Java Code Examples for org.wso2.carbon.user.api.AuthorizationManager#isRoleAuthorized()

The following examples show how to use org.wso2.carbon.user.api.AuthorizationManager#isRoleAuthorized() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserAdmin.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Get list of roles which have given permission
 *
 * @param filter     filter to check
 * @param permission permission to check
 * @param limit
 * @return
 * @throws UserAdminException
 */
public FlaggedName[] getAllPermittedRoleNames(String filter, String permission, int limit) throws
        UserAdminException {

    FlaggedName[] roles = getUserAdminProxy().getAllRolesNames(filter, limit);
    List<FlaggedName> permittedRoles = new ArrayList<>();
    try {
        org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm
                (PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
        AuthorizationManager authorizationManager = realm.getAuthorizationManager();
        for (int i = 0; i < roles.length - 1; i++) {
            if (authorizationManager.isRoleAuthorized(roles[i].getItemName(), permission, UserMgtConstants
                    .EXECUTE_ACTION)) {
                permittedRoles.add(roles[i]);
            }
        }
        permittedRoles.add(roles[roles.length - 1]);
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        throw new UserAdminException("Error while filtering authorized roles.", e);
    }
    FlaggedName[] permittedRolesArray = new FlaggedName[permittedRoles.size()];
    return permittedRoles.toArray(permittedRolesArray);
}
 
Example 2
Source File: UserAdmin.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Get list of roles which have given permission
 *
 * @param filter     filter to check
 * @param permission permission to check
 * @param limit
 * @return
 * @throws UserAdminException
 */
public FlaggedName[] getAllPermittedRoleNames(String filter, String permission, int limit) throws
        UserAdminException {

    FlaggedName[] roles = getUserAdminProxy().getAllRolesNames(filter, limit);
    List<FlaggedName> permittedRoles = new ArrayList<>();
    try {
        org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm
                (PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
        AuthorizationManager authorizationManager = realm.getAuthorizationManager();
        for (int i = 0; i < roles.length - 1; i++) {
            if (authorizationManager.isRoleAuthorized(roles[i].getItemName(), permission, UserMgtConstants
                    .EXECUTE_ACTION)) {
                permittedRoles.add(roles[i]);
            }
        }
        permittedRoles.add(roles[roles.length - 1]);
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        throw new UserAdminException("Error while filtering authorized roles.", e);
    }
    FlaggedName[] permittedRolesArray = new FlaggedName[permittedRoles.size()];
    return permittedRoles.toArray(permittedRolesArray);
}
 
Example 3
Source File: APIManagerComponent.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
private void setupImagePermissions() throws APIManagementException {
    try {
        AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getAuthorizationManager();
        String imageLocation = APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + APIConstants.API_IMAGE_LOCATION;
        if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET)) {
            // Can we get rid of this?
            accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while setting up permissions for image collection", e);
    }
}