Project

General

Profile

Actions

Improvement #8129

open

Fix cdm admin user authorization

Added by Entgra Admin about 2 years ago. Updated 10 months ago.

Status:
New
Priority:
None
Assignee:
-
Start date:
16/08/2019
Due date:
% Done:

0%

Estimated time:
0:00 h
Device Type:
Component:
Type:

Description

From Gitlab
------------------------
gitlabId --> 130 https://gitlab.com/entgra/product-iots/-/issues/130
labels --> Type: Improvement,
assignees -->
created_at --> 2019-08-16 18:51:53 IST +0530
updated_at --> 2021-10-12 10:06:07 IST +0530
------------------------
  • if the user has the "/device-mgt/admin" permission<br>
    OR
  • if the user has the "/device-mgt/devices/any-device/permitted-actions-under-owning-device" permission<br>
    OR
  • if the user is the owner of the device
  1. Description
    Currently, the authorization of the carbon device-mgt admin role is checked through the "/device-mgt/devices/any-device/permitted-actions-under-owning-device" permission. The isAdminUser(String username, int tenantId) method in DeviceAccessAuthorizationServiceImpl checks if the user is an admin by looking for this permission.<br>
    The following improvements are suggested:
    1. The "/device-mgt/devices/any-device/permitted-actions-under-owning-device" permission should be renamed as it lacks clarity on what this permission entails.
    2. The above permission should be moved to an admin level in the permission tree.
    3. The isAdmin method should check for the "/device-mgt/admin" permission and another method should be implemented to check for the above-mentioned permission.
    4. Three conditions must be checked to authorize a user:
  1. Related Issues:
    https://gitlab.com/entgra/product-iots/issues/31
Actions

Also available in: Atom PDF