lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Remove SYSTEM_ADMIN (#2936)

Browse Source 
Not needed. Overlaping with system role. Could be added on top of others if needed

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2026-02-25 14:00:25 +02:00
committed by GitHub
parent ea9519deae
commit 56da119979
11 changed files with 14 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpPermission.java
View File

@@ -96,9 +96,6 @@ public final class SpPermission {
/** Permission to start/stop/resume a rollout. */
public static final String HANDLE_ROLLOUT = "HANDLE_" + ROLLOUT;
/** Permission to administrate the system on a global, i.e. tenant independent scale. That includes the deletion of tenants. */
public static final String SYSTEM_ADMIN = "SYSTEM_ADMIN";
public static final String IMPLY = " > ";
public static final String IMPLY_CREATE = IMPLY + CREATE_PREFIX;
public static final String IMPLY_READ = IMPLY + READ_PREFIX;
@@ -128,12 +125,11 @@ public final class SpPermission {
TENANT_CONFIGURATION + IMPLY_UPDATE + TENANT_CONFIGURATION + LINE_BREAK +
TENANT_CONFIGURATION + IMPLY_DELETE + TENANT_CONFIGURATION + LINE_BREAK +
TENANT_CONFIGURATION + IMPLY + READ_GATEWAY_SECURITY_TOKEN + LINE_BREAK;
// @formatter:on
private static final SingletonSupplier<Set<String>> ALL_AUTHORITIES = SingletonSupplier.of(() -> getAuthorities(false));
private static final SingletonSupplier<Set<String>> ALL_TENANT_AUTHORITIES = SingletonSupplier.of(() -> getAuthorities(true));
private static Set<String> getAuthorities(final boolean tenant) {
private static final SingletonSupplier<Set<String>> ALL_TENANT_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
private static Set<String> getAuthorities() {
final Set<String> allPermissions = new HashSet<>();
// groups with access, canonical
@@ -155,19 +151,10 @@ public final class SpPermission {
allPermissions.add(TENANT_CONFIGURATION);
if (!tenant) {
// system permission, (!) take care with
allPermissions.add(SYSTEM_ADMIN);
}
return Collections.unmodifiableSet(allPermissions);
}
public static Set<String> getAllAuthorities() {
return ALL_AUTHORITIES.get();
}
public static Set<String> getAllTenantAuthorities() {
return ALL_TENANT_AUTHORITIES.get();
}

2
hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpRole.java
View File

@@ -78,7 +78,7 @@ public final class SpRole {
TENANT_ADMIN + IMPLIES + SpPermission.TENANT_CONFIGURATION + LINE_BREAK;
public static final String SYSTEM_ROLE_HIERARCHY =
SYSTEM_ROLE + IMPLIES + TENANT_ADMIN + LINE_BREAK +
SYSTEM_ROLE + IMPLIES + SpPermission.SYSTEM_ADMIN + LINE_BREAK;
SYSTEM_ROLE + IMPLIES + CONTROLLER_ROLE + LINE_BREAK;
public static final String DEFAULT_ROLE_HIERARCHY =
TARGET_ADMIN_HIERARCHY +

1
hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpringEvalExpressions.java
View File

@@ -37,7 +37,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
public final class SpringEvalExpressions {
public static final String IS_SYSTEM_CODE = "hasAuthority('ROLE_SYSTEM_CODE')";
public static final String HAS_AUTH_SYSTEM_ADMIN = "hasAuthority('SYSTEM_ADMIN')";
public static final String PERMISSION_GROUP_PLACEHOLDER = "${permissionGroup}";
// evaluated to <permission>_<permissionGroup> (e.g. CREATE_DISTRIBUTION_SET)