community/device-mgt-core
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-core.git synced 2025-10-06 02:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix logic issue with user authorization validation for groups

Browse Source 
Co-authored-by: Charitha Goonetilleke <charitha@entgra.io>
Co-committed-by: Charitha Goonetilleke <charitha@entgra.io>
This commit is contained in:
Charitha Goonetilleke 2024-08-21 03:09:48 +00:00 committed by Lasantha Dharmakeerthi
parent 152b1ad929
commit 5a12dc7601
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/authorization/GroupAccessAuthorizationServiceImpl.java
View File

@ -73,21 +73,24 @@ public class GroupAccessAuthorizationServiceImpl implements GroupAccessAuthoriza
UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService() UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(getTenantId()); .getTenantUserRealm(getTenantId());
String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username); String[] userRoles = userRealm.getUserStoreManager().getRoleListOfUser(username);
boolean isAuthorized = true; boolean isAuthorized;
for (String groupPermission : groupPermissions) { for (String groupPermission : groupPermissions) {
isAuthorized = false;
for (String role : userRoles) { for (String role : userRoles) {
if (!userRealm.getAuthorizationManager(). if (userRealm.getAuthorizationManager().
isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) { isRoleAuthorized(role, groupPermission, CarbonConstants.UI_PERMISSION_ACTION)) {
isAuthorized = false; isAuthorized = true;
break; break;
} }
} }
if (!isAuthorized) {
return false;
}
} }
return isAuthorized; return true;
} catch (UserStoreException e) { } catch (UserStoreException e) {
throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " + throw new GroupAccessAuthorizationException("Unable to authorize the access to group : " +
groupId + " for the user : " + groupId + " for the user : " + username, e);
username, e);
} }
} }
} }