Merge pull request #539 from menakaj/release-3.0.x

Permissions added for android sense

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java

@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Licensed under the Apache License, Version 2.0 (the "License"
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
@@ -16,6 +16,9 @@
 
 package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants;
 
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.user.api.Permission;
+
 public class AndroidSenseConstants {
 
     public final static String DEVICE_TYPE = "android_sense";
@@ -44,4 +47,26 @@ public class AndroidSenseConstants {
 
     public static final String SCOPE = "scope";
 
+    public static Permission[] permissions;
+
+    static {
+
+        Permission enroll = new Permission("/permission/admin/device-mgt/devices/enroll", CarbonConstants
+                .UI_PERMISSION_ACTION);
+        Permission disEnroll = new Permission("/permission/admin/device-mgt/devices/disenroll", CarbonConstants
+                .UI_PERMISSION_ACTION);
+        Permission owningDevice = new Permission("/permission/admin/device-mgt/devices/owning-device",
+                CarbonConstants.UI_PERMISSION_ACTION);
+        Permission groups = new Permission("/permission/admin/device-mgt/groups", CarbonConstants.UI_PERMISSION_ACTION);
+        Permission notifications = new Permission("/permission/admin/device-mgt/notifications", CarbonConstants
+                .UI_PERMISSION_ACTION);
+        Permission policies = new Permission("/permission/admin/device-mgt/policies", CarbonConstants
+                .UI_PERMISSION_ACTION);
+        Permission subscribe = new Permission("/permission/admin/manage/api/subscribe", CarbonConstants
+                .UI_PERMISSION_ACTION);
+
+        permissions = new Permission[]{enroll, disEnroll, owningDevice, groups, notifications, policies, subscribe};
+
+    }
+
 }

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java

@@ -0,0 +1,125 @@
+/*
+ *  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.AndroidSenseServiceImpl;
+import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants.AndroidSenseConstants;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+public class PermissionUpdateListener implements ServletContextListener {
+
+    private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class);
+
+    private static final String ROLE_NAME = "internal/devicemgt-user";
+
+    @Override
+    public void contextInitialized(ServletContextEvent servletContextEvent) {
+
+        UserStoreManager userStoreManager = getUserStoreManager();
+        try {
+            if (userStoreManager != null) {
+                if (!userStoreManager.isExistingRole(ROLE_NAME)) {
+                    userStoreManager.addRole(ROLE_NAME, null, AndroidSenseConstants.permissions);
+                } else {
+                    getAuthorizationManager().authorizeRole(ROLE_NAME,
+                            "/permission/admin/device-mgt/devices/enroll/android-sense", "ui.execute");
+                    getAuthorizationManager().authorizeRole(ROLE_NAME,
+                            "/permission/admin/device-mgt/devices/owning-device/view", "ui.execute");
+                }
+            } } catch (UserStoreException e) {
+            //
+        }
+    }
+
+    @Override
+    public void contextDestroyed(ServletContextEvent servletContextEvent) {
+
+    }
+
+    public static UserStoreManager getUserStoreManager() {
+        RealmService realmService;
+        UserStoreManager userStoreManager;
+        try {
+            PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+            if (realmService == null) {
+                String msg = "Realm service has not initialized.";
+                log.error(msg);
+                throw new IllegalStateException(msg);
+            }
+            int tenantId = ctx.getTenantId();
+            userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
+            realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while retrieving current user store manager";
+            log.error(msg, e);
+            throw new IllegalStateException(msg);
+        }
+        return userStoreManager;
+    }
+
+    public static AuthorizationManager getAuthorizationManager() {
+        RealmService realmService;
+        AuthorizationManager authorizationManager;
+        try {
+            PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+            if (realmService == null) {
+                String msg = "Realm service has not initialized.";
+                log.error(msg);
+                throw new IllegalStateException(msg);
+            }
+            int tenantId = ctx.getTenantId();
+            authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while retrieving current user store manager";
+            log.error(msg, e);
+            throw new IllegalStateException(msg);
+        }
+        return authorizationManager;
+    }
+
+
+//    public static void registerApiAccessRoles(String user) {
+//        UserStoreManager userStoreManager = null;
+//        try {
+//            userStoreManager = getUserStoreManager();
+//            String[] userList = new String[]{user};
+//            if (userStoreManager != null) {
+//                String rolesOfUser[] = userStoreManager.getRoleListOfUser(user);
+//                if (!userStoreManager.isExistingRole(Constants.DEFAULT_ROLE_NAME)) {
+//                    userStoreManager.addRole(Constants.DEFAULT_ROLE_NAME, userList, Constants.DEFAULT_PERMISSION);
+//                } else if (rolesOfUser != null && Arrays.asList(rolesOfUser).contains(Constants.DEFAULT_ROLE_NAME)) {
+//                    return;
+//                } else {
+//                    userStoreManager.updateUserListOfRole(Constants.DEFAULT_ROLE_NAME, new String[0], userList);
+//                }
+//            }
+//        } catch (UserStoreException e) {
+//            log.error("Error while creating a role and adding a user for virtual_firealarm.", e);
+//        }
+//    }
+
+}

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml

@@ -30,4 +30,8 @@
 		<param-name>managed-api-enabled</param-name>
 		<param-value>true</param-value>
 	</context-param>
+
+	<listener>
+		<listener-class>org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.PermissionUpdateListener</listener-class>
+	</listener>
 </web-app>

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.device-view/device-view.hbs

@@ -27,13 +27,7 @@
 {{/zone}}
 
 {{#zone "device-opetations"}}
-    <div style="background: #11375B; color: #fff; padding: 10px; margin-bottom: 5px">
-        Operations
-    </div>
-    <div class="add-margin-top-4x">
-        {{unit "cdmf.unit.device.operation-bar" device=device autoCompleteParams=autoCompleteParams
-        encodedFeaturePayloads=encodedFeaturePayloads}}
-    </div>
+
 {{/zone}}
 
 {{#zone "device-view-tabs"}}