Hi, This issue is fixed in [1].
Thanks isura [1] https://wso2.org/jira/browse/CARBON-15517 On Wed, Oct 14, 2015 at 11:25 AM, Johann Nallathamby <joh...@wso2.com> wrote: > Hi Isura, > > Can you look into this issue urgently. I remember you fixing an issue > related to this. > > Thanks. > > On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <indi...@wso2.com> wrote: > >> Hi All, >> >> I debug code of our and found issue. It seems implementation of some API >> changed in user-core. Let me explain the flow. >> >> Our queue/topic creation has two call. >> >> 1. We create internal role when adding queue and assign >> "changePermission", "publish", "consume" permissions to it. Which means >> that, user who created particular queue can update permission, publish or >> consume. >> >> - Below code line used to get internal role name: >> >> UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + >> queueName.replace(".","-").replace("/", "-")) >> >> result = {java.lang.String@10289}"*Internal/Q_userQueue*" >> value = {char[21]@10290} >> hash = 0 >> hash32 = 0 >> >> - assign permission as below: >> >> userStoreManager.addRole(roleName, user, null); >> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >> PERMISSION_CHANGE_PERMISSION); >> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >> TreeNode.Permission.CONSUME.toString().toLowerCase()); >> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >> TreeNode.Permission.PUBLISH.toString().toLowerCase()); >> >> 2. User can select some other role listed in in queue add page. He can >> select these role when adding queue or later by updating queue. So in >> update permission we checked whether any of user's role has above assign >> change permission. >> >> - get role list of user: >> >> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) >> >> result = {java.lang.String[3]@9689} >> [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" >> [1] = {java.lang.String@9691}"Internal/everyone" >> [2] = {java.lang.String@9692}"role1" >> >> - check whether any of role has change permission >> >> for (String userRole : userRoles) { >> if >> (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, queueID, >> PERMISSION_CHANGE_PERMISSION)) { >> isUserHasChangePermission = true; >> } >> } >> >> Issue is above check false for all roles. But we assigned change >> permission to *Internal/Q_userQueue* role when creating queue. >> >> 3. Next I evaluate below code line to check whether which role has change >> permission to queueID. Result is as below: >> >> userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, >> PERMISSION_CHANGE_PERMISSION) >> >> result = {java.lang.String[1]@9694} >> [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" >> >> Result has different role name. We created role name called >> *Internal/Q_userQueue* and assign permissions but it has created with >> different name *INTERNAL/Q_userQueue* and assign permission. >> >> Please have look into this because it is blocking issue to our >> implementation. >> >> Cheers! >> >> >> On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < >> kishant...@wso2.com> wrote: >> >>> Was this issue found in 4.4.2 RC1 too? >>> >>> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda <sasik...@wso2.com> >>> wrote: >>> >>>> Hi Manuri, >>>> >>>> We tested MB 3.0.0 with this release and our scenario of queue creation >>>> fails after giving a permission denied error. The scenario is as follows: >>>> >>>> 1. Create a user "user1" with a role assigned with permission to create >>>> queues. >>>> 2. Login from "user1" and try to create a queue, we get a permission >>>> denied error. >>>> >>>> When creating a queue the following happens from our code. >>>> >>>> 1. We create an internal role for the queue and assign it to the >>>> current user with permissions assigned. >>>> >>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>> >>>> PERMISSION_CHANGE_PERMISSION); >>>> >>>> 2. Next, we create the queue and update permissions for the queue. In this >>>> step, we check if the current user has permissions to change the queue. >>>> >>>> String[] userRoles = >>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>>> for (String userRole : userRoles) { >>>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>>> isUserHasChangePermission = true; >>>> } >>>> } >>>> >>>> At this stage, *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' false >>>> implying that any of roles assigned to the user do not have permissions to >>>> change the queue, thus not allowing the user to create the queue. >>>> >>>> >>>> Thank you >>>> >>>> >>>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera <manu...@wso2.com> >>>> wrote: >>>> >>>>> Hi Devs, >>>>> >>>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>>> >>>>> This release fixes the following issues: >>>>> https://wso2.org/jira/issues/?filter=12396 >>>>> >>>>> Please download and test your products with kernel 4.4.2 RC2 and vote. >>>>> Vote will be open for 72 hours or longer as needed. >>>>> >>>>> *​Source and binary distribution files:* >>>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>>> >>>>> *Maven staging repository:* >>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>>> >>>>> *The tag to be voted upon:* >>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>>> >>>>> >>>>> [ ] Broken - do not release (explain why) >>>>> [ ] Stable - go ahead and release >>>>> >>>>> >>>>> Thank you >>>>> Carbon Team >>>>> >>>>> -- >>>>> >>>>> *Manuri Amaya Perera* >>>>> >>>>> *Software Engineer* >>>>> >>>>> *WSO2 Inc.* >>>>> >>>>> *Blog: http://manuriamayaperera.blogspot.com >>>>> <http://manuriamayaperera.blogspot.com>* >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sasikala Kottegoda >>>> *Software Engineer* >>>> WSO2 Inc., http://wso2.com/ >>>> lean. enterprise. middleware >>>> Mobile: +94 774835928/712792401 >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Kishanthan Thangarajah* >>> Associate Technical Lead, >>> Platform Technologies Team, >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - +94773426635 >>> Blog - *http://kishanthan.wordpress.com >>> <http://kishanthan.wordpress.com>* >>> Twitter - *http://twitter.com/kishanthan >>> <http://twitter.com/kishanthan>* >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Indika Sampath >> Senior Software Engineer >> WSO2 Inc. >> http://wso2.com >> >> Phone: +94 716 424 744 >> Blog: http://indikasampath.blogspot.com/ >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Isura Dilhara Karunaratne Senior Software Engineer Mob +94 772 254 810
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
