Finalize and polish fine-grained permission (#2660)
* Remove _REPOSITORY_ permissions -> replaced with _SOFTWARE_MODULE_, _SOFTWARE_MODULE_TYPE_, _DISTRIBUTION_SET_, _DISTRIBUTION_SET_TYPE_ permissions * Still kept _ROLE_REPOSITORY_ADMIN_ role granting all repository fine-graned permissions * Added dedicated _TARGET_TYPE_ permission set - the _TARGET_ permissions just grant _READ_TARGET_TYPE_ (analogically _SOFTWARE_MODULE_ permissions grant _READ_SOFTWARE_MODULE_TYPE_ and _DISTRIBUTION_SET_ grants _READ_DISTRIBUTON_SET_TYPE_ * Hierarcy is not configurable - could be completely replaced by setting spring application property org.eclipse.hawkbit.hierarchy or could be extended by adding rules using org.eclipse.hawkbit.hierarchy.ext Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -62,7 +62,7 @@ public interface ArtifactManagement extends PermissionSupport {
|
||||
* @param isEncrypted flag to indicate if artifact is encrypted.
|
||||
* @return loaded {@link StoredArtifactInfo}
|
||||
*/
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize("hasAuthority('DOWNLOAD_REPOSITORY_ARTIFACT') or hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
ArtifactStream getArtifactStream(@NotEmpty String sha1Hash, long softwareModuleId, final boolean isEncrypted);
|
||||
|
||||
/**
|
||||
|
||||
@@ -74,7 +74,7 @@ public interface SystemManagement {
|
||||
/**
|
||||
* @return {@link TenantMetaData} of {@link TenantAware#getCurrentTenant()}
|
||||
*/
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_REPOSITORY + "')" + " or "
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_DISTRIBUTION_SET + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TARGET + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TENANT_CONFIGURATION + "')" + " or "
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
@@ -83,7 +83,7 @@ public interface SystemManagement {
|
||||
/**
|
||||
* @return {@link TenantMetaData} of {@link TenantAware#getCurrentTenant()} without details ({@link TenantMetaData#getDefaultDsType()})
|
||||
*/
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_REPOSITORY + "')" + " or "
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_DISTRIBUTION_SET + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TARGET + "')" + " or "
|
||||
+ "hasAuthority('READ_" + SpPermission.TENANT_CONFIGURATION + "')" + " or "
|
||||
+ SpringEvalExpressions.IS_CONTROLLER)
|
||||
|
||||
Reference in New Issue
Block a user