use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.
the class ApplicationDAOImpl method deleteAssignedPermissions.
/**
* Delete assigned role permission mappings for deleted permissions
*
* @param connection
* @param applicationName
* @param permissions
* @throws IdentityApplicationManagementException
* @throws SQLException
*/
public void deleteAssignedPermissions(Connection connection, String applicationName, ApplicationPermission[] permissions) throws IdentityApplicationManagementException, SQLException {
List<ApplicationPermission> loadPermissions = ApplicationMgtUtil.loadPermissions(applicationName);
List<ApplicationPermission> removedPermissions = null;
if (!CollectionUtils.isEmpty(loadPermissions)) {
if (ArrayUtils.isEmpty(permissions)) {
removedPermissions = new ArrayList<ApplicationPermission>(loadPermissions);
} else {
removedPermissions = new ArrayList<ApplicationPermission>();
for (ApplicationPermission storedPermission : loadPermissions) {
boolean isStored = false;
for (ApplicationPermission applicationPermission : permissions) {
if (applicationPermission.getValue().equals(storedPermission.getValue())) {
isStored = true;
break;
}
}
if (!isStored) {
removedPermissions.add(storedPermission);
}
}
}
}
if (!CollectionUtils.isEmpty(removedPermissions)) {
// delete permissions
for (ApplicationPermission applicationPermission : removedPermissions) {
String permissionValue = ApplicationMgtUtil.PATH_CONSTANT + ApplicationMgtUtil.getApplicationPermissionPath() + ApplicationMgtUtil.PATH_CONSTANT + applicationName + ApplicationMgtUtil.PATH_CONSTANT + applicationPermission.getValue();
int permisionId = getPermissionId(permissionValue.toLowerCase());
deleteRolePermissionMapping(permisionId);
deletePermission(permisionId);
}
}
}
use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.
the class ApplicationDAOImpl method loadApplicationPermissions.
private void loadApplicationPermissions(String serviceProviderName, ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
try {
ApplicationMgtUtil.startTenantFlow(serviceProvider.getOwner().getTenantDomain());
List<ApplicationPermission> permissionList = ApplicationMgtUtil.loadPermissions(serviceProviderName);
if (permissionList != null) {
PermissionsAndRoleConfig permissionAndRoleConfig;
if (serviceProvider.getPermissionAndRoleConfig() == null) {
permissionAndRoleConfig = new PermissionsAndRoleConfig();
} else {
permissionAndRoleConfig = serviceProvider.getPermissionAndRoleConfig();
}
permissionAndRoleConfig.setPermissions(permissionList.toArray(new ApplicationPermission[0]));
serviceProvider.setPermissionAndRoleConfig(permissionAndRoleConfig);
}
} finally {
ApplicationMgtUtil.endTenantFlow();
}
}
use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method updatePermissions.
/**
* Updates the permissions of the application
*
* @param applicationName
* @param permissions
* @throws IdentityApplicationManagementException
*/
public static void updatePermissions(String applicationName, ApplicationPermission[] permissions) throws IdentityApplicationManagementException {
String applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + applicationName;
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
try {
boolean exist = tenantGovReg.resourceExists(applicationNode);
if (!exist) {
Collection appRootNode = tenantGovReg.newCollection();
appRootNode.setProperty("name", applicationName);
tenantGovReg.put(applicationNode, appRootNode);
}
Collection appNodeCollec = (Collection) tenantGovReg.get(applicationNode);
String[] childern = appNodeCollec.getChildren();
// new permissions are null. deleting all permissions case
if ((childern != null && childern.length > 0) && (permissions == null || permissions.length == 0)) {
// there are permissions
tenantGovReg.delete(applicationNode);
}
if (ArrayUtils.isEmpty(permissions)) {
return;
}
// no permission exist for the application, create new
if (childern == null || appNodeCollec.getChildCount() < 1) {
addPermission(applicationNode, permissions, tenantGovReg);
} else {
// there are permission
List<ApplicationPermission> loadPermissions = loadPermissions(applicationName);
for (ApplicationPermission applicationPermission : loadPermissions) {
tenantGovReg.delete(applicationNode + PATH_CONSTANT + applicationPermission.getValue());
}
addPermission(applicationNode, permissions, tenantGovReg);
}
} catch (RegistryException e) {
throw new IdentityApplicationManagementException("Error while storing permissions", e);
}
}
use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method storePermissions.
/**
* Stores the permissions to applications.
*
* @param applicationName
* @param permissionsConfig
* @throws IdentityApplicationManagementException
*/
public static void storePermissions(String applicationName, String username, PermissionsAndRoleConfig permissionsConfig) throws IdentityApplicationManagementException {
int tenantId = MultitenantConstants.INVALID_TENANT_ID;
try {
tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
IdentityTenantUtil.initializeRegistry(tenantId);
} catch (IdentityException e) {
throw new IdentityApplicationManagementException("Error loading tenant registry for tenant domain: " + IdentityTenantUtil.getTenantDomain(tenantId), e);
}
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
String permissionResourcePath = getApplicationPermissionPath();
try {
if (!tenantGovReg.resourceExists(permissionResourcePath)) {
boolean loggedInUserChanged = false;
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (!realm.getAuthorizationManager().isUserAuthorized(username, permissionResourcePath, UserMgtConstants.EXECUTE_ACTION)) {
// Logged in user is not authorized to create the permission.
// Temporarily change the user to the admin for creating the permission
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
loggedInUserChanged = true;
}
Collection appRootNode = tenantGovReg.newCollection();
appRootNode.setProperty("name", "Applications");
tenantGovReg.put(permissionResourcePath, appRootNode);
if (loggedInUserChanged) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
}
}
if (permissionsConfig != null) {
ApplicationPermission[] permissions = permissionsConfig.getPermissions();
if (permissions == null || permissions.length < 1) {
return;
}
// creating the application node in the tree
String appNode = permissionResourcePath + PATH_CONSTANT + applicationName;
Collection appNodeColl = tenantGovReg.newCollection();
tenantGovReg.put(appNode, appNodeColl);
// now start storing the permissions
for (ApplicationPermission permission : permissions) {
String permissinPath = appNode + PATH_CONSTANT + permission;
Resource permissionNode = tenantGovReg.newResource();
permissionNode.setProperty("name", permission.getValue());
tenantGovReg.put(permissinPath, permissionNode);
}
}
} catch (Exception e) {
throw new IdentityApplicationManagementException("Error while storing permissions for application " + applicationName, e);
}
}
use of org.wso2.carbon.identity.application.common.model.ApplicationPermission in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method loadPermissions.
/**
* Loads the permissions of the application
*
* @param applicationName
* @return
* @throws IdentityApplicationManagementException
*/
public static List<ApplicationPermission> loadPermissions(String applicationName) throws IdentityApplicationManagementException {
String applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + applicationName;
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
List<String> paths = new ArrayList<>();
try {
boolean exist = tenantGovReg.resourceExists(applicationNode);
if (!exist) {
return Collections.emptyList();
}
boolean loggedInUserChanged = false;
String loggedInUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (loggedInUser == null || !realm.getAuthorizationManager().isUserAuthorized(loggedInUser, applicationNode, UserMgtConstants.EXECUTE_ACTION)) {
// Logged in user is not authorized to read the permission.
// Temporarily change the user to the admin for reading the permission
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
loggedInUserChanged = true;
}
// clear current paths
paths.clear();
List<ApplicationPermission> permissions = new ArrayList<ApplicationPermission>();
// get permission paths
permissionPath(tenantGovReg, applicationNode, paths, applicationNode);
for (String permissionPath : paths) {
ApplicationPermission permission;
permission = new ApplicationPermission();
permission.setValue(permissionPath);
permissions.add(permission);
}
if (loggedInUserChanged) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(loggedInUser);
}
return permissions;
} catch (RegistryException | org.wso2.carbon.user.core.UserStoreException e) {
throw new IdentityApplicationManagementException("Error while reading permissions", e);
}
}
Aggregations