From db617b404e04c45f5567943e345ba71b2b365a10 Mon Sep 17 00:00:00 2001 From: viktor Date: Tue, 23 Jun 2020 19:20:30 +0300 Subject: [PATCH] Configured permissions for oauth feature --- .../security/permission/SysAdminPermissions.java | 1 + .../security/permission/TenantAdminPermissions.java | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/application/src/main/java/org/thingsboard/server/service/security/permission/SysAdminPermissions.java b/application/src/main/java/org/thingsboard/server/service/security/permission/SysAdminPermissions.java index cd79a29f0b..869217e4cf 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/permission/SysAdminPermissions.java +++ b/application/src/main/java/org/thingsboard/server/service/security/permission/SysAdminPermissions.java @@ -39,6 +39,7 @@ public class SysAdminPermissions extends AbstractPermissions { put(Resource.USER, userPermissionChecker); put(Resource.WIDGETS_BUNDLE, systemEntityPermissionChecker); put(Resource.WIDGET_TYPE, systemEntityPermissionChecker); + put(Resource.OAUTH2_CONFIGURATION, PermissionChecker.allowAllPermissionChecker); } private static final PermissionChecker systemEntityPermissionChecker = new PermissionChecker() { diff --git a/application/src/main/java/org/thingsboard/server/service/security/permission/TenantAdminPermissions.java b/application/src/main/java/org/thingsboard/server/service/security/permission/TenantAdminPermissions.java index 794fb72398..703c238c64 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/permission/TenantAdminPermissions.java +++ b/application/src/main/java/org/thingsboard/server/service/security/permission/TenantAdminPermissions.java @@ -15,6 +15,7 @@ */ package org.thingsboard.server.service.security.permission; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.thingsboard.server.common.data.HasTenantId; import org.thingsboard.server.common.data.User; @@ -22,6 +23,7 @@ import org.thingsboard.server.common.data.id.EntityId; import org.thingsboard.server.common.data.id.TenantId; import org.thingsboard.server.common.data.id.UserId; import org.thingsboard.server.common.data.security.Authority; +import org.thingsboard.server.dao.oauth2.OAuth2Service; import org.thingsboard.server.service.security.model.SecurityUser; import java.util.HashMap; @@ -29,6 +31,9 @@ import java.util.HashMap; @Component(value="tenantAdminPermissions") public class TenantAdminPermissions extends AbstractPermissions { + @Autowired + private OAuth2Service oAuth2Service; + public TenantAdminPermissions() { super(); put(Resource.ALARM, tenantEntityPermissionChecker); @@ -42,6 +47,7 @@ public class TenantAdminPermissions extends AbstractPermissions { put(Resource.USER, userPermissionChecker); put(Resource.WIDGETS_BUNDLE, widgetsPermissionChecker); put(Resource.WIDGET_TYPE, widgetsPermissionChecker); + put(Resource.OAUTH2_CONFIGURATION, tenantOAuth2ConfigPermissionChecker); } public static final PermissionChecker tenantEntityPermissionChecker = new PermissionChecker() { @@ -101,4 +107,11 @@ public class TenantAdminPermissions extends AbstractPermissions { } }; + + private final PermissionChecker tenantOAuth2ConfigPermissionChecker = new PermissionChecker() { + @Override + public boolean hasPermission(SecurityUser user, Operation operation) { + return oAuth2Service.isOAuth2ClientRegistrationAllowed(user.getTenantId()); + } + }; }