diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java index 6c27b703a..d15501fda 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java @@ -12,7 +12,9 @@ import java.lang.annotation.Target; import java.lang.reflect.Field; import java.lang.reflect.Modifier; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.List; import org.slf4j.Logger; @@ -154,16 +156,42 @@ public final class SpPermission { * @return all permission */ public static Collection getAllAuthorities() { + return getAllAuthorities(Collections.emptyList()); + } + + /** + * Return all permission. + * + * @param exclusionRoles + * roles which will excluded + * @return all permissions + */ + public static Collection getAllAuthorities(final String... exclusionRoles) { + return getAllAuthorities(Arrays.asList(exclusionRoles)); + } + + /** + * Return all permission. + * + * @param exclusionRoles + * roles which will excluded + * @return all permissions + */ + public static Collection getAllAuthorities(final Collection exclusionRoles) { final List allPermissions = new ArrayList<>(); final Field[] declaredFields = SpPermission.class.getDeclaredFields(); for (final Field field : declaredFields) { if (Modifier.isPublic(field.getModifiers()) && Modifier.isStatic(field.getModifiers())) { field.setAccessible(true); try { - allPermissions.add((String) field.get(null)); + final String role = (String) field.get(null); + if (!(exclusionRoles.contains(role))) { + allPermissions.add(role); + } } catch (final IllegalAccessException e) { LOGGER.error(e.getMessage(), e); } + } } return allPermissions; diff --git a/hawkbit-security-core/src/test/java/org/eclipse/hawkbit/im/authentication/PermissionTest.java b/hawkbit-security-core/src/test/java/org/eclipse/hawkbit/im/authentication/PermissionTest.java new file mode 100644 index 000000000..bca7fd1c1 --- /dev/null +++ b/hawkbit-security-core/src/test/java/org/eclipse/hawkbit/im/authentication/PermissionTest.java @@ -0,0 +1,54 @@ +/** + * Copyright (c) 2015 Bosch Software Innovations GmbH and others. + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + */ +package org.eclipse.hawkbit.im.authentication; + +import static org.fest.assertions.api.Assertions.assertThat; + +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; + +import org.junit.Test; +import org.springframework.context.annotation.Description; +import org.springframework.security.core.GrantedAuthority; + +import ru.yandex.qatools.allure.annotations.Features; +import ru.yandex.qatools.allure.annotations.Stories; + +/** + * Test {@link SpPermission}. + */ +@Features("Unit Tests - Security") +@Stories("Permission Test") +public final class PermissionTest { + + @Test + @Description("Verify the get permission function") + public void testGetPermissions() { + final int allPermission = 15; + final int permissionWithoutSystem = allPermission - 3; + final Collection allAuthorities = SpPermission.getAllAuthorities(); + final List allAuthoritiesList = PermissionUtils.createAllAuthorityList(); + assertThat(allAuthorities).hasSize(allPermission); + assertThat(allAuthoritiesList).hasSize(allPermission); + assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList())) + .containsAll(allAuthorities); + + final Collection authoritiesWithoutSystem = SpPermission.getAllAuthorities(SpPermission.SYSTEM_ADMIN, + SpPermission.SYSTEM_DIAG, SpPermission.SYSTEM_MONITOR); + final List authoritiesListWithoutSystem = PermissionUtils.createAuthorityList(SpPermission + .getAllAuthorities(SpPermission.SYSTEM_ADMIN, SpPermission.SYSTEM_DIAG, SpPermission.SYSTEM_MONITOR)); + + assertThat(authoritiesWithoutSystem).hasSize(permissionWithoutSystem); + assertThat(authoritiesListWithoutSystem).hasSize(permissionWithoutSystem); + assertThat(authoritiesListWithoutSystem.stream().map(authority -> authority.getAuthority()) + .collect(Collectors.toList())).containsAll(authoritiesWithoutSystem); + + } +}