/** * Get list of roles which have given permission * * @param filter filter to check * @param permission permission to check * @param limit * @return * @throws UserAdminException */ public FlaggedName[] getAllPermittedRoleNames(String filter, String permission, int limit) throws UserAdminException { FlaggedName[] roles = getUserAdminProxy().getAllRolesNames(filter, limit); List<FlaggedName> permittedRoles = new ArrayList<>(); try { org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm (PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()); AuthorizationManager authorizationManager = realm.getAuthorizationManager(); for (int i = 0; i < roles.length - 1; i++) { if (authorizationManager.isRoleAuthorized(roles[i].getItemName(), permission, UserMgtConstants .EXECUTE_ACTION)) { permittedRoles.add(roles[i]); } } permittedRoles.add(roles[roles.length - 1]); } catch (org.wso2.carbon.user.api.UserStoreException e) { throw new UserAdminException("Error while filtering authorized roles.", e); } FlaggedName[] permittedRolesArray = new FlaggedName[permittedRoles.size()]; return permittedRoles.toArray(permittedRolesArray); }
/** * Get list of roles which have given permission * * @param filter filter to check * @param permission permission to check * @param limit * @return * @throws UserAdminException */ public FlaggedName[] getAllPermittedRoleNames(String filter, String permission, int limit) throws UserAdminException { FlaggedName[] roles = getUserAdminProxy().getAllRolesNames(filter, limit); List<FlaggedName> permittedRoles = new ArrayList<>(); try { org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm (PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()); AuthorizationManager authorizationManager = realm.getAuthorizationManager(); for (int i = 0; i < roles.length - 1; i++) { if (authorizationManager.isRoleAuthorized(roles[i].getItemName(), permission, UserMgtConstants .EXECUTE_ACTION)) { permittedRoles.add(roles[i]); } } permittedRoles.add(roles[roles.length - 1]); } catch (org.wso2.carbon.user.api.UserStoreException e) { throw new UserAdminException("Error while filtering authorized roles.", e); } FlaggedName[] permittedRolesArray = new FlaggedName[permittedRoles.size()]; return permittedRoles.toArray(permittedRolesArray); }
topicRolePermission.setRoleName(role); topicRolePermission.setAllowedToSubscribe( userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE)); topicRolePermission.setAllowedToPublish( userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH)); topicRolePermissions.add(topicRolePermission);
/** * Sets permission for uploaded file resource. * * @param filePath * Registry path for the uploaded file * @throws org.wso2.carbon.appmgt.api.AppManagementException */ public static void setFilePermission(String filePath) throws AppManagementException { try { filePath = filePath.replaceFirst("/registry/resource/", ""); AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance() .getRealmService() .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID) .getAuthorizationManager(); if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, filePath, ActionConstants.GET)) { accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, filePath, ActionConstants.GET); } } catch (UserStoreException e) { throw new AppManagementException( "Error while setting up permissions for file location", e); } }
private void setupImagePermissions() throws AppManagementException { try { AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance(). getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID). getAuthorizationManager(); String imageLocation = RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + AppMConstants.API_IMAGE_LOCATION; if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET)) { // Can we get rid of this? accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET); } } catch (UserStoreException e) { throw new AppManagementException("Error while setting up permissions for image collection", e); } }
checkAuthorized = manager.isRoleAuthorized(AppMConstants.ANONYMOUS_ROLE, path, ActionConstants.GET); } else {
role = topicRolePermission.getRoleName(); if (topicRolePermission.isAllowedToSubscribe()) { if (!userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE)) { userRealm.getAuthorizationManager().authorizeRole( if (userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE)) { userRealm.getAuthorizationManager().denyRole( if (!userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH)) { userRealm.getAuthorizationManager().authorizeRole( if (userRealm.getAuthorizationManager().isRoleAuthorized( role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH)) { userRealm.getAuthorizationManager().denyRole(