Introduce new permission structure for rollout management. (#624)

* Introduce new permission structure for rollout management.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* JavaDocs

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Add target read check for filters.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
Kai Zimmermann
2018-02-07 12:39:20 +01:00
committed by GitHub
parent d1038b1b6d
commit 1a6ab123e3
8 changed files with 116 additions and 58 deletions

View File

@@ -14,11 +14,11 @@ import org.eclipse.hawkbit.im.authentication.PermissionService;
import org.eclipse.hawkbit.im.authentication.SpPermission;
/**
* Bean which contains all SP permissions.
* Bean which contains all permissions.
*
*/
public class SpPermissionChecker implements Serializable {
private static final long serialVersionUID = 2757865286212875704L;
private static final long serialVersionUID = 1L;
protected transient PermissionService permissionService;
@@ -27,7 +27,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP monitor View Permission.
* Gets the monitor View Permission.
*
* @return SYSTEM_MONITOR boolean value
*/
@@ -36,7 +36,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP diagnosis retrieval Permission.
* Gets the diagnosis retrieval Permission.
*
* @return SYSTEM_DIAG boolean value
*/
@@ -45,7 +45,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP read Target & Dist Permission.
* Gets the read Target & Dist Permission.
*
* @return TARGET_REPOSITORY_READ boolean value
*/
@@ -54,7 +54,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP read Target Permission.
* Gets the read Target Permission.
*
* @return READ_TARGET boolean value
*/
@@ -63,7 +63,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP create Target Permission.
* Gets the create Target Permission.
*
* @return READ_TARGET boolean value
*/
@@ -72,7 +72,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP update Target Permission.
* Gets the update Target Permission.
*
* @return READ_TARGET boolean value
*/
@@ -81,7 +81,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP delete Target Permission.
* Gets the delete Target Permission.
*
* @return READ_TARGET boolean value
*/
@@ -90,7 +90,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP READ Repository Permission.
* Gets the READ Repository Permission.
*
* @return READ_REPOSITORY boolean value
*/
@@ -99,7 +99,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP create Repository Permission.
* Gets the create Repository Permission.
*
* @return CREATE_REPOSITORY boolean value
*/
@@ -108,7 +108,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP update Repository Permission.
* Gets the update Repository Permission.
*
* @return UPDATE_REPOSITORY boolean value
*/
@@ -117,7 +117,7 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP delete Repository Permission.
* Has the delete Repository Permission.
*
* @return DELETE_REPOSITORY boolean value
*/
@@ -126,41 +126,47 @@ public class SpPermissionChecker implements Serializable {
}
/**
* Gets the SP rollout create permission.
* Has the rollout update permission.
*
* @return permission for rollout update
*/
public boolean hasRolloutUpdatePermission() {
return hasUpdateTargetPermission() && hasReadRepositoryPermission()
&& permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
return hasRolloutReadPermission() && permissionService.hasPermission(SpPermission.UPDATE_ROLLOUT);
}
/**
* Gets the SP rollout create permission.
*
* @return permission for rollout create
* @return <code>true</code> if rollout create permission
*/
public boolean hasRolloutCreatePermission() {
return hasUpdateTargetPermission() && hasReadRepositoryPermission()
&& permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
return hasTargetReadPermission() && hasReadRepositoryPermission()
&& permissionService.hasPermission(SpPermission.CREATE_ROLLOUT);
}
/**
*
* Gets the SP rollout read permission.
*
* @return Gets the SP rollout read permission.
* @return <code>true</code> if rollout read permission
*/
public boolean hasRolloutReadPermission() {
return permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
return permissionService.hasPermission(SpPermission.READ_ROLLOUT);
}
/**
* @return <code>true</code> if rollout delete permission
*/
public boolean hasRolloutDeletePermission() {
return hasRolloutReadPermission() && permissionService.hasPermission(SpPermission.DELETE_ROLLOUT);
}
/**
* @return <code>true</code> if rollout handle permission.
*/
public boolean hasRolloutHandlePermission() {
return hasRolloutReadPermission() && permissionService.hasPermission(SpPermission.HANDLE_ROLLOUT);
}
/**
* Gets the SP rollout targets read permission.
*
* @return permission to read rollout targets
*/
public boolean hasRolloutTargetsReadPermission() {
return hasTargetReadPermission() && permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
return hasTargetReadPermission() && permissionService.hasPermission(SpPermission.READ_ROLLOUT);
}
}

View File

@@ -11,6 +11,7 @@ package org.eclipse.hawkbit.ui.components;
import static java.util.concurrent.TimeUnit.SECONDS;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
@@ -71,10 +72,11 @@ public abstract class AbstractNotificationView extends VerticalLayout implements
return;
}
eventContainer.getEvents().stream().filter(this::noEventMatch).forEach(event -> {
notificationUnreadButton.incrementUnreadNotification(this, eventContainer);
viewUnreadNotifcations.incrementAndGet();
});
eventContainer.getEvents().stream().filter(Objects::nonNull).filter(event -> noEventMatch(event))
.forEach(event -> {
notificationUnreadButton.incrementUnreadNotification(this, eventContainer);
viewUnreadNotifcations.incrementAndGet();
});
getDashboardMenuItem().setNotificationUnreadValue(viewUnreadNotifcations);
}

View File

@@ -59,6 +59,6 @@ public class RolloutViewMenuItem extends AbstractDashboardMenuItemNotification {
@Override
public List<String> getPermissions() {
return Arrays.asList(SpPermission.ROLLOUT_MANAGEMENT);
return Arrays.asList(SpPermission.READ_ROLLOUT);
}
}

View File

@@ -195,8 +195,7 @@ public class RolloutListGrid extends AbstractGrid<LazyQueryContainer> {
if (!rolloutUIState.isShowRollOuts() || rolloutChangeEvent.getRolloutId() == null) {
return;
}
final Optional<Rollout> rollout = rolloutManagement
.getWithDetailedStatus(rolloutChangeEvent.getRolloutId());
final Optional<Rollout> rollout = rolloutManagement.getWithDetailedStatus(rolloutChangeEvent.getRolloutId());
if (!rollout.isPresent()) {
return;
@@ -745,6 +744,14 @@ public class RolloutListGrid extends AbstractGrid<LazyQueryContainer> {
if (!permissionChecker.hasRolloutCreatePermission()) {
modifiableColumnsList.remove(VIRT_PROP_COPY);
}
if (!permissionChecker.hasRolloutDeletePermission()) {
modifiableColumnsList.remove(VIRT_PROP_DELETE);
}
if (!permissionChecker.hasRolloutHandlePermission()) {
modifiableColumnsList.remove(VIRT_PROP_PAUSE);
modifiableColumnsList.remove(VIRT_PROP_RUN);
}
setColumns(modifiableColumnsList.toArray());
}