Fix TENANT_CONFIGURATION > READ_GATEWAY_SECURITY_TOKEN imply (#2650)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-09-04 16:09:17 +03:00
parent 2c995b3665
commit 9b121b3431
2 changed files with 10 additions and 7 deletions
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
@@ -140,7 +140,7 @@ public final class SpPermission {
            TENANT_CONFIGURATION + IMPLY_READ + TENANT_CONFIGURATION + "\n" +
            TENANT_CONFIGURATION + IMPLY_UPDATE + TENANT_CONFIGURATION + "\n" +
            TENANT_CONFIGURATION + IMPLY_DELETE + TENANT_CONFIGURATION + "\n" +
-            TENANT_CONFIGURATION + IMPLY_CREATE + READ_GATEWAY_SECURITY_TOKEN + "\n";
+            TENANT_CONFIGURATION + " > " + READ_GATEWAY_SECURITY_TOKEN + "\n";

    // @formatter:on
    private static final SingletonSupplier<List<String>> ALL_AUTHORITIES = SingletonSupplier.of(() -> {
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java
@@ -34,6 +34,8 @@ public final class SpRole {

    private static final String IMPLIES = " > ";
    private static final String LINE_BREAK = "\n";
+
+    // @formatter:off
    public static final String TARGET_ADMIN_HIERARCHY =
            TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET + LINE_BREAK +
            TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET_SECURITY_TOKEN + LINE_BREAK +
@@ -44,12 +46,6 @@ public final class SpRole {
            TARGET_ADMIN + IMPLIES + SpPermission.UPDATE_TARGET_TYPE + LINE_BREAK +
            TARGET_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.TARGET_TYPE + LINE_BREAK +
            TARGET_ADMIN + IMPLIES + SpPermission.DELETE_TARGET_TYPE + LINE_BREAK;
-    public static final String REPOSITORY_ADMIN_HIERARCHY =
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + LINE_BREAK;
    public static final String ROLLOUT_ADMIN_HIERARCHY =
            ROLLOUT_ADMIN + IMPLIES + SpPermission.READ_ROLLOUT + LINE_BREAK +
            ROLLOUT_ADMIN + IMPLIES + SpPermission.CREATE_ROLLOUT + LINE_BREAK +
@@ -65,6 +61,12 @@ public final class SpRole {
    public static final String SYSTEM_ROLE_HIERARCHY =
            SYSTEM_ROLE + IMPLIES + TENANT_ADMIN + LINE_BREAK +
            SYSTEM_ROLE + IMPLIES + SpPermission.SYSTEM_ADMIN + LINE_BREAK;
+    public static final String REPOSITORY_ADMIN_HIERARCHY =
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + LINE_BREAK;

    public static final String DEFAULT_ROLE_HIERARCHY =
            TARGET_ADMIN_HIERARCHY +
@@ -72,4 +74,5 @@ public final class SpRole {
            ROLLOUT_ADMIN_HIERARCHY +
            TENANT_ADMIN_HIERARCHY +
            SYSTEM_ROLE_HIERARCHY;
+    // @formatter:on
 }