Finalize and polish fine-grained permission (Follow up) (#2676)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-09-18 12:02:40 +03:00
committed by GitHub
parent a71bc924d0
commit 4444fc92bc
5 changed files with 11 additions and 14 deletions

View File

@@ -62,7 +62,7 @@ public interface ArtifactManagement extends PermissionSupport {
* @param isEncrypted flag to indicate if artifact is encrypted.
* @return loaded {@link StoredArtifactInfo}
*/
@PreAuthorize("hasAuthority('DOWNLOAD_REPOSITORY_ARTIFACT') or hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
@PreAuthorize("hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
ArtifactStream getArtifactStream(@NotEmpty String sha1Hash, long softwareModuleId, final boolean isEncrypted);
/**

View File

@@ -400,7 +400,7 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
*/
@Test
@WithUser(allSpPermissions = true, removeFromAllPermission = {
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT,
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD,
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
assertThatExceptionOfType(InsufficientPermissionException.class)