Example 11 with Permission
use of org.wso2.carbon.user.core.Permission in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method updatePermissions.
/**
* Updates the permissions of the application
*
* @param applicationName
* @param permissions
* @throws IdentityApplicationManagementException
*/
public static void updatePermissions(String applicationName, ApplicationPermission[] permissions) throws IdentityApplicationManagementException {
String applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + applicationName;
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
try {
boolean exist = tenantGovReg.resourceExists(applicationNode);
if (!exist) {
Collection appRootNode = tenantGovReg.newCollection();
appRootNode.setProperty("name", applicationName);
tenantGovReg.put(applicationNode, appRootNode);
}
Collection appNodeCollec = (Collection) tenantGovReg.get(applicationNode);
String[] childern = appNodeCollec.getChildren();
// new permissions are null. deleting all permissions case
if ((childern != null && childern.length > 0) && (permissions == null || permissions.length == 0)) {
// there are permissions
tenantGovReg.delete(applicationNode);
}
if (ArrayUtils.isEmpty(permissions)) {
return;
}
// no permission exist for the application, create new
if (childern == null || appNodeCollec.getChildCount() < 1) {
addPermission(applicationNode, permissions, tenantGovReg);
} else {
// there are permission
List<ApplicationPermission> loadPermissions = loadPermissions(applicationName);
for (ApplicationPermission applicationPermission : loadPermissions) {
tenantGovReg.delete(applicationNode + PATH_CONSTANT + applicationPermission.getValue());
}
addPermission(applicationNode, permissions, tenantGovReg);
}
} catch (RegistryException e) {
throw new IdentityApplicationManagementException("Error while storing permissions", e);
}
}
Also used :
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
Collection(org.wso2.carbon.registry.api.Collection)
Registry(org.wso2.carbon.registry.api.Registry)
ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
Example 12 with Permission
use of org.wso2.carbon.user.core.Permission in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method storePermissions.
/**
* Stores the permissions to applications.
*
* @param applicationName
* @param permissionsConfig
* @throws IdentityApplicationManagementException
*/
public static void storePermissions(String applicationName, String username, PermissionsAndRoleConfig permissionsConfig) throws IdentityApplicationManagementException {
int tenantId = MultitenantConstants.INVALID_TENANT_ID;
try {
tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
IdentityTenantUtil.initializeRegistry(tenantId);
} catch (IdentityException e) {
throw new IdentityApplicationManagementException("Error loading tenant registry for tenant domain: " + IdentityTenantUtil.getTenantDomain(tenantId), e);
}
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
String permissionResourcePath = getApplicationPermissionPath();
try {
if (!tenantGovReg.resourceExists(permissionResourcePath)) {
boolean loggedInUserChanged = false;
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (!realm.getAuthorizationManager().isUserAuthorized(username, permissionResourcePath, UserMgtConstants.EXECUTE_ACTION)) {
// Logged in user is not authorized to create the permission.
// Temporarily change the user to the admin for creating the permission
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
loggedInUserChanged = true;
}
Collection appRootNode = tenantGovReg.newCollection();
appRootNode.setProperty("name", "Applications");
tenantGovReg.put(permissionResourcePath, appRootNode);
if (loggedInUserChanged) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
}
}
if (permissionsConfig != null) {
ApplicationPermission[] permissions = permissionsConfig.getPermissions();
if (permissions == null || permissions.length < 1) {
return;
}
// creating the application node in the tree
String appNode = permissionResourcePath + PATH_CONSTANT + applicationName;
Collection appNodeColl = tenantGovReg.newCollection();
tenantGovReg.put(appNode, appNodeColl);
// now start storing the permissions
for (ApplicationPermission permission : permissions) {
String permissinPath = appNode + PATH_CONSTANT + permission;
Resource permissionNode = tenantGovReg.newResource();
permissionNode.setProperty("name", permission.getValue());
tenantGovReg.put(permissinPath, permissionNode);
}
}
} catch (Exception e) {
throw new IdentityApplicationManagementException("Error while storing permissions for application " + applicationName, e);
}
}
Also used :
UserRealm(org.wso2.carbon.user.core.UserRealm)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
Resource(org.wso2.carbon.registry.api.Resource)
Collection(org.wso2.carbon.registry.api.Collection)
Registry(org.wso2.carbon.registry.api.Registry)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
JAXBException(javax.xml.bind.JAXBException)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
Example 13 with Permission
use of org.wso2.carbon.user.core.Permission in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method loadPermissions.
/**
* Loads the permissions of the application
*
* @param applicationName
* @return
* @throws IdentityApplicationManagementException
*/
public static List<ApplicationPermission> loadPermissions(String applicationName) throws IdentityApplicationManagementException {
String applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + applicationName;
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
List<String> paths = new ArrayList<>();
try {
boolean exist = tenantGovReg.resourceExists(applicationNode);
if (!exist) {
return Collections.emptyList();
}
boolean loggedInUserChanged = false;
String loggedInUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (loggedInUser == null || !realm.getAuthorizationManager().isUserAuthorized(loggedInUser, applicationNode, UserMgtConstants.EXECUTE_ACTION)) {
// Logged in user is not authorized to read the permission.
// Temporarily change the user to the admin for reading the permission
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
loggedInUserChanged = true;
}
// clear current paths
paths.clear();
List<ApplicationPermission> permissions = new ArrayList<ApplicationPermission>();
// get permission paths
permissionPath(tenantGovReg, applicationNode, paths, applicationNode);
for (String permissionPath : paths) {
ApplicationPermission permission;
permission = new ApplicationPermission();
permission.setValue(permissionPath);
permissions.add(permission);
}
if (loggedInUserChanged) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(loggedInUser);
}
return permissions;
} catch (RegistryException | org.wso2.carbon.user.core.UserStoreException e) {
throw new IdentityApplicationManagementException("Error while reading permissions", e);
}
}
Also used :
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
ArrayList(java.util.ArrayList)
Registry(org.wso2.carbon.registry.api.Registry)
ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
UserRealm(org.wso2.carbon.user.core.UserRealm)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Example 14 with Permission
use of org.wso2.carbon.user.core.Permission in project carbon-identity-framework by wso2.
the class UserRealmProxy method getRolePermissions.
/**
* Get permission of roles list.
*
* @param roleNames List of roles.
* @param tenantId Tenanat ID.
* @return Permissions.
* @throws UserAdminException UserAdminException.
*/
public UIPermissionNode getRolePermissions(List<String> roleNames, int tenantId) throws UserAdminException {
UIPermissionNode nodeRoot;
Collection regRoot;
Collection parent = null;
Registry tenantRegistry = null;
try {
Registry registry = UserMgtDSComponent.getRegistryService().getGovernanceSystemRegistry();
if (tenantId == MultitenantConstants.SUPER_TENANT_ID) {
regRoot = (Collection) registry.get(UserMgtConstants.UI_PERMISSION_ROOT);
String displayName = regRoot.getProperty(UserMgtConstants.DISPLAY_NAME);
nodeRoot = new UIPermissionNode(UserMgtConstants.UI_PERMISSION_ROOT, displayName);
} else {
regRoot = (Collection) registry.get(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT);
tenantRegistry = UserMgtDSComponent.getRegistryService().getGovernanceSystemRegistry(tenantId);
Collection appRoot;
if (tenantRegistry.resourceExists(APPLICATIONS_PATH)) {
appRoot = (Collection) tenantRegistry.get(APPLICATIONS_PATH);
parent = (Collection) tenantRegistry.newCollection();
parent.setProperty(UserMgtConstants.DISPLAY_NAME, "All Permissions");
parent.setChildren(new String[] { regRoot.getPath(), appRoot.getPath() });
}
String displayName;
if (parent != null) {
displayName = parent.getProperty(UserMgtConstants.DISPLAY_NAME);
} else {
displayName = regRoot.getProperty(UserMgtConstants.DISPLAY_NAME);
}
nodeRoot = new UIPermissionNode(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT, displayName);
}
if (parent != null) {
buildUIPermissionNode(parent, nodeRoot, registry, tenantRegistry, realm.getAuthorizationManager(), roleNames);
} else {
buildUIPermissionNode(regRoot, nodeRoot, registry, tenantRegistry, realm.getAuthorizationManager(), roleNames);
}
return nodeRoot;
} catch (UserStoreException | RegistryException e) {
log.error(e.getMessage(), e);
throw new UserAdminException(e.getMessage(), e);
}
}
Also used :
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
UIPermissionNode(org.wso2.carbon.user.mgt.common.UIPermissionNode)
Collection(org.wso2.carbon.registry.core.Collection)
Registry(org.wso2.carbon.registry.api.Registry)
UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
Example 15 with Permission
use of org.wso2.carbon.user.core.Permission in project carbon-identity-framework by wso2.
the class UserRealmProxy method buildUIPermissionNodeNotAllSelected.
private void buildUIPermissionNodeNotAllSelected(Collection parent, UIPermissionNode parentNode, Registry registry, Registry tenantRegistry, AuthorizationManager authMan, String roleName, String userName) throws RegistryException, UserStoreException {
String[] children = parent.getChildren();
UIPermissionNode[] childNodes = new UIPermissionNode[children.length];
for (int i = 0; i < children.length; i++) {
String child = children[i];
Resource resource = null;
if (tenantRegistry != null && child.startsWith("/permission/applications")) {
resource = tenantRegistry.get(child);
} else if (registry.resourceExists(child)) {
resource = registry.get(child);
} else {
throw new RegistryException("Permission resource not found in the registry.");
}
boolean isSelected = false;
if (roleName != null) {
isSelected = authMan.isRoleAuthorized(roleName, child, UserMgtConstants.EXECUTE_ACTION);
} else if (userName != null) {
isSelected = authMan.isUserAuthorized(userName, child, UserMgtConstants.EXECUTE_ACTION);
}
childNodes[i] = getUIPermissionNode(resource, isSelected);
if (resource instanceof Collection) {
buildUIPermissionNodeNotAllSelected((Collection) resource, childNodes[i], registry, tenantRegistry, authMan, roleName, userName);
}
}
parentNode.setNodeList(childNodes);
}
Also used :
Resource(org.wso2.carbon.registry.api.Resource)
UIPermissionNode(org.wso2.carbon.user.mgt.common.UIPermissionNode)
Collection(org.wso2.carbon.registry.core.Collection)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
Aggregations
ArrayList (java.util.ArrayList)31
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)29
Test (org.testng.annotations.Test)28
UserStoreException (org.wso2.carbon.user.api.UserStoreException)27
HashMap (java.util.HashMap)26
RegistryException (org.wso2.carbon.registry.api.RegistryException)21
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)19
HashSet (java.util.HashSet)18
UserAdminException (org.wso2.carbon.user.mgt.common.UserAdminException)18
UserStoreException (org.wso2.carbon.user.core.UserStoreException)17
Policy (org.wso2.carbon.apimgt.core.models.policy.Policy)16
Map (java.util.Map)15
Test (org.junit.Test)15
API (org.wso2.carbon.apimgt.core.models.API)15
ApplicationPolicy (org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy)15
SubscriptionPolicy (org.wso2.carbon.apimgt.core.models.policy.SubscriptionPolicy)15
UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)13
PreparedStatement (java.sql.PreparedStatement)12
UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)12
AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)11
