Bug fixes and fix for https://wso2.org/jira/browse/IOTS-158

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/GroupImpl.java

@@ -118,7 +118,7 @@ public class GroupImpl implements Group {
     @Override
     @GET
     @Produces("application/json")
-    public Response getGroups(@QueryParam("start") int startIndex, @PathParam("length") int length) {
+    public Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length) {
         try {
             PaginationResult paginationResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
                     .getGroups(startIndex, length);
@@ -331,8 +331,7 @@ public class GroupImpl implements Group {
     @Produces("application/json")
     public Response addSharing(@QueryParam("shareUser") String shareUser,
                                @PathParam("groupName") String groupName, @PathParam("owner") String owner,
-                               @PathParam("roleName") String roleName,
+                               @PathParam("roleName") String roleName, String[] permissions) {
-                               @FormParam("permissions") String[] permissions) {
 
         try {
             boolean isAdded = DeviceMgtAPIUtils.getGroupManagementProviderService().addGroupSharingRole(

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/api/impl/PolicyImpl.java

@@ -21,6 +21,11 @@ package org.wso2.carbon.device.mgt.jaxrs.api.impl;
 import org.apache.commons.httpclient.HttpStatus;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.Device;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
+import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
 import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
 import org.wso2.carbon.device.mgt.jaxrs.api.util.DeviceMgtAPIUtils;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
@@ -97,6 +102,22 @@ public class PolicyImpl implements org.wso2.carbon.device.mgt.jaxrs.api.Policy {
 
     private Response addPolicy(PolicyManagerService policyManagementService, ResponsePayload responseMsg,
                                org.wso2.carbon.policy.mgt.common.Policy policy) {
+        List<Device> devices = policy.getDevices();
+        if (devices != null && devices.size() == 1) {
+            DeviceAccessAuthorizationService deviceAccessAuthorizationService = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService();
+            DeviceIdentifier deviceIdentifier = new DeviceIdentifier(devices.get(0).getDeviceIdentifier(), devices.get(0).getType());
+            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            String username = threadLocalCarbonContext.getUsername();
+            try {
+                if (!deviceAccessAuthorizationService.isUserAuthorized(deviceIdentifier, username)) {
+                    return Response.status(Response.Status.UNAUTHORIZED).build();
+                }
+            } catch (DeviceAccessAuthorizationException e) {
+                String msg = "Device access authorization exception";
+                log.error(msg, e);
+                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+            }
+        }
         try {
             PolicyAdministratorPoint pap = policyManagementService.getPAP();
             pap.addPolicy(policy);

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml

@@ -669,6 +669,12 @@
         <url>/policies/inactive-policy</url>
         <method>POST</method>
     </Permission>
+    <Permission>
+        <name>Add Policy</name>
+        <path>/device-mgt/user/policies/add</path>
+        <url>/policies/inactive-policy</url>
+        <method>POST</method>
+    </Permission>
 
     <Permission>
         <name>List policies</name>
@@ -704,6 +710,12 @@
         <url>/policies/active-policy</url>
         <method>POST</method>
     </Permission>
+    <Permission>
+        <name>Add Policy</name>
+        <path>/device-mgt/user/policies/add</path>
+        <url>/policies/inactive-policy</url>
+        <method>POST</method>
+    </Permission>
 
     <Permission>
         <name>Remove policy</name>
@@ -726,6 +738,20 @@
         <method>GET</method>
     </Permission>
 
+    <Permission>
+        <name>List user policies</name>
+        <path>/device-mgt/user/policies/list</path>
+        <url>/policies</url>
+        <method>GET</method>
+    </Permission>
+
+    <Permission>
+        <name>List user policies</name>
+        <path>/device-mgt/user/policies/list</path>
+        <url>/policies/*</url>
+        <method>GET</method>
+    </Permission>
+
     <Permission>
         <name>Update policy</name>
         <path>/device-mgt/admin/policies/update</path>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js

@@ -668,6 +668,9 @@ var userModule = function () {
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/add")) {
             permissions["ADD_ROLE"] = true;
         }
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/add")) {
+            permissions["ADD_ADMIN_POLICY"] = true;
+        }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/add")) {
             permissions["ADD_POLICY"] = true;
         }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policies/policies.hbs

@@ -16,6 +16,7 @@
 {{/zone}}
 
 {{#zone "navbarActions"}}
+    {{#if permissions.ADD_ADMIN_POLICY}}
     <li>
         <a href="{{@app.context}}/policy/add" class="cu-btn">
             <span class="icon fw-stack">
@@ -25,6 +26,8 @@
             Add Policy
         </a>
     </li>
+    {{/if}}
+    {{#if permissions.CHANGE_POLICY_PRIORITY}}
         <li>
         <a href="{{@app.context}}/policy/priority" class="cu-btn">
             <span class="icon fw-stack">
@@ -34,6 +37,7 @@
             Policy Priority
         </a>
     </li>
+    {{/if}}
     <li>
         <a href="#" class="cu-btn" id="appbar-btn-apply-changes">
             <span class="icon fw-stack">

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policies/policies.js

@@ -18,12 +18,15 @@
 
 function onRequest(context) {
     context.handlebars.registerHelper('equal', function (lvalue, rvalue, options) {
-        if (arguments.length < 3)
+        if (arguments.length < 3) {
             throw new Error("Handlebars Helper equal needs 2 parameters");
+        }
         if (lvalue != rvalue) {
             return options.inverse(this);
         } else {
             return options.fn(this);
         }
     });
+    var userModule = require("/app/modules/user.js").userModule;
+    return {permissions: userModule.getUIPermissions()};
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.operation-mod/operation-mod.json

@@ -1,7 +1,3 @@
 {
-  "version": "1.0.0",
+  "version": "1.0.0"
-  "pushedUris": [
-    "/policies",
-    "/policy/{+any}"
-  ]
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.hbs

@@ -22,7 +22,7 @@
                     <div class="col-md-3 col-xs-3">
                         <div class="itm-wiz" data-step="policy-criteria">
                             <div class="wiz-no">3</div>
-                            <div class="wiz-lbl hidden-xs"><span>Assign to groups</span></div>
+                            <div class="wiz-lbl hidden-xs"><span>Assign</span></div>
                         </div>
                         <br class="c-both"/>
                     </div>