community/device-mgt-core
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-core.git synced 2025-10-06 02:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix logic issue with user authorization validation for groups

Browse Source
This commit is contained in:
Charitha 2024-08-20 14:38:05 +05:30
parent aca7aa3ccc
commit 397f4f1437
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/GroupAccessAuthorizationServiceImpl.java
View File

@ -73,21 +73,24 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService() UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(getTenantId()); .getTenantUserRealm(getTenantId());
String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username); String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username);
boolean isAuthorized = true; boolean isAuthorized;
for (String groupPermission : groupPermissions) { for (String groupPermission : groupPermissions) {
for (String role : userRoles) {
if (!userRealm.getAuthorizationManager().
isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) {
isAuthorized = false; isAuthorized = false;
for (String role : userRoles) {
if (userRealm.getAuthorizationManager().
isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) {
isAuthorized = true;
break; break;
} }
} }
if (!isAuthorized) {
return false;
} }
return isAuthorized; }
return true;
} catch (UserStoreException e) { } catch (UserStoreException e) {
throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " + throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " +
groupId + " for the user : " + groupId + " for the user : " + username, e);
username, e);
} }
} }
} }