diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java index a44b13d92..e30009258 100644 --- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java +++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java @@ -61,6 +61,9 @@ public interface SystemManagement { /** * @return {@link TenantMetaData} of {@link TenantAware#getCurrentTenant()} */ + @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR + + SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR + + SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION) TenantMetaData getTenantMetadata(); /** @@ -77,6 +80,7 @@ public interface SystemManagement { * to retrieve data for * @return {@link TenantMetaData} of given tenant */ + @PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE) TenantMetaData getTenantMetadata(@NotNull String tenant); /** @@ -86,6 +90,7 @@ public interface SystemManagement { * to update * @return updated {@link TenantMetaData} entity */ + @PreAuthorize(SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION) TenantMetaData updateTenantMetadata(@NotNull TenantMetaData metaData); } \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithSpringAuthorityRule.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithSpringAuthorityRule.java index a2bc90555..357ec5f69 100644 --- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithSpringAuthorityRule.java +++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithSpringAuthorityRule.java @@ -16,6 +16,7 @@ import java.util.List; import java.util.concurrent.Callable; import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions; import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails; import org.eclipse.hawkbit.repository.jpa.model.helper.SystemManagementHolder; import org.junit.rules.TestRule; @@ -56,10 +57,10 @@ public class WithSpringAuthorityRule implements TestRule { annotation = description.getTestClass().getAnnotation(WithUser.class); } if (annotation != null) { - setSecurityContext(annotation); if (annotation.autoCreateTenant()) { - SystemManagementHolder.getInstance().getSystemManagement().getTenantMetadata(annotation.tenantId()); + createTenant(annotation.tenantId()); } + setSecurityContext(annotation); } return oldContext; } @@ -158,7 +159,7 @@ public class WithSpringAuthorityRule implements TestRule { final SecurityContext oldContext = SecurityContextHolder.getContext(); setSecurityContext(withUser); if (withUser.autoCreateTenant()) { - SystemManagementHolder.getInstance().getSystemManagement().getTenantMetadata(withUser.tenantId()); + createTenant(withUser.tenantId()); } try { return callable.call(); @@ -166,6 +167,18 @@ public class WithSpringAuthorityRule implements TestRule { after(oldContext); } } + + private void createTenant(final String tenantId) throws Exception { + final SecurityContext oldContext = SecurityContextHolder.getContext(); + setSecurityContext(privilegedUser()); + try + { + SystemManagementHolder.getInstance().getSystemManagement().getTenantMetadata(tenantId); + }finally + { + after(oldContext); + } + } public static WithUser withUser(final String principal, final String... authorities) { return withUserAndTenant(principal, "default", true, true, authorities); @@ -254,7 +267,7 @@ public class WithSpringAuthorityRule implements TestRule { @Override public String[] authorities() { - return new String[] { "ROLE_CONTROLLER" }; + return new String[] { "ROLE_CONTROLLER", "ROLE_SYSTEM_CODE" }; } @Override