Can we also have test case for this fix please? On Wed, Oct 14, 2015 at 6:13 PM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi, > > This issue is fixed in [1]. > > > Thanks > isura > > > [1] https://wso2.org/jira/browse/CARBON-15517 > > > On Wed, Oct 14, 2015 at 11:25 AM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi Isura, >> >> Can you look into this issue urgently. I remember you fixing an issue >> related to this. >> >> Thanks. >> >> On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <indi...@wso2.com> wrote: >> >>> Hi All, >>> >>> I debug code of our and found issue. It seems implementation of some API >>> changed in user-core. Let me explain the flow. >>> >>> Our queue/topic creation has two call. >>> >>> 1. We create internal role when adding queue and assign >>> "changePermission", "publish", "consume" permissions to it. Which means >>> that, user who created particular queue can update permission, publish or >>> consume. >>> >>> - Below code line used to get internal role name: >>> >>> UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + >>> queueName.replace(".","-").replace("/", "-")) >>> >>> result = {java.lang.String@10289}"*Internal/Q_userQueue*" >>> value = {char[21]@10290} >>> hash = 0 >>> hash32 = 0 >>> >>> - assign permission as below: >>> >>> userStoreManager.addRole(roleName, user, null); >>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>> PERMISSION_CHANGE_PERMISSION); >>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>> TreeNode.Permission.CONSUME.toString().toLowerCase()); >>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>> TreeNode.Permission.PUBLISH.toString().toLowerCase()); >>> >>> 2. User can select some other role listed in in queue add page. He can >>> select these role when adding queue or later by updating queue. So in >>> update permission we checked whether any of user's role has above assign >>> change permission. >>> >>> - get role list of user: >>> >>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) >>> >>> result = {java.lang.String[3]@9689} >>> [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" >>> [1] = {java.lang.String@9691}"Internal/everyone" >>> [2] = {java.lang.String@9692}"role1" >>> >>> - check whether any of role has change permission >>> >>> for (String userRole : userRoles) { >>> if >>> (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, queueID, >>> PERMISSION_CHANGE_PERMISSION)) { >>> isUserHasChangePermission = true; >>> } >>> } >>> >>> Issue is above check false for all roles. But we assigned change >>> permission to *Internal/Q_userQueue* role when creating queue. >>> >>> 3. Next I evaluate below code line to check whether which role has >>> change permission to queueID. Result is as below: >>> >>> userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, >>> PERMISSION_CHANGE_PERMISSION) >>> >>> result = {java.lang.String[1]@9694} >>> [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" >>> >>> Result has different role name. We created role name called >>> *Internal/Q_userQueue* and assign permissions but it has created with >>> different name *INTERNAL/Q_userQueue* and assign permission. >>> >>> Please have look into this because it is blocking issue to our >>> implementation. >>> >>> Cheers! >>> >>> >>> On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < >>> kishant...@wso2.com> wrote: >>> >>>> Was this issue found in 4.4.2 RC1 too? >>>> >>>> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda <sasik...@wso2.com> >>>> wrote: >>>> >>>>> Hi Manuri, >>>>> >>>>> We tested MB 3.0.0 with this release and our scenario of queue >>>>> creation fails after giving a permission denied error. The scenario is as >>>>> follows: >>>>> >>>>> 1. Create a user "user1" with a role assigned with permission to >>>>> create queues. >>>>> 2. Login from "user1" and try to create a queue, we get a permission >>>>> denied error. >>>>> >>>>> When creating a queue the following happens from our code. >>>>> >>>>> 1. We create an internal role for the queue and assign it to the >>>>> current user with permissions assigned. >>>>> >>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>> >>>>> PERMISSION_CHANGE_PERMISSION); >>>>> >>>>> 2. Next, we create the queue and update permissions for the queue. In >>>>> this step, we check if the current user has permissions to change the >>>>> queue. >>>>> >>>>> String[] userRoles = >>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>>>> for (String userRole : userRoles) { >>>>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>>>> isUserHasChangePermission = true; >>>>> } >>>>> } >>>>> >>>>> At this stage, *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' false >>>>> implying that any of roles assigned to the user do not have permissions >>>>> to change the queue, thus not allowing the user to create the queue. >>>>> >>>>> >>>>> Thank you >>>>> >>>>> >>>>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera <manu...@wso2.com >>>>> > wrote: >>>>> >>>>>> Hi Devs, >>>>>> >>>>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>>>> >>>>>> This release fixes the following issues: >>>>>> https://wso2.org/jira/issues/?filter=12396 >>>>>> >>>>>> Please download and test your products with kernel 4.4.2 RC2 and >>>>>> vote. Vote will be open for 72 hours or longer as needed. >>>>>> >>>>>> *​Source and binary distribution files:* >>>>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>>>> >>>>>> *Maven staging repository:* >>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>>>> >>>>>> *The tag to be voted upon:* >>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>>>> >>>>>> >>>>>> [ ] Broken - do not release (explain why) >>>>>> [ ] Stable - go ahead and release >>>>>> >>>>>> >>>>>> Thank you >>>>>> Carbon Team >>>>>> >>>>>> -- >>>>>> >>>>>> *Manuri Amaya Perera* >>>>>> >>>>>> *Software Engineer* >>>>>> >>>>>> *WSO2 Inc.* >>>>>> >>>>>> *Blog: http://manuriamayaperera.blogspot.com >>>>>> <http://manuriamayaperera.blogspot.com>* >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sasikala Kottegoda >>>>> *Software Engineer* >>>>> WSO2 Inc., http://wso2.com/ >>>>> lean. enterprise. middleware >>>>> Mobile: +94 774835928/712792401 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Kishanthan Thangarajah* >>>> Associate Technical Lead, >>>> Platform Technologies Team, >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - +94773426635 >>>> Blog - *http://kishanthan.wordpress.com >>>> <http://kishanthan.wordpress.com>* >>>> Twitter - *http://twitter.com/kishanthan >>>> <http://twitter.com/kishanthan>* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Indika Sampath >>> Senior Software Engineer >>> WSO2 Inc. >>> http://wso2.com >>> >>> Phone: +94 716 424 744 >>> Blog: http://indikasampath.blogspot.com/ >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Isura Dilhara Karunaratne > Senior Software Engineer > > Mob +94 772 254 810 > > -- *Kishanthan Thangarajah* Associate Technical Lead, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>* Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
