From aefa6a3c818865fb287695dcd6095bd820d1379f Mon Sep 17 00:00:00 2001 From: kaizimmerm Date: Thu, 18 May 2017 15:46:39 +0200 Subject: [PATCH] Fix missuse of system admin permission. Signed-off-by: kaizimmerm --- .../org/eclipse/hawkbit/repository/SystemManagement.java | 2 +- .../hawkbit/repository/TenantStatsManagement.java | 5 +++-- .../java/org/eclipse/hawkbit/ui/SpPermissionChecker.java | 9 --------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java index fbb1701d8..b2f4ee7eb 100644 --- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java +++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SystemManagement.java @@ -60,7 +60,7 @@ public interface SystemManagement { * @param consumer * to run as teanant */ - @PreAuthorize(SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN) + @PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE) void forEachTenant(Consumer consumer); /** diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TenantStatsManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TenantStatsManagement.java index f041bc45f..6f89a83ae 100644 --- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TenantStatsManagement.java +++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TenantStatsManagement.java @@ -24,10 +24,11 @@ public interface TenantStatsManagement { * * @return collected statistics */ - @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR + @PreAuthorize(SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN + SpringEvalExpressions.HAS_AUTH_OR + + SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY + SpringEvalExpressions.HAS_AUTH_OR + SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR + SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION + SpringEvalExpressions.HAS_AUTH_OR + SpringEvalExpressions.IS_SYSTEM_CODE) TenantUsage getStatsOfTenant(); -} \ No newline at end of file +} diff --git a/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/SpPermissionChecker.java b/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/SpPermissionChecker.java index 09c914d44..b1f629b98 100644 --- a/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/SpPermissionChecker.java +++ b/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/SpPermissionChecker.java @@ -46,15 +46,6 @@ public class SpPermissionChecker implements Serializable { return permissionService.hasPermission(SpPermission.SYSTEM_DIAG); } - /** - * Gets the SP administration retrieval Permission. - * - * @return SYSTEM_ADMIN boolean value - */ - public boolean hasSpAdminViewPermission() { - return permissionService.hasPermission(SpPermission.SYSTEM_ADMIN); - } - /** * Gets the SP read Target & Dist Permission. *