Add actions contxt management (#2680)
* based on TARGET permissions - action is accessible iff it its target is accessible * add some more (id) serch fields * (backward incompatible) software module search supports now search by name (type.name) and the old search by type (indead by type key) is now with type.key Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -64,12 +64,12 @@ public class DefaultAccessController<A extends Enum<A> & RsqlQueryField, T> impl
|
|||||||
return Optional.empty();
|
return Optional.empty();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Optional.ofNullable(getScopes(operation)) // if get scopes returns null, no scopes return no spec - all entities are accessible
|
return Optional.ofNullable(getScopes(operation)) // if "get scopes" returns null, no scopes return no spec - all entities are accessible
|
||||||
.map(scopes -> // to RSQL
|
.map(scopes -> // to RSQL
|
||||||
scopes.size() == 1
|
scopes.size() == 1
|
||||||
? scopes.get(0) // single scope
|
? scopes.get(0) // single scope
|
||||||
: "(" + String.join(") or (", scopes) + ")") // join multiple scopes with 'or' - union
|
: "(" + String.join(") or (", scopes) + ")") // join multiple scopes with 'or' - union
|
||||||
.map(scope -> RsqlUtility.getInstance().buildRsqlSpecification(scope, rsqlQueryFieldType));
|
.map(rsql -> RsqlUtility.getInstance().buildRsqlSpecification(rsql, rsqlQueryFieldType));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@@ -9,13 +9,19 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.repository.jpa.acm;
|
package org.eclipse.hawkbit.repository.jpa.acm;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import lombok.Getter;
|
||||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||||
import org.eclipse.hawkbit.repository.DistributionSetFields;
|
import org.eclipse.hawkbit.repository.DistributionSetFields;
|
||||||
import org.eclipse.hawkbit.repository.DistributionSetTypeFields;
|
import org.eclipse.hawkbit.repository.DistributionSetTypeFields;
|
||||||
|
import org.eclipse.hawkbit.repository.RsqlQueryField;
|
||||||
import org.eclipse.hawkbit.repository.SoftwareModuleFields;
|
import org.eclipse.hawkbit.repository.SoftwareModuleFields;
|
||||||
import org.eclipse.hawkbit.repository.SoftwareModuleTypeFields;
|
import org.eclipse.hawkbit.repository.SoftwareModuleTypeFields;
|
||||||
|
import org.eclipse.hawkbit.repository.TagFields;
|
||||||
import org.eclipse.hawkbit.repository.TargetFields;
|
import org.eclipse.hawkbit.repository.TargetFields;
|
||||||
import org.eclipse.hawkbit.repository.TargetTypeFields;
|
import org.eclipse.hawkbit.repository.TargetTypeFields;
|
||||||
|
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
|
||||||
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
|
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
|
||||||
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSetType;
|
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSetType;
|
||||||
import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModule;
|
import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModule;
|
||||||
@@ -36,6 +42,13 @@ public class DefaultAccessControllerConfiguration {
|
|||||||
return new DefaultAccessController<>(TargetFields.class, SpPermission.TARGET);
|
return new DefaultAccessController<>(TargetFields.class, SpPermission.TARGET);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// after adding support for internal action field search support it add matchIfMissing = true
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.action.enabled", havingValue = "true", matchIfMissing = false)
|
||||||
|
AccessController<JpaAction> actionAccessController() {
|
||||||
|
return new DefaultAccessController<>(ActionFieldsInternal.class, SpPermission.TARGET);
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.target-type.enabled", havingValue = "true")
|
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.target-type.enabled", havingValue = "true")
|
||||||
AccessController<JpaTargetType> targetTypeAccessController() {
|
AccessController<JpaTargetType> targetTypeAccessController() {
|
||||||
@@ -65,4 +78,46 @@ public class DefaultAccessControllerConfiguration {
|
|||||||
AccessController<JpaDistributionSetType> distributionSetTypeAccessController() {
|
AccessController<JpaDistributionSetType> distributionSetTypeAccessController() {
|
||||||
return new DefaultAccessController<>(DistributionSetTypeFields.class, SpPermission.DISTRIBUTION_SET_TYPE);
|
return new DefaultAccessController<>(DistributionSetTypeFields.class, SpPermission.DISTRIBUTION_SET_TYPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// contains the same fields as TargetFields, but with "target." prefix for JPA queries in order to be applied to JpaAction repository
|
||||||
|
@Getter
|
||||||
|
public enum ActionFieldsInternal implements RsqlQueryField {
|
||||||
|
|
||||||
|
ID("controllerId"),
|
||||||
|
NAME("name"),
|
||||||
|
DESCRIPTION("description"),
|
||||||
|
CREATEDAT("createdAt"),
|
||||||
|
CREATEDBY("createdBy"),
|
||||||
|
LASTMODIFIEDAT("lastModifiedAt"),
|
||||||
|
LASTMODIFIEDBY("lastModifiedBy"),
|
||||||
|
CONTROLLERID("controllerId"),
|
||||||
|
UPDATESTATUS("updateStatus"),
|
||||||
|
IPADDRESS("address"),
|
||||||
|
ATTRIBUTE("controllerAttributes"),
|
||||||
|
GROUP("group"),
|
||||||
|
ASSIGNEDDS("assignedDistributionSet",
|
||||||
|
DistributionSetFields.NAME.getJpaEntityFieldName(), DistributionSetFields.VERSION.getJpaEntityFieldName()),
|
||||||
|
INSTALLEDDS("installedDistributionSet",
|
||||||
|
DistributionSetFields.NAME.getJpaEntityFieldName(), DistributionSetFields.VERSION.getJpaEntityFieldName()),
|
||||||
|
TAG("tags", TagFields.NAME.getJpaEntityFieldName()),
|
||||||
|
LASTCONTROLLERREQUESTAT("lastTargetQuery"),
|
||||||
|
METADATA("metadata"),
|
||||||
|
TARGETTYPE("targetType",
|
||||||
|
TargetTypeFields.ID.getJpaEntityFieldName(),
|
||||||
|
TargetTypeFields.KEY.getJpaEntityFieldName(),
|
||||||
|
TargetTypeFields.NAME.getJpaEntityFieldName());
|
||||||
|
|
||||||
|
private final String jpaEntityFieldName;
|
||||||
|
private final List<String> subEntityAttributes;
|
||||||
|
|
||||||
|
ActionFieldsInternal(final String jpaEntityFieldName, final String... subEntityAttributes) {
|
||||||
|
this.jpaEntityFieldName = "target." + jpaEntityFieldName;
|
||||||
|
this.subEntityAttributes = List.of(subEntityAttributes);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isMap() {
|
||||||
|
return this == ATTRIBUTE || this == METADATA;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user