Improve Permission Management (#2604)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -16,6 +16,7 @@ import jakarta.validation.Valid;
|
||||
import jakarta.validation.constraints.NotEmpty;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.artifact.model.DbArtifact;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.ArtifactDeleteFailedException;
|
||||
@@ -34,11 +35,15 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
/**
|
||||
* Service for {@link Artifact} management operations.
|
||||
*/
|
||||
public interface ArtifactManagement {
|
||||
public interface ArtifactManagement extends PermissionSupport {
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.SOFTWARE_MODULE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the total amount of local artifacts stored in the artifact
|
||||
* management
|
||||
* @return the total amount of local artifacts stored in the artifact management
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long count();
|
||||
@@ -75,8 +80,7 @@ public interface ArtifactManagement {
|
||||
* @param id to search for
|
||||
* @return found {@link Artifact}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
Optional<Artifact> get(long id);
|
||||
|
||||
/**
|
||||
@@ -87,8 +91,7 @@ public interface ArtifactManagement {
|
||||
* @return found {@link Artifact}
|
||||
* @throws EntityNotFoundException if software module with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
Optional<Artifact> getByFilenameAndSoftwareModule(@NotNull String filename, long softwareModuleId);
|
||||
|
||||
/**
|
||||
@@ -97,8 +100,7 @@ public interface ArtifactManagement {
|
||||
* @param sha1 the sha1
|
||||
* @return the first local artifact
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
Optional<Artifact> findFirstBySHA1(@NotNull String sha1);
|
||||
|
||||
/**
|
||||
@@ -107,8 +109,7 @@ public interface ArtifactManagement {
|
||||
* @param filename to search for
|
||||
* @return found List of {@link Artifact}s.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
Optional<Artifact> getByFilename(@NotNull String filename);
|
||||
|
||||
/**
|
||||
@@ -140,9 +141,7 @@ public interface ArtifactManagement {
|
||||
* @param isEncrypted flag to indicate if artifact is encrypted.
|
||||
* @return loaded {@link DbArtifact}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_DOWNLOAD_ARTIFACT + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
Optional<DbArtifact> loadArtifactBinary(@NotEmpty String sha1Hash, long softwareModuleId,
|
||||
final boolean isEncrypted);
|
||||
|
||||
}
|
||||
}
|
||||
@@ -15,6 +15,7 @@ import java.util.Optional;
|
||||
|
||||
import jakarta.validation.constraints.NotEmpty;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.AutoConfirmationStatus;
|
||||
@@ -24,10 +25,17 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
/**
|
||||
* Service layer for all confirmation related operations.
|
||||
*/
|
||||
public interface ConfirmationManagement {
|
||||
public interface ConfirmationManagement extends PermissionSupport {
|
||||
|
||||
String HAS_UPDATE_TARGET_OR_IS_CONTROLLER = SpringEvalExpressions.HAS_UPDATE_REPOSITORY + " or " + SpringEvalExpressions.IS_CONTROLLER;
|
||||
|
||||
String CONFIRMATION_CODE_MSG_PREFIX = "Confirmation status code: %d";
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.TARGET;
|
||||
}
|
||||
|
||||
/**
|
||||
* Activate auto confirmation for a given controller ID. In case auto confirmation is active already, this method will fail with an exception.
|
||||
*
|
||||
@@ -36,7 +44,7 @@ public interface ConfirmationManagement {
|
||||
* @param remark optional field to set a remark
|
||||
* @return the persisted {@link AutoConfirmationStatus}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER_OR_HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_OR_IS_CONTROLLER)
|
||||
AutoConfirmationStatus activateAutoConfirmation(@NotEmpty String controllerId, final String initiator, final String remark);
|
||||
|
||||
/**
|
||||
@@ -46,7 +54,7 @@ public interface ConfirmationManagement {
|
||||
* @param code optional value to specify a code for the created action status
|
||||
* @param messages optional value to specify message for the created action status
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER_OR_HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_OR_IS_CONTROLLER)
|
||||
Action confirmAction(long actionId, Integer code, Collection<String> messages);
|
||||
|
||||
/**
|
||||
@@ -56,7 +64,7 @@ public interface ConfirmationManagement {
|
||||
* @param code optional value to specify a code for the created action status
|
||||
* @param messages optional value to specify message for the created action status
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER_OR_HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_OR_IS_CONTROLLER)
|
||||
Action denyAction(long actionId, Integer code, Collection<String> messages);
|
||||
|
||||
/**
|
||||
@@ -64,7 +72,7 @@ public interface ConfirmationManagement {
|
||||
*
|
||||
* @param controllerId to disable auto confirmation for
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER_OR_HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_OR_IS_CONTROLLER)
|
||||
void deactivateAutoConfirmation(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -73,8 +81,7 @@ public interface ConfirmationManagement {
|
||||
* @param controllerId to check the state for
|
||||
* @return instance of {@link AutoConfirmationStatus} wrapped in an {@link Optional}. Present if active and empty if disabled.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + SpringEvalExpressions.HAS_AUTH_OR +
|
||||
SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
Optional<AutoConfirmationStatus> getStatus(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -83,6 +90,6 @@ public interface ConfirmationManagement {
|
||||
* @param controllerId of the target to check
|
||||
* @return a list of {@link Action}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
List<Action> findActiveActionsWaitingConfirmation(@NotEmpty String controllerId);
|
||||
}
|
||||
@@ -267,7 +267,7 @@ public interface ControllerManagement {
|
||||
* @return {@link Target} or {@code null} if it does not exist
|
||||
* @see Target#getControllerId()
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + SpringEvalExpressions.HAS_AUTH_OR + SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + " or " + SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
Optional<Target> getByControllerId(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -279,7 +279,7 @@ public interface ControllerManagement {
|
||||
* @return {@link Target} or {@code null} if it does not exist
|
||||
* @see Target#getId()
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + SpringEvalExpressions.HAS_AUTH_OR + SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + " or " + SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
Optional<Target> get(long targetId);
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,6 +19,7 @@ import jakarta.validation.Valid;
|
||||
import jakarta.validation.constraints.NotEmpty;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.event.remote.TargetAssignDistributionSetEvent;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
@@ -48,7 +49,15 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
/**
|
||||
* A DeploymentManagement service provides operations for the deployment of {@link DistributionSet}s to {@link Target}s.
|
||||
*/
|
||||
public interface DeploymentManagement {
|
||||
public interface DeploymentManagement extends PermissionSupport {
|
||||
|
||||
String HAS_UPDATE_TARGET_AND_READ_DISTRIBUTION_SET =
|
||||
SpringEvalExpressions.HAS_UPDATE_REPOSITORY + " and hasAuthority('READ_" + SpPermission.DISTRIBUTION_SET + "')";
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.TARGET;
|
||||
}
|
||||
|
||||
/**
|
||||
* build a {@link DeploymentRequest} for a target distribution set assignment
|
||||
@@ -74,7 +83,7 @@ public interface DeploymentManagement {
|
||||
* @throws MultiAssignmentIsNotEnabledException if the request results in multiple assignments to the same
|
||||
* target and multi-assignment is disabled
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
List<DistributionSetAssignmentResult> assignDistributionSets(@Valid @NotEmpty List<DeploymentRequest> deploymentRequests);
|
||||
|
||||
/**
|
||||
@@ -92,7 +101,7 @@ public interface DeploymentManagement {
|
||||
* @throws MultiAssignmentIsNotEnabledException if the request results in multiple assignments to the same
|
||||
* target and multi-assignment is disabled
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
List<DistributionSetAssignmentResult> assignDistributionSets(
|
||||
String initiatedBy, @Valid @NotEmpty List<DeploymentRequest> deploymentRequests, String actionMessage);
|
||||
|
||||
@@ -118,10 +127,10 @@ public interface DeploymentManagement {
|
||||
* @throws MultiAssignmentIsNotEnabledException if the request results in multiple assignments to the same
|
||||
* target and multi-assignment is disabled
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
List<DistributionSetAssignmentResult> offlineAssignedDistributionSets(String initiatedBy, Collection<Entry<String, Long>> assignments);
|
||||
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
List<DistributionSetAssignmentResult> offlineAssignedDistributionSets(Collection<Entry<String, Long>> assignments);
|
||||
|
||||
/**
|
||||
@@ -133,7 +142,7 @@ public interface DeploymentManagement {
|
||||
* @throws CancelActionNotAllowedException in case the given action is not active or is already a cancel action
|
||||
* @throws EntityNotFoundException if action with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
Action cancelAction(long actionId);
|
||||
|
||||
/**
|
||||
@@ -147,7 +156,7 @@ public interface DeploymentManagement {
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countActionsByTarget(@NotNull String rsql, @NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -156,7 +165,7 @@ public interface DeploymentManagement {
|
||||
*
|
||||
* @return the total amount of stored actions
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countActionsAll();
|
||||
|
||||
/**
|
||||
@@ -166,7 +175,7 @@ public interface DeploymentManagement {
|
||||
* @param rsql RSQL query.
|
||||
* @return the total number of actions matching the given RSQL query.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countActions(@NotNull String rsql);
|
||||
|
||||
/**
|
||||
@@ -176,7 +185,7 @@ public interface DeploymentManagement {
|
||||
* @return the count value of found actions associated to the target
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countActionsByTarget(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -185,7 +194,7 @@ public interface DeploymentManagement {
|
||||
* @param actionId to be id of the action
|
||||
* @return the corresponding {@link Action}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<Action> findAction(long actionId);
|
||||
|
||||
/**
|
||||
@@ -196,7 +205,7 @@ public interface DeploymentManagement {
|
||||
* @param pageable pagination parameter
|
||||
* @return a paged list of {@link Action}s
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Slice<Action> findActionsAll(@NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -207,7 +216,7 @@ public interface DeploymentManagement {
|
||||
* @param pageable the page request parameter for paging and sorting the result
|
||||
* @return a paged list of {@link Action}s.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Slice<Action> findActions(@NotNull String rsql, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -221,7 +230,7 @@ public interface DeploymentManagement {
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Slice<Action> findActionsByTarget(@NotNull String rsql, @NotEmpty String controllerId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -231,7 +240,7 @@ public interface DeploymentManagement {
|
||||
* @param pageable the pageable request to limit, sort the actions
|
||||
* @return a slice of actions found for a specific target
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Slice<Action> findActionsByTarget(@NotEmpty String controllerId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -242,7 +251,7 @@ public interface DeploymentManagement {
|
||||
* @return the corresponding {@link Page} of {@link ActionStatus}
|
||||
* @throws EntityNotFoundException if action with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<ActionStatus> findActionStatusByAction(long actionId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -252,7 +261,7 @@ public interface DeploymentManagement {
|
||||
* @return count of {@link ActionStatus} entries
|
||||
* @throws EntityNotFoundException if action with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countActionStatusByAction(long actionId);
|
||||
|
||||
/**
|
||||
@@ -263,7 +272,7 @@ public interface DeploymentManagement {
|
||||
* @param pageable the page request parameter for paging and sorting the result
|
||||
* @return a page of messages by a specific {@link ActionStatus} id
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<String> findMessagesByActionStatusId(long actionStatusId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -272,7 +281,7 @@ public interface DeploymentManagement {
|
||||
* @param actionId to be id of the action
|
||||
* @return the corresponding {@link Action}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<Action> findActionWithDetails(long actionId);
|
||||
|
||||
/**
|
||||
@@ -283,7 +292,7 @@ public interface DeploymentManagement {
|
||||
* @return a list of actions associated with the given target
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<Action> findActiveActionsByTarget(@NotEmpty String controllerId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -294,7 +303,7 @@ public interface DeploymentManagement {
|
||||
* @return a list of actions associated with the given target
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<Action> findInActiveActionsByTarget(@NotEmpty String controllerId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -304,7 +313,7 @@ public interface DeploymentManagement {
|
||||
* @param maxActionCount max size of returned list
|
||||
* @return the action
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
List<Action> findActiveActionsWithHighestWeight(@NotEmpty String controllerId, int maxActionCount);
|
||||
|
||||
/**
|
||||
@@ -324,7 +333,7 @@ public interface DeploymentManagement {
|
||||
* @throws CancelActionNotAllowedException in case the given action is not active
|
||||
* @throws EntityNotFoundException if action with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
Action forceQuitAction(long actionId);
|
||||
|
||||
/**
|
||||
@@ -334,7 +343,7 @@ public interface DeploymentManagement {
|
||||
* @return the updated or the found {@link Action}
|
||||
* @throws EntityNotFoundException if action with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
Action forceTargetAction(long actionId);
|
||||
|
||||
/**
|
||||
@@ -342,7 +351,7 @@ public interface DeploymentManagement {
|
||||
*
|
||||
* @param targetIds ids of the {@link Target}s the actions belong to
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
void cancelInactiveScheduledActionsForTargets(List<Long> targetIds);
|
||||
|
||||
/**
|
||||
@@ -353,7 +362,7 @@ public interface DeploymentManagement {
|
||||
* @param distributionSetId to assign
|
||||
* @param rolloutGroupParentId the parent rollout group the actions should reference. null references the first group
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
void startScheduledActionsByRolloutGroupParent(long rolloutId, long distributionSetId, Long rolloutGroupParentId);
|
||||
|
||||
/**
|
||||
@@ -361,7 +370,7 @@ public interface DeploymentManagement {
|
||||
*
|
||||
* @param rolloutGroupActions rollouts group actions part of a same group
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
void startScheduledActions(final List<Action> rolloutGroupActions);
|
||||
|
||||
/**
|
||||
@@ -371,7 +380,7 @@ public interface DeploymentManagement {
|
||||
* @return assigned {@link DistributionSet}
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<DistributionSet> getAssignedDistributionSet(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -381,7 +390,7 @@ public interface DeploymentManagement {
|
||||
* @return installed {@link DistributionSet}
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<DistributionSet> getInstalledDistributionSet(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -402,7 +411,7 @@ public interface DeploymentManagement {
|
||||
* @param targetId of target
|
||||
* @return if actions in CANCELING state are present
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
boolean hasPendingCancellations(@NotNull Long targetId);
|
||||
|
||||
/**
|
||||
@@ -411,6 +420,6 @@ public interface DeploymentManagement {
|
||||
* @param cancelationType defines if a force or soft cancel is executed
|
||||
* @param set the distribution set for that the actions should be canceled
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
void cancelActionsForDistributionSet(final CancelationType cancelationType, final DistributionSet set);
|
||||
}
|
||||
@@ -27,6 +27,7 @@ import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityReadOnlyException;
|
||||
@@ -56,7 +57,7 @@ public interface DistributionSetManagement<T extends DistributionSet>
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return "DISTRIBUTION_SET";
|
||||
return SpPermission.DISTRIBUTION_SET;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,6 +19,7 @@ import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
@@ -37,6 +38,11 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
public interface DistributionSetTagManagement<T extends DistributionSetTag>
|
||||
extends RepositoryManagement<T, DistributionSetTagManagement.Create, DistributionSetTagManagement.Update> {
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.DISTRIBUTION_SET;
|
||||
}
|
||||
|
||||
@SuperBuilder
|
||||
@Getter
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
|
||||
@@ -21,6 +21,7 @@ import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
@@ -38,6 +39,11 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
public interface DistributionSetTypeManagement<T extends DistributionSetType>
|
||||
extends RepositoryManagement<T, DistributionSetTypeManagement.Create, DistributionSetTypeManagement.Update> {
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.DISTRIBUTION_SET;
|
||||
}
|
||||
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<T> findByKey(@NotEmpty String key);
|
||||
|
||||
|
||||
@@ -49,6 +49,6 @@ public interface RolloutExecutor {
|
||||
* change {@link RolloutStatus#DELETED} or hard delete from the persistence
|
||||
* otherwise.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
|
||||
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
void execute(Rollout rollout);
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import java.util.Optional;
|
||||
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
import org.eclipse.hawkbit.repository.exception.RSQLParameterSyntaxException;
|
||||
@@ -27,7 +28,14 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
/**
|
||||
* Repository management service for RolloutGroup.
|
||||
*/
|
||||
public interface RolloutGroupManagement {
|
||||
public interface RolloutGroupManagement extends PermissionSupport {
|
||||
|
||||
String HAS_READ_ROLLOUT_AND_READ_TARGET = SpringEvalExpressions.HAS_READ_REPOSITORY + " and hasAuthority('READ_" + SpPermission.TARGET + "')";
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.ROLLOUT;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves a page of {@link RolloutGroup}s filtered by a given {@link Rollout} with the detailed status.
|
||||
@@ -37,7 +45,7 @@ public interface RolloutGroupManagement {
|
||||
* @return a page of found {@link RolloutGroup}s
|
||||
* @throws EntityNotFoundException of rollout with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<RolloutGroup> findByRolloutWithDetailedStatus(long rolloutId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -46,7 +54,7 @@ public interface RolloutGroupManagement {
|
||||
* @param rolloutGroupId the ID of the rollout group to find
|
||||
* @return the found {@link RolloutGroup} by its ID or {@code null} if it does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<RolloutGroup> get(long rolloutGroupId);
|
||||
|
||||
/**
|
||||
@@ -60,7 +68,7 @@ public interface RolloutGroupManagement {
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<RolloutGroup> findByRolloutAndRsql(long rolloutId, @NotNull String rsql, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -74,7 +82,7 @@ public interface RolloutGroupManagement {
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<RolloutGroup> findByRolloutAndRsqlWithDetailedStatus(long rolloutId, @NotNull String rsql, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -84,7 +92,7 @@ public interface RolloutGroupManagement {
|
||||
* @param pageable the page request to sort and limit the result
|
||||
* @return a page of found {@link RolloutGroup}s
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<RolloutGroup> findByRollout(long rolloutId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -93,7 +101,7 @@ public interface RolloutGroupManagement {
|
||||
* @param rolloutId the ID of the rollout to filter the {@link RolloutGroup}s
|
||||
* @return a page of found {@link RolloutGroup}s
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countByRollout(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -104,7 +112,7 @@ public interface RolloutGroupManagement {
|
||||
* @return Page<Target> list of targets of a rollout group
|
||||
* @throws EntityNotFoundException if group with ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_ROLLOUT_AND_READ_TARGET)
|
||||
Page<Target> findTargetsOfRolloutGroup(long rolloutGroupId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -118,7 +126,7 @@ public interface RolloutGroupManagement {
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_ROLLOUT_AND_READ_TARGET)
|
||||
Page<Target> findTargetsOfRolloutGroupByRsql(long rolloutGroupId, @NotNull String rsql, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -127,7 +135,7 @@ public interface RolloutGroupManagement {
|
||||
* @param rolloutGroupId rollout group id
|
||||
* @return rolloutGroup with details of targets count for different statuses
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<RolloutGroup> getWithDetailedStatus(long rolloutGroupId);
|
||||
|
||||
/**
|
||||
@@ -137,6 +145,6 @@ public interface RolloutGroupManagement {
|
||||
* @return the target rollout group count
|
||||
* @throws EntityNotFoundException if rollout group with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countTargetsOfRolloutsGroup(long rolloutGroupId);
|
||||
}
|
||||
@@ -28,6 +28,7 @@ import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.Accessors;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
@@ -53,14 +54,22 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
* RolloutManagement to control rollouts e.g. like creating, starting, resuming and pausing rollouts. This service secures all the
|
||||
* functionality based on the {@link PreAuthorize} annotation on methods.
|
||||
*/
|
||||
public interface RolloutManagement {
|
||||
public interface RolloutManagement extends PermissionSupport {
|
||||
|
||||
String HAS_ROLLOUT_APPROVE = "hasPermission(#root, 'APPROVE')";
|
||||
String HAS_ROLLOUT_HANDLE = "hasPermission(#root, 'HANDLE')";
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.ROLLOUT;
|
||||
}
|
||||
|
||||
/**
|
||||
* Counts all {@link Rollout}s in the repository that are not marked as deleted.
|
||||
*
|
||||
* @return number of rollouts
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long count();
|
||||
|
||||
/**
|
||||
@@ -72,7 +81,7 @@ public interface RolloutManagement {
|
||||
* @param setId the distribution set
|
||||
* @return the count
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countByDistributionSetIdAndRolloutIsStoppable(long setId);
|
||||
|
||||
/**
|
||||
@@ -102,7 +111,7 @@ public interface RolloutManagement {
|
||||
* @throws AssignmentQuotaExceededException if the maximum number of allowed targets per rollout group is
|
||||
* exceeded.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_CREATE_REPOSITORY)
|
||||
Rollout create(
|
||||
@NotNull @Valid Create create, int amountGroup, boolean confirmationRequired,
|
||||
@NotNull RolloutGroupConditions conditions, DynamicRolloutGroupTemplate dynamicRolloutGroupTemplate);
|
||||
@@ -133,7 +142,7 @@ public interface RolloutManagement {
|
||||
* @throws AssignmentQuotaExceededException if the maximum number of allowed targets per rollout group is
|
||||
* exceeded.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_CREATE_REPOSITORY)
|
||||
Rollout create(@NotNull @Valid Create create, int amountGroup, boolean confirmationRequired,
|
||||
@NotNull RolloutGroupConditions conditions);
|
||||
|
||||
@@ -164,7 +173,7 @@ public interface RolloutManagement {
|
||||
* @throws AssignmentQuotaExceededException if the maximum number of allowed targets per rollout group is
|
||||
* exceeded.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_CREATE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_CREATE_REPOSITORY)
|
||||
Rollout create(@Valid @NotNull Create rollout, @NotNull @Valid List<GroupCreate> groups, RolloutGroupConditions conditions);
|
||||
|
||||
/**
|
||||
@@ -174,7 +183,7 @@ public interface RolloutManagement {
|
||||
* @param pageable the page request to sort and limit the result
|
||||
* @return a page of found rollouts
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<Rollout> findAll(boolean deleted, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -185,7 +194,7 @@ public interface RolloutManagement {
|
||||
* @return a list of rollouts with details of targets count for different
|
||||
* statuses
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<Rollout> findAllWithDetailedStatus(boolean deleted, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -199,7 +208,7 @@ public interface RolloutManagement {
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<Rollout> findByRsql(@NotNull String rsql, boolean deleted, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -210,7 +219,7 @@ public interface RolloutManagement {
|
||||
* @param pageable the page request to sort and limit the result
|
||||
* @return the founded rollout or {@code null} if rollout with given ID does not exists
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<Rollout> findByRsqlWithDetailedStatus(@NotEmpty String rsql, boolean deleted, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -218,7 +227,7 @@ public interface RolloutManagement {
|
||||
*
|
||||
* @return a list of active rollouts
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
List<Long> findActiveRollouts();
|
||||
|
||||
/**
|
||||
@@ -228,7 +237,7 @@ public interface RolloutManagement {
|
||||
* @return the founded rollout or {@code null} if rollout with given ID does
|
||||
* not exists
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<Rollout> get(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -238,7 +247,7 @@ public interface RolloutManagement {
|
||||
* @return the founded rollout or {@code null} if rollout with given name
|
||||
* does not exists
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<Rollout> getByName(@NotEmpty String rolloutName);
|
||||
|
||||
/**
|
||||
@@ -247,7 +256,7 @@ public interface RolloutManagement {
|
||||
* @param rolloutId rollout id
|
||||
* @return rollout details of targets count for different statuses
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Optional<Rollout> getWithDetailedStatus(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -272,7 +281,7 @@ public interface RolloutManagement {
|
||||
* @throws EntityNotFoundException if rollout or group with given ID does not exist
|
||||
* @throws RolloutIllegalStateException if given rollout is not in {@link RolloutStatus#RUNNING}. Only running rollouts can be paused.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
|
||||
@PreAuthorize(HAS_ROLLOUT_HANDLE)
|
||||
void pauseRollout(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -282,7 +291,7 @@ public interface RolloutManagement {
|
||||
* @throws EntityNotFoundException if rollout with given ID does not exist
|
||||
* @throws RolloutIllegalStateException if given rollout is not in {@link RolloutStatus#PAUSED}. Only paused rollouts can be resumed.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
|
||||
@PreAuthorize(HAS_ROLLOUT_HANDLE)
|
||||
void resumeRollout(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -296,7 +305,7 @@ public interface RolloutManagement {
|
||||
* @throws RolloutIllegalStateException if given rollout is not in {@link RolloutStatus#WAITING_FOR_APPROVAL}. Only rollouts
|
||||
* waiting for approval can be acted upon.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_APPROVE)
|
||||
@PreAuthorize(HAS_ROLLOUT_APPROVE)
|
||||
Rollout approveOrDeny(long rolloutId, Rollout.ApprovalDecision decision);
|
||||
|
||||
/**
|
||||
@@ -314,7 +323,7 @@ public interface RolloutManagement {
|
||||
* {@link RolloutStatus#WAITING_FOR_APPROVAL}. Only rollouts
|
||||
* waiting for approveOrDeny can be acted upon.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_APPROVE)
|
||||
@PreAuthorize(HAS_ROLLOUT_APPROVE)
|
||||
Rollout approveOrDeny(long rolloutId, Rollout.ApprovalDecision decision, String remark);
|
||||
|
||||
/**
|
||||
@@ -330,7 +339,7 @@ public interface RolloutManagement {
|
||||
* @throws RolloutIllegalStateException if given rollout is not in {@link RolloutStatus#READY}. Only
|
||||
* ready rollouts can be started.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_HANDLE)
|
||||
@PreAuthorize(HAS_ROLLOUT_HANDLE)
|
||||
Rollout start(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -342,7 +351,7 @@ public interface RolloutManagement {
|
||||
* @throws EntityReadOnlyException if rollout is in soft deleted state, i.e. only kept as
|
||||
* reference
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_UPDATE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
Rollout update(@NotNull @Valid Update update);
|
||||
|
||||
/**
|
||||
@@ -351,7 +360,7 @@ public interface RolloutManagement {
|
||||
*
|
||||
* @param rolloutId the ID of the rollout to be deleted
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_DELETE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_DELETE_REPOSITORY)
|
||||
void delete(long rolloutId);
|
||||
|
||||
/**
|
||||
@@ -362,7 +371,7 @@ public interface RolloutManagement {
|
||||
* @param set the {@link DistributionSet} for that the rollouts should be
|
||||
* canceled
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_UPDATE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
void cancelRolloutsForDistributionSet(DistributionSet set);
|
||||
|
||||
/**
|
||||
@@ -373,7 +382,7 @@ public interface RolloutManagement {
|
||||
* @throws EntityNotFoundException if rollout or group with given ID does not exist
|
||||
* @throws RolloutIllegalStateException if given rollout is not in {@link RolloutStatus#RUNNING}.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_UPDATE)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
void triggerNextGroup(long rolloutId);
|
||||
|
||||
@SuperBuilder
|
||||
|
||||
@@ -23,6 +23,7 @@ import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
|
||||
@@ -46,7 +47,7 @@ public interface SoftwareModuleManagement<T extends SoftwareModule>
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return "SOFTWARE_MODULE";
|
||||
return SpPermission.SOFTWARE_MODULE;
|
||||
}
|
||||
|
||||
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
|
||||
@@ -20,6 +20,7 @@ import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.model.NamedEntity;
|
||||
import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
|
||||
@@ -32,6 +33,11 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
public interface SoftwareModuleTypeManagement<T extends SoftwareModuleType>
|
||||
extends RepositoryManagement<T, SoftwareModuleTypeManagement.Create, SoftwareModuleTypeManagement.Update> {
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.SOFTWARE_MODULE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param key to search for
|
||||
* @return {@link SoftwareModuleType} in the repository with given {@link SoftwareModuleType#getKey()}
|
||||
|
||||
@@ -13,6 +13,7 @@ import java.util.function.Consumer;
|
||||
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetType;
|
||||
import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
|
||||
@@ -29,7 +30,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
*/
|
||||
public interface SystemManagement {
|
||||
|
||||
|
||||
/**
|
||||
* Deletes all data related to a given tenant.
|
||||
*
|
||||
@@ -76,18 +76,18 @@ public interface SystemManagement {
|
||||
/**
|
||||
* @return {@link TenantMetaData} of {@link TenantAware#getCurrentTenant()}
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION_READ + SpringEvalExpressions.HAS_AUTH_OR
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_REPOSITORY + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TARGET + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TENANT_CONFIGURATION + "')" + " or "
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
TenantMetaData getTenantMetadata();
|
||||
|
||||
/**
|
||||
* @return {@link TenantMetaData} of {@link TenantAware#getCurrentTenant()} without details ({@link TenantMetaData#getDefaultDsType()})
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION_READ + SpringEvalExpressions.HAS_AUTH_OR
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_REPOSITORY + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TARGET + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TENANT_CONFIGURATION + "')" + " or "
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
TenantMetaData getTenantMetadataWithoutDetails();
|
||||
|
||||
@@ -113,7 +113,7 @@ public interface SystemManagement {
|
||||
* @param defaultDsType to update
|
||||
* @return updated {@link TenantMetaData} entity
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||
@PreAuthorize("hasAuthority('UPDATE_" + SpPermission.TENANT_CONFIGURATION + "')")
|
||||
TenantMetaData updateTenantMetadata(long defaultDsType);
|
||||
|
||||
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
|
||||
@@ -22,6 +22,7 @@ import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.Accessors;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
@@ -48,7 +49,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return "TARGET";
|
||||
return SpPermission.TARGET;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -60,7 +61,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
boolean verifyTargetFilterQuerySyntax(@NotNull String query);
|
||||
|
||||
/**
|
||||
@@ -72,7 +73,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
* @param autoAssignDistributionSetId the id of the distribution set
|
||||
* @return the count
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
long countByAutoAssignDistributionSetId(long autoAssignDistributionSetId);
|
||||
|
||||
/**
|
||||
@@ -84,7 +85,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
* @return the page with the found {@link TargetFilterQuery}s
|
||||
* @throws EntityNotFoundException if DS with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Page<TargetFilterQuery> findByAutoAssignDSAndRsql(long setId, String rsql, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -93,7 +94,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
* @param pageable pagination information
|
||||
* @return the page with the found {@link TargetFilterQuery}s
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
Slice<TargetFilterQuery> findWithAutoAssignDS(@NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -112,7 +113,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
* @throws InvalidDistributionSetException if the provided auto-assign {@link DistributionSet} is
|
||||
* invalidated
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
TargetFilterQuery updateAutoAssignDS(@NotNull @Valid AutoAssignDistributionSetUpdate autoAssignDistributionSetUpdate);
|
||||
|
||||
/**
|
||||
@@ -121,7 +122,7 @@ public interface TargetFilterQueryManagement<T extends TargetFilterQuery>
|
||||
* @param setId the {@link DistributionSet} to be removed from auto
|
||||
* assignments.
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
void cancelAutoAssignmentForDistributionSet(long setId);
|
||||
|
||||
@SuperBuilder
|
||||
|
||||
@@ -9,16 +9,9 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository;
|
||||
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.BRACKET_CLOSE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.BRACKET_OPEN;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_AND;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_DELETE_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_PREFIX;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_READ_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_SUFFIX;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_DELETE_REPOSITORY;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_READ_REPOSITORY;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_UPDATE_REPOSITORY;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
@@ -64,19 +57,16 @@ import org.springframework.util.ObjectUtils;
|
||||
public interface TargetManagement<T extends Target>
|
||||
extends RepositoryManagement<T, TargetManagement.Create, TargetManagement.Update> {
|
||||
|
||||
String HAS_READ_TARGET_AND_READ_ROLLOUT = HAS_READ_REPOSITORY + " and hasAuthority('READ_" + SpPermission.ROLLOUT + "')";
|
||||
String HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET = HAS_READ_REPOSITORY + " and hasAuthority('READ_" + SpPermission.DISTRIBUTION_SET + "')";
|
||||
|
||||
String DETAILS_BASE = "base";
|
||||
String DETAILS_AUTO_CONFIRMATION_STATUS = "autoConfirmationStatus";
|
||||
String DETAILS_TAGS = "tags";
|
||||
|
||||
String HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET = BRACKET_OPEN +
|
||||
HAS_AUTH_PREFIX + SpPermission.READ_DISTRIBUTION_SET + HAS_AUTH_SUFFIX +
|
||||
HAS_AUTH_AND +
|
||||
HAS_AUTH_PREFIX + SpPermission.READ_TARGET + HAS_AUTH_SUFFIX +
|
||||
BRACKET_CLOSE;
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return "TARGET";
|
||||
return SpPermission.TARGET;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -86,7 +76,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return controller attributes as key/value pairs
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Map<String, String> getControllerAttributes(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -98,7 +88,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param targetFilterQuery to execute
|
||||
* @return true if it matches
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
boolean isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatable(
|
||||
@NotNull String controllerId, long distributionSetId, @NotNull String targetFilterQuery);
|
||||
|
||||
@@ -108,7 +98,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param controllerIDs to look for.
|
||||
* @return List of found{@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
List<Target> getByControllerId(@NotEmpty Collection<String> controllerIDs);
|
||||
|
||||
/**
|
||||
@@ -118,15 +108,15 @@ public interface TargetManagement<T extends Target>
|
||||
* @param detailsKey the key of the details to include, e.g. {@link #DETAILS_AUTO_CONFIRMATION_STATUS}
|
||||
* @return {@link Target}
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Target getWithDetails(@NotEmpty String controllerId, String detailsKey);
|
||||
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
default Target getWithDetails(@NotEmpty String controllerId) {
|
||||
return getWithDetails(controllerId, DETAILS_BASE);
|
||||
}
|
||||
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
default Target getWithAutoConfigurationStatus(@NotEmpty String controllerId) {
|
||||
return getWithDetails(controllerId, DETAILS_AUTO_CONFIRMATION_STATUS);
|
||||
}
|
||||
@@ -141,7 +131,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return a page of the found {@link Target}s
|
||||
* @throws EntityNotFoundException if distribution set with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
Slice<Target> findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(
|
||||
long distributionSetId, @NotNull String rsql, @NotNull Pageable pageable);
|
||||
|
||||
@@ -155,7 +145,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param pageable the pageable to enhance the query for paging and sorting
|
||||
* @return a page of the found {@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_ROLLOUT)
|
||||
Slice<Target> findByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(
|
||||
@NotEmpty Collection<Long> groups, @NotNull String rsql, @NotNull DistributionSetType distributionSetType,
|
||||
@NotNull Pageable pageable);
|
||||
@@ -169,11 +159,11 @@ public interface TargetManagement<T extends Target>
|
||||
* @param pageable the pageable to enhance the query for paging and sorting
|
||||
* @return a page of the found {@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_ROLLOUT)
|
||||
Slice<Target> findByFailedRolloutAndNotInRolloutGroups(
|
||||
@NotNull String rolloutId, @NotEmpty Collection<Long> groups, @NotNull Pageable pageable);
|
||||
|
||||
@PreAuthorize(HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_ROLLOUT)
|
||||
Slice<Target> findByRsqlAndNoOverridingActionsAndNotInRolloutAndCompatibleAndUpdatable(
|
||||
final long rolloutId, @NotNull String rsql, @NotNull DistributionSetType distributionSetType, @NotNull Pageable pageable);
|
||||
|
||||
@@ -185,7 +175,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return the found {@link Target}s
|
||||
* @throws EntityNotFoundException if rollout group with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Slice<Target> findByInRolloutGroupWithoutAction(long group, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -196,7 +186,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return the found {@link Target}s
|
||||
* @throws EntityNotFoundException if distribution set with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
Page<Target> findByAssignedDistributionSet(long distributionSetId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -211,7 +201,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
* @throws EntityNotFoundException if distribution set with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
Page<Target> findByAssignedDistributionSetAndRsql(long distributionSetId, @NotNull String rsql, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -223,7 +213,7 @@ public interface TargetManagement<T extends Target>
|
||||
* compatible with
|
||||
* @return the found number of{@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
long countByRsqlAndCompatible(@NotEmpty String rsql, @NotNull Long distributionSetIdTypeId);
|
||||
|
||||
/**
|
||||
@@ -234,7 +224,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param dsTypeId ID of the {@link DistributionSetType} the targets need to be compatible with
|
||||
* @return the found number of{@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
long countByFailedInRollout(@NotEmpty String rolloutId, @NotNull Long dsTypeId);
|
||||
|
||||
/**
|
||||
@@ -246,7 +236,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return the count of found {@link Target}s
|
||||
* @throws EntityNotFoundException if distribution set with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
long countByRsqlAndNonDsAndCompatibleAndUpdatable(long distributionSetId, @NotNull String rsql);
|
||||
|
||||
/**
|
||||
@@ -258,7 +248,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param distributionSetType type of the {@link DistributionSet} the targets must be compatible with
|
||||
* @return count of the found {@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_ROLLOUT)
|
||||
long countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(
|
||||
@NotNull String rsql, @NotEmpty Collection<Long> groups, @NotNull DistributionSetType distributionSetType);
|
||||
|
||||
@@ -270,10 +260,10 @@ public interface TargetManagement<T extends Target>
|
||||
* @param groups the list of {@link RolloutGroup}s
|
||||
* @return count of the found {@link Target}s
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_ROLLOUT)
|
||||
long countByFailedRolloutAndNotInRolloutGroups(@NotNull String rolloutId, @NotEmpty Collection<Long> groups);
|
||||
|
||||
@PreAuthorize(HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_ROLLOUT)
|
||||
long countByActionsInRolloutGroup(final long rolloutGroupId);
|
||||
|
||||
/**
|
||||
@@ -282,7 +272,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param controllerId to look for.
|
||||
* @return {@link Target}
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Optional<Target> getByControllerId(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -293,7 +283,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return the found {@link Target}s
|
||||
* @throws EntityNotFoundException if distribution set with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
Page<Target> findByInstalledDistributionSet(long distributionSetId, @NotNull Pageable pageReq);
|
||||
|
||||
/**
|
||||
@@ -309,7 +299,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
* @throws EntityNotFoundException if distribution set with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_TARGET_AND_READ_DISTRIBUTION_SET)
|
||||
Page<Target> findByInstalledDistributionSetAndRsql(long distributionSetId, @NotNull String rsql, @NotNull Pageable pageReq);
|
||||
|
||||
/**
|
||||
@@ -320,7 +310,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return list of matching targets
|
||||
* @throws EntityNotFoundException if target tag with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Page<Target> findByTag(long tagId, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -335,7 +325,7 @@ public interface TargetManagement<T extends Target>
|
||||
* given {@code fieldNameProvider}
|
||||
* @throws RSQLParameterSyntaxException if the RSQL syntax is wrong
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Page<Target> findByRsqlAndTag(@NotNull String rsql, long tagId, @NotNull Pageable pageable);
|
||||
|
||||
|
||||
@@ -345,7 +335,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param controllerId the controller ID of the target to be deleted
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_DELETE_TARGET)
|
||||
@PreAuthorize(HAS_DELETE_REPOSITORY)
|
||||
void deleteByControllerId(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -356,7 +346,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return the unassigned target
|
||||
* @throws EntityNotFoundException if TargetType with given target ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
Target assignType(@NotEmpty String controllerId, @NotNull Long targetTypeId);
|
||||
|
||||
/**
|
||||
@@ -365,7 +355,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param controllerId to un-assign for
|
||||
* @return the unassigned target
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
Target unassignType(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -377,7 +367,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return list of assigned targets
|
||||
* @throws EntityNotFoundException if given targetTagId or at least one of the targets do not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
List<Target> assignTag(@NotEmpty Collection<String> controllerIds, long targetTagId, final Consumer<Collection<String>> notFoundHandler);
|
||||
|
||||
/**
|
||||
@@ -388,7 +378,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return list of assigned targets
|
||||
* @throws EntityNotFoundException if given targetTagId or at least one of the targets do not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
List<Target> assignTag(@NotEmpty Collection<String> controllerIds, long targetTagId);
|
||||
|
||||
/**
|
||||
@@ -398,7 +388,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return the found Tag set
|
||||
* @throws EntityNotFoundException if target with given ID does not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Set<TargetTag> getTags(@NotEmpty String controllerId);
|
||||
|
||||
/**
|
||||
@@ -410,7 +400,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return list of unassigned targets
|
||||
* @throws EntityNotFoundException if given targetTagId or at least one of the targets do not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
List<Target> unassignTag(@NotEmpty Collection<String> controllerIds, long targetTagId, final Consumer<Collection<String>> notFoundHandler);
|
||||
|
||||
/**
|
||||
@@ -421,7 +411,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @return list of unassigned targets
|
||||
* @throws EntityNotFoundException if given targetTagId or at least one of the targets do not exist
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
List<Target> unassignTag(@NotEmpty Collection<String> controllerIds, long targetTagId);
|
||||
|
||||
/**
|
||||
@@ -430,7 +420,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param group target group parameter
|
||||
* @param rsql rsql filter for {@link Target}
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
void assignTargetGroupWithRsql(String group, @NotNull String rsql);
|
||||
|
||||
/**
|
||||
@@ -439,7 +429,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param group target group parameter
|
||||
* @param controllerIds list of targets
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_UPDATE_TARGET)
|
||||
@PreAuthorize(HAS_UPDATE_REPOSITORY)
|
||||
void assignTargetsWithGroup(String group, @NotEmpty List<String> controllerIds);
|
||||
|
||||
/**
|
||||
@@ -450,7 +440,7 @@ public interface TargetManagement<T extends Target>
|
||||
* @param pageable - page parameter
|
||||
* @return all matching targets to provided group/subgroup
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Page<Target> findTargetsByGroup(@NotEmpty String group, boolean withSubgroups, @NotNull Pageable pageable);
|
||||
|
||||
/**
|
||||
@@ -458,7 +448,7 @@ public interface TargetManagement<T extends Target>
|
||||
*
|
||||
* @return list of all distinct target groups
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
List<String> findGroups();
|
||||
|
||||
/**
|
||||
|
||||
@@ -16,6 +16,7 @@ import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.model.NamedEntity;
|
||||
import org.eclipse.hawkbit.repository.model.Tag;
|
||||
import org.eclipse.hawkbit.repository.model.TargetTag;
|
||||
@@ -28,7 +29,7 @@ public interface TargetTagManagement<T extends TargetTag>
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return "TARGET";
|
||||
return SpPermission.TARGET;
|
||||
}
|
||||
|
||||
@SuperBuilder
|
||||
|
||||
@@ -9,12 +9,7 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository;
|
||||
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.BRACKET_CLOSE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.BRACKET_OPEN;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_AND;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_PREFIX;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_READ_TARGET_TYPE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_AUTH_SUFFIX;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.HAS_READ_REPOSITORY;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
@@ -30,6 +25,7 @@ import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.TargetTypeKeyOrNameRequiredException;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetType;
|
||||
import org.eclipse.hawkbit.repository.model.NamedEntity;
|
||||
@@ -43,29 +39,25 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
public interface TargetTypeManagement<T extends TargetType>
|
||||
extends RepositoryManagement<T, TargetTypeManagement.Create, TargetTypeManagement.Update> {
|
||||
|
||||
String HAS_AUTH_READ_DISTRIBUTION_SET_AND_UPDATE_TARGET_TYPE = BRACKET_OPEN +
|
||||
HAS_AUTH_PREFIX + SpPermission.READ_DISTRIBUTION_SET + HAS_AUTH_SUFFIX +
|
||||
HAS_AUTH_AND +
|
||||
HAS_AUTH_PREFIX + SpPermission.UPDATE_TARGET_TYPE + HAS_AUTH_SUFFIX +
|
||||
BRACKET_CLOSE;
|
||||
String HAS_UPDATE_TARGET_TYPE_AND_READ_DISTRIBUTION_SET = SpringEvalExpressions.HAS_UPDATE_REPOSITORY + " and hasAuthority('READ_" + SpPermission.DISTRIBUTION_SET + "')";
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return "TARGET_TYPE";
|
||||
return SpPermission.TARGET_TYPE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param key as {@link TargetType#getKey()}
|
||||
* @return {@link TargetType}
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET_TYPE)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Optional<TargetType> getByKey(@NotEmpty String key);
|
||||
|
||||
/**
|
||||
* @param name as {@link TargetType#getName()}
|
||||
* @return {@link TargetType}
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_TARGET_TYPE)
|
||||
@PreAuthorize(HAS_READ_REPOSITORY)
|
||||
Optional<TargetType> getByName(@NotEmpty String name);
|
||||
|
||||
/**
|
||||
@@ -73,7 +65,7 @@ public interface TargetTypeManagement<T extends TargetType>
|
||||
* @param distributionSetTypeIds Distribution set ID
|
||||
* @return Target type
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_UPDATE_TARGET_TYPE)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_TYPE_AND_READ_DISTRIBUTION_SET)
|
||||
TargetType assignCompatibleDistributionSetTypes(long id, @NotEmpty Collection<Long> distributionSetTypeIds);
|
||||
|
||||
/**
|
||||
@@ -81,7 +73,7 @@ public interface TargetTypeManagement<T extends TargetType>
|
||||
* @param distributionSetTypeIds Distribution set ID
|
||||
* @return Target type
|
||||
*/
|
||||
@PreAuthorize(HAS_AUTH_READ_DISTRIBUTION_SET_AND_UPDATE_TARGET_TYPE)
|
||||
@PreAuthorize(HAS_UPDATE_TARGET_TYPE_AND_READ_DISTRIBUTION_SET)
|
||||
TargetType unassignDistributionSetType(long id, long distributionSetTypeIds);
|
||||
|
||||
@SuperBuilder
|
||||
|
||||
@@ -13,6 +13,7 @@ import java.io.Serializable;
|
||||
import java.util.Map;
|
||||
import java.util.function.Function;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.TenantConfigurationValidatorException;
|
||||
import org.eclipse.hawkbit.repository.model.PollStatus;
|
||||
@@ -25,7 +26,12 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
/**
|
||||
* Management service for tenant configurations.
|
||||
*/
|
||||
public interface TenantConfigurationManagement {
|
||||
public interface TenantConfigurationManagement extends PermissionSupport {
|
||||
|
||||
@Override
|
||||
default String permissionGroup() {
|
||||
return SpPermission.TENANT_CONFIGURATION;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds or updates a specific configuration for a specific tenant.
|
||||
@@ -37,7 +43,7 @@ public interface TenantConfigurationManagement {
|
||||
* format defined by the Key
|
||||
* @throws ConversionFailedException if the property cannot be converted to the given
|
||||
*/
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
<T extends Serializable> TenantConfigurationValue<T> addOrUpdateConfiguration(String configurationKeyName, T value);
|
||||
|
||||
/**
|
||||
@@ -49,7 +55,7 @@ public interface TenantConfigurationManagement {
|
||||
* match the expected type and format defined by the Key
|
||||
* @throws ConversionFailedException if the property cannot be converted to the given
|
||||
*/
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_UPDATE_REPOSITORY)
|
||||
<T extends Serializable> Map<String, TenantConfigurationValue<T>> addOrUpdateConfiguration(Map<String, T> configurations);
|
||||
|
||||
/**
|
||||
@@ -58,7 +64,7 @@ public interface TenantConfigurationManagement {
|
||||
*
|
||||
* @param configurationKey the configuration key to be deleted
|
||||
*/
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_DELETE_REPOSITORY)
|
||||
void deleteConfiguration(String configurationKey);
|
||||
|
||||
/**
|
||||
@@ -76,7 +82,7 @@ public interface TenantConfigurationManagement {
|
||||
* @throws ConversionFailedException if the property cannot be converted to the given
|
||||
* {@code propertyType}
|
||||
*/
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION_READ)
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
<T extends Serializable> TenantConfigurationValue<T> getConfigurationValue(String configurationKeyName);
|
||||
|
||||
/**
|
||||
@@ -97,7 +103,7 @@ public interface TenantConfigurationManagement {
|
||||
* @throws ConversionFailedException if the property cannot be converted to the given
|
||||
* {@code propertyType}
|
||||
*/
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION_READ)
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
<T extends Serializable> TenantConfigurationValue<T> getConfigurationValue(String configurationKeyName,
|
||||
Class<T> propertyType);
|
||||
|
||||
@@ -116,9 +122,9 @@ public interface TenantConfigurationManagement {
|
||||
* @throws ConversionFailedException if the property cannot be converted to the given
|
||||
* {@code propertyType}
|
||||
*/
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION_READ)
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_READ_REPOSITORY)
|
||||
<T> T getGlobalConfigurationValue(String configurationKeyName, Class<T> propertyType);
|
||||
|
||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_READ_TARGET)
|
||||
@PreAuthorize(value = "hasAuthority('READ_" + SpPermission.TARGET + "')")
|
||||
Function<Target, PollStatus> pollStatusResolver();
|
||||
}
|
||||
}
|
||||
@@ -9,6 +9,7 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpRole;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.report.model.TenantUsage;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
@@ -24,11 +25,8 @@ public interface TenantStatsManagement {
|
||||
*
|
||||
* @return collected statistics
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION_READ + SpringEvalExpressions.HAS_AUTH_OR
|
||||
+ SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
@PreAuthorize("hasAuthority('" + SpRole.TENANT_ADMIN + "')" + " or " +
|
||||
SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN + " or " +
|
||||
SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
TenantUsage getStatsOfTenant();
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user