add preauthorize to system management

Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java

@@ -61,6 +61,9 @@ public interface SystemManagement {
     /**
      * @return {@link TenantMetaData} of {@link TenantAware#getCurrentTenant()}
      */
+    @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
+            + SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+            + SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
     TenantMetaData getTenantMetadata();
 
     /**
@@ -77,6 +80,7 @@ public interface SystemManagement {
      *            to retrieve data for
      * @return {@link TenantMetaData} of given tenant
      */
+    @PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
     TenantMetaData getTenantMetadata(@NotNull String tenant);
 
     /**
@@ -86,6 +90,7 @@ public interface SystemManagement {
      *            to update
      * @return updated {@link TenantMetaData} entity
      */
+    @PreAuthorize(SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
     TenantMetaData updateTenantMetadata(@NotNull TenantMetaData metaData);
 
 }

hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithSpringAuthorityRule.java

@@ -16,6 +16,7 @@ import java.util.List;
 import java.util.concurrent.Callable;
 
 import org.eclipse.hawkbit.im.authentication.SpPermission;
+import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
 import org.eclipse.hawkbit.repository.jpa.model.helper.SystemManagementHolder;
 import org.junit.rules.TestRule;
@@ -56,10 +57,10 @@ public class WithSpringAuthorityRule implements TestRule {
             annotation = description.getTestClass().getAnnotation(WithUser.class);
         }
         if (annotation != null) {
-            setSecurityContext(annotation);
             if (annotation.autoCreateTenant()) {
-                SystemManagementHolder.getInstance().getSystemManagement().getTenantMetadata(annotation.tenantId());
+                createTenant(annotation.tenantId());
             }
+            setSecurityContext(annotation);
         }
         return oldContext;
     }
@@ -158,7 +159,7 @@ public class WithSpringAuthorityRule implements TestRule {
         final SecurityContext oldContext = SecurityContextHolder.getContext();
         setSecurityContext(withUser);
         if (withUser.autoCreateTenant()) {
-            SystemManagementHolder.getInstance().getSystemManagement().getTenantMetadata(withUser.tenantId());
+            createTenant(withUser.tenantId());
         }
         try {
             return callable.call();
@@ -166,6 +167,18 @@ public class WithSpringAuthorityRule implements TestRule {
             after(oldContext);
         }
     }
+    
+    private void createTenant(final String tenantId) throws Exception {
+        final SecurityContext oldContext = SecurityContextHolder.getContext();
+        setSecurityContext(privilegedUser());
+        try
+        {
+            SystemManagementHolder.getInstance().getSystemManagement().getTenantMetadata(tenantId);
+        }finally
+        {
+            after(oldContext);
+        }
+    }
 
     public static WithUser withUser(final String principal, final String... authorities) {
         return withUserAndTenant(principal, "default", true, true, authorities);
@@ -254,7 +267,7 @@ public class WithSpringAuthorityRule implements TestRule {
 
             @Override
             public String[] authorities() {
-                return new String[] { "ROLE_CONTROLLER" };
+                return new String[] { "ROLE_CONTROLLER", "ROLE_SYSTEM_CODE" };
             }
 
             @Override