mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Fix scope attaching issue
This commit is contained in:
tcdlpds
parent
563077fbfb
commit
58670028c0
@ -30,7 +30,6 @@ import org.wso2.carbon.CarbonConstants;
|
||||
import org.wso2.carbon.base.MultitenantConstants;
|
||||
import org.wso2.carbon.context.CarbonContext;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.context.RegistryType;
|
||||
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse;
|
||||
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleInfo;
|
||||
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList;
|
||||
@ -40,9 +39,6 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestV
|
||||
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants;
|
||||
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
|
||||
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.SetReferenceTransformer;
|
||||
import org.wso2.carbon.registry.api.Registry;
|
||||
import org.wso2.carbon.registry.core.session.UserRegistry;
|
||||
import org.wso2.carbon.registry.resource.services.utils.ChangeRolePermissionsUtil;
|
||||
import org.wso2.carbon.user.api.*;
|
||||
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
|
||||
import org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages;
|
||||
@ -57,9 +53,11 @@ import java.io.UnsupportedEncodingException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URLEncoder;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import static io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants.PRIMARY_USER_STORE;
|
||||
|
||||
@ -404,25 +402,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
|
||||
try {
|
||||
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
|
||||
String finalRoleName = roleInfo.getRoleName();
|
||||
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
|
||||
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
||||
Thread thread = new Thread(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
|
||||
DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleInfo.getRoleName(),
|
||||
RoleManagementServiceImpl.this.getPlatformUIPermissions(finalRoleName, userRealm, roleInfo.getPermissions()));
|
||||
} catch (APIManagerPublisherException | UserAdminException e) {
|
||||
log.error("Error Occurred while updating role scope mapping. ", e);
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
}
|
||||
});
|
||||
thread.start();
|
||||
String[] roleName = roleInfo.getRoleName().split("/");
|
||||
addPermissions(roleName[roleName.length - 1], roleInfo.getPermissions(),
|
||||
DeviceMgtAPIUtils.getUserRealm());
|
||||
}
|
||||
} catch (UserStoreException e) {
|
||||
String msg = "Error occurred while loading the user store.";
|
||||
@ -563,24 +545,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
|
||||
if (roleInfo.getPermissions() != null) {
|
||||
String finalRoleName = roleName;
|
||||
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
|
||||
Thread thread = new Thread(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
|
||||
DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleInfo.getRoleName(),
|
||||
RoleManagementServiceImpl.this.getPlatformUIPermissions(finalRoleName, userRealm, roleInfo.getPermissions()));
|
||||
} catch (APIManagerPublisherException | UserAdminException e) {
|
||||
log.error("Error Occurred while updating role scope mapping. ", e);
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
}
|
||||
});
|
||||
thread.start();
|
||||
String[] roleDetails = roleName.split("/");
|
||||
addPermissions(roleDetails[roleDetails.length - 1], roleInfo.getPermissions(), userRealm);
|
||||
}
|
||||
//TODO: Need to send the updated role information in the entity back to the client
|
||||
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
|
||||
@ -730,4 +696,25 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
return rolePermissions;
|
||||
}
|
||||
|
||||
private void addPermissions(String roleName, String[] permissions, UserRealm userRealm) {
|
||||
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
|
||||
Thread thread = new Thread(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
|
||||
DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName,
|
||||
RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
|
||||
permissions));
|
||||
} catch (APIManagerPublisherException | UserAdminException e) {
|
||||
log.error("Error Occurred while updating role scope mapping. ", e);
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
}
|
||||
});
|
||||
thread.start();
|
||||
}
|
||||
}
|
||||
|
||||
@ -114,11 +114,6 @@ public class UserManagementServiceImpl implements UserManagementService {
|
||||
private static final String API_BASE_PATH = "/users";
|
||||
private static final Log log = LogFactory.getLog(UserManagementServiceImpl.class);
|
||||
|
||||
private static final String ADMIN_ROLE = "admin";
|
||||
private static final String DEFAULT_DEVICE_USER = "Internal/devicemgt-user";
|
||||
private static final String DEFAULT_DEVICE_ADMIN = "Internal/devicemgt-admin";
|
||||
private static final String DEFAULT_SUBSCRIBER = "Internal/subscriber";
|
||||
|
||||
// Permissions that are given for a normal device user.
|
||||
private static final Permission[] PERMISSIONS_FOR_DEVICE_USER = {
|
||||
new Permission("/permission/admin/Login", "ui.execute"),
|
||||
@ -155,51 +150,9 @@ public class UserManagementServiceImpl implements UserManagementService {
|
||||
Map<String, String> defaultUserClaims =
|
||||
this.buildDefaultUserClaims(userInfo.getFirstname(), userInfo.getLastname(),
|
||||
userInfo.getEmailAddress(), true);
|
||||
// calling addUser method of carbon user api
|
||||
List<String> tmpRoles = new ArrayList<>();
|
||||
String[] userInfoRoles = userInfo.getRoles();
|
||||
tmpRoles.add(DEFAULT_DEVICE_USER);
|
||||
|
||||
boolean subscriberFound = false;
|
||||
boolean adminFound = false;
|
||||
|
||||
if (userInfoRoles != null) {
|
||||
//check if subscriber role is coming in the payload
|
||||
for (String r : userInfoRoles) {
|
||||
if (!subscriberFound || !adminFound) {
|
||||
if (DEFAULT_SUBSCRIBER.equals(r)) {
|
||||
subscriberFound = true;
|
||||
} else if (ADMIN_ROLE.equals(r)) {
|
||||
tmpRoles.add(DEFAULT_DEVICE_ADMIN);
|
||||
adminFound = true;
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
tmpRoles.addAll(Arrays.asList(userInfoRoles));
|
||||
}
|
||||
|
||||
if (!subscriberFound) {
|
||||
// Add Internal/subscriber role to new users
|
||||
if (userStoreManager.isExistingRole(DEFAULT_SUBSCRIBER)) {
|
||||
tmpRoles.add(DEFAULT_SUBSCRIBER);
|
||||
} else {
|
||||
log.warn("User: " + userInfo.getUsername() + " will not be able to enroll devices as '" +
|
||||
DEFAULT_SUBSCRIBER + "' is missing in the system");
|
||||
}
|
||||
}
|
||||
|
||||
String[] roles = new String[tmpRoles.size()];
|
||||
tmpRoles.toArray(roles);
|
||||
|
||||
// If the normal device user role does not exist, create a new role with the minimal permissions
|
||||
if (!userStoreManager.isExistingRole(DEFAULT_DEVICE_USER)) {
|
||||
userStoreManager.addRole(DEFAULT_DEVICE_USER, null, PERMISSIONS_FOR_DEVICE_USER);
|
||||
}
|
||||
|
||||
userStoreManager.addUser(userInfo.getUsername(), initialUserPassword,
|
||||
roles, defaultUserClaims, null);
|
||||
userInfo.getRoles(), defaultUserClaims, null);
|
||||
// Outputting debug message upon successful addition of user
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("User '" + userInfo.getUsername() + "' has successfully been added.");
|
||||
|
||||
@ -187,7 +187,6 @@
|
||||
<Scope>am:store:app:modify</Scope>
|
||||
<Scope>am:store:app:sub:install</Scope>
|
||||
<Scope>am:store:app:sub:uninstall</Scope>
|
||||
<Scope>am:admin:pub:app:review:update</Scope>
|
||||
<Scope>am:admin:pub:app:review:view</Scope>
|
||||
<Scope>am:admin:pub:app:update</Scope>
|
||||
<Scope>am:admin:store:app:review:update</Scope>
|
||||
@ -196,12 +195,8 @@
|
||||
<Scope>dm:device-type:view</Scope>
|
||||
<Scope>and:enterprise:modify</Scope>
|
||||
<Scope>and:enterprise:view</Scope>
|
||||
<Scope>and:work:customer</Scope>
|
||||
<Scope>and:work:admin</Scope>
|
||||
<Scope>app:command:modify</Scope>
|
||||
<Scope>dm:sign-csr</Scope>
|
||||
<Scope>dm:admin:devices:view</Scope>
|
||||
<Scope>dm:admin:topics:view</Scope>
|
||||
<Scope>rm:roles:add</Scope>
|
||||
<Scope>rm:users:add</Scope>
|
||||
<Scope>rm:roles:update</Scope>
|
||||
@ -210,15 +205,6 @@
|
||||
<Scope>rm:roles:view</Scope>
|
||||
<Scope>rm:roles:combined:add</Scope>
|
||||
<Scope>rm:roles:delete</Scope>
|
||||
<Scope>an:db:vulnerabilities</Scope>
|
||||
<Scope>an:db:non-compliant:count</Scope>
|
||||
<Scope>an:db:non-compliant</Scope>
|
||||
<Scope>an:db:by-groups</Scope>
|
||||
<Scope>an:db:device:count</Scope>
|
||||
<Scope>an:db:feature-non-compliant</Scope>
|
||||
<Scope>an:db:overview:count</Scope>
|
||||
<Scope>an:db:filtered-count</Scope>
|
||||
<Scope>an:db:details</Scope>
|
||||
<Scope>dm:activity:get</Scope>
|
||||
<Scope>dm:devices:delete</Scope>
|
||||
<Scope>dm:devices:app:view</Scope>
|
||||
@ -295,7 +281,6 @@
|
||||
<Scope>dm:device:enroll</Scope>
|
||||
<Scope>dm:geo:an:view</Scope>
|
||||
<Scope>dm:geo:alerts:manage</Scope>
|
||||
<Scope>appm:read</Scope>
|
||||
<Scope>dm:admin:devices:permanent-delete</Scope>
|
||||
<Scope>and:conf:manage</Scope>
|
||||
<Scope>and:conf:view</Scope>
|
||||
@ -345,7 +330,6 @@
|
||||
<Scope>win:ops:reboot</Scope>
|
||||
<Scope>win:ops:location</Scope>
|
||||
<Scope>admin:tenant:view</Scope>
|
||||
<Scope>dm:admin:metadata:view</Scope>
|
||||
<Scope>dm:admin:devices:usage:view</Scope>
|
||||
<Scope>and:ops:clear-app</Scope>
|
||||
<Scope>and:ops:suspend-package</Scope>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user