Merge remote-tracking branch 'entgra/master' into entgra-master

README.md

@@ -4,8 +4,11 @@
 
 [![pipeline status](https://gitlab.com/entgra/carbon-device-mgt/badges/master/pipeline.svg)](https://gitlab.com/entgra/carbon-device-mgt/commits/master)
 
-WSO2 CONNECTED DEVICE MANAGEMENT COMPONENTS
+Entgra CONNECTED DEVICE MANAGEMENT COMPONENTS
 
-WSO2 Connected Device Manager (WSO2 CDM) is a comprehensive platform that helps solve mobile computing challenges enterprises face today when dealing with both corporate owned, personally enabled (COPE) devices and employee owned devices as part of a bring your own device (BYOD) program.
+Entgra Connected Device Manager (Entgra CDM) is a comprehensive platform that helps solve mobile computing challenges 
+enterprises face today when dealing with both corporate owned, personally enabled (COPE) devices and employee owned devices as part of a bring your own device (BYOD) program.
 
-Whether it is device provisioning, device configuration management, policy enforcement, mobile application management, device data security, or compliance monitoring, WSO2 CDM offers a single enterprise-grade platform to develop extensions for IOT related device types.
+Whether it is device provisioning, device configuration management, policy enforcement, mobile application 
+management, device data security, or compliance monitoring, Entgra CDM offers a single enterprise-grade platform to 
+develop extensions for IOT related device types.

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/Constants.java

@@ -25,4 +25,7 @@ public class Constants {
     public static final String PROP_AND = "PROP_AND";
     public static final String PROP_OR = "PROP_OR";
     public static final String LOCATION = "LOCATION";
+
+    public static final String ANY_DEVICE_PERMISSION = "/device-mgt/devices/any-device";
+    public static final String UI_EXECUTE = "ui.execute";
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/impl/ProcessorImpl.java

@@ -25,8 +25,6 @@ import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
 import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.common.device.details.DeviceInfo;
 import org.wso2.carbon.device.mgt.common.device.details.DeviceLocation;
 import org.wso2.carbon.device.mgt.common.search.SearchContext;
@@ -34,11 +32,21 @@ import org.wso2.carbon.device.mgt.core.dao.ApplicationDAO;
 import org.wso2.carbon.device.mgt.core.dao.DeviceManagementDAOException;
 import org.wso2.carbon.device.mgt.core.dao.DeviceManagementDAOFactory;
 import org.wso2.carbon.device.mgt.core.dao.util.DeviceManagementDAOUtil;
-import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
+import org.wso2.carbon.device.mgt.core.search.mgt.Constants;
-import org.wso2.carbon.device.mgt.core.search.mgt.*;
+import org.wso2.carbon.device.mgt.core.search.mgt.InvalidOperatorException;
+import org.wso2.carbon.device.mgt.core.search.mgt.Processor;
+import org.wso2.carbon.device.mgt.core.search.mgt.QueryBuilder;
+import org.wso2.carbon.device.mgt.core.search.mgt.QueryHolder;
+import org.wso2.carbon.device.mgt.core.search.mgt.ResultSetAggregator;
+import org.wso2.carbon.device.mgt.core.search.mgt.SearchMgtException;
+import org.wso2.carbon.device.mgt.core.search.mgt.ValueType;
 import org.wso2.carbon.device.mgt.core.search.mgt.dao.SearchDAOException;
 
-import java.sql.*;
+import java.sql.Array;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -47,17 +55,9 @@ import java.util.Map;
 public class ProcessorImpl implements Processor {
     private ApplicationDAO applicationDAO;
     private static final Log log = LogFactory.getLog(ProcessorImpl.class);
-    private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
 
     public ProcessorImpl() {
         applicationDAO = DeviceManagementDAOFactory.getApplicationDAO();
-        deviceAccessAuthorizationService = DeviceManagementDataHolder.getInstance()
-                .getDeviceAccessAuthorizationService();
-        if (deviceAccessAuthorizationService == null) {
-            String msg = "DeviceAccessAuthorization service has not initialized.";
-            log.error(msg);
-            throw new IllegalStateException(msg);
-        }
     }
 
     @Override
@@ -115,35 +115,10 @@ public class ProcessorImpl implements Processor {
         devices.put(Constants.LOCATION, locationDevices);
 
         List<Device> finalDevices = aggregator.aggregate(devices);
-        finalDevices = authorizedDevices(finalDevices);
         this.setApplicationListOfDevices(finalDevices);
         return finalDevices;
     }
 
-    /**
-     * To get the authorized devices for a particular user
-     *
-     * @param devices Devices that satisfy search results
-     * @return Devices that satisfy search results and authorized to be viewed by particular user
-     */
-    private List<Device> authorizedDevices(List<Device> devices) throws SearchMgtException {
-        List<Device> filteredList = new ArrayList<>();
-        try {
-            for (Device device : devices) {
-                DeviceIdentifier deviceIdentifier = new DeviceIdentifier(device.getDeviceIdentifier(),
-                        device.getType());
-                if (deviceAccessAuthorizationService != null && deviceAccessAuthorizationService
-                        .isUserAuthorized(deviceIdentifier)) {
-                    filteredList.add(device);
-                }
-            }
-            return filteredList;
-        } catch (DeviceAccessAuthorizationException e) {
-            log.error("Error getting authorized search results for logged in user");
-            throw new SearchMgtException(e);
-        }
-    }
-
     @Override
     public List<Device> getUpdatedDevices(long epochTime) throws SearchMgtException {
 
@@ -256,7 +231,6 @@ public class ProcessorImpl implements Processor {
         PreparedStatement stmt = null;
         ResultSet rs = null;
         List<Device> devices = new ArrayList<>();
-        Map<Integer, Integer> devs = new HashMap<>();
         try {
             conn = this.getConnection();
             stmt = conn.prepareStatement(queryHolder.getQuery());
@@ -281,7 +255,6 @@ public class ProcessorImpl implements Processor {
 
             rs = stmt.executeQuery();
             while (rs.next()) {
-                if (!devs.containsKey(rs.getInt("ID"))) {
                 Device device = new Device();
                 device.setId(rs.getInt("ID"));
                 device.setDescription(rs.getString("DESCRIPTION"));
@@ -290,6 +263,7 @@ public class ProcessorImpl implements Processor {
                 device.setDeviceIdentifier(rs.getString("DEVICE_IDENTIFICATION"));
 
                 EnrolmentInfo enrolmentInfo = new EnrolmentInfo();
+                enrolmentInfo.setId(rs.getInt("ENROLLMENT_ID"));
                 enrolmentInfo.setStatus(EnrolmentInfo.Status.valueOf(rs.getString("DE_STATUS")));
                 enrolmentInfo.setOwner(rs.getString("OWNER"));
                 enrolmentInfo.setOwnership(EnrolmentInfo.OwnerShip.valueOf(rs.getString("OWNERSHIP")));
@@ -332,8 +306,6 @@ public class ProcessorImpl implements Processor {
                 deviceInfo.setLocation(deviceLocation);
                 device.setDeviceInfo(deviceInfo);
                 devices.add(device);
-                    devs.put(device.getId(), device.getId());
-                }
             }
         } catch (SQLException e) {
             throw new SearchDAOException("Error occurred while aquiring the device details.", e);

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/impl/QueryBuilderImpl.java

@@ -331,7 +331,7 @@ public class QueryBuilderImpl implements QueryBuilder {
                     "DD.EXTERNAL_TOTAL_MEMORY, DD.EXTERNAL_AVAILABLE_MEMORY, DD.CONNECTION_TYPE, \n" +
                     "DD.SSID, DD.CPU_USAGE, DD.TOTAL_RAM_MEMORY, DD.AVAILABLE_RAM_MEMORY, \n" +
                     "DD.PLUGGED_IN, DD.UPDATE_TIMESTAMP, DL.LATITUDE, DL.LONGITUDE, DL.STREET1, DL.STREET2, DL.CITY, DL.ZIP, \n" +
-                    "DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DE.OWNER, DE.OWNERSHIP, DE.STATUS " +
+                    "DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DE.ID AS ENROLLMENT_ID, DE.OWNER, DE.OWNERSHIP, DE.STATUS " +
                     "AS DE_STATUS FROM DM_DEVICE_DETAIL DD INNER JOIN DM_DEVICE D ON D.ID=DD.DEVICE_ID\n" +
                     "LEFT JOIN DM_DEVICE_LOCATION DL ON DL.DEVICE_ID=D.ID \n" +
                     "INNER JOIN DM_DEVICE_TYPE DT ON DT.ID=D.DEVICE_TYPE_ID\n" +
@@ -359,7 +359,7 @@ public class QueryBuilderImpl implements QueryBuilder {
                     "DD.SSID, DD.CPU_USAGE, DD.TOTAL_RAM_MEMORY, DD.AVAILABLE_RAM_MEMORY, \n" +
                     "DD.PLUGGED_IN, DD.UPDATE_TIMESTAMP, DL.LATITUDE, DL.LONGITUDE, DL.STREET1, DL.STREET2, DL.CITY, DL.ZIP, \n" +
                     "DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DI.KEY_FIELD, DI.VALUE_FIELD, \n" +
-                    "DE.OWNER, DE.OWNERSHIP, DE.STATUS AS DE_STATUS " +
+                    "DE.ID ENROLLMENT_ID, DE.OWNER, DE.OWNERSHIP, DE.STATUS AS DE_STATUS " +
                     "FROM DM_DEVICE_DETAIL DD INNER JOIN DM_DEVICE D ON  D.ID=DD.DEVICE_ID\n" +
                     "LEFT JOIN DM_DEVICE_LOCATION DL ON DL.DEVICE_ID=D.ID  \n" +
                     "INNER JOIN DM_DEVICE_TYPE DT ON DT.ID=D.DEVICE_TYPE_ID\n" +

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/impl/ResultSetAggregatorImpl.java

@@ -19,9 +19,16 @@
 
 package org.wso2.carbon.device.mgt.core.search.mgt.impl;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.Device;
+import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
 import org.wso2.carbon.device.mgt.core.search.mgt.Constants;
 import org.wso2.carbon.device.mgt.core.search.mgt.ResultSetAggregator;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -29,16 +36,17 @@ import java.util.List;
 import java.util.Map;
 
 public class ResultSetAggregatorImpl implements ResultSetAggregator {
+    private static Log log = LogFactory.getLog(ResultSetAggregatorImpl.class);
 
     @Override
     public List<Device> aggregate(Map<String, List<Device>> devices) {
-
         Map<Integer, Device> generalQueryMap = this.convertToMap(devices.get(Constants.GENERAL));
         Map<Integer, Device> andMap = this.convertToMap(devices.get(Constants.PROP_AND));
         Map<Integer, Device> orMap = this.convertToMap(devices.get(Constants.PROP_OR));
         Map<Integer, Device> locationMap = this.convertToMap(devices.get(Constants.LOCATION));
         Map<Integer, Device> finalMap = new HashMap<>();
         List<Device> finalResult = new ArrayList<>();
+        List<Device> ownDevices = new ArrayList<>();
 
         if (andMap.isEmpty()) {
             finalMap = generalQueryMap;
@@ -70,8 +78,24 @@ public class ResultSetAggregatorImpl implements ResultSetAggregator {
             }
         }
 
+        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
+
+        try {
+            if (isPermittedToViewAnyDevice(username)) {
                 return finalResult;
             }
+        } catch (UserStoreException e) {
+            log.error("Unable to check permissions of the user: " + username, e);
+        }
+
+        for (Device device: finalResult) {
+            if (username.equals(device.getEnrolmentInfo().getOwner())) {
+                ownDevices.add(device);
+            }
+        }
+
+        return ownDevices;
+    }
 
     private Map<Integer, Device> convertToMap(List<Device> devices) {
         if (devices == null) {
@@ -79,7 +103,7 @@ public class ResultSetAggregatorImpl implements ResultSetAggregator {
         }
         Map<Integer, Device> deviceWrapperMap = new HashMap<>();
         for (Device device : devices) {
-            deviceWrapperMap.put(device.getId(), device);
+            deviceWrapperMap.put(device.getEnrolmentInfo().getId(), device);
         }
         return deviceWrapperMap;
     }
@@ -92,4 +116,20 @@ public class ResultSetAggregatorImpl implements ResultSetAggregator {
         return list;
     }
 
+    /**
+     * Checks if the user has permissions to view all devices.
+     *
+     * @param username username
+     * @return {@code true} if user is permitted
+     * @throws UserStoreException If unable to check user permissions
+     */
+    private boolean isPermittedToViewAnyDevice(String username) throws UserStoreException {
+        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
+        UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
+        return userRealm != null && userRealm.getAuthorizationManager() != null &&
+                userRealm.getAuthorizationManager().isUserAuthorized(username,
+                        PermissionUtils.getAbsolutePermissionPath(Constants.ANY_DEVICE_PERMISSION), 
+                        Constants.UI_EXECUTE);
+    }
+
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/search/ProcessorImplTest.java

@@ -17,14 +17,11 @@
  */
 package org.wso2.carbon.device.mgt.core.search;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.testng.Assert;
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.common.search.Condition;
 import org.wso2.carbon.device.mgt.common.search.SearchContext;
 import org.wso2.carbon.device.mgt.core.TestDeviceManagementService;
@@ -41,7 +38,6 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
-import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -50,16 +46,12 @@ import java.util.List;
  */
 public class ProcessorImplTest extends BaseDeviceManagementTest {
 
-    private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
-    private static final Log log = LogFactory.getLog(SearchManagementServiceTest.class);
     private static List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>();
     private static final String DEVICE_ID_PREFIX = "SEARCH-DEVICE-ID-";
     private static final String DEVICE_TYPE = "SEARCH_TYPE";
 
     @BeforeClass
     public void init() throws Exception {
-        deviceAccessAuthorizationService = DeviceManagementDataHolder.getInstance()
-                .getDeviceAccessAuthorizationService();
         for (int i = 0; i < 5; i++) {
             deviceIdentifiers.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE));
         }
@@ -81,27 +73,59 @@ public class ProcessorImplTest extends BaseDeviceManagementTest {
         }
     }
 
-    @Test(description = "Test the Search Processor")
+    @Test (description = "Search for device with and condition")
-    public void testWithNoDeviceAccessAuthorization() throws NoSuchFieldException, IllegalAccessException,
+    public void testSearchDevicesWIthAndCondition() throws SearchMgtException {
-            SearchMgtException {
         SearchContext context = new SearchContext();
         List<Condition> conditions = new ArrayList<>();
-        Condition cond = new Condition();
+
-        cond.setKey("batteryLevel");
+        Condition condition = new Condition();
-        cond.setOperator("=");
+        condition.setKey("IMEI");
-        cond.setValue("40");
+        condition.setOperator("=");
-        cond.setState(Condition.State.AND);
+        condition.setValue("e6f236ac82537a8e");
-        conditions.add(cond);
+        condition.setState(Condition.State.AND);
+        conditions.add(condition);
+
         context.setConditions(conditions);
         ProcessorImpl processor = new ProcessorImpl();
-        Field deviceAccessAuthorizationServiceField = ProcessorImpl.class.getDeclaredField
+        List<Device> devices = processor.execute(context);
-                ("deviceAccessAuthorizationService");
+        Assert.assertEquals(5, devices.size(), "There should be exactly 5 devices with matching search criteria");
-        deviceAccessAuthorizationServiceField.setAccessible(true);
-        deviceAccessAuthorizationServiceField.set(processor, null);
-        List<Device> searchedDevices = processor.execute(context);
-        Assert.assertEquals(0, searchedDevices.size());
     }
 
+    @Test (description = "Search for device with or condition")
+    public void testSearchDevicesWIthORCondition() throws SearchMgtException {
+        SearchContext context = new SearchContext();
+        List<Condition> conditions = new ArrayList<>();
+
+        Condition condition = new Condition();
+        condition.setKey("IMSI");
+        condition.setOperator("=");
+        condition.setValue("432659632123654845");
+        condition.setState(Condition.State.OR);
+        conditions.add(condition);
+
+        context.setConditions(conditions);
+        ProcessorImpl processor = new ProcessorImpl();
+        List<Device> devices = processor.execute(context);
+        Assert.assertEquals(5, devices.size(), "There should be exactly 5 devices with matching search criteria");
+    }
+
+    @Test (description = "Search for device with wrong condition")
+    public void testSearchDevicesWIthWrongCondition() throws SearchMgtException {
+        SearchContext context = new SearchContext();
+        List<Condition> conditions = new ArrayList<>();
+
+        Condition condition = new Condition();
+        condition.setKey("IMSI");
+        condition.setOperator("=");
+        condition.setValue("43265963212378466");
+        condition.setState(Condition.State.OR);
+        conditions.add(condition);
+
+        context.setConditions(conditions);
+        ProcessorImpl processor = new ProcessorImpl();
+        List<Device> devices = processor.execute(context);
+        Assert.assertEquals(0, devices.size(), "There should be no devices with matching search criteria");
+    }
 
     @Test(description = "Test for invalid state")
     public void testInvalidState() throws SearchMgtException {
@@ -141,16 +165,4 @@ public class ProcessorImplTest extends BaseDeviceManagementTest {
             }
         }
     }
-
-    @Test(description = "Test when Device Access Authorization is null", expectedExceptions = {IllegalStateException
-            .class}, dependsOnMethods = {"testWithNoDeviceAccessAuthorization", "testInvalidState"})
-    public void testProcessorInitializationError() throws ClassNotFoundException, NoSuchMethodException,
-            NoSuchFieldException, IllegalAccessException, SearchMgtException {
-        DeviceManagementDataHolder deviceManagementDataHolder = DeviceManagementDataHolder.getInstance();
-        Field field = DeviceManagementDataHolder.class.getDeclaredField("deviceAccessAuthorizationService");
-        field.setAccessible(true);
-        field.set(deviceManagementDataHolder, null);
-        ProcessorImpl processor = new ProcessorImpl();
-        processor.execute(null);
-    }
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json

@@ -156,10 +156,12 @@
     "perm:admin:device-type",
     "perm:device:enroll",
     "perm:geo-service:analytics-view",
-    "perm:geo-service:alerts-manage"
+    "perm:geo-service:alerts-manage",
+    "appm:read"
   ],
   "isOAuthEnabled": true,
   "backendRestEndpoints": {
-    "deviceMgt": "/api/device-mgt/v1.0"
+    "deviceMgt": "/api/device-mgt/v1.0",
+    "appMgt": "/api/appm/store/v1.1"
   }
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/policy.js

@@ -14,6 +14,23 @@
  * either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
+ *
+ * Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 
 var policyModule;
@@ -180,6 +197,55 @@ policyModule = function () {
         }
     };
 
+    /*
+     Get apps available in the store from backend service.
+     */
+    publicMethods.getStoreAppsForPolicy = function () {
+        var carbonUser = session.get(constants["USER_SESSION_KEY"]);
+        if (!carbonUser) {
+            log.error("User object was not found in the session");
+            userModule.logout(function () {
+                response.sendRedirect(devicemgtProps["appContext"] + "login");
+            });
+        }
+        try {
+            var url = devicemgtProps["managerHTTPSURL"] + devicemgtProps["backendRestEndpoints"]["appMgt"] +
+                "/apps/mobileapp?field-filter=all";
+            return serviceInvokers.XMLHttp.get(url,
+                function (backendResponse) {
+                    var response = {};
+                    if (backendResponse.status === 200 && backendResponse.responseText) {
+                        var appListFromRestEndpoint = parse(backendResponse.responseText)["appList"];
+                        var storeApps = [];
+                        var i, appObjectFromRestEndpoint, appObjectToView;
+                        for (i=0; i<appListFromRestEndpoint.length; i++) {
+                            appObjectFromRestEndpoint = appListFromRestEndpoint[i];
+                            appObjectToView = {};
+                            appObjectToView["appName"] = appObjectFromRestEndpoint["name"];
+                            appObjectToView["appId"] = appObjectFromRestEndpoint["id"];
+                            appObjectToView["packageName"] = appObjectFromRestEndpoint["appmeta"]["package"];
+                            appObjectToView["version"] = appObjectFromRestEndpoint["version"];
+                            appObjectToView["platform"] = appObjectFromRestEndpoint["platform"];
+                            storeApps.push(appObjectToView);
+                        }
+                        response.status = "success";
+                        response.content = storeApps;
+                        return response;
+                    } else {
+                        response.status = "error";
+                        if (backendResponse.responseText === "Scope validation failed") {
+                            response.content = "Permission Denied";
+                        } else {
+                            response.content = backendResponse.responseText;
+                        }
+                        return response;
+                    }
+                });
+        } catch (e) {
+            throw e;
+        }
+    };
+
     /*
      @Updated - used by getAllPolicies
      */

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policy.create/create.hbs

@@ -14,6 +14,23 @@
   either express or implied. See the License for the
   specific language governing permissions and limitations
   under the License.
+
+
+  Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+
+  Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+  Version 2.0 (the "License"); you may not use this file except
+  in compliance with the License.
+  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
 }}
 
 {{unit "cdmf.unit.ui.title" pageTitle="Policy Management | Add Policy"}}
@@ -40,4 +57,5 @@
 {{#zone "content"}}
     {{unit "cdmf.unit.device.operation-mod"}}
     {{unit "cdmf.unit.policy.create"}}
+    {{unit "cdmf.unit.lib.data-table"}}
 {{/zone}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policy.edit/edit.hbs

@@ -14,6 +14,23 @@
   either express or implied. See the License for the
   specific language governing permissions and limitations
   under the License.
+
+
+  Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+
+  Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+  Version 2.0 (the "License"); you may not use this file except
+  in compliance with the License.
+  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
 }}
 
 {{unit "cdmf.unit.ui.title" pageTitle="Policy Management | Edit Policy"}}
@@ -40,4 +57,5 @@
 {{#zone "content"}}
     {{unit "cdmf.unit.device.operation-mod"}}
     {{unit "cdmf.unit.policy.edit"}}
+    {{unit "cdmf.unit.lib.data-table"}}
 {{/zone}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policy.view/view.hbs

@@ -14,6 +14,23 @@
   either express or implied. See the License for the
   specific language governing permissions and limitations
   under the License.
+
+
+  Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+
+  Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+  Version 2.0 (the "License"); you may not use this file except
+  in compliance with the License.
+  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
 }}
 
 {{unit "cdmf.unit.ui.title" pageTitle="Policy Management | View Policy"}}
@@ -48,4 +65,5 @@
 {{#zone "content"}}
     {{unit "cdmf.unit.device.operation-mod"}}
     {{unit "cdmf.unit.policy.view"}}
+    {{unit "cdmf.unit.lib.data-table"}}
 {{/zone}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.hbs

@@ -1,7 +1,9 @@
 {{#zone "content"}}
     {{#if isAuthorized}}
         <span id="logged-in-user" class="hidden" data-username="{{@user.username}}" data-domain="{{@user.domain}}"
-              data-tenant-id="{{@user.tenantId}}" data-iscloud="{{isCloud}}" data-isDeviceOwnerEnabled="{{isDeviceOwnerEnabled}}"></span>
+              data-tenant-id="{{@user.tenantId}}" data-iscloud="{{isCloud}}"
+              data-isDeviceOwnerEnabled="{{isDeviceOwnerEnabled}}" data-storeapps="{{storeApps}}">
+        </span>
         <div class="row">
             <div class="col-md-12">
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js

@@ -14,6 +14,23 @@
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
+ *
+ * Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 
 function onRequest(context) {
@@ -24,6 +41,7 @@ function onRequest(context) {
 	var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
 	var deviceModule = require("/app/modules/business-controllers/device.js")["deviceModule"];
 	var groupModule = require("/app/modules/business-controllers/group.js")["groupModule"];
+    var policyModule = require("/app/modules/business-controllers/policy.js")["policyModule"];
 	var types = {};
 
 	types.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/manage");
@@ -97,6 +115,8 @@ function onRequest(context) {
     types["isCloud"] = devicemgtProps.isCloud;
     types["isDeviceOwnerEnabled"] = devicemgtProps.isDeviceOwnerEnabled;
 
+    var enrollmentApps = policyModule.getStoreAppsForPolicy();
+    types["storeApps"] = JSON.stringify(enrollmentApps["content"]);
 
 	return types;
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/public/js/policy-create.js

@@ -13,6 +13,23 @@
  * either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
+ *
+ * Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 
 var stepForwardFrom = {};
@@ -145,8 +162,10 @@ stepForwardFrom["policy-platform"] = function (actionButton) {
     var policyOperationsTemplateCacheKey = deviceType + '-policy-operations';
 
     if (policyOperationsTemplateSrc) {
+        var storeApps = getStoreApps($("#logged-in-user").data("storeapps"), deviceType);
         $.template(policyOperationsTemplateCacheKey, context + policyOperationsTemplateSrc, function (template) {
-            var content = template({"iscloud" : $("#logged-in-user").data("iscloud"), "isDeviceOwnerEnabled" : $("#logged-in-user").data("isdeviceownerenabled")});
+            var content = template({"iscloud" : $("#logged-in-user").data("iscloud"),
+                "isDeviceOwnerEnabled" : $("#logged-in-user").data("isdeviceownerenabled"), "storeapps" : storeApps});
             $("#device-type-policy-operations").html(content).removeClass("hidden");
             $(".policy-platform").addClass("hidden");
         });
@@ -172,6 +191,24 @@ stepForwardFrom["policy-platform"] = function (actionButton) {
     $(".wr-advance-operations-init").addClass("hidden");
 };
 
+/**
+ * Retrieve store apps of the given device type
+ *
+ * @param storeApps
+ * @param deviceType
+ * @returns {Array}
+ */
+function getStoreApps(storeApps, deviceType) {
+    var selectedApps = [];
+    var i;
+    for (i=0; i<storeApps.length; i++) {
+        if (deviceType === storeApps[i].platform) {
+            selectedApps.push(storeApps[i]);
+        }
+    }
+    return selectedApps;
+}
+
 /**
  * Forward action of policy profile page. Generates policy profile payload.
  */

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/edit.hbs

@@ -1,7 +1,7 @@
 {{#zone "content"}}
     {{#if isAuthorized }}
         <span id="logged-in-user" class="hidden" data-username="{{@user.username}}" data-domain="{{@user.domain}}"
-              data-tenant-id="{{@user.tenantId}}" data-iscloud="{{isCloud}}"></span>
+              data-tenant-id="{{@user.tenantId}}" data-iscloud="{{isCloud}}" data-storeapps="{{storeApps}}"></span>
         <span id="policy-operations" class="hidden" data-template="{{policyOperations.template}}"
               data-script="{{policyOperations.script}}" data-style="{{policyOperations.style}}"></span>
         <div class="row">

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/edit.js

@@ -14,6 +14,23 @@
  * either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
+ *
+ * Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 
 function onRequest(context) {
@@ -21,6 +38,7 @@ function onRequest(context) {
     var utility = require("/app/modules/utility.js").utility;
     var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
     var groupModule = require("/app/modules/business-controllers/group.js")["groupModule"];
+    var policyModule = require("/app/modules/business-controllers/policy.js")["policyModule"];
 
     var rolesResult = userModule.getRoles();
     if (rolesResult.status == "success") {
@@ -63,5 +81,8 @@ function onRequest(context) {
     var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
     context["isCloud"] = devicemgtProps.isCloud;
 
+    var enrollmentApps = policyModule.getStoreAppsForPolicy();
+    context["storeApps"] = JSON.stringify(enrollmentApps["content"]);
+
     return context;
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/public/js/policy-edit.js

@@ -14,6 +14,23 @@
  * either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
+ *
+ * Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 
 var validateStep = {};
@@ -202,7 +219,8 @@ skipStep["policy-platform"] = function (policyPayloadObj) {
             hasPolicyProfileScript = false;
         }
         $.template(policyEditTemplateCacheKey, context + policyEditTemplateSrc, function (template) {
-            var content = template({"iscloud" : $("#logged-in-user").data("iscloud")});
+            var storeApps = getStoreApps($("#logged-in-user").data("storeapps"), deviceType);
+            var content = template({"iscloud" : $("#logged-in-user").data("iscloud"), "storeapps" : storeApps});
             $("#device-type-policy-operations").html(content).removeClass("hidden");
             $(".policy-platform").addClass("hidden");
             if (hasPolicyProfileScript) {
@@ -230,6 +248,24 @@ skipStep["policy-platform"] = function (policyPayloadObj) {
     }
 };
 
+/**
+ * Retrieve store apps of the given device type
+ *
+ * @param storeApps
+ * @param deviceType
+ * @returns {Array}
+ */
+function getStoreApps(storeApps, deviceType) {
+    var selectedApps = [];
+    var i;
+    for (i=0; i<storeApps.length; i++) {
+        if (storeApps[i].platform === deviceType) {
+            selectedApps.push(storeApps[i]);
+        }
+    }
+    return selectedApps;
+}
+
 /**
  * Forward action of policy profile page. Generates policy profile payload.
  */

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/impl/ComplianceDecisionPointImpl.java

@@ -14,6 +14,23 @@
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
+ *
+ * Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 
 
@@ -123,27 +140,27 @@ public class ComplianceDecisionPointImpl implements ComplianceDecisionPoint {
     public void reEnforcePolicy(DeviceIdentifier deviceIdentifier, NonComplianceData complianceData) throws
             PolicyComplianceException {
 
+        // do not re-enforce policy if the only feature to be applied is enrollment app install
+        if (complianceData.getComplianceFeatures().size() != 1 || !PolicyManagementConstants
+                .ENROLLMENT_APP_INSTALL_FEATURE_CODE.equals(complianceData.getComplianceFeatures().get(0)
+                        .getFeatureCode())) {
             try {
                 Policy policy = complianceData.getPolicy();
                 if (policy != null) {
-                List<DeviceIdentifier> deviceIdentifiers = new ArrayList<DeviceIdentifier>();
+                    List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>();
                     deviceIdentifiers.add(deviceIdentifier);
 
-
+                    List<ProfileOperation> profileOperationList = new ArrayList<>();
-                List<ProfileOperation> profileOperationList = new ArrayList<ProfileOperation>();
 
                     PolicyOperation policyOperation = new PolicyOperation();
                     policyOperation.setEnabled(true);
                     policyOperation.setType(Operation.Type.POLICY);
                     policyOperation.setCode(PolicyOperation.POLICY_OPERATION_CODE);
 
-
                     if (complianceData.isCompletePolicy()) {
                         List<ProfileFeature> effectiveFeatures = policy.getProfile().getProfileFeaturesList();
-
                         for (ProfileFeature feature : effectiveFeatures) {
                             ProfileOperation profileOperation = new ProfileOperation();
-
                             profileOperation.setCode(feature.getFeatureCode());
                             profileOperation.setEnabled(true);
                             profileOperation.setStatus(Operation.Status.PENDING);
@@ -155,12 +172,9 @@ public class ComplianceDecisionPointImpl implements ComplianceDecisionPoint {
                         List<ComplianceFeature> noneComplianceFeatures = complianceData.getComplianceFeatures();
                         List<ProfileFeature> effectiveFeatures = policy.getProfile().getProfileFeaturesList();
                         for (ComplianceFeature feature : noneComplianceFeatures) {
-
                             for (ProfileFeature pf : effectiveFeatures) {
                                 if (pf.getFeatureCode().equalsIgnoreCase(feature.getFeatureCode())) {
-
                                     ProfileOperation profileOperation = new ProfileOperation();
-
                                     profileOperation.setCode(feature.getFeatureCode());
                                     profileOperation.setEnabled(true);
                                     profileOperation.setStatus(Operation.Status.PENDING);
@@ -190,6 +204,7 @@ public class ComplianceDecisionPointImpl implements ComplianceDecisionPoint {
                         deviceIdentifier.getType(), e);
             }
         }
+    }
 
     @Override
     public void markDeviceAsNoneCompliance(DeviceIdentifier deviceIdentifier) throws PolicyComplianceException {

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagementConstants.java

@@ -31,6 +31,8 @@ public final class PolicyManagementConstants {
     public static final String WARN = "WARN";
     public static final String BLOCK = "BLOCK";
 
+    public static final String ENROLLMENT_APP_INSTALL_FEATURE_CODE = "ENROLLMENT_APP_INSTALL";
+
     public static final String MONITORING_TASK_TYPE = "MONITORING_TASK";
     public static final String MONITORING_TASK_NAME = "MONITORING";
     public static final String MONITORING_TASK_CLAZZ = "org.wso2.carbon.policy.mgt.core.task.MonitoringTask";