Finalize and polish fine-grained permission (#2660)

* Remove _REPOSITORY_ permissions -> replaced with _SOFTWARE_MODULE_, _SOFTWARE_MODULE_TYPE_, _DISTRIBUTION_SET_, _DISTRIBUTION_SET_TYPE_ permissions
* Still kept _ROLE_REPOSITORY_ADMIN_ role granting all repository fine-graned permissions
* Added dedicated _TARGET_TYPE_ permission set - the _TARGET_ permissions just grant _READ_TARGET_TYPE_ (analogically _SOFTWARE_MODULE_ permissions grant _READ_SOFTWARE_MODULE_TYPE_ and _DISTRIBUTION_SET_ grants _READ_DISTRIBUTON_SET_TYPE_
* Hierarcy is not configurable - could be completely replaced by setting spring application property org.eclipse.hawkbit.hierarchy or could be extended by adding rules using org.eclipse.hawkbit.hierarchy.ext

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>

hawkbit-monolith/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java

@@ -28,6 +28,16 @@ import org.springframework.http.HttpStatus;
  */
 class PreAuthorizeEnabledTest extends AbstractSecurityTest {
 
+    /**
+     * Tests whether request succeed if a role is granted for the user
+     */
+    @Test
+    @WithUser(authorities = { SpPermission.READ_DISTRIBUTION_SET }, autoCreateTenant = false)
+    void successIfHasRole() throws Exception {
+        mvc.perform(get("/rest/v1/distributionsets"))
+                .andExpect(result -> assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()));
+    }
+
     /**
      * Tests whether request fail if a role is forbidden for the user
      */
@@ -38,23 +48,12 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
                 .andExpect(result -> assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.FORBIDDEN.value()));
     }
 
-    /**
-     * Tests whether request succeed if a role is granted for the user
-     */
-    @Test
-    @WithUser(authorities = { SpPermission.READ_REPOSITORY }, autoCreateTenant = false)
-    void successIfHasRole() throws Exception {
-        mvc.perform(get("/rest/v1/distributionsets"))
-                .andExpect(result -> assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()));
-    }
-
     /**
      * Tests whether request returns distribution set if a role with scope is granted for the user
      */
     @Test
     @WithUser(authorities = {
-            SpPermission.CREATE_REPOSITORY,
-            SpPermission.READ_REPOSITORY,
+            "CREATE_DISTRIBUTION_SET", "READ_DISTRIBUTION_SET_TYPE",
             SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
     void successIfHasRoleWithScope() throws Exception {
         createDsOne("successIfHasRoleWithScope");
@@ -69,8 +68,7 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
      */
     @Test
     @WithUser(authorities = {
-            SpPermission.CREATE_REPOSITORY,
-            SpPermission.READ_REPOSITORY,
+            "CREATE_DISTRIBUTION_SET", "READ_DISTRIBUTION_SET_TYPE",
             SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne2" }, autoCreateTenant = false)
     void failIfHasNoForbiddingScope() throws Exception {
         createDsOne("failIfHasNoForbiddingScope");
@@ -100,8 +98,7 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
                 .andExpect(result -> {
                     // returns default DS type because of READ_TARGET
                     assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value());
-                    assertThat(new ObjectMapper().reader().readValue(result.getResponse().getContentAsString(), HashMap.class))
-                            .hasSize(1);
+                    assertThat(new ObjectMapper().reader().readValue(result.getResponse().getContentAsString(), HashMap.class)).hasSize(1);
                 });
     }