Add fine grained sm/ds type permission (#2649)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-09-04 15:05:32 +03:00
committed by GitHub
parent 2e97d67489
commit 2c995b3665
17 changed files with 139 additions and 74 deletions

View File

@@ -31,12 +31,14 @@ import org.eclipse.hawkbit.repository.model.TargetType;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.Pageable;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
/**
* Feature: Component Tests - Access Control<br/>
* Story: Test Target Type Access Controller
*/
@ContextConfiguration(classes = { DefaultAccessControllerConfiguration.class })
@TestPropertySource(properties = { "hawkbit.acm.access-controller.target-type.enabled=true" })
class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
/**
@@ -92,8 +94,8 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
final TargetType readOnlyTargetType = targetTypeManagement.create(Create.builder().name("type2").build());
runAs(withUser("user",
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
DELETE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
DELETE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
// delete the manageableTargetType
targetTypeManagement.delete(manageableTargetType.getId());
@@ -113,8 +115,8 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
final TargetType readOnlyTargetType = targetTypeManagement.create(Create.builder().name("type2").build());
runAs(withUser("user",
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
UPDATE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
UPDATE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
// update the manageableTargetType
targetTypeManagement.update(Update.builder().id(manageableTargetType.getId())
.name(manageableTargetType.getName() + "/new").description("newDesc").build());

View File

@@ -139,7 +139,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
// retrieve security token only with READ_TARGET_SEC_TOKEN permission
final String securityTokenWithReadPermission = SecurityContextSwitch.getAs(
SecurityContextSwitch.withUser("OnlyTargetReadPermission", SpPermission.READ_TARGET_SEC_TOKEN),
SecurityContextSwitch.withUser("OnlyTargetReadPermission", SpPermission.READ_TARGET_SECURITY_TOKEN),
createdTarget::getSecurityToken);
// retrieve security token only with ROLE_TARGET_ADMIN permission
final String securityTokenWithTargetAdminPermission = SecurityContextSwitch.getAs(

View File

@@ -108,8 +108,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
*/
@Test
@WithUser(tenantId = "mytenant", autoCreateTenant = false, allSpPermissions = true)
void getTenanatMetdata() throws Exception {
void getTenantMetdata() throws Exception {
// logged in tenant mytenant - check if tenant default data is
// autogenerated
assertThat(distributionSetTypeManagement.findAll(PAGE)).isEmpty();