Fixed issues in webapp-publisher

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java

@@ -136,7 +136,6 @@ public class AnnotationProcessor {
 
                                         try {
                                             apiResourceConfig = processAPIAnnotation(apiAnno);
-                                            // All the apis should map to same root "/"
                                             String rootContext = servletContext.getContextPath();
                                             pathClazz = (Class<Path>) classLoader.loadClass(Path.class.getName());
                                             pathClazzMethods = pathClazz.getMethods();
@@ -146,7 +145,11 @@ public class AnnotationProcessor {
                                             if (rootContectAnno != null) {
                                                 subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
                                                 if (subContext != null && !subContext.isEmpty()) {
+                                                    if (subContext.trim().startsWith("/")) {
+                                                        rootContext = rootContext + subContext;
+                                                    } else {
                                                         rootContext = rootContext + "/" + subContext;
+                                                    }
                                                 } else {
                                                     subContext = "";
                                                 }
@@ -215,20 +218,23 @@ public class AnnotationProcessor {
      */
     private List<APIResource> getApiResources(String resourceRootContext, String apiRootContext,
                                               Method[] annotatedMethods) throws Throwable {
-        List<APIResource> resourceList;
+        List<APIResource> resourceList = new ArrayList<>();
-        resourceList = new ArrayList<APIResource>();
+        String subCtx = null;
         for (Method method : annotatedMethods) {
+            Annotation[] annotations = method.getDeclaredAnnotations();
+            APIResource resource = new APIResource();
+
+            if (isHttpMethodAvailable(annotations)) {
                 Annotation methodContextAnno = method.getAnnotation(pathClazz);
                 if (methodContextAnno != null) {
-                String subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
+                    subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
-                APIResource resource = new APIResource();
+                }
-                resource.setUriTemplate(makeContextURLReady(apiRootContext + subCtx));
+                resource.setUriTemplate(makeContextURLReady(apiRootContext) + makeContextURLReady(subCtx));
 
-                resource.setUri(APIPublisherUtil.getServerBaseUrl() + makeContextURLReady(
+                resource.setUri(APIPublisherUtil.getServerBaseUrl() + makeContextURLReady(resourceRootContext) +
-                        resourceRootContext) + makeContextURLReady(subCtx));
+                        makeContextURLReady(subCtx));
                 resource.setAuthType(AUTH_TYPE);
 
-                Annotation[] annotations = method.getDeclaredAnnotations();
                 for (int i = 0; i < annotations.length; i++) {
                     processHTTPMethodAnnotation(resource, annotations[i]);
                     if (annotations[i].annotationType().getName().equals(Consumes.class.getName())) {
@@ -260,6 +266,7 @@ public class AnnotationProcessor {
                 }
                 resourceList.add(resource);
             }
+            subCtx = null;
         }
         return resourceList;
     }
@@ -288,6 +295,23 @@ public class AnnotationProcessor {
         }
     }
 
+    private boolean isHttpMethodAvailable(Annotation[] annotations) {
+        for (Annotation annotation : annotations) {
+            if (annotation.annotationType().getName().equals(GET.class.getName())) {
+                return true;
+            } else if (annotation.annotationType().getName().equals(POST.class.getName())) {
+                return true;
+            } else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
+                return true;
+            } else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
+                return true;
+            } else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     /**
      * Append '/' to the context and make it URL ready
      *

components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml

@@ -237,6 +237,10 @@
             <artifactId>servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.devicemgt</groupId>
+            <artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
+        </dependency>
     </dependencies>
 
 </project>

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Certificate.java

@@ -19,6 +19,8 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Permission;
 import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
 import org.wso2.carbon.device.mgt.common.PaginationResult;
 import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
@@ -31,6 +33,9 @@ import javax.ws.rs.core.Response;
 /**
  * All the certificate related tasks such as saving certificates, can be done through this endpoint.
  */
+@API(name = "Certificate", version = "1.0.0", context = "/certificates", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Api(value = "Certificate", description = "Certificate related tasks such as saving certificates, " +
                                           "can be done through this API")
 @SuppressWarnings("NonJaxWsWebServices")
@@ -58,6 +63,7 @@ public interface Certificate {
             @ApiResponse(code = 200, message = "Added successfully"),
             @ApiResponse(code = 500, message = "Error occurred while saving the certificate")
             })
+    @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"})
     Response saveCertificate(@HeaderParam("Accept") String acceptHeader,
                              @ApiParam(name = "enrollmentCertificates", value = "certificate with serial, "
                                      + "pem and tenant id", required = true) EnrollmentCertificate[]
@@ -83,6 +89,7 @@ public interface Certificate {
             @ApiResponse(code = 400, message = "Notification status updated successfully"),
             @ApiResponse(code = 500, message = "Error occurred while converting PEM file to X509Certificate")
             })
+    @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
     Response getCertificate(@HeaderParam("Accept") String acceptHeader,
                             @ApiParam(name = "serialNumber", value = "Provide the serial number of the "
                             + "certificate that you wish to get the details of", required = true)
@@ -113,6 +120,7 @@ public interface Certificate {
             @ApiResponse(code = 400, message = "Invalid length value"),
             @ApiResponse(code = 500, message = "Error occurred while fetching all certificates")
             })
+    @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
     Response getAllCertificates(@HeaderParam("Accept") String acceptHeader,
                                 @ApiParam(name = "start",
                                     value = "Provide the starting pagination index as the value", required = true)
@@ -135,6 +143,7 @@ public interface Certificate {
             @ApiResponse(code = 400, message = "Invalid start index"),
             @ApiResponse(code = 500, message = "Error when deleting the certificate"
             ) })
+    @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"})
     Response removeCertificate(@HeaderParam("Accept") String acceptHeader,
                                @ApiParam(name = "serialNumber", value = "Provide the serial number of the "
                                     + "certificate that you wish to delete", required = true)

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Configuration.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.TenantConfiguration;
 
 import javax.ws.rs.*;
@@ -29,6 +30,9 @@ import javax.ws.rs.core.Response;
  * General Tenant Configuration REST-API implementation.
  * All end points support JSON, XMl with content negotiation.
  */
+@API(name = "Configuration", version = "1.0.0", context = "/configuration", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/configuration")
 @Api(value = "Configuration", description = "General Tenant Configuration management capabilities are exposed " +
                                             "through this API")
@@ -48,6 +52,7 @@ public interface Configuration {
             @ApiResponse(code = 201, message = "Tenant configuration saved successfully"),
             @ApiResponse(code = 500, message = "Error occurred while saving the tenant configuration")
             })
+    @Permission(scope = "configuration-modify", permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"})
     Response saveTenantConfiguration(@ApiParam(name = "configuration", value = "The required properties to "
                                     + "update the platform configurations the as the <JSON_PAYLOAD> value",
                                     required = true) TenantConfiguration configuration);
@@ -64,6 +69,7 @@ public interface Configuration {
             @ApiResponse(code = 200, message = "OK"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the tenant configuration")
             })
+    @Permission(scope = "configuration-view", permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"})
     Response getConfiguration();
 
     @PUT
@@ -77,6 +83,7 @@ public interface Configuration {
             @ApiResponse(code = 201, message = "Tenant configuration updated successfully"),
             @ApiResponse(code = 500, message = "Error occurred while updating the tenant configuration")
             })
+    @Permission(scope = "configuration-modify", permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"})
     Response updateConfiguration(@ApiParam(name = "configuration", value = "The required properties to update"
                                 + " the platform configurations the as the <JSON_PAYLOAD> value",
                                 required = true) TenantConfiguration configuration);

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Device.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
 import org.wso2.carbon.device.mgt.core.dto.DeviceType;
 
@@ -29,6 +30,9 @@ import javax.ws.rs.core.Response;
 /**
  * Device related operations such as get all the available devices, etc.
  */
+@API(name = "Configuration", version = "1.0.0", context = "/devices", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/devices")
 @Api(value = "Device", description = "Device related operations such as get all the available devices, etc.")
 @SuppressWarnings("NonJaxWsWebServices")
@@ -55,6 +59,7 @@ public interface Device {
             @ApiResponse(code = 200, message = "List of Devices"),
             @ApiResponse(code = 500, message = "Error occurred while fetching the device list")
             })
+    @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
     Response getAllDevices(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or"
                                 + " windows", required = true) @QueryParam("type") String type,
                            @ApiParam(name = "user", value = "Get the details of the devices registered to a "
@@ -86,6 +91,9 @@ public interface Device {
     @GET
     @Path("view")
     @Produces({ MediaType.APPLICATION_JSON })
+    @Permission(scope = "device-view", permissions = {
+            "/permission/admin/device-mgt/admin/devices/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getDevice(@QueryParam("type") String type, @QueryParam("id") String id);
 
     /**
@@ -96,6 +104,9 @@ public interface Device {
      */
     @GET
     @Path("user/{user}")
+    @Permission(scope = "device-view-own", permissions = {
+            "/permission/admin/device-mgt/user/devices/list",
+            "/permission/admin/device-mgt/admin/devices/list"})
     Response getDeviceOfUser(@PathParam("user") String user);
 
     /**
@@ -106,6 +117,9 @@ public interface Device {
      */
     @GET
     @Path("user/{user}/count")
+    @Permission(scope = "device-count-own", permissions = {
+            "/permission/admin/device-mgt/user/devices/list",
+            "/permission/admin/device-mgt/admin/devices/list"})
     Response getDeviceCountOfUser(@PathParam("user") String user);
 
     /**
@@ -124,6 +138,7 @@ public interface Device {
             @ApiResponse(code = 200, message = "Device count"),
             @ApiResponse(code = 500, message = "Error occurred while fetching the device count")
             })
+    @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
     Response getDeviceCount();
 
     /**
@@ -135,6 +150,7 @@ public interface Device {
      */
     @GET
     @Path("name/{name}/{tenantDomain}")
+
     @ApiOperation(
             httpMethod = "GET",
             value = "Get the device details of a specific device via the REST API",
@@ -145,8 +161,9 @@ public interface Device {
             @ApiResponse(code = 200, message = "List of devices"),
             @ApiResponse(code = 500, message = "Error occurred while fetching the devices list of device name")
             })
-    Response getDevicesByName(@ApiParam(name = "name", value = "The name of the device or windows",
+    @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
-                                    required = true) @PathParam("name") String deviceName,
+    Response getDevicesByName(@ApiParam(name = "name", value = "The name of the device or windows", required = true)
+                              @PathParam("name") String deviceName,
                               @ApiParam(name = "tenantDomain", value = "Tenant domain name. The default "
                                     + "tenant domain of WSO2 EMM is carbon.super", required = true)
                               @PathParam("tenantDomain") String tenantDomain);
@@ -168,6 +185,7 @@ public interface Device {
     @ApiResponses(value = {
             @ApiResponse(code = 200, message = "List of devices based on the type"),
             @ApiResponse(code = 500, message = "Error occurred while fetching the list of device types") })
+    @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
     Response getDeviceTypes();
 
     /**
@@ -177,6 +195,8 @@ public interface Device {
      */
     @PUT
     @Path("type/{type}/id/{deviceId}")
+    @Permission(scope = "device-modify", permissions = {
+            "/permission/admin/device-mgt/user/devices/modify", "/permission/admin/device-mgt/admin/devices/modify"})
     Response updateDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId,
                           org.wso2.carbon.device.mgt.common.Device updatedDevice);
 
@@ -187,6 +207,8 @@ public interface Device {
      */
     @DELETE
     @Path("type/{type}/id/{deviceId}")
+    @Permission(scope = "device-modify", permissions = {
+            "/permission/admin/device-mgt/user/devices/modify", "/permission/admin/device-mgt/admin/devices/modify"})
     Response disenrollDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId);
 
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceInformation.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.common.device.details.DeviceInfo;
 import org.wso2.carbon.device.mgt.common.device.details.DeviceLocation;
 
@@ -31,6 +32,9 @@ import javax.ws.rs.core.Response;
 /**
  * Device information related operations.
  */
+@API(name = "Device Information", version = "1.0.0", context = "/information", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/information")
 @Api(value = "DeviceInformation", description = "Device information related operations can be found here.")
 @SuppressWarnings("NonJaxWsWebServices")
@@ -50,6 +54,7 @@ public interface DeviceInformation {
             @ApiResponse(code = 400, message = ""),
             @ApiResponse(code = 500, message = "Internal Server Error")
             })
+    @Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
     Response getDeviceInfo(@ApiParam(name = "type", value = "Provide the device type, such as ios, android "
                                     + "or windows", required = true) @PathParam("type") String type,
                            @ApiParam(name = "id", value = "Provide the device identifier", required = true)
@@ -70,6 +75,7 @@ public interface DeviceInformation {
             @ApiResponse(code = 400, message = ""),
             @ApiResponse(code = 500, message = "Internal Server Error")
             })
+    @Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
     Response getDeviceLocation(@ApiParam(name = "type", value = "Provide the device type, such as ios, "
                                     + "android or windows", required = true) @PathParam("type") String type,
                                @ApiParam(name = "id", value = "Provide the device identifier",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceNotification.java

@@ -18,21 +18,11 @@
 
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
-import io.swagger.annotations.Api;
+import io.swagger.annotations.*;
-import io.swagger.annotations.ApiOperation;
+import org.wso2.carbon.apimgt.annotations.api.*;
-import io.swagger.annotations.ApiParam;
-import io.swagger.annotations.ApiResponse;
-import io.swagger.annotations.ApiResponses;
 import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
-import org.wso2.carbon.device.mgt.jaxrs.api.util.ResponsePayload;
 
-import javax.ws.rs.Consumes;
+import javax.ws.rs.*;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
@@ -40,6 +30,9 @@ import javax.ws.rs.core.Response;
  * DeviceNotification management REST-API implementation.
  * All end points support JSON, XMl with content negotiation.
  */
+@API(name = "Device Notification", version = "1.0.0", context = "/notifications", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Api(value = "DeviceNotification", description = "Device notification related operations can be found here.")
 @SuppressWarnings("NonJaxWsWebServices")
 @Path("/notifications")
@@ -62,6 +55,9 @@ public interface DeviceNotification {
                     responseContainer = "List"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the notification list")
     })
+    @Permission(scope = "device-notification-view", permissions = {
+            "/permission/admin/device-mgt/admin/notifications/view",
+            "/permission/admin/device-mgt/user/notifications/view"})
     Response getNotifications();
 
     @GET
@@ -80,6 +76,9 @@ public interface DeviceNotification {
                     responseContainer = "List"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the notification list")
     })
+    @Permission(scope = "device-notification-view", permissions = {
+            "/permission/admin/device-mgt/admin/notifications/view",
+            "/permission/admin/device-mgt/user/notifications/view"})
     Response getNotificationsByStatus(@ApiParam(name = "status", value = "Provide the notification status as"
             + " the value for {status}", required = true)
                                       @PathParam("status") Notification.Status status);
@@ -97,6 +96,8 @@ public interface DeviceNotification {
             @ApiResponse(code = 201, message = "Notification status updated successfully"),
             @ApiResponse(code = 500, message = "Error occurred while updating notification status")
     })
+    @Permission(scope = "device-notification-modify",
+            permissions = {"/permission/admin/device-mgt/admin/notifications/modify"})
     Response updateNotificationStatus(@ApiParam(name = "id", value = "Provide the ID of the notification"
             + " you wish you update", required = true) @PathParam("id") int id,
                                       @ApiParam(name = "status", value = "Provide the notification status as"
@@ -114,6 +115,8 @@ public interface DeviceNotification {
             @ApiResponse(code = 201, message = "NNotification has added successfully"),
             @ApiResponse(code = 500, message = "Error occurred while updating notification status")
     })
+    @Permission(scope = "device-notification-modify",
+            permissions = {"/permission/admin/device-mgt/admin/notifications/modify"})
     Response addNotification(Notification notification);
 
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/DeviceSearch.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.common.device.details.DeviceWrapper;
 import org.wso2.carbon.device.mgt.common.search.SearchContext;
 
@@ -30,6 +31,9 @@ import javax.ws.rs.core.Response;
 /**
  * Device search related operations such as getting device information.
  */
+@API(name = "Device Search", version = "1.0.0", context = "/search", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/search")
 @Api(value = "DeviceSearch", description = "Device searching related operations can be found here.")
 @SuppressWarnings("NonJaxWsWebServices")
@@ -47,6 +51,7 @@ public interface DeviceSearch {
             @ApiResponse(code = 200, message = "OK", response = DeviceWrapper.class, responseContainer = "List"),
             @ApiResponse(code = 500, message = "Error occurred while searching the device information")
             })
+    @Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
     Response getFilteredDeviceInfo(@ApiParam(name = "enrollmentCertificates", value = "List of search conditions",
                                     required = true) SearchContext searchContext);
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Feature.java

@@ -19,19 +19,18 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 
-import javax.ws.rs.Consumes;
+import javax.ws.rs.*;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
 /**
  * Features
  */
+@API(name = "Device Search", version = "1.0.0", context = "/features", tags = {"devicemgt_admin"})
 
+// Below Api is for swagger annotations
 @Api(value = "Feature", description = "Feature management related operations can be found here.")
 @SuppressWarnings("NonJaxWsWebServices")
 @Path("/features")
@@ -59,6 +58,8 @@ public interface Feature {
     @ApiResponses(value = { @ApiResponse(code = 200, message = "List of Features"),
                             @ApiResponse(code = 500, message = "Error occurred while retrieving the list of features" +
                                                                ".") })
+    @Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getFeatures(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or windows",
                                    required = true) @PathParam("type") String type);
 

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Group.java

@@ -19,6 +19,8 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.Api;
+import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Permission;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
 
@@ -35,80 +37,93 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 import java.util.List;
 
+@API(name = "Group", version = "1.0.0", context = "/groups", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/groups")
 @Api(value = "Group", description = "Group related operations such as get all the available groups, etc.")
 @SuppressWarnings("NonJaxWsWebServices")
 public interface Group {
 
+    @GET
+    @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
+    Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length);
+
     @POST
     @Consumes("application/json")
+    @Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/user/groups/add"})
     Response createGroup(DeviceGroup group);
 
+    @Path("/owner/{owner}/name/{groupName}")
+    @GET
+    @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/view"})
+    Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
+
     @Path("/owner/{owner}/name/{groupName}")
     @PUT
     @Consumes("application/json")
     @Produces("application/json")
+    @Permission(scope = "group-modify", permissions = {"/permission/admin/device-mgt/user/groups/update"})
     Response updateGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                          DeviceGroup deviceGroup);
 
     @Path("/owner/{owner}/name/{groupName}")
     @DELETE
+    @Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/user/groups/remove"})
     Response deleteGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
 
-    @GET
+
-    @Produces("application/json")
-    Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length);
 
     @Path("/all")
     @GET
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response getAllGroups();
 
     @Path("/user/{user}")
     @GET
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response getGroups(@PathParam("user") String userName, @QueryParam("start") int startIndex,
                        @QueryParam("length") int length);
 
-    @Path("/user/{user}/all")
-    @GET
-    @Produces("application/json")
-    Response getGroups(@PathParam("user") String userName);
-
-    @Path("/owner/{owner}/name/{groupName}")
-    @GET
-    @Produces("application/json")
-    Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
-
     @Path("/user/{user}/search")
     @GET
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response findGroups(@QueryParam("groupName") String groupName, @PathParam("user") String user);
 
     @Path("/user/{user}/all")
     @GET
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response getGroups(@PathParam("user") String userName, @QueryParam("permission") String permission);
 
     @Path("/count")
     @GET
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response getAllGroupCount();
 
     @Path("/user/{user}/count")
     @GET
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response getGroupCount(@PathParam("user") String userName);
 
     @Path("/owner/{owner}/name/{groupName}/share")
     @PUT
     @Produces("application/json")
+    @Permission(scope = "group-share", permissions = {"/permission/admin/device-mgt/user/groups/share"})
     Response shareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                         @FormParam("shareUser") String shareUser, @FormParam("roleName") String sharingRole);
 
     @Path("/owner/{owner}/name/{groupName}/unshare")
     @PUT
     @Produces("application/json")
+    @Permission(scope = "group-share", permissions = {"/permission/admin/device-mgt/user/groups/unshare"})
     Response unShareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                           @FormParam("unShareUser") String unShareUser,
                           @FormParam("roleName") String sharingRole);
@@ -116,58 +131,68 @@ public interface Group {
     @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions")
     @PUT
     @Produces("application/json")
+    @Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/admin/groups/roles/permissions/add"})
     Response addSharing(@QueryParam("shareUser") String shareUser, @PathParam("groupName") String groupName,
                         @PathParam("owner") String owner, @PathParam("roleName") String roleName, String[] permissions);
 
     @DELETE
     @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions")
     @Produces("application/json")
+    @Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/admin/groups/roles/permissions/remove"})
     Response removeSharing(@QueryParam("userName") String userName, @PathParam("groupName") String groupName,
                            @PathParam("owner") String owner, @PathParam("roleName") String roleName);
 
     @GET
     @Path("/owner/{owner}/name/{groupName}/share/roles")
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
     Response getRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                       @QueryParam("userName") String userName);
 
     @PUT
     @Path("/owner/{owner}/name/{groupName}/user/{userName}/share/roles")
     @Produces("application/json")
+    @Permission(scope = "group-modify", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
     Response setRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                       @PathParam("userName") String userName, List<String> selectedRoles);
 
     @GET
     @Path("/owner/{owner}/name/{groupName}/users")
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
     Response getUsers(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
 
     @GET
     @Path("/owner/{owner}/name/{groupName}/devices")
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
     Response getDevices(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                         @QueryParam("start") int startIdx, @QueryParam("length") int length);
 
     @GET
     @Path("/owner/{owner}/name/{groupName}/devices/count")
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/devices/count"})
     Response getDeviceCount(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
 
     @POST
     @Path("/owner/{owner}/name/{groupName}/devices")
     @Produces("application/json")
+    @Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/user/groups/devices/add"})
     Response addDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                        DeviceIdentifier deviceIdentifier);
 
     @DELETE
     @Path("/owner/{owner}/name/{groupName}/devices/{deviceType}/{deviceId}")
     @Produces("application/json")
+    @Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/user/groups/devices/remove"})
     Response removeDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
                           @PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType);
 
     @GET
     @Path("/owner/{owner}/name/{groupName}/users/{userName}/permissions")
     @Produces("application/json")
+    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/roles/permissions"})
     Response getPermissions(@PathParam("userName") String userName, @PathParam("groupName") String groupName,
                             @PathParam("owner") String owner);
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/License.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.Api;
+import org.wso2.carbon.apimgt.annotations.api.*;
 
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
@@ -27,6 +28,9 @@ import javax.ws.rs.core.Response;
 /**
  * This class represents license related operations.
  */
+@API(name = "License", version = "1.0.0", context = "/license", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Api(value = "License")
 @Path("/license")
 @SuppressWarnings("NonJaxWsWebServices")
@@ -42,6 +46,8 @@ public interface License {
     @GET
     @Path("{deviceType}/{languageCode}")
     @Produces({ MediaType.APPLICATION_JSON })
+    @Permission(scope = "license-view", permissions = {"/permission/admin/device-mgt/admin/device/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getLicense(@PathParam("deviceType") String deviceType,
                         @PathParam("languageCode") String languageCode);
 
@@ -54,6 +60,7 @@ public interface License {
      */
     @POST
     @Path("{deviceType}")
+    @Permission(scope = "license-add", permissions = {"/permission/admin/device-mgt/admin/devices/view"})
     Response addLicense(@PathParam("deviceType") String deviceType,
                         org.wso2.carbon.device.mgt.common.license.mgt.License license);
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Operation.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.common.app.mgt.Application;
 import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
 import org.wso2.carbon.device.mgt.jaxrs.api.context.DeviceOperationContext;
@@ -31,12 +32,18 @@ import javax.ws.rs.core.Response;
 /**
  *
  */
+@API(name = "Operation", version = "1.0.0", context = "/operations", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/operations")
 @Api(value = "Operation", description = "Operation management related operations can be found here.")
 public interface Operation {
 
     /* @deprecated */
     @GET
+    @Permission(scope = "operation-view", permissions = {
+            "/permission/admin/device-mgt/admin/devices/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getAllOperations();
 
     @GET
@@ -56,6 +63,9 @@ public interface Operation {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."),
             @ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " +
                     "device.")})
+    @Permission(scope = "operation-view", permissions = {
+            "/permission/admin/device-mgt/admin/devices/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " +
             "Example: ios, android or windows.",
             required = true) @PathParam("type") String type,
@@ -85,6 +95,9 @@ public interface Operation {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."),
             @ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " +
                     "device.")})
+    @Permission(scope = "operation-view", permissions = {
+            "/permission/admin/device-mgt/admin/devices/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getAllDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " +
             "Example: ios, android or windows.",
             required = true) @PathParam("type") String type,
@@ -93,6 +106,8 @@ public interface Operation {
 
     /* @deprecated */
     @POST
+    @Permission(scope = "operation-modify", permissions = {
+            "/permission/admin/device-mgt/admin/devices/add"})
     Response addOperation(DeviceOperationContext operationContext);
 
     @GET
@@ -108,6 +123,9 @@ public interface Operation {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "List of installed application details of a device.", response = Application.class, responseContainer = "List"),
             @ApiResponse(code = 500, message = "Error occurred while fetching the apps of the device" +
                     ".")})
+    @Permission(scope = "operation-view", permissions = {
+            "/permission/admin/device-mgt/admin/devices/view",
+            "/permission/admin/device-mgt/user/devices/view"})
     Response getInstalledApps(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " +
             "Example: ios, android or windows.",
             required = true) @PathParam("type") String type,
@@ -116,6 +134,8 @@ public interface Operation {
 
     @POST
     @Path("installApp/{tenantDomain}")
+    @Permission(scope = "operation-install",
+            permissions = {"/permission/admin/device-mgt/admin/operations/applications/install-applications"})
     @ApiOperation(
             consumes = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML,
             produces = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML,
@@ -143,6 +163,8 @@ public interface Operation {
             notes = "Uninstall a selected application from a device.")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Operation was successfully added to the queue."),
             @ApiResponse(code = 500, message = "Error occurred while saving the operation.")})
+    @Permission(scope = "operation-uninstall",
+            permissions = {"/permission/admin/device-mgt/admin/operations/applications/uninstall-applications"})
     Response uninstallApplication(@ApiParam(name = "applicationWrapper", value = "Details about the application and" +
             " the users and roles it should be " +
             "uninstalled.",
@@ -163,6 +185,7 @@ public interface Operation {
             notes = "This will return the operation details including the responses from the devices")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Activity details provided successfully.."),
             @ApiResponse(code = 500, message = "Error occurred while fetching the activity for the supplied id.")})
+    @Permission(scope = "operation-view", permissions = {"/permission/admin/device-mgt/admin/devices/view"})
     Response getActivity(@ApiParam(name = "id", value = "Provide activity id {id} as ACTIVITY_(number)",
             required = true) @PathParam("id") String id)
             throws MDMAPIException;

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Policy.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
@@ -28,6 +29,9 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
 
+@API(name = "Policy", version = "1.0.0", context = "/policies", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/policies")
 @Api(value = "Policy", description = "Policy management related operations can be found here.")
 public interface Policy {
@@ -45,6 +49,7 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."),
             @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
                     "adding the policy")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
     Response addPolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.",
             required = true) PolicyWrapper policyWrapper);
 
@@ -62,6 +67,7 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."),
             @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
                     "adding the policy")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
     Response addActivePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.",
             required = true) PolicyWrapper policyWrapper);
 
@@ -79,6 +85,7 @@ public interface Policy {
             response = org.wso2.carbon.policy.mgt.common.Policy.class, responseContainer = "List"),
             @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
                     "fetching the policies.")})
+    @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
     Response getAllPolicies();
 
     @GET
@@ -94,6 +101,7 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched policy details."),
             @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
                     "fetching the policies.")})
+    @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
     Response getPolicy(@ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.",
             required = true) @PathParam("id") int policyId);
 
@@ -108,6 +116,7 @@ public interface Policy {
             response = int.class)
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched the policy count."),
             @ApiResponse(code = 500, message = "Error while Fetching the policy count.")})
+    @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
     Response getPolicyCount();
 
     @PUT
@@ -122,6 +131,7 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 201, message = "Policy has been updated successfully."),
             @ApiResponse(code = 500, message = "Policy Management related exception in policy " +
                     "update")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
     Response updatePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.",
             required = true) PolicyWrapper policyWrapper,
                           @ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.",
@@ -141,6 +151,7 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Policy Priorities successfully updated."),
             @ApiResponse(code = 400, message = "Policy priorities did not update."),
             @ApiResponse(code = 500, message = "Error in updating policy priorities.")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
     Response updatePolicyPriorities(@ApiParam(name = "priorityUpdatedPolicies",
             value = "List of policy update details..",
             required = true) List<PriorityUpdatedPolicyWrapper> priorityUpdatedPolicies);
@@ -158,6 +169,7 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deleted."),
             @ApiResponse(code = 400, message = "Policy does not exist."),
             @ApiResponse(code = 500, message = "Error in deleting policies.")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/remove"})
     Response bulkRemovePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deleted.",
             required = true) List<Integer> policyIds);
 
@@ -173,6 +185,9 @@ public interface Policy {
                     "in the inactive state to the active state.")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully activated."),
             @ApiResponse(code = 500, message = "Error in activating policies.")})
+    @Permission(scope = "policy-modify", permissions = {
+            "/permission/admin/device-mgt/admin/policies/update",
+            "/permission/admin/device-mgt/admin/policies/add"})
     Response activatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be activated.",
             required = true) List<Integer> policyIds);
 
@@ -188,6 +203,9 @@ public interface Policy {
                     "is in the active state to the inactive state.")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deactivated."),
             @ApiResponse(code = 500, message = "Error in deactivating policies.")})
+    @Permission(scope = "policy-modify", permissions = {
+            "/permission/admin/device-mgt/admin/policies/update",
+            "/permission/admin/device-mgt/admin/policies/add"})
     Response inactivatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deactivated.",
             required = true) List<Integer> policyIds) throws MDMAPIException;
 
@@ -206,6 +224,7 @@ public interface Policy {
                     " you need to apply the changes to push the policy changes to the existing devices.")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Changes have been successfully updated."),
             @ApiResponse(code = 500, message = "Error in updating policies.")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
     Response applyChanges();
 
     @GET
@@ -223,23 +242,28 @@ public interface Policy {
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Policy monitoring service started successfully."),
             @ApiResponse(code = 500, message = "Policy Management related exception when starting " +
                     "monitoring service.")})
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
     Response startTaskService(@ApiParam(name = "milliseconds", value = "Policy monitoring frequency in milliseconds.",
             required = true) @PathParam("milliseconds") int monitoringFrequency);
 
     @GET
     @Path("update-task/{milliseconds}")
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
     Response updateTaskService(@PathParam("milliseconds") int monitoringFrequency);
 
     @GET
     @Path("stop-task")
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
     Response stopTaskService();
 
     @GET
     @Path("{type}/{id}")
+    @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
     Response getComplianceDataOfDevice(@PathParam("type") String type, @PathParam("id") String id);
 
     @GET
     @Path("{type}/{id}/active-policy")
+    @Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
     @ApiOperation(
             consumes = MediaType.APPLICATION_JSON,
             produces = MediaType.APPLICATION_JSON,

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Profile.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.Api;
+import org.wso2.carbon.apimgt.annotations.api.*;
 
 import javax.ws.rs.DELETE;
 import javax.ws.rs.POST;
@@ -29,20 +30,26 @@ import javax.ws.rs.core.Response;
 /**
  * These end points provide profile related operations.
  */
+@API(name = "Profile", version = "1.0.0", context = "/profiles", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Api(value = "Profile")
 @Path("/profiles")
 @SuppressWarnings("NonJaxWsWebServices")
 public interface Profile {
 
     @POST
+    @Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
     Response addProfile(org.wso2.carbon.policy.mgt.common.Profile profile);
 
     @POST
     @Path("{id}")
+    @Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
     Response updateProfile(org.wso2.carbon.policy.mgt.common.Profile profile,
                            @PathParam("id") String profileId);
 
     @DELETE
     @Path("{id}")
+    @Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/remove"})
     Response deleteProfile(@PathParam("id") int profileId);
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/Role.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleWrapper;
 import org.wso2.carbon.user.mgt.common.UIPermissionNode;
 
@@ -27,6 +28,9 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
 
+@API(name = "Role", version = "1.0.0", context = "/roles", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/roles")
 @Api(value = "Role", description = "Role management related operations can be found here.")
 public interface Role {
@@ -43,6 +47,11 @@ public interface Role {
             response = String.class)
     @ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"),
                             @ApiResponse(code = 500, message = "Error occurred while fetching the role list.") })
+    @Permission(scope = "roles-view", permissions = {
+            "/permission/admin/device-mgt/admin/roles/list",
+            "/permission/admin/device-mgt/admin/users/view",
+            "/permission/admin/device-mgt/admin/policies/add",
+            "/permission/admin/device-mgt/admin/policies/update"})
     Response getAllRoles();
 
     @GET
@@ -58,6 +67,9 @@ public interface Role {
             response = String.class)
     @ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"),
                             @ApiResponse(code = 500, message = "Error occurred while fetching the role list.") })
+    @Permission(scope = "roles-view", permissions = {
+            "/permission/admin/device-mgt/admin/users/add",
+            "/permission/admin/device-mgt/admin/roles/list"})
     Response getRolesOfUserStore(@ApiParam(name = "userStore", value = "Provide the name of the UserStore you wish to get the" +
                                                             " details from ",
                                  required = true) @PathParam("userStore") String userStore);
@@ -79,6 +91,9 @@ public interface Role {
     @ApiResponses(value = { @ApiResponse(code = 200, message = "List of matching roles"),
                             @ApiResponse(code = 500, message = "Error occurred while fetching the matching role list" +
                                                                ".") })
+    @Permission(scope = "roles-view", permissions = {
+            "/permission/admin/device-mgt/admin/users/add",
+            "/permission/admin/device-mgt/admin/roles/list"})
     Response getMatchingRoles(@ApiParam(name = "filter", value = "Provide a character or a few characters in the" +
                                                                  " role name.",
                                         required = true) @QueryParam("filter") String filter);
@@ -99,6 +114,7 @@ public interface Role {
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Permission details of a role"),
                             @ApiResponse(code = 500, message = "Error occurred while fetching the permission " +
                                                                "details of a role.") })
+    @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
     Response getPermissions(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " +
                                                                   "permission details.",
                                        required = true) @QueryParam("rolename") String roleName);
@@ -115,6 +131,7 @@ public interface Role {
             response = RoleWrapper.class)
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Details of a role."),
                             @ApiResponse(code = 500, message = "Error occurred while retrieving the user role.") })
+    @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
     Response getRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " +
                                                           "details.",
                                required = true) @QueryParam("rolename") String roleName);
@@ -129,6 +146,7 @@ public interface Role {
             notes = "You are able to add a new role to WSO2 EMM using the REST API.")
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Added the role."),
                             @ApiResponse(code = 500, message = "Error occurred while adding the user role.") })
+    @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
     Response addRole(@ApiParam(name = "roleWrapper", value = "Role and permission details.",
                                required = true) RoleWrapper roleWrapper);
 
@@ -144,6 +162,7 @@ public interface Role {
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Updated the role."),
                             @ApiResponse(code = 500, message = "Error occurred while updating the user role details" +
                                                                ".") })
+    @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
     Response updateRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.",
                                   required = true) @QueryParam("rolename") String roleName,
                         @ApiParam(name = "roleWrapper", value = "Role and permission details.",
@@ -161,6 +180,7 @@ public interface Role {
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Deleted the role."),
                             @ApiResponse(code = 500, message = "Error occurred while deleting the user role details" +
                                                                ".") })
+    @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
     Response deleteRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to delete.",
                                   required = true) @QueryParam("rolename") String roleName);
 
@@ -180,6 +200,7 @@ public interface Role {
                     "role using this API.")
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Added Users to a Role."),
                             @ApiResponse(code = 500, message = "Error occurred while saving the users of the role.") })
+    @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
     Response updateUsers(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.",
                                    required = true) @QueryParam("rolename") String roleName,
                          @ApiParam(name = "userList", value = "Provide the names of the users you will to update.",
@@ -196,6 +217,7 @@ public interface Role {
             notes = "Get the number of roles in WSO2 EMM.")
     @ApiResponses(value = { @ApiResponse(code = 200, message = "Retrieved the role count."),
                             @ApiResponse(code = 500, message = "Error occurred while retrieving the role count.") })
+    @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
     Response getRoleCount();
 
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/User.java

@@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api;
 
 import io.swagger.annotations.*;
 import org.apache.axis2.databinding.types.soapencoding.Integer;
+import org.wso2.carbon.apimgt.annotations.api.*;
 import org.wso2.carbon.device.mgt.jaxrs.beans.UserCredentialWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.beans.UserWrapper;
 
@@ -31,6 +32,9 @@ import java.util.List;
 /**
  * This represents the JAX-RS services of User related functionality.
  */
+@API(name = "User", version = "1.0.0", context = "/users", tags = {"devicemgt_admin"})
+
+// Below Api is for swagger annotations
 @Path("/users")
 @Api(value = "User", description = "User management related operations can be found here.")
 public interface User {
@@ -48,6 +52,7 @@ public interface User {
             @ApiResponse(code = 201, message = "Created"),
             @ApiResponse(code = 500, message = "Exception in trying to add user by username: 'username'")
             })
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"})
     Response addUser(@ApiParam(name = "userWrapper", value = "Includes the required properties to add a user"
                             + " as the <JSON_PAYLOAD> value", required = true) UserWrapper userWrapper);
 
@@ -66,6 +71,7 @@ public interface User {
             @ApiResponse(code = 400, message = "User by username: 'username' does not exist"),
             @ApiResponse(code = 500, message = "Exception in trying to retrieve user by username: 'username'")
             })
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
     Response getUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to get the"
                             + " details of as the value", required = true)
                             @QueryParam("username") String username);
@@ -86,6 +92,7 @@ public interface User {
                     + "request made to update user was refused"),
             @ApiResponse(code = 500, message = "Exception in trying to update user by username: 'username'")
             })
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
     Response updateUser(@ApiParam(name = "userWrapper", value = "Provide the name of the user you wish to get"
                                 + " the details of as the value", required = true) UserWrapper userWrapper,
                         @ApiParam(name = "username", value = "Provide the name of the user you wish to get "
@@ -106,6 +113,7 @@ public interface User {
             @ApiResponse(code = 400, message = "User by username: 'username' does not exist for removal"),
             @ApiResponse(code = 500, message = "Exception in trying to remove user by username: 'username'")
             })
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
     Response removeUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to delete"
                                 + " as the value for {username}", required = true)
                                 @QueryParam("username") String username);
@@ -126,6 +134,7 @@ public interface User {
             @ApiResponse(code = 400, message = "User by username: 'username' does not exist for role retrieval"),
             @ApiResponse(code = 500, message = "Exception in trying to retrieve roles for user by username: 'username'")
             })
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
     Response getRolesOfUser(@ApiParam(name = "username", value = "Provide the user name of the user you wish to get"
                             + " the role details", required = true) @QueryParam("username") String username);
 
@@ -143,11 +152,13 @@ public interface User {
             @ApiResponse(code = 201, message = "All users were successfully retrieved"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
             })
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
     Response getAllUsers();
 
     @GET
     @Path("{filter}")
     @Produces({MediaType.APPLICATION_JSON})
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
     Response getMatchingUsers(@PathParam("filter") String filter);
 
     @GET
@@ -167,6 +178,7 @@ public interface User {
                     + " user count: 'count'"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
             })
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
     Response getAllUsersByUsername(@ApiParam(name = "username", value = "Provide any user detail of the user"
                                         + " as the value for {username} to retrieve the user details, such "
                                         + "as email address, first name or last name", required = true)
@@ -190,6 +202,7 @@ public interface User {
                     + " user count: 'count'"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
             })
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
     Response getAllUserNamesByUsername(@ApiParam(name = "username", value = "Provide a character or a few "
                                             + "character in the user name as the value for {username}",
                                             required = true) @QueryParam("username") String userName);
@@ -207,6 +220,7 @@ public interface User {
             @ApiResponse(code = 200, message = "Email invitation was successfully sent to user"),
             @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
             })
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/invite"})
     Response inviteExistingUsersToEnrollDevice(@ApiParam(name = "usernames", value = "List of the users to be"
                                                     + " invited as the <JSON_PAYLOAD>", required = true)
                                                     List<String> usernames);
@@ -226,6 +240,9 @@ public interface User {
             @ApiResponse(code = 200, message = "OK"),
             @ApiResponse(code = 500, message = "Device management error")
             })
+    @Permission(scope = "user-view", permissions = {
+            "/permission/admin/device-mgt/user/devices/list",
+            "/permission/admin/device-mgt/admin/devices/list"})
     Response getAllDeviceOfUser(@ApiParam(name = "username", value = "Provide the name of the user you wish "
                                     + "to get the details", required = true) @QueryParam("username")
                                     String username,
@@ -247,11 +264,13 @@ public interface User {
             @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users that exist"
                     + " within the current tenant")
             })
+    @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
     Response getUserCount();
 
     @PUT
     @Path("{roleName}/users")
     @Produces({MediaType.APPLICATION_JSON})
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
     Response updateRoles(@PathParam("roleName") String roleName, List<String> userList);
 
     @POST
@@ -272,6 +291,7 @@ public interface User {
                     + " Character Encoding is not supported"),
             @ApiResponse(code = 500, message = "Internal Server Error")
             })
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
     Response resetPassword(@ApiParam(name = "credentials", value = "Include the required properties to change"
                                 + " the user password as <JSON_PAYLOAD> value", required = true)
                                 UserCredentialWrapper credentials);
@@ -297,6 +317,7 @@ public interface User {
                     + " Character Encoding is not supported"),
             @ApiResponse(code = 500, message = "Internal Server Error")
             })
+    @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/password-reset"})
     Response resetPasswordByAdmin(@ApiParam(name = "credentials", value = "Include the required properties "
                                         + "to change a user password as <JSON_PAYLOAD> value",
                                         required = true) UserCredentialWrapper credentials);

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/GroupImpl.java

@@ -174,25 +174,6 @@ public class GroupImpl implements Group {
         }
     }
 
-    @Override
-    @Path("/user/{user}/all")
-    @GET
-    @Produces("application/json")
-    public Response getGroups(@PathParam("user") String userName) {
-        try {
-            List<DeviceGroup> deviceGroups = DeviceMgtAPIUtils.getGroupManagementProviderService()
-                    .getGroups(userName);
-            if (deviceGroups.size() > 0) {
-                return Response.status(Response.Status.OK).entity(deviceGroups).build();
-            } else {
-                return Response.status(Response.Status.NOT_FOUND).build();
-            }
-        } catch (GroupManagementException e) {
-            log.error(e.getMessage(), e);
-            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
-        }
-    }
-
     @Override
     @Path("/owner/{owner}/name/{groupName}")
     @GET

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml

@@ -936,13 +936,13 @@
     </Permission>
     <Permission>
         <name>get certificate in the database</name>
-        <path>/device-mgt/android/certificate/Get</path>
+        <path>/device-mgt/android/certificate/view</path>
         <url>/certificates/*</url>
         <method>GET</method>
     </Permission>
     <Permission>
-        <name>get certificate in the database</name>
+        <name>Remove certificate in the database</name>
-        <path>/device-mgt/android/certificate/Get</path>
+        <path>/device-mgt/android/certificate/remove</path>
         <url>/certificates/*</url>
         <method>DELETE</method>
     </Permission>
@@ -979,7 +979,7 @@
 
     <Permission>
         <name>Group Delete</name>
-        <path>/device-mgt/user/groups/delete</path>
+        <path>/device-mgt/user/groups/remove</path>
         <url>/groups/owner/*/name/*</url>
         <method>DELETE</method>
     </Permission>
@@ -1084,7 +1084,7 @@
 
     <Permission>
         <name>Group Delete Permissions</name>
-        <path>/device-mgt/admin/groups/roles/permissions/delete</path>
+        <path>/device-mgt/admin/groups/roles/permissions/remove</path>
         <url>/groups/owner/*/name/*/share/roles/*/permissions</url>
         <method>DELETE</method>
     </Permission>

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -70,6 +70,16 @@
         <param-value>true</param-value>
     </context-param-->
 
+    <!--publish to apim-->
+    <context-param>
+        <param-name>managed-api-enabled</param-name>
+        <param-value>true</param-value>
+    </context-param>
+    <context-param>
+        <param-name>managed-api-owner</param-name>
+        <param-value>admin</param-value>
+    </context-param>
+
     <!-- Below configuration is used to redirect http requests to https -->
     <security-constraint>
         <web-resource-collection>

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java

@@ -98,7 +98,6 @@ public class JWTAuthenticator implements WebappAuthenticator {
 
             //Get the filesystem keystore default primary certificate
             JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
-            //https://wso2.org/jira/browse/APIMANAGER-4504 need to change this to jwsObject.verify(verifier)
             if (jwsObject.verify(verifier)) {
                 username = MultitenantUtils.getTenantAwareUsername(username);
                 if (tenantId == -1) {