Added Permission for TenantConfiguration changes
- created SpringEvalExpression for the right to change tenant configuration - added this authorization filter to every tenant configuration related method Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
This commit is contained in:
committed by
Nonnenmacher Fabian
parent
ec79e9bd19
commit
6a88f2a3f4
@@ -1,5 +1,6 @@
|
|||||||
package org.eclipse.hawkbit.repository;
|
package org.eclipse.hawkbit.repository;
|
||||||
|
|
||||||
|
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
|
||||||
import org.eclipse.hawkbit.repository.model.TenantConfiguration;
|
import org.eclipse.hawkbit.repository.model.TenantConfiguration;
|
||||||
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
|
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
|
||||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
||||||
@@ -14,6 +15,7 @@ import org.springframework.core.convert.support.ConfigurableConversionService;
|
|||||||
import org.springframework.core.convert.support.DefaultConversionService;
|
import org.springframework.core.convert.support.DefaultConversionService;
|
||||||
import org.springframework.core.env.Environment;
|
import org.springframework.core.env.Environment;
|
||||||
import org.springframework.data.jpa.repository.Modifying;
|
import org.springframework.data.jpa.repository.Modifying;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
|
|
||||||
@@ -69,7 +71,9 @@ public class TenantConfigurationManagement implements EnvironmentAware {
|
|||||||
* if the property cannot be converted to the given
|
* if the property cannot be converted to the given
|
||||||
* {@code propertyType}
|
* {@code propertyType}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
||||||
|
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||||
public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey,
|
public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey,
|
||||||
final Class<T> propertyType) throws TenantConfigurationValidatorException {
|
final Class<T> propertyType) throws TenantConfigurationValidatorException {
|
||||||
|
|
||||||
@@ -116,6 +120,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
|
|||||||
* if the property cannot be converted to the given
|
* if the property cannot be converted to the given
|
||||||
* {@code propertyType}
|
* {@code propertyType}
|
||||||
*/
|
*/
|
||||||
|
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||||
public TenantConfigurationValue<?> getConfigurationValue(final TenantConfigurationKey configurationKey)
|
public TenantConfigurationValue<?> getConfigurationValue(final TenantConfigurationKey configurationKey)
|
||||||
throws TenantConfigurationValidatorException {
|
throws TenantConfigurationValidatorException {
|
||||||
return getConfigurationValue(configurationKey, configurationKey.getDataType());
|
return getConfigurationValue(configurationKey, configurationKey.getDataType());
|
||||||
@@ -142,6 +147,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
|
|||||||
* {@code propertyType}
|
* {@code propertyType}
|
||||||
*/
|
*/
|
||||||
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
||||||
|
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||||
public <T> T getGlobalConfigurationValue(final TenantConfigurationKey configurationKey, final Class<T> propertyType)
|
public <T> T getGlobalConfigurationValue(final TenantConfigurationKey configurationKey, final Class<T> propertyType)
|
||||||
throws TenantConfigurationValidatorException {
|
throws TenantConfigurationValidatorException {
|
||||||
|
|
||||||
@@ -178,6 +184,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
|
|||||||
@CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
@CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
||||||
@Transactional
|
@Transactional
|
||||||
@Modifying
|
@Modifying
|
||||||
|
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||||
public <T> TenantConfigurationValue<T> addOrUpdateConfiguration(final TenantConfigurationKey configurationKey,
|
public <T> TenantConfigurationValue<T> addOrUpdateConfiguration(final TenantConfigurationKey configurationKey,
|
||||||
final T value) {
|
final T value) {
|
||||||
|
|
||||||
@@ -223,6 +230,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
|
|||||||
@CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
@CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
||||||
@Transactional
|
@Transactional
|
||||||
@Modifying
|
@Modifying
|
||||||
|
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||||
public void deleteConfiguration(final TenantConfigurationKey configurationKey) {
|
public void deleteConfiguration(final TenantConfigurationKey configurationKey) {
|
||||||
tenantConfigurationRepository.deleteByKey(configurationKey.getKeyName());
|
tenantConfigurationRepository.deleteByKey(configurationKey.getKeyName());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -308,6 +308,13 @@ public final class SpPermission {
|
|||||||
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
|
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
|
||||||
+ HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;
|
+ HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Spring security eval hasAuthority expression to check if spring
|
||||||
|
* context contains {@link SpPermission#TENANT_CONFIGURATION}
|
||||||
|
*/
|
||||||
|
public static final String HAS_AUTH_TENANT_CONFIGURATION = HAS_AUTH_PREFIX + TENANT_CONFIGURATION
|
||||||
|
+ HAS_AUTH_SUFFIX;
|
||||||
|
|
||||||
private SpringEvalExpressions() {
|
private SpringEvalExpressions() {
|
||||||
// utility class
|
// utility class
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user