Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -14,6 +14,8 @@ import java.lang.reflect.Modifier;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import lombok.AccessLevel;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
@@ -31,6 +33,7 @@ import org.springframework.security.core.GrantedAuthority;
|
||||
* etc.
|
||||
* </p>
|
||||
*/
|
||||
@NoArgsConstructor(access = AccessLevel.PRIVATE)
|
||||
@Slf4j
|
||||
public final class SpPermission {
|
||||
|
||||
@@ -93,6 +96,19 @@ public final class SpPermission {
|
||||
*/
|
||||
public static final String DOWNLOAD_REPOSITORY_ARTIFACT = "DOWNLOAD_REPOSITORY_ARTIFACT";
|
||||
|
||||
/**
|
||||
* Permission to read the tenant settings.
|
||||
*/
|
||||
public static final String READ_TENANT_CONFIGURATION = "READ_TENANT_CONFIGURATION";
|
||||
|
||||
/**
|
||||
* Permission to read the gateway security token. The gateway security token is security
|
||||
* concerned and should be protected. So in addition to {@linkplain #READ_TENANT_CONFIGURATION},
|
||||
* {@code READ_GATEWAY_SEC_TOKEN} is necessary to read gateway security token. {@link #TENANT_CONFIGURATION}
|
||||
* implies both permissions - so it is sufficient to read the gateway security token.
|
||||
*/
|
||||
public static final String READ_GATEWAY_SEC_TOKEN = "READ_GATEWAY_SECURITY_TOKEN";
|
||||
|
||||
/**
|
||||
* Permission to administrate the tenant settings.
|
||||
*/
|
||||
@@ -128,10 +144,6 @@ public final class SpPermission {
|
||||
*/
|
||||
public static final String APPROVE_ROLLOUT = "APPROVE_ROLLOUT";
|
||||
|
||||
private SpPermission() {
|
||||
// Constants only
|
||||
}
|
||||
|
||||
/**
|
||||
* Return all permission.
|
||||
* @return all permissions
|
||||
@@ -175,6 +187,7 @@ public final class SpPermission {
|
||||
* }
|
||||
* </p>
|
||||
*/
|
||||
@NoArgsConstructor(access = AccessLevel.PRIVATE)
|
||||
public static final class SpringEvalExpressions {
|
||||
/*
|
||||
* Spring security eval expressions.
|
||||
@@ -404,6 +417,14 @@ public final class SpPermission {
|
||||
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_DELETE = HAS_AUTH_PREFIX + DELETE_ROLLOUT
|
||||
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||
|
||||
/**
|
||||
* Spring security eval hasAuthority expression to check if spring
|
||||
* context contains {@link SpPermission#READ_TENANT_CONFIGURATION} or
|
||||
* {@link #IS_SYSTEM_CODE}.
|
||||
*/
|
||||
public static final String HAS_AUTH_TENANT_CONFIGURATION_READ = HAS_AUTH_PREFIX + READ_TENANT_CONFIGURATION
|
||||
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||
|
||||
/**
|
||||
* Spring security eval hasAuthority expression to check if spring
|
||||
* context contains {@link SpPermission#TENANT_CONFIGURATION} or
|
||||
@@ -414,14 +435,10 @@ public final class SpPermission {
|
||||
|
||||
/**
|
||||
* Spring security eval hasAuthority expression to check if spring
|
||||
* context contains {@link SpPermission#IS_CONTROLLER} or
|
||||
* context contains {@link #IS_CONTROLLER} or
|
||||
* {@link #HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET}.
|
||||
*/
|
||||
public static final String IS_CONTROLLER_OR_HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET =
|
||||
IS_CONTROLLER + HAS_AUTH_OR + HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET;
|
||||
|
||||
private SpringEvalExpressions() {
|
||||
// utility class
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -48,6 +48,10 @@ public final class SpRole {
|
||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.HANDLE_ROLLOUT + LINE_BREAK +
|
||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.APPROVE_ROLLOUT + LINE_BREAK;
|
||||
|
||||
public static final String TENANT_CONFIGURATION_HIERARCHY =
|
||||
SpPermission.TENANT_CONFIGURATION + IMPLIES + SpPermission.READ_TENANT_CONFIGURATION + LINE_BREAK +
|
||||
SpPermission.TENANT_CONFIGURATION + IMPLIES + SpPermission.READ_GATEWAY_SEC_TOKEN;
|
||||
|
||||
public static final String TENANT_ADMIN = "ROLE_TENANT_ADMIN";
|
||||
public static final String TENANT_ADMIN_HIERARCHY =
|
||||
TENANT_ADMIN + IMPLIES + TARGET_ADMIN + LINE_BREAK +
|
||||
@@ -61,6 +65,8 @@ public final class SpRole {
|
||||
public static String DEFAULT_ROLE_HIERARCHY =
|
||||
TARGET_ADMIN_HIERARCHY +
|
||||
REPOSITORY_ADMIN_HIERARCHY +
|
||||
ROLLOUT_ADMIN_HIERARCHY + TENANT_ADMIN_HIERARCHY +
|
||||
ROLLOUT_ADMIN_HIERARCHY +
|
||||
TENANT_CONFIGURATION_HIERARCHY +
|
||||
TENANT_ADMIN_HIERARCHY +
|
||||
SYSTEM_ADMIN_HIERARCHY;
|
||||
}
|
||||
@@ -34,7 +34,7 @@ public final class SpPermissionTest {
|
||||
@Test
|
||||
@Description("Verify the get permission function")
|
||||
public void testGetPermissions() {
|
||||
final int allPermission = 18;
|
||||
final int allPermission = 20;
|
||||
final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
|
||||
final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
|
||||
assertThat(allAuthorities).hasSize(allPermission);
|
||||
|
||||
Reference in New Issue
Block a user