Introduce new permission structure for rollout management. (#624)

* Introduce new permission structure for rollout management.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* JavaDocs

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Add target read check for filters.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
Kai Zimmermann
2018-02-07 12:39:20 +01:00
committed by GitHub
parent d1038b1b6d
commit 1a6ab123e3
8 changed files with 116 additions and 58 deletions

View File

@@ -71,7 +71,7 @@ public interface RolloutManagement {
* otherwise.
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
void handleRollouts();
/**
@@ -123,7 +123,7 @@ public interface RolloutManagement {
* @throws ConstraintViolationException
* if rollout or group parameters are invalid.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
Rollout create(@NotNull RolloutCreate create, int amountGroup, @NotNull RolloutGroupConditions conditions);
/**
@@ -157,7 +157,7 @@ public interface RolloutManagement {
* @throws ConstraintViolationException
* if rollout or group parameters are invalid
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
Rollout create(@NotNull RolloutCreate rollout, @NotNull List<RolloutGroupCreate> groups,
RolloutGroupConditions conditions);
@@ -312,7 +312,7 @@ public interface RolloutManagement {
* Only running rollouts can be paused.
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
void pauseRollout(@NotNull Long rolloutId);
/**
@@ -329,7 +329,7 @@ public interface RolloutManagement {
* if given rollout is not in {@link RolloutStatus#PAUSED}. Only
* paused rollouts can be resumed.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
void resumeRollout(@NotNull Long rolloutId);
/**
@@ -350,7 +350,7 @@ public interface RolloutManagement {
* if given rollout is not in {@link RolloutStatus#READY}. Only
* ready rollouts can be started.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
Rollout start(@NotNull Long rolloutId);
/**
@@ -368,7 +368,7 @@ public interface RolloutManagement {
* reference
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_UPDATE)
Rollout update(@NotNull RolloutUpdate update);
/**
@@ -379,7 +379,7 @@ public interface RolloutManagement {
* @param rolloutId
* the ID of the rollout to be deleted
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_DELETE)
void delete(@NotNull Long rolloutId);
}