added tenant permission for mobile app and bundle

application/src/main/java/org/thingsboard/server/controller/MobileAppBundleController.java

@@ -51,7 +51,7 @@ import static org.thingsboard.server.controller.ControllerConstants.PAGE_NUMBER_
 import static org.thingsboard.server.controller.ControllerConstants.PAGE_SIZE_DESCRIPTION;
 import static org.thingsboard.server.controller.ControllerConstants.SORT_ORDER_DESCRIPTION;
 import static org.thingsboard.server.controller.ControllerConstants.SORT_PROPERTY_DESCRIPTION;
-import static org.thingsboard.server.controller.ControllerConstants.SYSTEM_AUTHORITY_PARAGRAPH;
+import static org.thingsboard.server.controller.ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH;
 import static org.thingsboard.server.controller.ControllerConstants.UUID_WIKI_LINK;
 
 @RestController
@@ -68,8 +68,8 @@ public class MobileAppBundleController extends BaseController {
                     "mobile settings like oauth2 clients, self-registration and layout configuration." +
                     "When creating mobile app bundle, platform generates Mobile App Bundle Id as " + UUID_WIKI_LINK +
                     "The newly created Mobile App Bundle Id will be present in the response. " +
-                    "Referencing non-existing Mobile App Bundle Id will cause 'Not Found' error."  + SYSTEM_AUTHORITY_PARAGRAPH)
+                    "Referencing non-existing Mobile App Bundle Id will cause 'Not Found' error."  + SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @PostMapping(value = "/mobile/bundle")
     public MobileAppBundle saveMobileAppBundle(
             @Parameter(description = "A JSON value representing the Mobile Application Bundle.", required = true)
@@ -82,8 +82,8 @@ public class MobileAppBundleController extends BaseController {
     }
 
     @ApiOperation(value = "Update oauth2 clients (updateOauth2Clients)",
-            notes = "Update oauth2 clients of the specified mobile app bundle. ")
+            notes = "Update oauth2 clients of the specified mobile app bundle." + SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @PutMapping(value = "/mobile/bundle/{id}/oauth2Clients")
     public void updateOauth2Clients(@PathVariable UUID id,
                                     @RequestBody UUID[] clientIds) throws ThingsboardException {
@@ -93,8 +93,8 @@ public class MobileAppBundleController extends BaseController {
         tbMobileAppBundleService.updateOauth2Clients(mobileAppBundle, oAuth2ClientIds, getCurrentUser());
     }
 
-    @ApiOperation(value = "Get mobile app bundle infos (getTenantMobileAppBundleInfos)", notes = SYSTEM_AUTHORITY_PARAGRAPH)
+    @ApiOperation(value = "Get mobile app bundle infos (getTenantMobileAppBundleInfos)", notes = SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @GetMapping(value = "/mobile/bundle/infos")
     public PageData<MobileAppBundleInfo> getTenantMobileAppBundleInfos(@Parameter(description = PAGE_SIZE_DESCRIPTION, required = true)
                                                                        @RequestParam int pageSize,
@@ -106,13 +106,12 @@ public class MobileAppBundleController extends BaseController {
                                                                        @RequestParam(required = false) String sortProperty,
                                                                        @Parameter(description = SORT_ORDER_DESCRIPTION)
                                                                        @RequestParam(required = false) String sortOrder) throws ThingsboardException {
-        accessControlService.checkPermission(getCurrentUser(), Resource.MOBILE_APP_BUNDLE, Operation.READ);
         PageLink pageLink = createPageLink(pageSize, page, textSearch, sortProperty, sortOrder);
         return mobileAppBundleService.findMobileAppBundleInfosByTenantId(getTenantId(), pageLink);
     }
 
-    @ApiOperation(value = "Get mobile app bundle info by id (getMobileAppBundleInfoById)", notes = SYSTEM_AUTHORITY_PARAGRAPH)
+    @ApiOperation(value = "Get mobile app bundle info by id (getMobileAppBundleInfoById)", notes = SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @GetMapping(value = "/mobile/bundle/info/{id}")
     public MobileAppBundleInfo getMobileAppBundleInfoById(@PathVariable UUID id) throws ThingsboardException {
         MobileAppBundleId mobileAppBundleId = new MobileAppBundleId(id);
@@ -120,8 +119,8 @@ public class MobileAppBundleController extends BaseController {
     }
 
     @ApiOperation(value = "Delete Mobile App Bundle by ID (deleteMobileAppBundle)",
-            notes = "Deletes Mobile App Bundle by ID. Referencing non-existing mobile app bundle Id will cause an error." + SYSTEM_AUTHORITY_PARAGRAPH)
+            notes = "Deletes Mobile App Bundle by ID. Referencing non-existing mobile app bundle Id will cause an error." + SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @DeleteMapping(value = "/mobile/bundle/{id}")
     public void deleteMobileAppBundle(@PathVariable UUID id) throws Exception {
         MobileAppBundleId mobileAppBundleId = new MobileAppBundleId(id);

application/src/main/java/org/thingsboard/server/controller/MobileAppController.java

@@ -46,7 +46,7 @@ import static org.thingsboard.server.controller.ControllerConstants.PAGE_NUMBER_
 import static org.thingsboard.server.controller.ControllerConstants.PAGE_SIZE_DESCRIPTION;
 import static org.thingsboard.server.controller.ControllerConstants.SORT_ORDER_DESCRIPTION;
 import static org.thingsboard.server.controller.ControllerConstants.SORT_PROPERTY_DESCRIPTION;
-import static org.thingsboard.server.controller.ControllerConstants.SYSTEM_AUTHORITY_PARAGRAPH;
+import static org.thingsboard.server.controller.ControllerConstants.SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH;
 import static org.thingsboard.server.controller.ControllerConstants.UUID_WIKI_LINK;
 
 @RestController
@@ -63,8 +63,8 @@ public class MobileAppController extends BaseController {
                     "The newly created Mobile App Id will be present in the response. " +
                     "Specify existing Mobile App Id to update the mobile app. " +
                     "Referencing non-existing Mobile App Id will cause 'Not Found' error." +
-                    "\n\nThe pair of mobile app package name and platform type is unique for entire platform setup.\n\n" + SYSTEM_AUTHORITY_PARAGRAPH)
+                    "\n\nThe pair of mobile app package name and platform type is unique for entire platform setup.\n\n" + SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @PostMapping(value = "/mobile/app")
     public MobileApp saveMobileApp(
             @Parameter(description = "A JSON value representing the Mobile Application.", required = true)
@@ -74,8 +74,8 @@ public class MobileAppController extends BaseController {
         return tbMobileAppService.save(mobileApp, getCurrentUser());
     }
 
-    @ApiOperation(value = "Get mobile app infos (getTenantMobileAppInfos)", notes = SYSTEM_AUTHORITY_PARAGRAPH)
+    @ApiOperation(value = "Get mobile app infos (getTenantMobileAppInfos)", notes = SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @GetMapping(value = "/mobile/app")
     public PageData<MobileApp> getTenantMobileApps(@Parameter(description = "Platform type: ANDROID or IOS")
                                                    @RequestParam(required = false) PlatformType platformType,
@@ -89,13 +89,12 @@ public class MobileAppController extends BaseController {
                                                    @RequestParam(required = false) String sortProperty,
                                                    @Parameter(description = SORT_ORDER_DESCRIPTION)
                                                    @RequestParam(required = false) String sortOrder) throws ThingsboardException {
-        accessControlService.checkPermission(getCurrentUser(), Resource.MOBILE_APP, Operation.READ);
         PageLink pageLink = createPageLink(pageSize, page, textSearch, sortProperty, sortOrder);
         return mobileAppService.findMobileAppsByTenantId(getTenantId(), platformType, pageLink);
     }
 
-    @ApiOperation(value = "Get mobile info by id (getMobileAppInfoById)", notes = SYSTEM_AUTHORITY_PARAGRAPH)
+    @ApiOperation(value = "Get mobile info by id (getMobileAppInfoById)", notes = SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @GetMapping(value = "/mobile/app/{id}")
     public MobileApp getMobileAppById(@PathVariable UUID id) throws ThingsboardException {
         MobileAppId mobileAppId = new MobileAppId(id);
@@ -103,8 +102,8 @@ public class MobileAppController extends BaseController {
     }
 
     @ApiOperation(value = "Delete Mobile App by ID (deleteMobileApp)",
-            notes = "Deletes Mobile App by ID. Referencing non-existing mobile app Id will cause an error." + SYSTEM_AUTHORITY_PARAGRAPH)
+            notes = "Deletes Mobile App by ID. Referencing non-existing mobile app Id will cause an error." + SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAuthority('SYS_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @DeleteMapping(value = "/mobile/app/{id}")
     public void deleteMobileApp(@PathVariable UUID id) throws Exception {
         MobileAppId mobileAppId = new MobileAppId(id);

application/src/main/java/org/thingsboard/server/controller/QrCodeSettingsController.java

@@ -128,7 +128,7 @@ public class QrCodeSettingsController extends BaseController {
     public QrCodeSettings saveMobileAppSettings(@Parameter(description = "A JSON value representing the mobile apps configuration")
                                                 @RequestBody QrCodeSettings qrCodeSettings) throws ThingsboardException {
         SecurityUser currentUser = getCurrentUser();
-        accessControlService.checkPermission(currentUser, Resource.MOBILE_APP_SETTINGS, Operation.WRITE);
+        accessControlService.checkPermission(currentUser, Resource.QR_CODE_SETTINGS, Operation.WRITE);
         qrCodeSettings.setTenantId(getTenantId());
         return qrCodeSettingService.saveQrCodeSettings(currentUser.getTenantId(), qrCodeSettings);
     }
@@ -139,7 +139,7 @@ public class QrCodeSettingsController extends BaseController {
     @GetMapping(value = "/api/mobile/qr/settings")
     public QrCodeSettings getMobileAppSettings() throws ThingsboardException {
         SecurityUser currentUser = getCurrentUser();
-        accessControlService.checkPermission(currentUser, Resource.MOBILE_APP_SETTINGS, Operation.READ);
+        accessControlService.checkPermission(currentUser, Resource.QR_CODE_SETTINGS, Operation.READ);
         return qrCodeSettingService.findQrCodeSettings(TenantId.SYS_TENANT_ID);
     }
 

application/src/main/java/org/thingsboard/server/service/security/permission/CustomerUserPermissions.java

@@ -47,7 +47,7 @@ public class CustomerUserPermissions extends AbstractPermissions {
         put(Resource.DEVICE_PROFILE, profilePermissionChecker);
         put(Resource.ASSET_PROFILE, profilePermissionChecker);
         put(Resource.TB_RESOURCE, customerResourcePermissionChecker);
-        put(Resource.MOBILE_APP_SETTINGS, new PermissionChecker.GenericPermissionChecker(Operation.READ));
+        put(Resource.QR_CODE_SETTINGS, new PermissionChecker.GenericPermissionChecker(Operation.READ));
     }
 
     private static final PermissionChecker customerAlarmPermissionChecker = new PermissionChecker() {

application/src/main/java/org/thingsboard/server/service/security/permission/Resource.java

@@ -50,7 +50,7 @@ public enum Resource {
     VERSION_CONTROL,
     NOTIFICATION(EntityType.NOTIFICATION_TARGET, EntityType.NOTIFICATION_TEMPLATE,
             EntityType.NOTIFICATION_REQUEST, EntityType.NOTIFICATION_RULE),
-    MOBILE_APP_SETTINGS;
+    QR_CODE_SETTINGS;
     private final Set<EntityType> entityTypes;
 
     Resource() {

application/src/main/java/org/thingsboard/server/service/security/permission/SysAdminPermissions.java

@@ -36,15 +36,15 @@ public class SysAdminPermissions extends AbstractPermissions {
         put(Resource.WIDGETS_BUNDLE, systemEntityPermissionChecker);
         put(Resource.WIDGET_TYPE, systemEntityPermissionChecker);
         put(Resource.OAUTH2_CLIENT, PermissionChecker.allowAllPermissionChecker);
-        put(Resource.MOBILE_APP, PermissionChecker.allowAllPermissionChecker);
+        put(Resource.MOBILE_APP, systemEntityPermissionChecker);
-        put(Resource.MOBILE_APP_BUNDLE, PermissionChecker.allowAllPermissionChecker);
+        put(Resource.MOBILE_APP_BUNDLE, systemEntityPermissionChecker);
         put(Resource.DOMAIN, PermissionChecker.allowAllPermissionChecker);
         put(Resource.OAUTH2_CONFIGURATION_TEMPLATE, PermissionChecker.allowAllPermissionChecker);
         put(Resource.TENANT_PROFILE, PermissionChecker.allowAllPermissionChecker);
         put(Resource.TB_RESOURCE, systemEntityPermissionChecker);
         put(Resource.QUEUE, systemEntityPermissionChecker);
         put(Resource.NOTIFICATION, systemEntityPermissionChecker);
-        put(Resource.MOBILE_APP_SETTINGS, PermissionChecker.allowAllPermissionChecker);
+        put(Resource.QR_CODE_SETTINGS, PermissionChecker.allowAllPermissionChecker);
     }
 
     private static final PermissionChecker systemEntityPermissionChecker = new PermissionChecker() {

application/src/main/java/org/thingsboard/server/service/security/permission/TenantAdminPermissions.java

@@ -50,7 +50,9 @@ public class TenantAdminPermissions extends AbstractPermissions {
         put(Resource.QUEUE, queuePermissionChecker);
         put(Resource.VERSION_CONTROL, PermissionChecker.allowAllPermissionChecker);
         put(Resource.NOTIFICATION, tenantEntityPermissionChecker);
-        put(Resource.MOBILE_APP_SETTINGS, new PermissionChecker.GenericPermissionChecker(Operation.READ));
+        put(Resource.QR_CODE_SETTINGS, new PermissionChecker.GenericPermissionChecker(Operation.READ));
+        put(Resource.MOBILE_APP, tenantEntityPermissionChecker);
+        put(Resource.MOBILE_APP_BUNDLE, tenantEntityPermissionChecker);
     }
 
     public static final PermissionChecker tenantEntityPermissionChecker = new PermissionChecker() {

common/data/src/main/java/org/thingsboard/server/common/data/mobile/layout/MobilePage.java

@@ -43,6 +43,8 @@ import java.io.Serializable;
         property = "type")
 @JsonSubTypes({
         @JsonSubTypes.Type(value = DefaultMobilePage.class, name = "DEFAULT"),
+        @JsonSubTypes.Type(value = DashdoardPage.class, name = "DASHBOARD"),
+        @JsonSubTypes.Type(value = WebViewPage.class, name = "WEB_VIEW"),
         @JsonSubTypes.Type(value = CustomMobilePage.class, name = "CUSTOM")
 })
 public interface MobilePage extends Serializable {

common/data/src/main/java/org/thingsboard/server/common/data/mobile/layout/WebViewPage.java

@@ -27,7 +27,7 @@ import lombok.NoArgsConstructor;
 @NoArgsConstructor
 @AllArgsConstructor
 @EqualsAndHashCode(callSuper = true)
-public class WebViewPage extends  AbstractMobilePage {
+public class WebViewPage extends AbstractMobilePage {
 
     @Schema(description = "Url", example = "/url")
     private String url;