Added Permission for TenantConfiguration changes

- created SpringEvalExpression for the right to change tenant configuration
- added this authorization filter to every tenant configuration related method

Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
This commit is contained in:
Fabian Nonnenmacher
2016-01-29 16:28:46 +01:00
committed by Nonnenmacher Fabian
parent ec79e9bd19
commit 6a88f2a3f4
2 changed files with 15 additions and 0 deletions

View File

@@ -1,5 +1,6 @@
package org.eclipse.hawkbit.repository; package org.eclipse.hawkbit.repository;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.model.TenantConfiguration; import org.eclipse.hawkbit.repository.model.TenantConfiguration;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue; import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
@@ -14,6 +15,7 @@ import org.springframework.core.convert.support.ConfigurableConversionService;
import org.springframework.core.convert.support.DefaultConversionService; import org.springframework.core.convert.support.DefaultConversionService;
import org.springframework.core.env.Environment; import org.springframework.core.env.Environment;
import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Modifying;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated; import org.springframework.validation.annotation.Validated;
@@ -69,7 +71,9 @@ public class TenantConfigurationManagement implements EnvironmentAware {
* if the property cannot be converted to the given * if the property cannot be converted to the given
* {@code propertyType} * {@code propertyType}
*/ */
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()") @Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey, public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey,
final Class<T> propertyType) throws TenantConfigurationValidatorException { final Class<T> propertyType) throws TenantConfigurationValidatorException {
@@ -116,6 +120,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
* if the property cannot be converted to the given * if the property cannot be converted to the given
* {@code propertyType} * {@code propertyType}
*/ */
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
public TenantConfigurationValue<?> getConfigurationValue(final TenantConfigurationKey configurationKey) public TenantConfigurationValue<?> getConfigurationValue(final TenantConfigurationKey configurationKey)
throws TenantConfigurationValidatorException { throws TenantConfigurationValidatorException {
return getConfigurationValue(configurationKey, configurationKey.getDataType()); return getConfigurationValue(configurationKey, configurationKey.getDataType());
@@ -142,6 +147,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
* {@code propertyType} * {@code propertyType}
*/ */
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()") @Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
public <T> T getGlobalConfigurationValue(final TenantConfigurationKey configurationKey, final Class<T> propertyType) public <T> T getGlobalConfigurationValue(final TenantConfigurationKey configurationKey, final Class<T> propertyType)
throws TenantConfigurationValidatorException { throws TenantConfigurationValidatorException {
@@ -178,6 +184,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
@CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()") @CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
@Transactional @Transactional
@Modifying @Modifying
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
public <T> TenantConfigurationValue<T> addOrUpdateConfiguration(final TenantConfigurationKey configurationKey, public <T> TenantConfigurationValue<T> addOrUpdateConfiguration(final TenantConfigurationKey configurationKey,
final T value) { final T value) {
@@ -223,6 +230,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
@CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()") @CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
@Transactional @Transactional
@Modifying @Modifying
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
public void deleteConfiguration(final TenantConfigurationKey configurationKey) { public void deleteConfiguration(final TenantConfigurationKey configurationKey) {
tenantConfigurationRepository.deleteByKey(configurationKey.getKeyName()); tenantConfigurationRepository.deleteByKey(configurationKey.getKeyName());
} }

View File

@@ -308,6 +308,13 @@ public final class SpPermission {
public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
+ HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX; + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;
/**
* Spring security eval hasAuthority expression to check if spring
* context contains {@link SpPermission#TENANT_CONFIGURATION}
*/
public static final String HAS_AUTH_TENANT_CONFIGURATION = HAS_AUTH_PREFIX + TENANT_CONFIGURATION
+ HAS_AUTH_SUFFIX;
private SpringEvalExpressions() { private SpringEvalExpressions() {
// utility class // utility class
} }