Introduce new permission structure for rollout management. (#624)
* Introduce new permission structure for rollout management. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * JavaDocs Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Add target read check for filters. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
@@ -78,7 +78,7 @@ public class MgmtRolloutResourceTest extends AbstractManagementApiIntegrationTes
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Description("Testing that creating rollout with insufficient permission returns forbidden")
|
@Description("Testing that creating rollout with insufficient permission returns forbidden")
|
||||||
@WithUser(allSpPermissions = true, removeFromAllPermission = "ROLLOUT_MANAGEMENT")
|
@WithUser(allSpPermissions = true, removeFromAllPermission = "CREATE_ROLLOUT")
|
||||||
public void createRolloutWithInsufficientPermissionReturnsForbidden() throws Exception {
|
public void createRolloutWithInsufficientPermissionReturnsForbidden() throws Exception {
|
||||||
final DistributionSet dsA = testdataFactory.createDistributionSet("");
|
final DistributionSet dsA = testdataFactory.createDistributionSet("");
|
||||||
mvc.perform(post("/rest/v1/rollouts")
|
mvc.perform(post("/rest/v1/rollouts")
|
||||||
|
|||||||
@@ -71,7 +71,7 @@ public interface RolloutManagement {
|
|||||||
* otherwise.
|
* otherwise.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||||
void handleRollouts();
|
void handleRollouts();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -123,7 +123,7 @@ public interface RolloutManagement {
|
|||||||
* @throws ConstraintViolationException
|
* @throws ConstraintViolationException
|
||||||
* if rollout or group parameters are invalid.
|
* if rollout or group parameters are invalid.
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
|
||||||
Rollout create(@NotNull RolloutCreate create, int amountGroup, @NotNull RolloutGroupConditions conditions);
|
Rollout create(@NotNull RolloutCreate create, int amountGroup, @NotNull RolloutGroupConditions conditions);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -157,7 +157,7 @@ public interface RolloutManagement {
|
|||||||
* @throws ConstraintViolationException
|
* @throws ConstraintViolationException
|
||||||
* if rollout or group parameters are invalid
|
* if rollout or group parameters are invalid
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
|
||||||
Rollout create(@NotNull RolloutCreate rollout, @NotNull List<RolloutGroupCreate> groups,
|
Rollout create(@NotNull RolloutCreate rollout, @NotNull List<RolloutGroupCreate> groups,
|
||||||
RolloutGroupConditions conditions);
|
RolloutGroupConditions conditions);
|
||||||
|
|
||||||
@@ -312,7 +312,7 @@ public interface RolloutManagement {
|
|||||||
* Only running rollouts can be paused.
|
* Only running rollouts can be paused.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
|
||||||
void pauseRollout(@NotNull Long rolloutId);
|
void pauseRollout(@NotNull Long rolloutId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -329,7 +329,7 @@ public interface RolloutManagement {
|
|||||||
* if given rollout is not in {@link RolloutStatus#PAUSED}. Only
|
* if given rollout is not in {@link RolloutStatus#PAUSED}. Only
|
||||||
* paused rollouts can be resumed.
|
* paused rollouts can be resumed.
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
|
||||||
void resumeRollout(@NotNull Long rolloutId);
|
void resumeRollout(@NotNull Long rolloutId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -350,7 +350,7 @@ public interface RolloutManagement {
|
|||||||
* if given rollout is not in {@link RolloutStatus#READY}. Only
|
* if given rollout is not in {@link RolloutStatus#READY}. Only
|
||||||
* ready rollouts can be started.
|
* ready rollouts can be started.
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
|
||||||
Rollout start(@NotNull Long rolloutId);
|
Rollout start(@NotNull Long rolloutId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -368,7 +368,7 @@ public interface RolloutManagement {
|
|||||||
* reference
|
* reference
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_UPDATE)
|
||||||
Rollout update(@NotNull RolloutUpdate update);
|
Rollout update(@NotNull RolloutUpdate update);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -379,7 +379,7 @@ public interface RolloutManagement {
|
|||||||
* @param rolloutId
|
* @param rolloutId
|
||||||
* the ID of the rollout to be deleted
|
* the ID of the rollout to be deleted
|
||||||
*/
|
*/
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE)
|
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_DELETE)
|
||||||
void delete(@NotNull Long rolloutId);
|
void delete(@NotNull Long rolloutId);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -142,9 +142,29 @@ public final class SpPermission {
|
|||||||
public static final String TENANT_CONFIGURATION = "TENANT_CONFIGURATION";
|
public static final String TENANT_CONFIGURATION = "TENANT_CONFIGURATION";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Permission to administrate a rollout management.
|
* Permission to read a rollout.
|
||||||
*/
|
*/
|
||||||
public static final String ROLLOUT_MANAGEMENT = "ROLLOUT_MANAGEMENT";
|
public static final String READ_ROLLOUT = "READ_ROLLOUT";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Permission to create a rollout.
|
||||||
|
*/
|
||||||
|
public static final String CREATE_ROLLOUT = "CREATE_ROLLOUT";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Permission to update a rollout.
|
||||||
|
*/
|
||||||
|
public static final String UPDATE_ROLLOUT = "UPDATE_ROLLOUT";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Permission to delete a rollout.
|
||||||
|
*/
|
||||||
|
public static final String DELETE_ROLLOUT = "DELETE_ROLLOUT";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Permission to start/stop/resume a rollout.
|
||||||
|
*/
|
||||||
|
public static final String HANDLE_ROLLOUT = "HANDLE_ROLLOUT";
|
||||||
|
|
||||||
private SpPermission() {
|
private SpPermission() {
|
||||||
// Constants only
|
// Constants only
|
||||||
@@ -389,29 +409,52 @@ public final class SpPermission {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Spring security eval hasAuthority expression to check if spring
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
* context contains {@link SpPermission#ROLLOUT_MANAGEMENT} or
|
* context contains {@link SpPermission#READ_ROLLOUT} or
|
||||||
* {@link #IS_SYSTEM_CODE}.
|
* {@link #IS_SYSTEM_CODE}.
|
||||||
*/
|
*/
|
||||||
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ = HAS_AUTH_PREFIX + READ_ROLLOUT + HAS_AUTH_SUFFIX
|
||||||
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
+ HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Spring security eval hasAuthority expression to check if spring
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
* context contains {@link SpPermission#ROLLOUT_MANAGEMENT} and
|
* context contains {@link SpPermission#READ_ROLLOUT} and
|
||||||
* {@link SpPermission#READ_TARGET} or {@link #IS_SYSTEM_CODE}.
|
* {@link SpPermission#READ_TARGET} or {@link #IS_SYSTEM_CODE}.
|
||||||
*/
|
*/
|
||||||
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ = BRACKET_OPEN + HAS_AUTH_PREFIX
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ = BRACKET_OPEN + HAS_AUTH_PREFIX
|
||||||
+ ROLLOUT_MANAGEMENT + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX
|
+ READ_ROLLOUT + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX
|
||||||
+ BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
+ BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Spring security eval hasAuthority expression to check if spring
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
* context contains {@link SpPermission#ROLLOUT_MANAGEMENT} and
|
* context contains {@link SpPermission#CREATE_ROLLOUT} or
|
||||||
* {@link SpPermission#UPDATE_TARGET} or {@link #IS_SYSTEM_CODE}.
|
* {@link #IS_SYSTEM_CODE}.
|
||||||
*/
|
*/
|
||||||
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = BRACKET_OPEN + HAS_AUTH_PREFIX
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE = HAS_AUTH_PREFIX + CREATE_ROLLOUT
|
||||||
+ ROLLOUT_MANAGEMENT + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET
|
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||||
+ HAS_AUTH_SUFFIX + BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
|
||||||
|
/**
|
||||||
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
|
* context contains {@link SpPermission#HANDLE_ROLLOUT} or
|
||||||
|
* {@link #IS_SYSTEM_CODE}.
|
||||||
|
*/
|
||||||
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE = HAS_AUTH_PREFIX + HANDLE_ROLLOUT
|
||||||
|
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
|
* context contains {@link SpPermission#UPDATE_ROLLOUT} or
|
||||||
|
* {@link #IS_SYSTEM_CODE}.
|
||||||
|
*/
|
||||||
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_UPDATE = HAS_AUTH_PREFIX + UPDATE_ROLLOUT
|
||||||
|
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
|
* context contains {@link SpPermission#DELETE_ROLLOUT} or
|
||||||
|
* {@link #IS_SYSTEM_CODE}.
|
||||||
|
*/
|
||||||
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_DELETE = HAS_AUTH_PREFIX + DELETE_ROLLOUT
|
||||||
|
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Spring security eval hasAuthority expression to check if spring
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ public final class PermissionTest {
|
|||||||
@Test
|
@Test
|
||||||
@Description("Verify the get permission function")
|
@Description("Verify the get permission function")
|
||||||
public void testGetPermissions() {
|
public void testGetPermissions() {
|
||||||
final int allPermission = 15;
|
final int allPermission = 19;
|
||||||
final int permissionWithoutSystem = allPermission - 3;
|
final int permissionWithoutSystem = allPermission - 3;
|
||||||
final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
|
final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
|
||||||
final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
|
final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
|
||||||
|
|||||||
@@ -14,11 +14,11 @@ import org.eclipse.hawkbit.im.authentication.PermissionService;
|
|||||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Bean which contains all SP permissions.
|
* Bean which contains all permissions.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class SpPermissionChecker implements Serializable {
|
public class SpPermissionChecker implements Serializable {
|
||||||
private static final long serialVersionUID = 2757865286212875704L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
protected transient PermissionService permissionService;
|
protected transient PermissionService permissionService;
|
||||||
|
|
||||||
@@ -27,7 +27,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP monitor View Permission.
|
* Gets the monitor View Permission.
|
||||||
*
|
*
|
||||||
* @return SYSTEM_MONITOR boolean value
|
* @return SYSTEM_MONITOR boolean value
|
||||||
*/
|
*/
|
||||||
@@ -36,7 +36,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP diagnosis retrieval Permission.
|
* Gets the diagnosis retrieval Permission.
|
||||||
*
|
*
|
||||||
* @return SYSTEM_DIAG boolean value
|
* @return SYSTEM_DIAG boolean value
|
||||||
*/
|
*/
|
||||||
@@ -45,7 +45,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP read Target & Dist Permission.
|
* Gets the read Target & Dist Permission.
|
||||||
*
|
*
|
||||||
* @return TARGET_REPOSITORY_READ boolean value
|
* @return TARGET_REPOSITORY_READ boolean value
|
||||||
*/
|
*/
|
||||||
@@ -54,7 +54,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP read Target Permission.
|
* Gets the read Target Permission.
|
||||||
*
|
*
|
||||||
* @return READ_TARGET boolean value
|
* @return READ_TARGET boolean value
|
||||||
*/
|
*/
|
||||||
@@ -63,7 +63,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP create Target Permission.
|
* Gets the create Target Permission.
|
||||||
*
|
*
|
||||||
* @return READ_TARGET boolean value
|
* @return READ_TARGET boolean value
|
||||||
*/
|
*/
|
||||||
@@ -72,7 +72,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP update Target Permission.
|
* Gets the update Target Permission.
|
||||||
*
|
*
|
||||||
* @return READ_TARGET boolean value
|
* @return READ_TARGET boolean value
|
||||||
*/
|
*/
|
||||||
@@ -81,7 +81,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP delete Target Permission.
|
* Gets the delete Target Permission.
|
||||||
*
|
*
|
||||||
* @return READ_TARGET boolean value
|
* @return READ_TARGET boolean value
|
||||||
*/
|
*/
|
||||||
@@ -90,7 +90,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP READ Repository Permission.
|
* Gets the READ Repository Permission.
|
||||||
*
|
*
|
||||||
* @return READ_REPOSITORY boolean value
|
* @return READ_REPOSITORY boolean value
|
||||||
*/
|
*/
|
||||||
@@ -99,7 +99,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP create Repository Permission.
|
* Gets the create Repository Permission.
|
||||||
*
|
*
|
||||||
* @return CREATE_REPOSITORY boolean value
|
* @return CREATE_REPOSITORY boolean value
|
||||||
*/
|
*/
|
||||||
@@ -108,7 +108,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP update Repository Permission.
|
* Gets the update Repository Permission.
|
||||||
*
|
*
|
||||||
* @return UPDATE_REPOSITORY boolean value
|
* @return UPDATE_REPOSITORY boolean value
|
||||||
*/
|
*/
|
||||||
@@ -117,7 +117,7 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP delete Repository Permission.
|
* Has the delete Repository Permission.
|
||||||
*
|
*
|
||||||
* @return DELETE_REPOSITORY boolean value
|
* @return DELETE_REPOSITORY boolean value
|
||||||
*/
|
*/
|
||||||
@@ -126,41 +126,47 @@ public class SpPermissionChecker implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP rollout create permission.
|
* Has the rollout update permission.
|
||||||
*
|
*
|
||||||
* @return permission for rollout update
|
* @return permission for rollout update
|
||||||
*/
|
*/
|
||||||
public boolean hasRolloutUpdatePermission() {
|
public boolean hasRolloutUpdatePermission() {
|
||||||
return hasUpdateTargetPermission() && hasReadRepositoryPermission()
|
return hasRolloutReadPermission() && permissionService.hasPermission(SpPermission.UPDATE_ROLLOUT);
|
||||||
&& permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP rollout create permission.
|
* @return <code>true</code> if rollout create permission
|
||||||
*
|
|
||||||
* @return permission for rollout create
|
|
||||||
*/
|
*/
|
||||||
public boolean hasRolloutCreatePermission() {
|
public boolean hasRolloutCreatePermission() {
|
||||||
return hasUpdateTargetPermission() && hasReadRepositoryPermission()
|
return hasTargetReadPermission() && hasReadRepositoryPermission()
|
||||||
&& permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
|
&& permissionService.hasPermission(SpPermission.CREATE_ROLLOUT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
* @return <code>true</code> if rollout read permission
|
||||||
* Gets the SP rollout read permission.
|
|
||||||
*
|
|
||||||
* @return Gets the SP rollout read permission.
|
|
||||||
*/
|
*/
|
||||||
public boolean hasRolloutReadPermission() {
|
public boolean hasRolloutReadPermission() {
|
||||||
return permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
|
return permissionService.hasPermission(SpPermission.READ_ROLLOUT);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return <code>true</code> if rollout delete permission
|
||||||
|
*/
|
||||||
|
public boolean hasRolloutDeletePermission() {
|
||||||
|
return hasRolloutReadPermission() && permissionService.hasPermission(SpPermission.DELETE_ROLLOUT);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return <code>true</code> if rollout handle permission.
|
||||||
|
*/
|
||||||
|
public boolean hasRolloutHandlePermission() {
|
||||||
|
return hasRolloutReadPermission() && permissionService.hasPermission(SpPermission.HANDLE_ROLLOUT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the SP rollout targets read permission.
|
|
||||||
*
|
|
||||||
* @return permission to read rollout targets
|
* @return permission to read rollout targets
|
||||||
*/
|
*/
|
||||||
public boolean hasRolloutTargetsReadPermission() {
|
public boolean hasRolloutTargetsReadPermission() {
|
||||||
return hasTargetReadPermission() && permissionService.hasPermission(SpPermission.ROLLOUT_MANAGEMENT);
|
return hasTargetReadPermission() && permissionService.hasPermission(SpPermission.READ_ROLLOUT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ package org.eclipse.hawkbit.ui.components;
|
|||||||
import static java.util.concurrent.TimeUnit.SECONDS;
|
import static java.util.concurrent.TimeUnit.SECONDS;
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.atomic.AtomicInteger;
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
|
|
||||||
@@ -71,7 +72,8 @@ public abstract class AbstractNotificationView extends VerticalLayout implements
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
eventContainer.getEvents().stream().filter(this::noEventMatch).forEach(event -> {
|
eventContainer.getEvents().stream().filter(Objects::nonNull).filter(event -> noEventMatch(event))
|
||||||
|
.forEach(event -> {
|
||||||
notificationUnreadButton.incrementUnreadNotification(this, eventContainer);
|
notificationUnreadButton.incrementUnreadNotification(this, eventContainer);
|
||||||
viewUnreadNotifcations.incrementAndGet();
|
viewUnreadNotifcations.incrementAndGet();
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -59,6 +59,6 @@ public class RolloutViewMenuItem extends AbstractDashboardMenuItemNotification {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<String> getPermissions() {
|
public List<String> getPermissions() {
|
||||||
return Arrays.asList(SpPermission.ROLLOUT_MANAGEMENT);
|
return Arrays.asList(SpPermission.READ_ROLLOUT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -195,8 +195,7 @@ public class RolloutListGrid extends AbstractGrid<LazyQueryContainer> {
|
|||||||
if (!rolloutUIState.isShowRollOuts() || rolloutChangeEvent.getRolloutId() == null) {
|
if (!rolloutUIState.isShowRollOuts() || rolloutChangeEvent.getRolloutId() == null) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
final Optional<Rollout> rollout = rolloutManagement
|
final Optional<Rollout> rollout = rolloutManagement.getWithDetailedStatus(rolloutChangeEvent.getRolloutId());
|
||||||
.getWithDetailedStatus(rolloutChangeEvent.getRolloutId());
|
|
||||||
|
|
||||||
if (!rollout.isPresent()) {
|
if (!rollout.isPresent()) {
|
||||||
return;
|
return;
|
||||||
@@ -745,6 +744,14 @@ public class RolloutListGrid extends AbstractGrid<LazyQueryContainer> {
|
|||||||
if (!permissionChecker.hasRolloutCreatePermission()) {
|
if (!permissionChecker.hasRolloutCreatePermission()) {
|
||||||
modifiableColumnsList.remove(VIRT_PROP_COPY);
|
modifiableColumnsList.remove(VIRT_PROP_COPY);
|
||||||
}
|
}
|
||||||
|
if (!permissionChecker.hasRolloutDeletePermission()) {
|
||||||
|
modifiableColumnsList.remove(VIRT_PROP_DELETE);
|
||||||
|
}
|
||||||
|
if (!permissionChecker.hasRolloutHandlePermission()) {
|
||||||
|
modifiableColumnsList.remove(VIRT_PROP_PAUSE);
|
||||||
|
modifiableColumnsList.remove(VIRT_PROP_RUN);
|
||||||
|
}
|
||||||
|
|
||||||
setColumns(modifiableColumnsList.toArray());
|
setColumns(modifiableColumnsList.toArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user