Search in sources :

Example 1 with ApplicationPermission

use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method deleteAssignedPermissions.

/**
 * Delete assigned role permission mappings for deleted permissions
 *
 * @param connection
 * @param applicationName
 * @param permissions
 * @throws IdentityApplicationManagementException
 * @throws SQLException
 */
public void deleteAssignedPermissions(Connection connection, String applicationName, ApplicationPermission[] permissions) throws IdentityApplicationManagementException, SQLException {
    List<ApplicationPermission> loadPermissions = ApplicationMgtUtil.loadPermissions(applicationName);
    List<ApplicationPermission> removedPermissions = null;
    if (!CollectionUtils.isEmpty(loadPermissions)) {
        if (ArrayUtils.isEmpty(permissions)) {
            removedPermissions = new ArrayList<ApplicationPermission>(loadPermissions);
        } else {
            removedPermissions = new ArrayList<ApplicationPermission>();
            for (ApplicationPermission storedPermission : loadPermissions) {
                boolean isStored = false;
                for (ApplicationPermission applicationPermission : permissions) {
                    if (applicationPermission.getValue().equals(storedPermission.getValue())) {
                        isStored = true;
                        break;
                    }
                }
                if (!isStored) {
                    removedPermissions.add(storedPermission);
                }
            }
        }
    }
    if (!CollectionUtils.isEmpty(removedPermissions)) {
        // delete permissions
        for (ApplicationPermission applicationPermission : removedPermissions) {
            String permissionValue = ApplicationMgtUtil.PATH_CONSTANT + ApplicationMgtUtil.getApplicationPermissionPath() + ApplicationMgtUtil.PATH_CONSTANT + applicationName + ApplicationMgtUtil.PATH_CONSTANT + applicationPermission.getValue();
            int permisionId = getPermissionId(permissionValue.toLowerCase());
            deleteRolePermissionMapping(permisionId);
            deletePermission(permisionId);
        }
    }
}
Also used : ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission)

Example 2 with ApplicationPermission

use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method loadApplicationPermissions.

private void loadApplicationPermissions(String serviceProviderName, ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
    try {
        ApplicationMgtUtil.startTenantFlow(serviceProvider.getOwner().getTenantDomain());
        List<ApplicationPermission> permissionList = ApplicationMgtUtil.loadPermissions(serviceProviderName);
        if (permissionList != null) {
            PermissionsAndRoleConfig permissionAndRoleConfig;
            if (serviceProvider.getPermissionAndRoleConfig() == null) {
                permissionAndRoleConfig = new PermissionsAndRoleConfig();
            } else {
                permissionAndRoleConfig = serviceProvider.getPermissionAndRoleConfig();
            }
            permissionAndRoleConfig.setPermissions(permissionList.toArray(new ApplicationPermission[0]));
            serviceProvider.setPermissionAndRoleConfig(permissionAndRoleConfig);
        }
    } finally {
        ApplicationMgtUtil.endTenantFlow();
    }
}
Also used : PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission)

Example 3 with ApplicationPermission

use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.

the class ApplicationMgtUtil method updatePermissions.

/**
 * Updates the permissions of the application
 *
 * @param applicationName
 * @param permissions
 * @throws IdentityApplicationManagementException
 */
public static void updatePermissions(String applicationName, ApplicationPermission[] permissions) throws IdentityApplicationManagementException {
    String applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + applicationName;
    Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
    try {
        boolean exist = tenantGovReg.resourceExists(applicationNode);
        if (!exist) {
            Collection appRootNode = tenantGovReg.newCollection();
            appRootNode.setProperty("name", applicationName);
            tenantGovReg.put(applicationNode, appRootNode);
        }
        Collection appNodeCollec = (Collection) tenantGovReg.get(applicationNode);
        String[] childern = appNodeCollec.getChildren();
        // new permissions are null. deleting all permissions case
        if ((childern != null && childern.length > 0) && (permissions == null || permissions.length == 0)) {
            // there are permissions
            tenantGovReg.delete(applicationNode);
        }
        if (ArrayUtils.isEmpty(permissions)) {
            return;
        }
        // no permission exist for the application, create new
        if (childern == null || appNodeCollec.getChildCount() < 1) {
            addPermission(applicationNode, permissions, tenantGovReg);
        } else {
            // there are permission
            List<ApplicationPermission> loadPermissions = loadPermissions(applicationName);
            for (ApplicationPermission applicationPermission : loadPermissions) {
                tenantGovReg.delete(applicationNode + PATH_CONSTANT + applicationPermission.getValue());
            }
            addPermission(applicationNode, permissions, tenantGovReg);
        }
    } catch (RegistryException e) {
        throw new IdentityApplicationManagementException("Error while storing permissions", e);
    }
}
Also used : IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) Collection(org.wso2.carbon.registry.api.Collection) Registry(org.wso2.carbon.registry.api.Registry) ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission) RegistryException(org.wso2.carbon.registry.api.RegistryException)

Example 4 with ApplicationPermission

use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.

the class ApplicationMgtUtil method storePermissions.

/**
 * Stores the permissions to applications.
 *
 * @param applicationName
 * @param permissionsConfig
 * @throws IdentityApplicationManagementException
 */
public static void storePermissions(String applicationName, String username, PermissionsAndRoleConfig permissionsConfig) throws IdentityApplicationManagementException {
    int tenantId = MultitenantConstants.INVALID_TENANT_ID;
    try {
        tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        IdentityTenantUtil.initializeRegistry(tenantId);
    } catch (IdentityException e) {
        throw new IdentityApplicationManagementException("Error loading tenant registry for tenant domain: " + IdentityTenantUtil.getTenantDomain(tenantId), e);
    }
    Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
    String permissionResourcePath = getApplicationPermissionPath();
    try {
        if (!tenantGovReg.resourceExists(permissionResourcePath)) {
            boolean loggedInUserChanged = false;
            UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (!realm.getAuthorizationManager().isUserAuthorized(username, permissionResourcePath, UserMgtConstants.EXECUTE_ACTION)) {
                // Logged in user is not authorized to create the permission.
                // Temporarily change the user to the admin for creating the permission
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
                tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
                loggedInUserChanged = true;
            }
            Collection appRootNode = tenantGovReg.newCollection();
            appRootNode.setProperty("name", "Applications");
            tenantGovReg.put(permissionResourcePath, appRootNode);
            if (loggedInUserChanged) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
            }
        }
        if (permissionsConfig != null) {
            ApplicationPermission[] permissions = permissionsConfig.getPermissions();
            if (permissions == null || permissions.length < 1) {
                return;
            }
            // creating the application node in the tree
            String appNode = permissionResourcePath + PATH_CONSTANT + applicationName;
            Collection appNodeColl = tenantGovReg.newCollection();
            tenantGovReg.put(appNode, appNodeColl);
            // now start storing the permissions
            for (ApplicationPermission permission : permissions) {
                String permissinPath = appNode + PATH_CONSTANT + permission;
                Resource permissionNode = tenantGovReg.newResource();
                permissionNode.setProperty("name", permission.getValue());
                tenantGovReg.put(permissinPath, permissionNode);
            }
        }
    } catch (Exception e) {
        throw new IdentityApplicationManagementException("Error while storing permissions for application " + applicationName, e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) Resource(org.wso2.carbon.registry.api.Resource) Collection(org.wso2.carbon.registry.api.Collection) Registry(org.wso2.carbon.registry.api.Registry) IdentityException(org.wso2.carbon.identity.base.IdentityException) ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) JAXBException(javax.xml.bind.JAXBException) IdentityException(org.wso2.carbon.identity.base.IdentityException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) RegistryException(org.wso2.carbon.registry.api.RegistryException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 5 with ApplicationPermission

use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.

the class ApplicationMgtUtil method loadPermissions.

/**
 * Loads the permissions of the application
 *
 * @param applicationName
 * @return
 * @throws IdentityApplicationManagementException
 */
public static List<ApplicationPermission> loadPermissions(String applicationName) throws IdentityApplicationManagementException {
    String applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + applicationName;
    Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
    List<String> paths = new ArrayList<>();
    try {
        boolean exist = tenantGovReg.resourceExists(applicationNode);
        if (!exist) {
            return Collections.emptyList();
        }
        boolean loggedInUserChanged = false;
        String loggedInUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
        UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
        if (loggedInUser == null || !realm.getAuthorizationManager().isUserAuthorized(loggedInUser, applicationNode, UserMgtConstants.EXECUTE_ACTION)) {
            // Logged in user is not authorized to read the permission.
            // Temporarily change the user to the admin for reading the permission
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
            tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
            loggedInUserChanged = true;
        }
        // clear current paths
        paths.clear();
        List<ApplicationPermission> permissions = new ArrayList<ApplicationPermission>();
        // get permission paths
        permissionPath(tenantGovReg, applicationNode, paths, applicationNode);
        for (String permissionPath : paths) {
            ApplicationPermission permission;
            permission = new ApplicationPermission();
            permission.setValue(permissionPath);
            permissions.add(permission);
        }
        if (loggedInUserChanged) {
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(loggedInUser);
        }
        return permissions;
    } catch (RegistryException | org.wso2.carbon.user.core.UserStoreException e) {
        throw new IdentityApplicationManagementException("Error while reading permissions", e);
    }
}
Also used : IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) ArrayList(java.util.ArrayList) Registry(org.wso2.carbon.registry.api.Registry) ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission) RegistryException(org.wso2.carbon.registry.api.RegistryException) UserRealm(org.wso2.carbon.user.core.UserRealm) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Aggregations

ApplicationPermission (org.wso2.carbon.identity.application.common.model.ApplicationPermission)8 Collection (org.wso2.carbon.registry.api.Collection)5 ArrayList (java.util.ArrayList)4 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)4 Registry (org.wso2.carbon.registry.api.Registry)4 RegistryException (org.wso2.carbon.registry.api.RegistryException)4 ApplicationPermission (org.wso2.carbon.identity.application.common.model.xsd.ApplicationPermission)3 BeforeTest (org.testng.annotations.BeforeTest)2 Test (org.testng.annotations.Test)2 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)2 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig)2 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)2 Resource (org.wso2.carbon.registry.api.Resource)2 UserStoreException (org.wso2.carbon.user.api.UserStoreException)2 UserRealm (org.wso2.carbon.user.core.UserRealm)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 JAXBException (javax.xml.bind.JAXBException)1 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1 AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)1 Claim (org.wso2.carbon.identity.application.common.model.xsd.Claim)1