admin users only ")
|
||||
@Scopes(
|
||||
scopes = {
|
||||
@Scope(
|
||||
name = "View groups",
|
||||
description = "",
|
||||
key = "cdmf:view-groups",
|
||||
permissions = {"/device-mgt/admin/groups/view"}
|
||||
)
|
||||
}
|
||||
)
|
||||
public interface GroupManagementAdminService {
|
||||
|
||||
@GET
|
||||
@ -70,12 +83,10 @@ public interface GroupManagementAdminService {
|
||||
value = "Get the list of groups.",
|
||||
notes = "Returns all groups enrolled with the system.",
|
||||
tags = "Device Group Management",
|
||||
authorizations = {
|
||||
@Authorization(
|
||||
value="permission",
|
||||
scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description
|
||||
= "View Groups") }
|
||||
)
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:view-groups")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ApiResponses(value = {
|
||||
|
||||
@ -150,7 +150,10 @@ public class AnnotationProcessor {
|
||||
try {
|
||||
clazz = classLoader.loadClass(className);
|
||||
Annotation apiAnno = clazz.getAnnotation(apiClazz);
|
||||
apiScopes = processAPIScopes(apiAnno);
|
||||
Annotation scopesAnno = clazz.getAnnotation(scopesClass);
|
||||
if (scopesAnno != null) {
|
||||
apiScopes = processAPIScopes(scopesAnno);
|
||||
}
|
||||
List<Permission> resourceList;
|
||||
if (apiAnno != null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
|
||||
4
pom.xml
4
pom.xml
@ -1812,7 +1812,7 @@
|
||||
|
||||
<!-- Carbon Identity -->
|
||||
<carbon.identity.framework.version>5.2.2</carbon.identity.framework.version>
|
||||
<identity.inbound.auth.oauth.version>5.2.7</identity.inbound.auth.oauth.version>
|
||||
<identity.inbound.auth.oauth.version>5.1.1</identity.inbound.auth.oauth.version>
|
||||
<identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version>
|
||||
|
||||
<!-- Carbon Multi-tenancy -->
|
||||
@ -1837,7 +1837,7 @@
|
||||
<commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range>
|
||||
|
||||
<!-- Carbon API Management -->
|
||||
<carbon.api.mgt.version>6.1.2-SNAPSHOT</carbon.api.mgt.version>
|
||||
<carbon.api.mgt.version>6.0.6-SNAPSHOT</carbon.api.mgt.version>
|
||||
<carbon.api.mgt.version.range>(5.0.0,7.0.0]</carbon.api.mgt.version.range>
|
||||
|
||||
<!-- Carbon Analytics Commons -->
|
||||
|
||||
Loading…
Reference in New Issue
Block a user