mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Merge pull request 'Add api for get visible roles' (#146) from nishan/device-mgt-core:add-visible-role-api into master
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/146
This commit is contained in:
commit
e0a1cd3dbb
@ -3658,13 +3658,6 @@ public class ApplicationManagerImpl implements ApplicationManager {
|
||||
log.error(msg);
|
||||
throw new ApplicationManagementException(msg);
|
||||
}
|
||||
if (!hasUserRole(unrestrictedRoles, userName)) {
|
||||
String msg = "You are trying to restrict the visibility of the application for a role set, but "
|
||||
+ "in order to perform the action at least one role should be assigned to user: "
|
||||
+ userName;
|
||||
log.error(msg);
|
||||
throw new BadRequestException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
Filter filter = new Filter();
|
||||
|
||||
@ -187,6 +187,104 @@ public interface RoleManagementService {
|
||||
defaultValue = "5")
|
||||
@QueryParam("limit") int limit);
|
||||
|
||||
@GET
|
||||
@Path("/visible/{metaKey}")
|
||||
@ApiOperation(
|
||||
produces = MediaType.APPLICATION_JSON,
|
||||
httpMethod = "GET",
|
||||
value = "Getting the List of Visible Roles",
|
||||
notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" +
|
||||
"Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.",
|
||||
tags = "Role Management",
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ApiResponses(value = {
|
||||
@ApiResponse(
|
||||
code = 200,
|
||||
message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.",
|
||||
response = RoleList.class,
|
||||
responseHeaders = {
|
||||
@ResponseHeader(
|
||||
name = "Content-Type",
|
||||
description = "The content type of the body"),
|
||||
@ResponseHeader(
|
||||
name = "ETag",
|
||||
description = "Entity Tag of the response resource.\n" +
|
||||
"Used by caches, or in conditional requests."),
|
||||
@ResponseHeader(
|
||||
name = "Last-Modified",
|
||||
description = "Date and time the resource has been modified the last time.\n" +
|
||||
"Used by caches, or in conditional requests."),
|
||||
}),
|
||||
@ApiResponse(
|
||||
code = 304,
|
||||
message = "Not Modified. \n Empty body because the client already has the latest version of the " +
|
||||
"requested resource."),
|
||||
@ApiResponse(
|
||||
code = 404,
|
||||
message = "Not Found. \n The specified resource does not exist.\n",
|
||||
response = ErrorResponse.class),
|
||||
@ApiResponse(
|
||||
code = 406,
|
||||
message = "Not Acceptable.\n The requested media type is not supported",
|
||||
response = ErrorResponse.class),
|
||||
@ApiResponse(
|
||||
code = 500,
|
||||
message = "Internal Server Error. \n Server error occurred while fetching the list of roles" +
|
||||
" assigned to the specified user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
Response getVisibleRole(
|
||||
@ApiParam(
|
||||
name = "filter",
|
||||
value = "Provide a character or a few characters in the role name.",
|
||||
required = false)
|
||||
@QueryParam("filter") String filter,
|
||||
@ApiParam(
|
||||
name = "user-store",
|
||||
value = "The name of the UserStore you wish to get the list of roles.",
|
||||
required = false)
|
||||
@QueryParam("user-store") String userStoreName,
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
value = "Checks if the requested variant was modified, since the specified date-time." +
|
||||
"Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" +
|
||||
"Example: Mon, 05 Jan 2014 15:10:00 +0200",
|
||||
required = false)
|
||||
@HeaderParam("If-Modified-Since") String ifModifiedSince,
|
||||
@ApiParam(
|
||||
name = "offset",
|
||||
value = "The starting pagination index for the complete list of qualified items.",
|
||||
required = false,
|
||||
defaultValue = "0")
|
||||
@QueryParam("offset") int offset,
|
||||
@ApiParam(
|
||||
name = "limit",
|
||||
value = "Provide how many role details you require from the starting pagination index/offset.",
|
||||
required = false,
|
||||
defaultValue = "5")
|
||||
@QueryParam("limit") int limit,
|
||||
@ApiParam(
|
||||
name = "username",
|
||||
value = "The username of the user.",
|
||||
required = true,
|
||||
defaultValue = "admin")
|
||||
@QueryParam("username") String username,
|
||||
@ApiParam(
|
||||
name = "domain",
|
||||
value = "The domain name of the user store.",
|
||||
required = false)
|
||||
@QueryParam("domain") String domain,
|
||||
@ApiParam(
|
||||
name = "metaKey",
|
||||
value = "Key of the metadata",
|
||||
required = true)
|
||||
@PathParam("metaKey") String metaKey);
|
||||
|
||||
@GET
|
||||
@Path("/filter/{prefix}")
|
||||
@ApiOperation(
|
||||
|
||||
@ -17,7 +17,13 @@
|
||||
*/
|
||||
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
|
||||
|
||||
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
|
||||
import org.apache.axis2.databinding.types.xsd._boolean;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.json.simple.JSONObject;
|
||||
import org.json.simple.parser.JSONParser;
|
||||
import org.json.simple.parser.ParseException;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.CarbonConstants;
|
||||
import org.wso2.carbon.base.MultitenantConstants;
|
||||
@ -97,6 +103,91 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/visible/{metaKey}")
|
||||
@Override
|
||||
public Response getVisibleRole(
|
||||
@QueryParam("filter") String filter,
|
||||
@QueryParam("user-store") String userStore,
|
||||
@HeaderParam("If-Modified-Since") String ifModifiedSince,
|
||||
@QueryParam("offset") int offset, @QueryParam("limit") int limit,
|
||||
@QueryParam("username") String username, @QueryParam("domain") String domain,
|
||||
@PathParam("metaKey") String metaKey) {
|
||||
RequestValidationUtil.validatePaginationParameters(offset, limit);
|
||||
if (limit == 0){
|
||||
limit = Constants.DEFAULT_PAGE_LIMIT;
|
||||
}
|
||||
if (domain != null && !domain.isEmpty()) {
|
||||
username = domain + '/' + username;
|
||||
}
|
||||
Metadata metadata;
|
||||
List<String> visibleRoles;
|
||||
RoleList visibleRoleList = new RoleList();
|
||||
try {
|
||||
metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey);
|
||||
String metaValue = metadata.getMetaValue();
|
||||
JSONParser parser = new JSONParser();
|
||||
JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
|
||||
boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles");
|
||||
if (decision) {
|
||||
if(userStore == null || "".equals(userStore)){
|
||||
userStore = PRIMARY_USER_STORE;
|
||||
}
|
||||
try{
|
||||
visibleRoles =getRolesFromUserStore(filter, userStore);
|
||||
visibleRoleList.setList(visibleRoles);
|
||||
|
||||
visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit);
|
||||
visibleRoleList.setList(visibleRoles);
|
||||
|
||||
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
|
||||
} catch (UserStoreException e) {
|
||||
String msg = "Error occurred while retrieving roles from the underlying user stores";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
}
|
||||
} else {
|
||||
try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
|
||||
if (!userStoreManager.isExistingUser(username)) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("User by username: " + username + " does not exist for role retrieval.");
|
||||
}
|
||||
String msg = "User by username: " + username + " does not exist for role retrieval.";
|
||||
return Response.status(Response.Status.NOT_FOUND).entity(msg).build();
|
||||
}
|
||||
visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username));
|
||||
|
||||
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
|
||||
}catch (UserStoreException e) {
|
||||
String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
}
|
||||
}
|
||||
} catch (MetadataManagementException e) {
|
||||
String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey;
|
||||
log.error(msg, e);
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
|
||||
} catch (ParseException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private List<String> getFilteredVisibleRoles(UserStoreManager userStoreManager, String username)
|
||||
throws UserStoreException {
|
||||
String[] roleListOfUser;
|
||||
roleListOfUser = userStoreManager.getRoleListOfUser(username);
|
||||
List<String> filteredRoles = new ArrayList<>();
|
||||
for (String role : roleListOfUser) {
|
||||
if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) {
|
||||
filteredRoles.add(role);
|
||||
}
|
||||
}
|
||||
return filteredRoles;
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/filter/{prefix}")
|
||||
@Override
|
||||
|
||||
Loading…
Reference in New Issue
Block a user