mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Merge branch 'master' into master
This commit is contained in:
Charitha Goonetilleke
commit
e3e9ad851c
@ -18,6 +18,9 @@
|
||||
|
||||
package io.entgra.device.mgt.core.apimgt.extension.rest.api.util;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* This class represents the scope data.
|
||||
*/
|
||||
@ -53,7 +56,7 @@ public class ScopeUtils {
|
||||
}
|
||||
|
||||
public void setRoles(String roles) {
|
||||
this.roles = roles;
|
||||
this.roles = removeDuplicatesFromRoleString(roles);
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
@ -75,4 +78,13 @@ public class ScopeUtils {
|
||||
"}";
|
||||
return jsonString;
|
||||
}
|
||||
|
||||
private static String removeDuplicatesFromRoleString(String roleString) {
|
||||
String[] roles = roleString.split(",");
|
||||
Set<String> roleSet = new HashSet<>();
|
||||
for(String role : roles) {
|
||||
roleSet.add(role.trim());
|
||||
}
|
||||
return String.join(",", roleSet);
|
||||
}
|
||||
}
|
||||
|
||||
@ -130,6 +130,10 @@
|
||||
<groupId>org.json.wso2</groupId>
|
||||
<artifactId>json</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.entgra.device.mgt.core</groupId>
|
||||
<artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
|
||||
@ -187,6 +191,8 @@
|
||||
io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util,
|
||||
io.entgra.device.mgt.core.device.mgt.common.exceptions,
|
||||
io.entgra.device.mgt.core.device.mgt.common.metadata.mgt,
|
||||
io.entgra.device.mgt.core.device.mgt.core.config,
|
||||
io.entgra.device.mgt.core.device.mgt.core.config.permission,
|
||||
org.wso2.carbon.base;version="1.0",
|
||||
org.wso2.carbon.context;version="4.6",
|
||||
org.wso2.carbon;version="4.6",
|
||||
|
||||
@ -36,8 +36,21 @@ public interface APIPublisherService {
|
||||
|
||||
void updateScopeRoleMapping() throws APIManagerPublisherException;
|
||||
|
||||
/**
|
||||
* Add default scopes defined in the cdm-config.xml
|
||||
*/
|
||||
void addDefaultScopesIfNotExist();
|
||||
|
||||
void updateScopeRoleMapping(String roleName, String[] permissions) throws APIManagerPublisherException;
|
||||
/**
|
||||
* If the permissions are in the permission list, identify the relevant scopes of the supplied permission list
|
||||
* and put the role there; if the permissions are in the removedPermission list, update the relevant scopes by
|
||||
* deleting the role from those scopes.
|
||||
*
|
||||
* @param roleName Role Name
|
||||
* @param permissions List of adding permissions
|
||||
* @param removedPermissions List of removing permissions
|
||||
* @throws APIManagerPublisherException If error occurred while updating the scope role mapping
|
||||
*/
|
||||
void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException;
|
||||
|
||||
}
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
*/
|
||||
package io.entgra.device.mgt.core.apimgt.webapp.publisher;
|
||||
|
||||
import io.entgra.device.mgt.core.apimgt.annotations.Scopes;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
|
||||
@ -40,6 +39,11 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
@ -96,6 +100,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
public static final String SUBSCRIPTION_TO_CURRENT_TENANT = "CURRENT_TENANT";
|
||||
public static final String API_GLOBAL_VISIBILITY = "PUBLIC";
|
||||
public static final String API_PRIVATE_VISIBILITY = "PRIVATE";
|
||||
private static final String ADMIN_ROLE_KEY = ",admin";
|
||||
|
||||
private static final Log log = LogFactory.getLog(APIPublisherServiceImpl.class);
|
||||
|
||||
@ -182,7 +187,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
scope.setName(apiScope.getName());
|
||||
scope.setDescription(apiScope.getDescription());
|
||||
scope.setKey(apiScope.getKey());
|
||||
scope.setRoles(apiScope.getRoles());
|
||||
scope.setRoles(apiScope.getRoles() + ADMIN_ROLE_KEY);
|
||||
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
|
||||
}
|
||||
}
|
||||
@ -255,7 +260,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
scope.setName(apiScope.getName());
|
||||
scope.setDescription(apiScope.getDescription());
|
||||
scope.setKey(apiScope.getKey());
|
||||
scope.setRoles(apiScope.getRoles());
|
||||
scope.setRoles(apiScope.getRoles() + ADMIN_ROLE_KEY);
|
||||
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
|
||||
|
||||
}
|
||||
@ -276,7 +281,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
scope.setName(apiScope.getName());
|
||||
scope.setDescription(apiScope.getDescription());
|
||||
scope.setKey(apiScope.getKey());
|
||||
scope.setRoles(apiScope.getRoles());
|
||||
scope.setRoles(apiScope.getRoles() + ADMIN_ROLE_KEY);
|
||||
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
|
||||
}
|
||||
}
|
||||
@ -437,18 +442,8 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
}
|
||||
|
||||
public void addDefaultScopesIfNotExist() {
|
||||
ArrayList<String> defaultScopes = new ArrayList<>();
|
||||
defaultScopes.add("dm:devices:any:permitted");
|
||||
defaultScopes.add("dm:device:api:subscribe");
|
||||
defaultScopes.add("am:admin:lc:app:approve");
|
||||
defaultScopes.add("am:admin:lc:app:create");
|
||||
defaultScopes.add("am:admin:lc:app:reject");
|
||||
defaultScopes.add("am:admin:lc:app:block");
|
||||
defaultScopes.add("am:admin:lc:app:review");
|
||||
defaultScopes.add("am:admin:lc:app:retire");
|
||||
defaultScopes.add("am:admin:lc:app:deprecate");
|
||||
defaultScopes.add("am:admin:lc:app:publish");
|
||||
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
|
||||
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
|
||||
try {
|
||||
APIApplicationKey apiApplicationKey =
|
||||
@ -460,12 +455,13 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
|
||||
|
||||
Scope scope = new Scope();
|
||||
for (String defaultScope: defaultScopes) {
|
||||
for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) {
|
||||
//todo check whether scope is available or not
|
||||
scope.setName(defaultScope);
|
||||
scope.setDescription(defaultScope);
|
||||
scope.setKey(defaultScope);
|
||||
scope.setRoles("Internal/devicemgt-user");
|
||||
ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
|
||||
scope.setName(scopeMapping.getName());
|
||||
scope.setDescription(scopeMapping.getName());
|
||||
scope.setKey(scopeMapping.getKey());
|
||||
scope.setRoles(scopeMapping.getDefaultRoles() + ADMIN_ROLE_KEY);
|
||||
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
|
||||
}
|
||||
} catch (BadRequestException | UnexpectedResponseException | APIServicesException e) {
|
||||
@ -630,7 +626,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateScopeRoleMapping(String roleName, String[] permissions) throws APIManagerPublisherException {
|
||||
public void updateScopeRoleMapping(String roleName, String[] permissions, String[] removedPermissions) throws APIManagerPublisherException {
|
||||
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
|
||||
APIApplicationKey apiApplicationKey;
|
||||
AccessTokenInfo accessTokenInfo;
|
||||
@ -647,49 +643,14 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
try {
|
||||
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
|
||||
JSONObject scopeObject = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
|
||||
|
||||
Map<String, String> permScopeMap = APIPublisherDataHolder.getInstance().getPermScopeMapping();
|
||||
for (String permission : permissions) {
|
||||
String scopeValue = permScopeMap.get(permission);
|
||||
if (scopeValue == null) {
|
||||
String msg = "Found invalid permission: " + permission + ". Hence aborting the scope role " +
|
||||
"mapping process";
|
||||
log.error(msg);
|
||||
throw new APIManagerPublisherException(msg);
|
||||
}
|
||||
|
||||
JSONArray scopeList = (JSONArray) scopeObject.get("list");
|
||||
for (int i = 0; i < scopeList.length(); i++) {
|
||||
JSONObject scopeObj = scopeList.getJSONObject(i);
|
||||
if (scopeObj.getString("name").equals(scopeValue)) {
|
||||
Scope scope = new Scope();
|
||||
scope.setName(scopeObj.getString("name"));
|
||||
scope.setKey(scopeObj.getString("name"));
|
||||
scope.setDescription(scopeObj.getString("description"));
|
||||
scope.setId(scopeObj.getString("id"));
|
||||
|
||||
// Including already existing roles
|
||||
JSONArray existingRolesArray = (JSONArray) scopeObj.get("bindings");
|
||||
List<String> existingRoleList = new ArrayList<String>();
|
||||
|
||||
for (int j = 0; j < existingRolesArray.length(); j++) {
|
||||
existingRoleList.add((String) existingRolesArray.get(j));
|
||||
}
|
||||
if (!existingRoleList.contains(roleName)) {
|
||||
existingRoleList.add(roleName);
|
||||
}
|
||||
scope.setRoles(String.join(",", existingRoleList));
|
||||
|
||||
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
|
||||
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
|
||||
} else {
|
||||
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
|
||||
log.warn(scope.getKey() + " not available as shared scope");
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (permissions.length != 0) {
|
||||
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, permissions, permScopeMap, false);
|
||||
}
|
||||
if (removedPermissions.length != 0) {
|
||||
updateScopes(roleName, publisherRESTAPIServices, apiApplicationKey, accessTokenInfo, scopeObject, removedPermissions, permScopeMap, true);
|
||||
}
|
||||
|
||||
try {
|
||||
updatePermissions(roleName, Arrays.asList(permissions));
|
||||
} catch (UserStoreException e) {
|
||||
@ -712,6 +673,75 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Update Scopes
|
||||
*
|
||||
* @param roleName Role Name
|
||||
* @param publisherRESTAPIServices {@link PublisherRESTAPIServices}
|
||||
* @param apiApplicationKey {@link APIApplicationKey}
|
||||
* @param accessTokenInfo {@link AccessTokenInfo}
|
||||
* @param scopeObject scope object returning from APIM
|
||||
* @param permissions List of permissions
|
||||
* @param permScopeMap Permission Scope map
|
||||
* @param removingPermissions if list of permissions has to be removed from the role send true, otherwise sends false.
|
||||
* @throws APIManagerPublisherException If the method receives invalid permission to update.
|
||||
*/
|
||||
private void updateScopes (String roleName, PublisherRESTAPIServices publisherRESTAPIServices,
|
||||
APIApplicationKey apiApplicationKey, AccessTokenInfo accessTokenInfo,
|
||||
JSONObject scopeObject, String[] permissions, Map<String, String> permScopeMap, boolean removingPermissions )
|
||||
throws APIManagerPublisherException {
|
||||
for (String permission : permissions) {
|
||||
String scopeValue = permScopeMap.get(permission);
|
||||
if (scopeValue == null) {
|
||||
String msg = "Found invalid permission: " + permission + ". Hence aborting the scope role " +
|
||||
"mapping process";
|
||||
log.error(msg);
|
||||
throw new APIManagerPublisherException(msg);
|
||||
}
|
||||
|
||||
JSONArray scopeList = (JSONArray) scopeObject.get("list");
|
||||
for (int i = 0; i < scopeList.length(); i++) {
|
||||
JSONObject scopeObj = scopeList.getJSONObject(i);
|
||||
if (scopeObj.getString("name").equals(scopeValue)) {
|
||||
Scope scope = new Scope();
|
||||
scope.setName(scopeObj.getString("name"));
|
||||
scope.setKey(scopeObj.getString("name"));
|
||||
scope.setDescription(scopeObj.getString("description"));
|
||||
scope.setId(scopeObj.getString("id"));
|
||||
|
||||
// Including already existing roles
|
||||
JSONArray existingRolesArray = (JSONArray) scopeObj.get("bindings");
|
||||
List<String> existingRoleList = new ArrayList<String>();
|
||||
|
||||
for (int j = 0; j < existingRolesArray.length(); j++) {
|
||||
existingRoleList.add((String) existingRolesArray.get(j));
|
||||
}
|
||||
|
||||
if (removingPermissions) {
|
||||
existingRoleList.remove(roleName);
|
||||
} else {
|
||||
if (!existingRoleList.contains(roleName)) {
|
||||
existingRoleList.add(roleName);
|
||||
}
|
||||
}
|
||||
scope.setRoles(String.join(",", existingRoleList));
|
||||
|
||||
try {
|
||||
if (publisherRESTAPIServices.isSharedScopeNameExists(apiApplicationKey, accessTokenInfo, scope.getKey())) {
|
||||
publisherRESTAPIServices.updateSharedScope(apiApplicationKey, accessTokenInfo, scope);
|
||||
} else {
|
||||
// todo: come to this level means, that scope is removed from API, but haven't removed from the scope-role-permission-mappings list
|
||||
log.warn(scope.getKey() + " not available as shared scope");
|
||||
}
|
||||
} catch (APIServicesException | BadRequestException | UnexpectedResponseException e) {
|
||||
log.error("Error occurred while updating role scope mapping via APIM REST endpoint.", e);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void updatePermissions(String role, List<String> permissions) throws UserStoreException {
|
||||
AuthorizationManager authorizationManager = APIPublisherDataHolder.getInstance().getUserRealm()
|
||||
.getAuthorizationManager();
|
||||
|
||||
@ -18,17 +18,14 @@
|
||||
package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
|
||||
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
|
||||
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
|
||||
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
|
||||
import org.apache.catalina.Lifecycle;
|
||||
import org.apache.catalina.LifecycleEvent;
|
||||
import org.apache.catalina.LifecycleListener;
|
||||
@ -47,7 +44,10 @@ import org.wso2.carbon.user.api.UserStoreException;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
public class APIPublisherLifecycleListener implements LifecycleListener {
|
||||
@ -128,45 +128,26 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
|
||||
"' and version '" + apiConfig.getVersion() + "'", e);
|
||||
}
|
||||
}
|
||||
apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
|
||||
|
||||
Map<String, String> permScopeMapping = apiPublisherDataHolder.getPermScopeMapping();
|
||||
if (!permScopeMapping.isEmpty()) {
|
||||
Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
|
||||
"-mapping");
|
||||
if (existingMetaData != null) {
|
||||
existingMetaData.setMetaValue(new Gson().toJson(apiPublisherDataHolder.getPermScopeMapping()
|
||||
));
|
||||
metadataManagementService.updateMetadata(existingMetaData);
|
||||
} else {
|
||||
Metadata newMetaData = new Metadata();
|
||||
newMetaData.setMetaKey("perm-scope-mapping");
|
||||
permScopeMapping =
|
||||
apiPublisherDataHolder.getPermScopeMapping();
|
||||
Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
|
||||
"-mapping");
|
||||
if (existingMetaData != null) {
|
||||
existingMetaData.setMetaValue(new Gson().toJson(permScopeMap));
|
||||
metadataManagementService.updateMetadata(existingMetaData);
|
||||
} else {
|
||||
Metadata newMetaData = new Metadata();
|
||||
newMetaData.setMetaKey("perm-scope-mapping");
|
||||
|
||||
//Todo fix this properly with a config
|
||||
Map<String, String> defaultScopePermMap = new HashMap<>();
|
||||
defaultScopePermMap.put("/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device", "dm:devices:any:permitted");
|
||||
defaultScopePermMap.put("/permission/admin/device-mgt/device/api/subscribe", "dm:device:api:subscribe");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/approve", "am:admin:lc:app:approve");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/create", "am:admin:lc:app:create");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/reject", "am:admin:lc:app:reject");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/block", "am:admin:lc:app:block");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/review", "am:admin:lc:app:review");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/retire", "am:admin:lc:app:retire");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/deprecate", "am:admin:lc:app:deprecate");
|
||||
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/publish", "am:admin:lc:app:publish");
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
|
||||
|
||||
for (Map.Entry<String,String> mapElement : defaultScopePermMap.entrySet()) {
|
||||
String key = mapElement.getKey();
|
||||
String value = mapElement.getValue();
|
||||
permScopeMapping.put(key,value);
|
||||
}
|
||||
apiPublisherDataHolder.setPermScopeMapping(permScopeMapping);
|
||||
newMetaData.setMetaValue(new Gson().toJson(permScopeMapping));
|
||||
metadataManagementService.createMetadata(newMetaData);
|
||||
for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
|
||||
permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
|
||||
}
|
||||
newMetaData.setMetaValue(new Gson().toJson(permScopeMap));
|
||||
metadataManagementService.createMetadata(newMetaData);
|
||||
}
|
||||
apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
|
||||
} catch (IOException e) {
|
||||
log.error("Error encountered while discovering annotated classes", e);
|
||||
} catch (ClassNotFoundException e) {
|
||||
|
||||
@ -33,6 +33,11 @@ public class RoleInfo {
|
||||
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
|
||||
required = true, dataType = "List[java.lang.String]")
|
||||
private String[] permissions;
|
||||
|
||||
@ApiModelProperty(name = "removedPermissions", value = "Lists out all the permissions unassociated with roles.",
|
||||
required = true, dataType = "List[java.lang.String]")
|
||||
private String[] removedPermissions;
|
||||
|
||||
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
|
||||
required = true, dataType = "List[java.lang.String]")
|
||||
private String[] users;
|
||||
@ -76,4 +81,7 @@ public class RoleInfo {
|
||||
this.permissionList = permissionList;
|
||||
}
|
||||
|
||||
public String[] getRemovedPermissions() { return removedPermissions; }
|
||||
|
||||
public void setRemovedPermissions(String[] removedPermissions) { this.removedPermissions = removedPermissions; }
|
||||
}
|
||||
|
||||
@ -78,7 +78,7 @@ import java.util.List;
|
||||
description = "Get activities",
|
||||
key = "dm:activity:get",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/activities/view"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -91,21 +91,21 @@ import java.util.Map;
|
||||
description = "Disenroll a device",
|
||||
key = "dm:device:disenroll",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/remove"}
|
||||
permissions = {"/device-mgt/devices/owning-device/disenroll"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Publish Event",
|
||||
description = "publish device event",
|
||||
key = "dm:device:event:publish",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/event"}
|
||||
permissions = {"/device-mgt/devices/owning-device/event/publish"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Device Operation Details",
|
||||
description = "Getting Device Operation Details",
|
||||
key = "dm:ops:view",
|
||||
key = "dm:devices:ops:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/operations/view"}
|
||||
)
|
||||
}
|
||||
)
|
||||
@ -394,7 +394,7 @@ public interface DeviceAgentService {
|
||||
tags = "Device Agent Management",
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ -453,7 +453,7 @@ public interface DeviceAgentService {
|
||||
tags = "Device Agent Management",
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ -511,7 +511,7 @@ public interface DeviceAgentService {
|
||||
tags = "Device Agent Management",
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ -630,7 +630,7 @@ public interface DeviceAgentService {
|
||||
tags = "Device Agent Management",
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:ops:view")
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "dm:devices:ops:view")
|
||||
})
|
||||
}
|
||||
)
|
||||
|
||||
@ -71,14 +71,14 @@ import java.util.List;
|
||||
description = "Add or Delete Event Definition for device type",
|
||||
key = "dm:device-type:event:modify",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/device-type/add"}
|
||||
permissions = {"/device-mgt/devices/owning-device/event/modify"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Get Events Details of a Device Type",
|
||||
description = "Get Events Details of a Device Type",
|
||||
key = "dm:device-type:event:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/event/view"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -99,63 +99,63 @@ import java.util.Map;
|
||||
description = "Getting Details of a Device",
|
||||
key = "dm:devices:details",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/details/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Update the device specified by device id",
|
||||
description = "Update the device specified by device id",
|
||||
key = "dm:devices:update",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/update"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Delete the device specified by device id",
|
||||
description = "Delete the device specified by device id",
|
||||
key = "dm:devices:delete",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/delete"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Feature Details of a Device",
|
||||
description = "Getting Feature Details of a Device",
|
||||
key = "dm:devices:features:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/features/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Advanced Search for Devices",
|
||||
description = "Advanced Search for Devices",
|
||||
key = "dm:devices:search",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/search"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Installed Application Details of a Device",
|
||||
description = "Getting Installed Application Details of a Device",
|
||||
key = "dm:devices:app:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/apps/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Device Operation Details",
|
||||
description = "Getting Device Operation Details",
|
||||
key = "dm:devices:ops:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/operations/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Get the details of the policy that is enforced on a device.",
|
||||
description = "Get the details of the policy that is enforced on a device.",
|
||||
key = "dm:devices:policy:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/policies/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Policy Compliance Details of a Device",
|
||||
description = "Getting Policy Compliance Details of a Device",
|
||||
key = "dm:devices:compliance:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/compliance/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Change device status.",
|
||||
|
||||
@ -91,7 +91,7 @@ import java.util.List;
|
||||
description = "Get the count of groups belongs to current user.",
|
||||
key = "gm:groups:count",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/groups/view"}
|
||||
permissions = {"/device-mgt/groups/count"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Add new device group to the system.",
|
||||
@ -105,7 +105,7 @@ import java.util.List;
|
||||
description = "View group specified",
|
||||
key = "gm:groups:groups-view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/groups/view"}
|
||||
permissions = {"/device-mgt/groups/specified-groups/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Update a group",
|
||||
@ -147,7 +147,7 @@ import java.util.List;
|
||||
description = "View list of device count in the device group",
|
||||
key = "gm:devices:count",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/groups/devices/view"}
|
||||
permissions = {"/device-mgt/groups/devices/count"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Add devices to group",
|
||||
@ -168,21 +168,21 @@ import java.util.List;
|
||||
description = "Assign devices to groups",
|
||||
key = "gm:devices:assign",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/groups/devices/add"}
|
||||
permissions = {"/device-mgt/groups/devices/assign"}
|
||||
),
|
||||
@Scope(
|
||||
name = "List of groups that have the device",
|
||||
description = "List of groups that have the device",
|
||||
key = "gm:groups:device:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/groups/devices/view"}
|
||||
permissions = {"/device-mgt/groups/device-groups/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "View whether the groups has relevant device types",
|
||||
description = "View whether the groups has relevant device types",
|
||||
key = "gm:devices-types:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/groups/device-types"}
|
||||
permissions = {"/device-mgt/groups/device-types/view"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -80,7 +80,7 @@ import javax.ws.rs.core.Response;
|
||||
description = "Updating the Device Notification Status",
|
||||
key = "dm:notif:mark-checked",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/notifications/view"}
|
||||
permissions = {"/device-mgt/notifications/update"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -79,7 +79,7 @@ import java.util.List;
|
||||
description = "Adding a Policy",
|
||||
key = "pm:policies:add",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/add"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Details of Policies",
|
||||
@ -93,56 +93,56 @@ import java.util.List;
|
||||
description = "Getting Details of a Policy",
|
||||
key = "pm:policies:details:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/view"}
|
||||
permissions = {"/device-mgt/policies/view-details"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Updating a Policy",
|
||||
description = "Updating a Policy",
|
||||
key = "pm:policies:update",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/update"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Removing Multiple Policies",
|
||||
description = "Removing Multiple Policies",
|
||||
key = "pm:policies:remove",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/remove"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Activating Policies",
|
||||
description = "Activating Policies",
|
||||
key = "pm:policies:activate",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/activate"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Deactivating Policies",
|
||||
description = "Deactivating Policies",
|
||||
key = "pm:policies:deactivate",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/deactivate"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Applying Changes on Policies",
|
||||
description = "Applying Changes on Policies",
|
||||
key = "pm:policies:change",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/apply-changes"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Updating the Policy Priorities",
|
||||
description = "Updating the Policy Priorities",
|
||||
key = "pm:policies:priorities:update",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/manage"}
|
||||
permissions = {"/device-mgt/policies/update-priority"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Fetching the Effective Policy",
|
||||
description = "Fetching the Effective Policy",
|
||||
key = "pm:policies:effective-policy",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/policies/view"}
|
||||
permissions = {"/device-mgt/policies/view-effective-policy"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -60,49 +60,49 @@ import java.util.List;
|
||||
description = "Getting Permission Details of a Role",
|
||||
key = "rm:roles:permissions:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/view"}
|
||||
permissions = {"/device-mgt/roles/view-permissions"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting the List of Roles",
|
||||
description = "Getting the List of Roles",
|
||||
key = "rm:roles:details:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/view"}
|
||||
permissions = {"/device-mgt/roles/view-details"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Adding a Role",
|
||||
description = "Adding a Role",
|
||||
key = "rm:roles:add",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/manage"}
|
||||
permissions = {"/device-mgt/roles/add"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Adding a combined Role",
|
||||
description = "Adding a combined Role",
|
||||
key = "rm:roles:combined:add",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/manage"}
|
||||
permissions = {"/device-mgt/roles/combined-role/add"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Updating Role Details",
|
||||
description = "Updating Role Details",
|
||||
key = "rm:roles:update",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/manage"}
|
||||
permissions = {"/device-mgt/roles/update"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Deleting a Role",
|
||||
description = "Deleting a Role",
|
||||
key = "rm:roles:delete",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/manage"}
|
||||
permissions = {"/device-mgt/roles/delete"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Adding Users to a Role",
|
||||
description = "Adding Users to a Role",
|
||||
key = "rm:users:add",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/roles/manage"}
|
||||
permissions = {"/device-mgt/roles/assign-user"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -82,35 +82,35 @@ import javax.ws.rs.core.Response;
|
||||
description = "Adding a User",
|
||||
key = "um:users:add",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/manage"}
|
||||
permissions = {"/device-mgt/users/add"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Details of a User",
|
||||
description = "Getting Details of a User",
|
||||
key = "um:users:details:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/view"}
|
||||
permissions = {"/device-mgt/users/details/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Updating Details of a User",
|
||||
description = "Updating Details of a User",
|
||||
key = "um:users:update",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/manage"}
|
||||
permissions = {"/device-mgt/users/update"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Deleting a User",
|
||||
description = "Deleting a User",
|
||||
key = "um:users:delete",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/manage"}
|
||||
permissions = {"/device-mgt/users/delete"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting the Role Details of a User",
|
||||
description = "Getting the Role Details of a User",
|
||||
key = "um:roles:view",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/view"}
|
||||
permissions = {"/device-mgt/users/roles/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting Details of Users",
|
||||
@ -124,42 +124,42 @@ import javax.ws.rs.core.Response;
|
||||
description = "Getting the User Count",
|
||||
key = "um:users:count",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/view"}
|
||||
permissions = {"/device-mgt/users/count"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting the User existence status",
|
||||
description = "Getting the User existence status",
|
||||
key = "um:users:is-exist",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/view"}
|
||||
permissions = {"/device-mgt/users/existence/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Searching for a User Name",
|
||||
description = "Searching for a User Name",
|
||||
key = "um:users:search",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/view"}
|
||||
permissions = {"/device-mgt/users/search"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Changing the User Password",
|
||||
description = "Adding a User",
|
||||
key = "um:users:cred:change",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/login"}
|
||||
permissions = {"/login/password/update"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Sending Enrollment Invitations to Users",
|
||||
description = "Sending Enrollment Invitations to Users",
|
||||
key = "um:users:invite",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/users/manage"}
|
||||
permissions = {"/device-mgt/users/invite"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Get activities",
|
||||
description = "Get activities",
|
||||
key = "dm:activity:get",
|
||||
roles = {"Internal/devicemgt-user"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/devices/owning-device/activities/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting the Permissions of the User",
|
||||
|
||||
@ -67,14 +67,14 @@ import javax.ws.rs.core.Response;
|
||||
description = "Installing an Application (Internal API)",
|
||||
key = "am:admin:app:install",
|
||||
roles = {"Internal/devicemgt-admin"},
|
||||
permissions = {"/device-mgt/applications/manage"}
|
||||
permissions = {"/device-mgt/admin/applications/install"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Uninstalling an Application (Internal API)",
|
||||
description = "Uninstalling an Application (Internal API)",
|
||||
key = "am:admin:app:uninstall",
|
||||
roles = {"Internal/devicemgt-admin"},
|
||||
permissions = {"/device-mgt/applications/manage"}
|
||||
permissions = {"/device-mgt/admin/applications/uninstall"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -79,7 +79,7 @@ import java.util.List;
|
||||
description = "Getting Details of a Device",
|
||||
key = "dm:admin:devices:view",
|
||||
roles = {"Internal/devicemgt-admin"},
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
permissions = {"/device-mgt/admin/devices/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Update the Device Owner",
|
||||
|
||||
@ -84,7 +84,7 @@ import javax.ws.rs.core.Response;
|
||||
description = "",
|
||||
key = "gm:admin:groups:count",
|
||||
roles = {"Internal/devicemgt-admin"},
|
||||
permissions = {"/device-mgt/admin/groups/view"}
|
||||
permissions = {"/device-mgt/admin/groups/count"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Add groups",
|
||||
|
||||
@ -53,14 +53,14 @@ import javax.ws.rs.core.Response;
|
||||
description = "View Users",
|
||||
key = "um:admin:users:view",
|
||||
roles = {"Internal/devicemgt-admin"},
|
||||
permissions = {"/device-mgt/users/manage"}
|
||||
permissions = {"/device-mgt/admin/users/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Delete Users Device Information",
|
||||
description = "Delete users device details",
|
||||
key = "um:admin:users:remove",
|
||||
roles = {"Internal/devicemgt-admin"},
|
||||
permissions = {"/device-mgt/users/manage"}
|
||||
permissions = {"/device-mgt/admin/users/delete"}
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -870,6 +870,14 @@ public class GeoLocationBasedServiceImpl implements GeoLocationBasedService {
|
||||
PaginationResult paginationResult = new PaginationResult();
|
||||
paginationResult.setData(geofenceList);
|
||||
paginationResult.setRecordsTotal(geofenceList.size());
|
||||
try {
|
||||
GeoLocationProviderService geoService = DeviceMgtAPIUtils.getGeoService();
|
||||
paginationResult.setTotalDeviceCount(geoService.getGeoFenceCount());
|
||||
} catch (GeoLocationBasedServiceException e) {
|
||||
String msg = "Failed to retrieve geofence data";
|
||||
log.error(msg, e);
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
|
||||
}
|
||||
return Response.status(Response.Status.OK).entity(paginationResult).build();
|
||||
}
|
||||
|
||||
|
||||
@ -279,6 +279,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve filtered permissions by analyzing all the permission paths.
|
||||
*
|
||||
* @param rolePermissions All the permission paths
|
||||
* @param permissionPaths Permission paths that needs to filter
|
||||
* @param permissions List of filtered permissions
|
||||
* @return {@link List<String>}
|
||||
*/
|
||||
private List<String> processAndFilterPermissions(UIPermissionNode[] rolePermissions, List<String> permissionPaths, List<String> permissions) {
|
||||
|
||||
for (UIPermissionNode rolePermission : rolePermissions) {
|
||||
@ -299,6 +307,15 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getting platform permissions
|
||||
*
|
||||
* @param roleName Role Name
|
||||
* @param userRealm {@link UserRealm}
|
||||
* @param permissions list of permissions
|
||||
* @return {@link List<String>}
|
||||
* @throws UserAdminException if error occurred when getting {@link UIPermissionNode}
|
||||
*/
|
||||
private String[] getPlatformUIPermissions(String roleName, UserRealm userRealm, String[] permissions)
|
||||
throws UserAdminException {
|
||||
UIPermissionNode uiPermissionNode = getUIPermissionNode(roleName, userRealm);
|
||||
@ -403,8 +420,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
try {
|
||||
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
|
||||
String[] roleName = roleInfo.getRoleName().split("/");
|
||||
addPermissions(roleName[roleName.length - 1], roleInfo.getPermissions(),
|
||||
DeviceMgtAPIUtils.getUserRealm());
|
||||
roleInfo.setRemovedPermissions(new String[0]);
|
||||
updatePermissions(roleName[roleName.length - 1], roleInfo, DeviceMgtAPIUtils.getUserRealm());
|
||||
}
|
||||
} catch (UserStoreException e) {
|
||||
String msg = "Error occurred while loading the user store.";
|
||||
@ -546,7 +563,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
|
||||
if (roleInfo.getPermissions() != null) {
|
||||
String[] roleDetails = roleName.split("/");
|
||||
addPermissions(roleDetails[roleDetails.length - 1], roleInfo.getPermissions(), userRealm);
|
||||
updatePermissions(roleDetails[roleDetails.length - 1], roleInfo, userRealm);
|
||||
}
|
||||
//TODO: Need to send the updated role information in the entity back to the client
|
||||
return Response.status(Response.Status.OK).entity("Role '" + roleInfo.getRoleName() + "' has " +
|
||||
@ -697,7 +714,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
return rolePermissions;
|
||||
}
|
||||
|
||||
private void addPermissions(String roleName, String[] permissions, UserRealm userRealm) {
|
||||
/**
|
||||
* Update the role's permissions. This will function in the fire and forget pattern and run on a new thread.
|
||||
*
|
||||
* @param roleName Role Name
|
||||
* @param roleInfo {@link RoleInfo}
|
||||
* @param userRealm {@link UserRealm}
|
||||
*/
|
||||
private void updatePermissions(String roleName, RoleInfo roleInfo, UserRealm userRealm) {
|
||||
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
|
||||
Thread thread = new Thread(new Runnable() {
|
||||
@Override
|
||||
@ -707,7 +731,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
|
||||
DeviceMgtAPIUtils.getApiPublisher().updateScopeRoleMapping(roleName,
|
||||
RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
|
||||
permissions));
|
||||
roleInfo.getPermissions()), RoleManagementServiceImpl.this.getPlatformUIPermissions(roleName, userRealm,
|
||||
roleInfo.getRemovedPermissions()));
|
||||
} catch (APIManagerPublisherException | UserAdminException e) {
|
||||
log.error("Error Occurred while updating role scope mapping. ", e);
|
||||
} finally {
|
||||
|
||||
@ -171,4 +171,11 @@ public interface GeoLocationProviderService {
|
||||
* @throws GeoLocationBasedServiceException any errors occurred while reading event records to geofence
|
||||
*/
|
||||
List<EventConfig> getEventsOfGeoFence(int geoFenceId) throws GeoLocationBasedServiceException;
|
||||
|
||||
/**
|
||||
* Get geo fence count by tenant id
|
||||
* @return returns the geofence count of tenant.
|
||||
* @throws GeoLocationBasedServiceException any errors occurred while reading event records to geofence
|
||||
*/
|
||||
int getGeoFenceCount() throws GeoLocationBasedServiceException;
|
||||
}
|
||||
|
||||
@ -38,7 +38,7 @@ public final class DeviceManagementConstants {
|
||||
private ConfigurationManagement(){
|
||||
throw new AssertionError();
|
||||
}
|
||||
public static final String SCOPES_FOR_TOKEN = "dm:ops:view dm:device:event:publish win:devices:enroll";
|
||||
public static final String SCOPES_FOR_TOKEN = "dm:devices:ops:view dm:device:event:publish win:devices:enroll";
|
||||
public static final String IOT_GATEWAY_HOST = "iot.gateway.host";
|
||||
public static final String IOT_GATEWAY_HTTPS_PORT = "iot.gateway.https.port";
|
||||
public static final String IOT_CORE_HOST = "iot.core.host";
|
||||
@ -156,6 +156,7 @@ public final class DeviceManagementConstants {
|
||||
new Permission("/permission/admin/device-mgt/devices/enroll", "ui.execute"),
|
||||
new Permission("/permission/admin/device-mgt/devices/disenroll", "ui.execute"),
|
||||
new Permission("/permission/admin/device-mgt/devices/owning-device/view", "ui.execute"),
|
||||
new Permission("/permission/admin/device-mgt/devices/owning-device/operations/view", "ui.execute"),
|
||||
new Permission("/permission/admin/device-mgt/metadata", "ui.execute"),
|
||||
new Permission("/permission/admin/manage/portal", "ui.execute")
|
||||
};
|
||||
|
||||
@ -39,6 +39,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.push.notification.PushNo
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration;
|
||||
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
@ -75,6 +76,8 @@ public final class DeviceManagementConfig {
|
||||
private MetaDataConfiguration metaDataConfiguration;
|
||||
private EnrollmentGuideConfiguration enrollmentGuideConfiguration;
|
||||
|
||||
private DefaultPermissions defaultPermissions;
|
||||
|
||||
@XmlElement(name = "ManagementRepository", required = true)
|
||||
public DeviceManagementConfigRepository getDeviceManagementConfigRepository() {
|
||||
return deviceManagementConfigRepository;
|
||||
@ -287,5 +290,14 @@ public final class DeviceManagementConfig {
|
||||
public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) {
|
||||
this.enrollmentGuideConfiguration = enrollmentGuideConfiguration;
|
||||
}
|
||||
|
||||
@XmlElement(name = "DefaultPermissions", required = true)
|
||||
public DefaultPermissions getDefaultPermissions() {
|
||||
return defaultPermissions;
|
||||
}
|
||||
|
||||
public void setDefaultPermissions(DefaultPermissions defaultPermissions) {
|
||||
this.defaultPermissions = defaultPermissions;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement(name = "DefaultPermission")
|
||||
public class DefaultPermission {
|
||||
|
||||
private String name;
|
||||
private ScopeMapping scopeMapping;
|
||||
|
||||
@XmlElement(name = "Name", required = true)
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
@XmlElement(name = "MappedScopeDetails", required = true)
|
||||
public ScopeMapping getScopeMapping() {
|
||||
return scopeMapping;
|
||||
}
|
||||
|
||||
public void setScopeMapping(ScopeMapping scopeMapping) {
|
||||
this.scopeMapping = scopeMapping;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,38 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.util.List;
|
||||
|
||||
@XmlRootElement(name = "DefaultPermissions")
|
||||
public class DefaultPermissions {
|
||||
|
||||
private List<DefaultPermission> defaultPermissions;
|
||||
|
||||
@XmlElement(name = "DefaultPermission", required = true)
|
||||
public List<DefaultPermission> getDefaultPermissions() {
|
||||
return defaultPermissions;
|
||||
}
|
||||
|
||||
public void setDefaultPermissions(List<DefaultPermission> defaultPermissions) {
|
||||
this.defaultPermissions = defaultPermissions;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,58 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement(name = "MappedScopeDetails")
|
||||
public class ScopeMapping {
|
||||
|
||||
private String name;
|
||||
private String key;
|
||||
|
||||
private String defaultRoles;
|
||||
|
||||
@XmlElement(name = "Name", required = true)
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
@XmlElement(name = "Key", required = true)
|
||||
public String getKey() {
|
||||
return key;
|
||||
}
|
||||
|
||||
public void setKey(String key) {
|
||||
this.key = key;
|
||||
}
|
||||
|
||||
@XmlElement(name = "DefaultRoles", required = true)
|
||||
public String getDefaultRoles() {
|
||||
return defaultRoles;
|
||||
}
|
||||
|
||||
public void setDefaultRoles(String defaultRoles) {
|
||||
this.defaultRoles = defaultRoles;
|
||||
}
|
||||
}
|
||||
@ -174,4 +174,12 @@ public interface GeofenceDAO {
|
||||
* @throws DeviceManagementDAOException
|
||||
*/
|
||||
GeofenceData getGeofence(int fenceId, boolean requireGroupData) throws DeviceManagementDAOException;
|
||||
|
||||
/**
|
||||
* This method is used to get the geofence count by tenant id.
|
||||
* @param tenantId tenant id.
|
||||
* @return returns the geofence count of tenant.
|
||||
* @throws DeviceManagementDAOException
|
||||
*/
|
||||
int getGeofenceCount(int tenantId) throws DeviceManagementDAOException;
|
||||
}
|
||||
|
||||
@ -644,4 +644,28 @@ public abstract class AbstractGeofenceDAOImpl implements GeofenceDAO {
|
||||
throw new DeviceManagementDAOException(msg, e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getGeofenceCount(int tenantId) throws DeviceManagementDAOException {
|
||||
try {
|
||||
Connection conn = this.getConnection();
|
||||
String sql = "SELECT COUNT(*) AS geofence_count " +
|
||||
"FROM DM_GEOFENCE " +
|
||||
"WHERE TENANT_ID = ?";
|
||||
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
|
||||
stmt.setInt(1, tenantId);
|
||||
try (ResultSet rst = stmt.executeQuery()) {
|
||||
if (rst.next()) {
|
||||
return rst.getInt("geofence_count");
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0; // Return 0 if no records found for the given tenantId.
|
||||
} catch (SQLException e) {
|
||||
String msg = "Error occurred while retrieving Geofence count of the tenant " + tenantId;
|
||||
log.error(msg, e);
|
||||
throw new DeviceManagementDAOException(msg, e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -94,7 +94,7 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl {
|
||||
"t.NAME AS DEVICE_TYPE ";
|
||||
|
||||
//Filter by serial number or any Custom Property in DM_DEVICE_INFO
|
||||
if (serial != null || !request.getCustomProperty().isEmpty()) {
|
||||
if ((serial != null) || (request.getCustomProperty() != null && !request.getCustomProperty().isEmpty())) {
|
||||
sql = sql +
|
||||
"FROM DM_DEVICE d " +
|
||||
"INNER JOIN DM_DEVICE_TYPE t ON d.DEVICE_TYPE_ID = t.ID " +
|
||||
@ -170,7 +170,7 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl {
|
||||
if (isSerialProvided) {
|
||||
stmt.setString(paramIdx++, "%" + serial + "%");
|
||||
}
|
||||
if (!request.getCustomProperty().isEmpty()) {
|
||||
if (request.getCustomProperty() != null && !request.getCustomProperty().isEmpty()) {
|
||||
for (Map.Entry<String, String> entry : request.getCustomProperty().entrySet()) {
|
||||
stmt.setString(paramIdx++, "%" + entry.getValue() + "%");
|
||||
}
|
||||
|
||||
@ -1747,6 +1747,32 @@ public class GeoLocationProviderServiceImpl implements GeoLocationProviderServic
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getGeoFenceCount() throws GeoLocationBasedServiceException {
|
||||
int tenantId;
|
||||
try {
|
||||
tenantId = DeviceManagementDAOUtil.getTenantId();
|
||||
} catch (DeviceManagementDAOException e) {
|
||||
String msg = "Error occurred while retrieving tenant id while get geofence data";
|
||||
log.error(msg, e);
|
||||
throw new GeoLocationBasedServiceException(msg, e);
|
||||
}
|
||||
try {
|
||||
EventManagementDAOFactory.openConnection();
|
||||
return geofenceDAO.getGeofenceCount(tenantId);
|
||||
} catch (DeviceManagementDAOException e) {
|
||||
String msg = "Error occurred while retrieving geofence data for the tenant " + tenantId;
|
||||
log.error(msg, e);
|
||||
throw new GeoLocationBasedServiceException(msg, e);
|
||||
} catch (SQLException e) {
|
||||
String msg = "Failed to open the DB connection to retrieve Geofence";
|
||||
log.error(msg, e);
|
||||
throw new GeoLocationBasedServiceException(msg, e);
|
||||
} finally {
|
||||
EventManagementDAOFactory.closeConnection();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete events of geofence
|
||||
*
|
||||
|
||||
@ -652,7 +652,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
|
||||
Map<String, DeviceManager> deviceManagerMap = new HashMap<>();
|
||||
List<DeviceCacheKey> deviceCacheKeyList = new ArrayList<>();
|
||||
List<Device> existingDevices;
|
||||
List<Device> validDevices = new ArrayList<>();;
|
||||
List<Device> validDevices = new ArrayList<>();
|
||||
int tenantId = this.getTenantId();
|
||||
|
||||
try {
|
||||
|
||||
@ -409,7 +409,7 @@ deviceModule = function () {
|
||||
var jwtClient = JWTClientManagerService.getJWTClient();
|
||||
// returning access token by JWT grant type
|
||||
var deviceScope = "device_" + type.replace(" ", "") + "_" + deviceId + " dm:device:enroll " +
|
||||
"dm:device:disenroll dm:device:modify dm:ops:view dm:device:event:publish";
|
||||
"dm:device:disenroll dm:device:modify dm:devices:ops:view dm:device:event:publish";
|
||||
var tokenInfo = jwtClient.getAccessToken(config.clientId, config.clientSecret,
|
||||
userName, deviceScope);
|
||||
config.accessToken = tokenInfo.getAccessToken();
|
||||
|
||||
@ -120,7 +120,7 @@
|
||||
-d '{ "applicationName":"testme", "isAllowedToAllDomains":false, "tags":["device_agent"]}'</code>
|
||||
</li>
|
||||
<li class="padding-top-double"><span><h4 class="uppercase">Generate Token</h4></span>
|
||||
<code>curl -k -d "grant_type=password&username=%username%&password=%password%&scope=dm:device:enroll dm:device:disenroll dm:device:modify dm:ops:view dm:device:event:publish"
|
||||
<code>curl -k -d "grant_type=password&username=%username%&password=%password%&scope=dm:device:enroll dm:device:disenroll dm:device:modify dm:devices:ops:view dm:device:event:publish"
|
||||
-H "Authorization: Basic Base64(client_id:client_secret)"
|
||||
-H "Content-Type: application/x-www-form-urlencoded" {{httpsGateway}}/token</code>
|
||||
</li>
|
||||
|
||||
@ -211,5 +211,87 @@
|
||||
<Enable>false</Enable>
|
||||
<Mail>Replace with mail</Mail>
|
||||
</EnrollmentGuideConfiguration>
|
||||
<DefaultPermissions>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Apply permitted actions on any device</Name>
|
||||
<Key>dm:devices:any:permitted</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/device/api/subscribe</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Subscribe APIs</Name>
|
||||
<Key>dm:device:api:subscribe</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
</DefaultPermissions>
|
||||
</DeviceMgtConfiguration>
|
||||
|
||||
|
||||
@ -383,5 +383,87 @@
|
||||
<Mail>Replace with mail</Mail>
|
||||
{% endif %}
|
||||
</EnrollmentGuideConfiguration>
|
||||
<DefaultPermissions>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Apply permitted actions on any device</Name>
|
||||
<Key>dm:devices:any:permitted</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/device-mgt/device/api/subscribe</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Subscribe APIs</Name>
|
||||
<Key>dm:device:api:subscribe</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Approve Applications</Name>
|
||||
<Key>am:admin:lc:app:approve</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Create Applications</Name>
|
||||
<Key>am:admin:lc:app:create</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Reject Applications</Name>
|
||||
<Key>am:admin:lc:app:reject</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Block Applications</Name>
|
||||
<Key>am:admin:lc:app:block</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Review Applications</Name>
|
||||
<Key>am:admin:lc:app:review</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Retire Applications</Name>
|
||||
<Key>am:admin:lc:app:retire</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Deprecate Application</Name>
|
||||
<Key>am:admin:lc:app:deprecate</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
<DefaultPermission>
|
||||
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
|
||||
<MappedScopeDetails>
|
||||
<Name>Publish Applications</Name>
|
||||
<Key>am:admin:lc:app:publish</Key>
|
||||
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
|
||||
</MappedScopeDetails>
|
||||
</DefaultPermission>
|
||||
</DefaultPermissions>
|
||||
</DeviceMgtConfiguration>
|
||||
|
||||
|
||||
@ -594,7 +594,7 @@ CREATE TABLE IF NOT EXISTS DM_METADATA (
|
||||
METADATA_ID INT AUTO_INCREMENT NOT NULL,
|
||||
DATA_TYPE VARCHAR(16) NOT NULL,
|
||||
METADATA_KEY VARCHAR(128) NOT NULL,
|
||||
METADATA_VALUE VARCHAR(20000) NOT NULL,
|
||||
METADATA_VALUE VARCHAR(65535) NOT NULL,
|
||||
TENANT_ID INTEGER NOT NULL,
|
||||
PRIMARY KEY (METADATA_ID),
|
||||
CONSTRAINT METADATA_KEY_TENANT_ID UNIQUE (METADATA_KEY, TENANT_ID)
|
||||
|
||||
@ -656,7 +656,7 @@ CREATE TABLE IF NOT EXISTS DM_METADATA (
|
||||
METADATA_ID INTEGER NOT NULL AUTO_INCREMENT,
|
||||
DATA_TYPE VARCHAR(16) NOT NULL,
|
||||
METADATA_KEY VARCHAR(128) NOT NULL,
|
||||
METADATA_VALUE VARCHAR(8000) NOT NULL,
|
||||
METADATA_VALUE VARCHAR(65535) NOT NULL,
|
||||
TENANT_ID INTEGER NOT NULL,
|
||||
PRIMARY KEY (METADATA_ID),
|
||||
UNIQUE KEY METADATA_KEY_TENANT_ID (METADATA_KEY,TENANT_ID)
|
||||
|
||||
@ -998,7 +998,8 @@ CREATE TABLE DM_METADATA (
|
||||
METADATA_ID NUMBER(10) NOT NULL,
|
||||
DATA_TYPE VARCHAR2(16) NOT NULL,
|
||||
METADATA_KEY VARCHAR2(128) NOT NULL,
|
||||
METADATA_VALUE VARCHAR2(8000) NOT NULL,
|
||||
-- Can be upgrade to 32767 bytes if the MAX_STRING_SIZE initialization parameter is set to EXTENDED --
|
||||
METADATA_VALUE VARCHAR2(4000) NOT NULL,
|
||||
TENANT_ID INTEGER NOT NULL,
|
||||
CONSTRAINT PK_DM_METADATA PRIMARY KEY (METADATA_ID),
|
||||
CONSTRAINT METADATA_KEY_TENANT_ID UNIQUE (METADATA_KEY, TENANT_ID)
|
||||
|
||||
@ -660,7 +660,7 @@ CREATE TABLE IF NOT EXISTS DM_METADATA (
|
||||
METADATA_ID BIGSERIAL PRIMARY KEY,
|
||||
DATA_TYPE VARCHAR(16) NOT NULL,
|
||||
METADATA_KEY VARCHAR(128) NOT NULL,
|
||||
METADATA_VALUE VARCHAR(8000) NOT NULL,
|
||||
METADATA_VALUE VARCHAR(65535) NOT NULL,
|
||||
TENANT_ID INTEGER NOT NULL,
|
||||
CONSTRAINT METADATA_KEY_TENANT_ID UNIQUE(METADATA_KEY, TENANT_ID)
|
||||
);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user