/** * Add permissions to the appmgt/applicationdata collection for given role. * @param roleName * @throws org.wso2.carbon.appmgt.api.AppManagementException */ public static void applyRolePermissionToCollection(String roleName, org.wso2.carbon.user.api.UserRealm userRealm) throws AppManagementException { // TODO: Merge different resource loading methods and create a single method. try { userRealm.getAuthorizationManager().authorizeRole(roleName, RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + AppMConstants.APPMGT_APPLICATION_DATA_LOCATION, "authorize"); userRealm.getAuthorizationManager().authorizeRole(roleName, RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + AppMConstants.APPMGT_APPLICATION_DATA_LOCATION, ActionConstants.PUT); userRealm.getAuthorizationManager().authorizeRole(roleName, RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + AppMConstants.APPMGT_APPLICATION_DATA_LOCATION, ActionConstants.DELETE); userRealm.getAuthorizationManager().authorizeRole(roleName, RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + AppMConstants.APPMGT_APPLICATION_DATA_LOCATION, ActionConstants.GET); } catch (UserStoreException e) { throw new AppManagementException("Error while adding permissions for appmgt/applicationdata collection for role "+roleName, e); } }
userRealm.getAuthorizationManager().authorizeRole( roleName, destinationId, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE); userRealm.getAuthorizationManager().authorizeRole( roleName, destinationId, EventBrokerConstants.EB_PERMISSION_PUBLISH); userRealm.getAuthorizationManager().authorizeRole( roleName, destinationId, EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION);
UserMgtConstants.EXECUTE_ACTION); for (String permission : optimizedList) { authorizationManager.authorizeRole(roleName, permission, UserMgtConstants.EXECUTE_ACTION); authorizationManager.authorizeRole(roleName, "/", "add"); authorizationManager.authorizeRole(roleName, "/", "get"); authorizationManager.authorizeRole(roleName, "/", "delete");
/** * Shows application visibility to the user * @param appPath Path of the application * @param username Username of the user * @param opType Op type (ALLOW OR DENY) * @return whether it is success */ public boolean showAppVisibilityToUser(String appPath, String username, String opType){ String userRole = "Internal/private_" + username; try { if("ALLOW".equalsIgnoreCase(opType)) { org.wso2.carbon.user.api.UserRealm realm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm(); realm.getAuthorizationManager().authorizeRole(userRole, appPath, ActionConstants.GET); return true; }else if("DENY".equalsIgnoreCase(opType)){ org.wso2.carbon.user.api.UserRealm realm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm(); realm.getAuthorizationManager().denyRole(userRole, appPath, ActionConstants.GET); return true; } return false; } catch (org.wso2.carbon.user.api.UserStoreException e) { log.error("Error while updating visibility of mobile app at " + appPath, e); return false; } } }
/** * Sets permission for uploaded file resource. * * @param filePath * Registry path for the uploaded file * @throws org.wso2.carbon.appmgt.api.AppManagementException */ public static void setFilePermission(String filePath) throws AppManagementException { try { filePath = filePath.replaceFirst("/registry/resource/", ""); AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance() .getRealmService() .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID) .getAuthorizationManager(); if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, filePath, ActionConstants.GET)) { accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, filePath, ActionConstants.GET); } } catch (UserStoreException e) { throw new AppManagementException( "Error while setting up permissions for file location", e); } }
private void setupImagePermissions() throws AppManagementException { try { AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance(). getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID). getAuthorizationManager(); String imageLocation = RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + AppMConstants.API_IMAGE_LOCATION; if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET)) { // Can we get rid of this? accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET); } } catch (UserStoreException e) { throw new AppManagementException("Error while setting up permissions for image collection", e); } }
authManager.authorizeRole(AppMConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET); isRoleEveryOne = true; isRoleEveryOne = true; authManager.authorizeRole(role, resourcePath, ActionConstants.GET); ActionConstants.GET); } else { authManager.authorizeRole(AppMConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET); authManager.authorizeRole(AppMConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
if (allowRoles != null) { for (String role : allowRoles) { manager.authorizeRole(role, resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION);
if (allowRoles != null) { for (String role : allowRoles) { manager.authorizeRole(role, resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION);
if (allowRoles != null) { for (String role : allowRoles) { manager.authorizeRole(role, resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION);
authManager.authorizeRole(allowedRole, targetResourcePath, ActionConstants.GET);
if (!userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE)) { userRealm.getAuthorizationManager().authorizeRole( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE); if (!userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH)) { userRealm.getAuthorizationManager().authorizeRole( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH);
AuthorizationManager authManager = ServiceReferenceHolder.getInstance().getRealmService(). getTenantUserRealm(tenantId).getAuthorizationManager(); authManager.authorizeRole(AppMConstants.ANONYMOUS_ROLE, path, ActionConstants.GET); } catch (org.wso2.carbon.user.api.UserStoreException e) { handleException("Error while setting the permissions", e);