Finalize and polish fine-grained permission (Follow up) (#2676)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
@@ -68,7 +68,7 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
|
||||
*/
|
||||
@Test
|
||||
@WithUser(authorities = {
|
||||
"CREATE_DISTRIBUTION_SET", "READ_DISTRIBUTION_SET_TYPE",
|
||||
"CREATE_DISTRIBUTION_SET",
|
||||
SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne2" }, autoCreateTenant = false)
|
||||
void failIfHasNoForbiddingScope() throws Exception {
|
||||
createDsOne("failIfHasNoForbiddingScope");
|
||||
|
||||
@@ -62,7 +62,7 @@ public interface ArtifactManagement extends PermissionSupport {
|
||||
* @param isEncrypted flag to indicate if artifact is encrypted.
|
||||
* @return loaded {@link StoredArtifactInfo}
|
||||
*/
|
||||
@PreAuthorize("hasAuthority('DOWNLOAD_REPOSITORY_ARTIFACT') or hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
ArtifactStream getArtifactStream(@NotEmpty String sha1Hash, long softwareModuleId, final boolean isEncrypted);
|
||||
|
||||
/**
|
||||
|
||||
@@ -400,7 +400,7 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true, removeFromAllPermission = {
|
||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT,
|
||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD,
|
||||
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
||||
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
|
||||
assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||
|
||||
@@ -68,13 +68,13 @@ public final class SpPermission {
|
||||
public static final String UPDATE_DISTRIBUTION_SET = UPDATE_PREFIX + DISTRIBUTION_SET;
|
||||
|
||||
/**
|
||||
* Deprecated since 0.10.0, use {@link #SOFTWARE_MODULE_DOWNLOAD_ARTIFACT} instead
|
||||
* Deprecated since 0.10.0, use {@link #SOFTWARE_MODULE_DOWNLOAD} instead
|
||||
*
|
||||
* @deprecated since 0.10.0, use {@link #SOFTWARE_MODULE_DOWNLOAD_ARTIFACT} instead
|
||||
* @deprecated since 0.10.0, use {@link #SOFTWARE_MODULE_DOWNLOAD} instead
|
||||
*/
|
||||
@Deprecated(since = "0.10.0", forRemoval = true)
|
||||
public static final String DOWNLOAD_REPOSITORY_ARTIFACT = "DOWNLOAD_REPOSITORY_ARTIFACT";
|
||||
public static final String SOFTWARE_MODULE_DOWNLOAD_ARTIFACT = SOFTWARE_MODULE + "_DOWNLOAD";
|
||||
public static final String SOFTWARE_MODULE_DOWNLOAD = SOFTWARE_MODULE + "_DOWNLOAD";
|
||||
|
||||
/**
|
||||
* Permission to read the tenant settings.
|
||||
@@ -117,16 +117,13 @@ public final class SpPermission {
|
||||
CREATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
READ_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
UPDATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK;
|
||||
DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
DOWNLOAD_REPOSITORY_ARTIFACT + IMPLY + SOFTWARE_MODULE_DOWNLOAD;
|
||||
public static final String DISTRIBUTION_SET_HIERARCHY =
|
||||
CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
||||
READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
||||
UPDATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
||||
DELETE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
||||
CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
UPDATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
DELETE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK;
|
||||
DELETE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK;
|
||||
public static final String TENANT_CONFIGURATION_HIERARCHY =
|
||||
TENANT_CONFIGURATION + IMPLY_CREATE + TENANT_CONFIGURATION + LINE_BREAK +
|
||||
TENANT_CONFIGURATION + IMPLY_READ + TENANT_CONFIGURATION + LINE_BREAK +
|
||||
@@ -151,7 +148,7 @@ public final class SpPermission {
|
||||
// special
|
||||
allPermissions.add(READ_TARGET_SECURITY_TOKEN);
|
||||
allPermissions.add(READ_GATEWAY_SECURITY_TOKEN);
|
||||
allPermissions.add(SOFTWARE_MODULE_DOWNLOAD_ARTIFACT);
|
||||
allPermissions.add(SOFTWARE_MODULE_DOWNLOAD);
|
||||
allPermissions.add(APPROVE_ROLLOUT);
|
||||
allPermissions.add(HANDLE_ROLLOUT);
|
||||
|
||||
|
||||
@@ -51,7 +51,7 @@ public final class SpRole {
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.SOFTWARE_MODULE_DOWNLOAD + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||
|
||||
Reference in New Issue
Block a user