From 1a44acf503e8fd83bb582ce608dc3ea13f9bd883 Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Wed, 24 Sep 2025 10:12:26 +0300
Subject: [PATCH] Fix role hierarchy (missing new line) (#2689)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
---
 .../eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java | 8 ++------
 .../org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java  | 4 +---
 .../eclipse/hawkbit/im/authentication/SpPermission.java   | 2 +-
 site/content/concepts/authorization.md                    | 2 +-
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/hawkbit-mgmt/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java b/hawkbit-mgmt/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java
index 9c7e346d2..064350c45 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java
@@ -54,9 +54,7 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
      * Tests whether request returns distribution set if a role with scope is granted for the user
      */
     @Test
-    @WithUser(authorities = {
-            "CREATE_DISTRIBUTION_SET", "READ_DISTRIBUTION_SET_TYPE",
-            SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
+    @WithUser(authorities = { "CREATE_DISTRIBUTION_SET", SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
     void successIfHasRoleWithScope() throws Exception {
         createDsOne("successIfHasRoleWithScope");
         mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
@@ -69,9 +67,7 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
      * Tests whether request doesn't return distribution set if a role with scope doesn't grant access
      */
     @Test
-    @WithUser(authorities = {
-            "CREATE_DISTRIBUTION_SET", "READ_DISTRIBUTION_SET_TYPE",
-            SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne2" }, autoCreateTenant = false)
+    @WithUser(authorities = { "CREATE_DISTRIBUTION_SET", SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne2" }, autoCreateTenant = false)
     void failIfHasNoForbiddingScope() throws Exception {
         createDsOne("failIfHasNoForbiddingScope");
         mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
diff --git a/hawkbit-monolith/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java b/hawkbit-monolith/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java
index c5ee98b5b..040a51fdc 100644
--- a/hawkbit-monolith/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java
+++ b/hawkbit-monolith/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java
@@ -54,9 +54,7 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
      * Tests whether request returns distribution set if a role with scope is granted for the user
      */
     @Test
-    @WithUser(authorities = {
-            "CREATE_DISTRIBUTION_SET", "READ_DISTRIBUTION_SET_TYPE",
-            SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
+    @WithUser(authorities = { "CREATE_DISTRIBUTION_SET", SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
     void successIfHasRoleWithScope() throws Exception {
         createDsOne("successIfHasRoleWithScope");
         mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
index 74f17ee16..ff5c57f6d 100644
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
@@ -118,7 +118,7 @@ public final class SpPermission {
             READ_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
             UPDATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
             DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
-            DOWNLOAD_REPOSITORY_ARTIFACT + IMPLY + SOFTWARE_MODULE_DOWNLOAD;
+            DOWNLOAD_REPOSITORY_ARTIFACT + IMPLY + SOFTWARE_MODULE_DOWNLOAD + LINE_BREAK;
     public static final String DISTRIBUTION_SET_HIERARCHY =
             CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
             READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
diff --git a/site/content/concepts/authorization.md b/site/content/concepts/authorization.md
index 9ecfb0d5e..5e0cf9257 100644
--- a/site/content/concepts/authorization.md
+++ b/site/content/concepts/authorization.md
@@ -88,7 +88,7 @@ to hawkBit permissions.
     - Artifacts
     - DS tags
 
-- DOWNLOAD_REPOSITORY_ARTIFACT
+- SOFTWARE_MODULE_DOWNLOAD
     - Permission to download artifacts of a software module (Note: READ_REPOSITORY allows only to read the metadata).
 
 - READ_TARGET_SECURITY_TOKEN