Actions
Improvement #8129
open
Fix cdm admin user authorization
Status:
New
Priority:
None
Assignee:
-
Start date:
16/08/2019
Due date:
% Done:
0%
Estimated time:
0:00 h
Device Type:
Component:
Type:
Description
From Gitlab
------------------------
gitlabId --> 130 https://gitlab.com/entgra/product-iots/-/issues/130
labels --> Type: Improvement,
assignees -->
created_at --> 2019-08-16 18:51:53 IST +0530
updated_at --> 2021-10-12 10:06:07 IST +0530
------------------------
------------------------
gitlabId --> 130 https://gitlab.com/entgra/product-iots/-/issues/130
labels --> Type: Improvement,
assignees -->
created_at --> 2019-08-16 18:51:53 IST +0530
updated_at --> 2021-10-12 10:06:07 IST +0530
------------------------
- if the user has the "/device-mgt/admin" permission<br>
OR - if the user has the "/device-mgt/devices/any-device/permitted-actions-under-owning-device" permission<br>
OR - if the user is the owner of the device
- Description
Currently, the authorization of the carbon device-mgt admin role is checked through the "/device-mgt/devices/any-device/permitted-actions-under-owning-device" permission. The isAdminUser(String username, int tenantId) method in DeviceAccessAuthorizationServiceImpl checks if the user is an admin by looking for this permission.<br>
The following improvements are suggested:
1. The "/device-mgt/devices/any-device/permitted-actions-under-owning-device" permission should be renamed as it lacks clarity on what this permission entails.
2. The above permission should be moved to an admin level in the permission tree.
3. The isAdmin method should check for the "/device-mgt/admin" permission and another method should be implemented to check for the above-mentioned permission.
4. Three conditions must be checked to authorize a user:
- Related Issues:
https://gitlab.com/entgra/product-iots/issues/31
Updated by 
Updated by
Actions