lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Remove SYSTEM_ADMIN (#2936)

Browse Source 
Not needed. Overlaping with system role. Could be added on top of others if needed

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2026-02-25 14:00:25 +02:00
committed by GitHub
parent ea9519deae
commit 56da119979
11 changed files with 14 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ControllerManagement.java
View File

@@ -264,7 +264,7 @@ public interface ControllerManagement {
* @return {@link Target} or {@code null} if it does not exist
* @see Target#getControllerId()
*/
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + " or " + SpringEvalExpressions.IS_SYSTEM_CODE)
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER)
Optional<Target> findByControllerId(@NotEmpty String controllerId);
/**
@@ -274,7 +274,7 @@ public interface ControllerManagement {
* @return {@link Target} or {@code null} if it does not exist
* @see Target#getId()
*/
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER + " or " + SpringEvalExpressions.IS_SYSTEM_CODE)
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER)
Optional<Target> find(long targetId);
/**

2
hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DeploymentManagement.java
View File

@@ -403,6 +403,6 @@ public interface DeploymentManagement extends PermissionSupport {
@PreAuthorize(HAS_UPDATE_REPOSITORY)
void cancelActionsForDistributionSet(final ActionCancellationType cancelationType, final DistributionSet set);
@PreAuthorize(HAS_UPDATE_REPOSITORY + " or " + SpringEvalExpressions.IS_SYSTEM_CODE)
@PreAuthorize(HAS_UPDATE_REPOSITORY)
void handleMaxAssignmentsExceeded(Long targetId, Long requested, AssignmentQuotaExceededException quotaExceededException);
}

2
hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java
View File

@@ -78,6 +78,6 @@ public interface SystemManagement {
*
* @param tenant to delete
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN)
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
void deleteTenant(@NotNull String tenant);
}

5
hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TenantStatsManagement.java
View File

@@ -25,9 +25,6 @@ public interface TenantStatsManagement {
*
* @return collected statistics
*/
@PreAuthorize(
"hasAuthority('" + SpRole.TENANT_ADMIN + "')" + " or " +
SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN + " or " +
SpringEvalExpressions.IS_SYSTEM_CODE)
@PreAuthorize("hasAuthority('" + SpRole.TENANT_ADMIN + "')")
TenantUsage getStatsOfTenant();
}

8
hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/acm/AuthorityChecker.java
View File

@@ -29,14 +29,12 @@ import org.eclipse.hawkbit.repository.qfields.TargetTagFields;
// utility class to validate authorities when ACM is enabled
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class AuthorityChecker {
;
private static final Set<String> ALL_AUTHORITIES = SpPermission.getAllTenantAuthorities();
public static String[] validateAuthorities(final String... authorities) {
public static void validateAuthorities(final String... authorities) {
for (final String authority : authorities) {
validateAuthority(authority);
}
return authorities;
}
public static void validateAuthority(final String authority) {
@@ -45,7 +43,7 @@ public final class AuthorityChecker {
if (index > 0) {
validateScope(group(unscopedPermission), authority.substring(index + 1), authority);
}
if (!ALL_AUTHORITIES.contains(unscopedPermission)) {
if (!SpPermission.getAllAuthorities().contains(unscopedPermission)) {
throw new IllegalArgumentException(
"Unknown permission: " + unscopedPermission + (index > 0 ? " (unscoped of " + authority + ")" : ""));
}

19
hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java
View File

@@ -86,30 +86,13 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
assertThat(findTargetsForTenant).hasSize(1);
}
/**
* Ensures that tenant with proper permissions can read and delete other tenants.
*/
@Test
@WithUser(tenantId = "mytenant", allSpPermissions = true)
void deleteAnotherTenantPossible() throws Exception {
// create target for another tenant
final String anotherTenant = "anotherTenant";
final String controllerAnotherTenant = "anotherController";
createTargetForTenant(controllerAnotherTenant, anotherTenant);
assertThat(listTenants()).as("Expected number if tenants before deletion is").hasSize(3);
systemManagement.deleteTenant(anotherTenant);
assertThat(listTenants()).as("Expected number if tenants after deletion is").hasSize(2);
}
/**
* Ensures that tenant metadata is retrieved for the current tenant.
*/
@Test
@WithUser(tenantId = "mytenant", autoCreateTenant = false, allSpPermissions = true)
void getTenantMetdata() throws Exception {
// logged in tenant mytenant - check if tenant default data is
// autogenerated
// logged in tenant mytenant - check if tenant default data is autogenerated
assertThat(distributionSetTypeManagement.findAll(PAGE)).isEmpty();
SecurityContextSwitch.asPrivileged(() ->
assertThat(systemManagement.createTenantMetadata("mytenant").getTenant().toUpperCase()).isEqualTo("mytenant".toUpperCase()));

2
hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/CleanupTestExecutionListener.java
View File

@@ -31,8 +31,6 @@ import org.springframework.test.context.support.AbstractTestExecutionListener;
@Slf4j
public class CleanupTestExecutionListener extends AbstractTestExecutionListener {
private static final Pageable PAGE = PageRequest.of(0, 400, Sort.by(Sort.Direction.ASC, "id"));
@Override
public void afterTestMethod(@NotNull final TestContext testContext) throws Exception {
SecurityContextSwitch.asPrivileged(() -> {