mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Create an endpoint to get permissions of a given user
This commit is contained in:
Jayasanka Weerasinghe
parent
93c0c7e111
commit
e651645fad
@ -0,0 +1,41 @@
|
||||
/*
|
||||
* Copyright (c) 2020, Entgra (pvt) Ltd. (http://entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.jaxrs.beans;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
@ApiModel(value = "Permission List")
|
||||
public class PermissionList implements Serializable {
|
||||
|
||||
private List<String> permissions;
|
||||
|
||||
@ApiModelProperty(value = "Returns the list of permissions")
|
||||
@JsonProperty("permissions")
|
||||
public List<String> getList() {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
public void setList(List<String> roles) {
|
||||
this.permissions = roles;
|
||||
}
|
||||
}
|
||||
@ -57,6 +57,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PermissionList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
|
||||
@ -164,6 +165,12 @@ import java.util.List;
|
||||
description = "Get activities",
|
||||
key = "perm:get-activity",
|
||||
permissions = {"/device-mgt/devices/owning-device/view"}
|
||||
),
|
||||
@Scope(
|
||||
name = "Getting the Permissions of the User",
|
||||
description = "Getting the Permissions of the User",
|
||||
key = "perm:user:permission-view",
|
||||
permissions = {"/login"}
|
||||
)
|
||||
}
|
||||
)
|
||||
@ -1168,4 +1175,50 @@ public interface UserManagementService {
|
||||
required = true,
|
||||
defaultValue = "admin")
|
||||
@PathParam("username") String username);
|
||||
|
||||
@GET
|
||||
@Path("/current-user/permissions")
|
||||
@ApiOperation(
|
||||
produces = MediaType.APPLICATION_JSON,
|
||||
httpMethod = "GET",
|
||||
value = "Getting the permission details of the current user",
|
||||
notes = "A user may granted more than one permission in IoTS. Using this REST API "
|
||||
+ "you can get the permission/permission the current user has granted. ",
|
||||
tags = "User Management",
|
||||
extensions = {
|
||||
@Extension(properties = {
|
||||
@ExtensionProperty(name = Constants.SCOPE, value = "perm:user:permission-view")
|
||||
})
|
||||
}
|
||||
)
|
||||
@ApiResponses(value = {
|
||||
@ApiResponse(
|
||||
code = 200,
|
||||
message = "OK. \n Successfully fetched the list of permissions the user "
|
||||
+ "has granted.",
|
||||
response = PermissionList.class,
|
||||
responseHeaders = {
|
||||
@ResponseHeader(
|
||||
name = "Content-Type",
|
||||
description = "The content type of the body"),
|
||||
@ResponseHeader(
|
||||
name = "ETag",
|
||||
description = "Entity Tag of the response resource.\n" +
|
||||
"Used by caches, or in conditional requests."),
|
||||
@ResponseHeader(
|
||||
name = "Last-Modified",
|
||||
description = "Date and time the resource was last modified.\n" +
|
||||
"Used by caches, or in conditional requests."),
|
||||
}),
|
||||
@ApiResponse(
|
||||
code = 404,
|
||||
message = "Not Found. \n The specified resource does not exist.\n",
|
||||
response = ErrorResponse.class),
|
||||
@ApiResponse(
|
||||
code = 500,
|
||||
message = "Internal Server Error. \n Server error occurred while fetching the "
|
||||
+ "list of roles assigned to the specified user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
Response getPermissionsOfUser();
|
||||
}
|
||||
|
||||
@ -257,7 +257,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
// Get the permission nodes and hand picking only device management and login perms
|
||||
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
|
||||
List<String> permList = new ArrayList<>();
|
||||
this.iteratePermissions(rolePermissions, permList);
|
||||
DeviceMgtAPIUtils.iteratePermissions(rolePermissions, permList);
|
||||
roleInfo.setPermissionList(rolePermissions);
|
||||
String[] permListAr = new String[permList.size()];
|
||||
roleInfo.setPermissions(permList.toArray(permListAr));
|
||||
@ -278,24 +278,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
}
|
||||
|
||||
private List<String> iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
|
||||
//To prevent NullPointer exceptions
|
||||
if (uiPermissionNode == null) {
|
||||
return list;
|
||||
}
|
||||
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
|
||||
if (permissionNode != null) {
|
||||
list.add(permissionNode.getResourcePath());
|
||||
if (permissionNode.getNodeList() != null
|
||||
&& permissionNode.getNodeList().length > 0) {
|
||||
iteratePermissions(permissionNode, list);
|
||||
}
|
||||
}
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
||||
|
||||
private List<String> getAuthorizedPermissions(UIPermissionNode uiPermissionNode, List<String> list) {
|
||||
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
|
||||
if (permissionNode.isSelected()) {
|
||||
|
||||
@ -40,6 +40,7 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.http.HttpStatus;
|
||||
import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder;
|
||||
import org.wso2.carbon.context.CarbonContext;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
|
||||
@ -57,6 +58,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PermissionList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
|
||||
@ -74,6 +76,9 @@ import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.core.UserCoreConstants;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.user.mgt.UserRealmProxy;
|
||||
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
|
||||
import org.wso2.carbon.user.mgt.common.UserAdminException;
|
||||
import org.wso2.carbon.utils.CarbonUtils;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
||||
|
||||
@ -1029,6 +1034,48 @@ public class UserManagementServiceImpl implements UserManagementService {
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
@Override
|
||||
@Path("/current-user/permissions")
|
||||
public Response getPermissionsOfUser() {
|
||||
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
|
||||
try {
|
||||
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
|
||||
if (!userStoreManager.isExistingUser(username)) {
|
||||
String message = "User by username: " + username + " does not exist for permission retrieval.";
|
||||
log.error(message);
|
||||
return Response.status(Response.Status.NOT_FOUND)
|
||||
.entity(new ErrorResponse.ErrorResponseBuilder().setMessage(message).build()).build();
|
||||
}
|
||||
// Get a list of roles which the user assigned to
|
||||
List<String> roles = getFilteredRoles(userStoreManager, username);
|
||||
List<String> permissions = new ArrayList<>();
|
||||
UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
||||
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
// Get permissions for each role
|
||||
for (String roleName : roles) {
|
||||
try {
|
||||
permissions.addAll(getPermissionsListFromRole(roleName, userRealm, tenantId));
|
||||
} catch (UserAdminException e) {
|
||||
String message = "Error occurred while retrieving the permissions of role '" + roleName + "'";
|
||||
log.error(message, e);
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity(new ErrorResponse.ErrorResponseBuilder().setMessage(message).build())
|
||||
.build();
|
||||
}
|
||||
}
|
||||
PermissionList permissionList = new PermissionList();
|
||||
permissionList.setList(permissions);
|
||||
return Response.status(Response.Status.OK).entity(permissionList).build();
|
||||
} catch (UserStoreException e) {
|
||||
String message = "Error occurred while trying to retrieve roles of the user '" + username + "'";
|
||||
log.error(message, e);
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity(new ErrorResponse.ErrorResponseBuilder().setMessage(message).build())
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
||||
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress,
|
||||
boolean isFresh) {
|
||||
Map<String, String> defaultUserClaims = new HashMap<>();
|
||||
@ -1174,4 +1221,30 @@ public class UserManagementServiceImpl implements UserManagementService {
|
||||
private boolean skipSearch(List<String> commonUsers) {
|
||||
return commonUsers != null && commonUsers.size() == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of permissions of a given role
|
||||
* @param roleName name of the role
|
||||
* @param tenantId the user's tenetId
|
||||
* @param userRealm user realm of the tenant
|
||||
* @return list of permissions
|
||||
* @throws UserAdminException If unable to get the permissions
|
||||
*/
|
||||
private static List<String> getPermissionsListFromRole(String roleName, UserRealm userRealm, int tenantId)
|
||||
throws UserAdminException {
|
||||
org.wso2.carbon.user.core.UserRealm userRealmCore;
|
||||
try {
|
||||
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
|
||||
} catch (ClassCastException e) {
|
||||
String message = "Provided UserRealm object is not an instance of org.wso2.carbon.user.core.UserRealm";
|
||||
log.error(message, e);
|
||||
throw new UserAdminException(message, e);
|
||||
}
|
||||
UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
|
||||
List<String> permissionsList = new ArrayList<>();
|
||||
final UIPermissionNode rolePermissions = userRealmProxy.getRolePermissions(roleName, tenantId);
|
||||
DeviceMgtAPIUtils.iteratePermissions(rolePermissions, permissionsList);
|
||||
return permissionsList;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -82,6 +82,7 @@ import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
|
||||
|
||||
import javax.cache.Cache;
|
||||
import javax.cache.Caching;
|
||||
@ -781,4 +782,27 @@ public class DeviceMgtAPIUtils {
|
||||
typeVersion.setVersionStatus(deviceTypeVersion.getVersionStatus());
|
||||
return typeVersion;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract permissions from a UiPermissionNode using recursions
|
||||
* @param uiPermissionNode an UiPermissionNode Object to extract permissions
|
||||
* @param list provided list to add permissions
|
||||
*/
|
||||
public static void iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
|
||||
// To prevent NullPointer exceptions
|
||||
if (uiPermissionNode == null) {
|
||||
return;
|
||||
}
|
||||
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
|
||||
if (permissionNode != null) {
|
||||
if(permissionNode.isSelected()){
|
||||
list.add(permissionNode.getResourcePath());
|
||||
}
|
||||
if (permissionNode.getNodeList() != null
|
||||
&& permissionNode.getNodeList().length > 0) {
|
||||
iteratePermissions(permissionNode, list);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -145,6 +145,7 @@
|
||||
<Scope>perm:devices:permanent-delete</Scope>
|
||||
<Scope>perm:android:manage-configuration</Scope>
|
||||
<Scope>perm:android:view-configuration</Scope>
|
||||
<Scope>perm:user:permission-view</Scope>
|
||||
</Scopes>
|
||||
<SSOConfiguration>
|
||||
<Issuer>device-mgt</Issuer>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user