Hi Isura, Can you look into this issue urgently. I remember you fixing an issue related to this.
Thanks. On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <[email protected]> wrote: > Hi All, > > I debug code of our and found issue. It seems implementation of some API > changed in user-core. Let me explain the flow. > > Our queue/topic creation has two call. > > 1. We create internal role when adding queue and assign > "changePermission", "publish", "consume" permissions to it. Which means > that, user who created particular queue can update permission, publish or > consume. > > - Below code line used to get internal role name: > > UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + > queueName.replace(".","-").replace("/", "-")) > > result = {java.lang.String@10289}"*Internal/Q_userQueue*" > value = {char[21]@10290} > hash = 0 > hash32 = 0 > > - assign permission as below: > > userStoreManager.addRole(roleName, user, null); > userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, > PERMISSION_CHANGE_PERMISSION); > userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, > TreeNode.Permission.CONSUME.toString().toLowerCase()); > userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, > TreeNode.Permission.PUBLISH.toString().toLowerCase()); > > 2. User can select some other role listed in in queue add page. He can > select these role when adding queue or later by updating queue. So in > update permission we checked whether any of user's role has above assign > change permission. > > - get role list of user: > > userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) > > result = {java.lang.String[3]@9689} > [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" > [1] = {java.lang.String@9691}"Internal/everyone" > [2] = {java.lang.String@9692}"role1" > > - check whether any of role has change permission > > for (String userRole : userRoles) { > if > (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, queueID, > PERMISSION_CHANGE_PERMISSION)) { > isUserHasChangePermission = true; > } > } > > Issue is above check false for all roles. But we assigned change > permission to *Internal/Q_userQueue* role when creating queue. > > 3. Next I evaluate below code line to check whether which role has change > permission to queueID. Result is as below: > > userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, > PERMISSION_CHANGE_PERMISSION) > > result = {java.lang.String[1]@9694} > [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" > > Result has different role name. We created role name called > *Internal/Q_userQueue* and assign permissions but it has created with > different name *INTERNAL/Q_userQueue* and assign permission. > > Please have look into this because it is blocking issue to our > implementation. > > Cheers! > > > On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < > [email protected]> wrote: > >> Was this issue found in 4.4.2 RC1 too? >> >> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda <[email protected]> >> wrote: >> >>> Hi Manuri, >>> >>> We tested MB 3.0.0 with this release and our scenario of queue creation >>> fails after giving a permission denied error. The scenario is as follows: >>> >>> 1. Create a user "user1" with a role assigned with permission to create >>> queues. >>> 2. Login from "user1" and try to create a queue, we get a permission >>> denied error. >>> >>> When creating a queue the following happens from our code. >>> >>> 1. We create an internal role for the queue and assign it to the current >>> user with permissions assigned. >>> >>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>> >>> PERMISSION_CHANGE_PERMISSION); >>> >>> 2. Next, we create the queue and update permissions for the queue. In this >>> step, we check if the current user has permissions to change the queue. >>> >>> String[] userRoles = >>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>> for (String userRole : userRoles) { >>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>> isUserHasChangePermission = true; >>> } >>> } >>> >>> At this stage, *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' false >>> implying that any of roles assigned to the user do not have permissions to >>> change the queue, thus not allowing the user to create the queue. >>> >>> >>> Thank you >>> >>> >>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera <[email protected]> >>> wrote: >>> >>>> Hi Devs, >>>> >>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>> >>>> This release fixes the following issues: >>>> https://wso2.org/jira/issues/?filter=12396 >>>> >>>> Please download and test your products with kernel 4.4.2 RC2 and vote. >>>> Vote will be open for 72 hours or longer as needed. >>>> >>>> *​Source and binary distribution files:* >>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>> >>>> *Maven staging repository:* >>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>> >>>> *The tag to be voted upon:* >>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>> >>>> >>>> [ ] Broken - do not release (explain why) >>>> [ ] Stable - go ahead and release >>>> >>>> >>>> Thank you >>>> Carbon Team >>>> >>>> -- >>>> >>>> *Manuri Amaya Perera* >>>> >>>> *Software Engineer* >>>> >>>> *WSO2 Inc.* >>>> >>>> *Blog: http://manuriamayaperera.blogspot.com >>>> <http://manuriamayaperera.blogspot.com>* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Sasikala Kottegoda >>> *Software Engineer* >>> WSO2 Inc., http://wso2.com/ >>> lean. enterprise. middleware >>> Mobile: +94 774835928/712792401 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Kishanthan Thangarajah* >> Associate Technical Lead, >> Platform Technologies Team, >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - +94773426635 >> Blog - *http://kishanthan.wordpress.com >> <http://kishanthan.wordpress.com>* >> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Indika Sampath > Senior Software Engineer > WSO2 Inc. > http://wso2.com > > Phone: +94 716 424 744 > Blog: http://indikasampath.blogspot.com/ > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
