Feature/ctx aware and access controller2 (#1456)

* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Verify modification is permitted before performing automatic assignment

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Start with controlling distribution set type access. Perform some refactoring.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce Software Module, Module Type and Artifact control management. Fix tests.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce access controlling test base. Add first test verifying the read operations for target types.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Finalize target type access controlling test.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Extend test cases. Include only updatable targets into rollout.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Fix action visibility.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Modifiable->Updatable & UPDATE check where needed

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* ContextRunner superseded by ContextAware

+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
  It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
  (default Java serialization of contexts) for SecurityContextTenantAware
  (using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
  just to call access control - so, if all permitted - no additional db
  queries will be made
+ &lt;repo type&gt;AccessControl classes removed and replaced with
  AccessControl &lt;repo type&gt; generics
+ AccessControlService removed - every AccessControl is registered and
  overiden independently
+ access_control_context in DB increased to 4k (in order to support java
  security context serialization)
+ needed adaptaion of implemtation and tests done

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Refactor SoftModules & DistSets

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Refactoring of the Repositories

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Repostiotory level permissions

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Improvements

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Simplification of AccessControl interface

* Simplifications & management package

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Implementation improvements

+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned

* Apply suggestions from code review

Suggestions accepted. Thanks @herdt-michael

Co-authored-by: Michael Herdt <michael.herdt@bosch.com>

* Apply suggestions from code review 2

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

---------

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
This commit is contained in:
Avgustin Marinov
2023-11-16 11:07:06 +02:00
committed by GitHub
parent 8d487fde33
commit b982039a74
170 changed files with 5371 additions and 3227 deletions

View File

@@ -68,22 +68,6 @@ public interface ArtifactManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_CREATE_REPOSITORY)
Artifact create(@NotNull @Valid ArtifactUpload artifactUpload);
/**
* Garbage collects artifact binaries if only referenced by given
* {@link SoftwareModule#getId()} or {@link SoftwareModule}'s that are
* marked as deleted.
*
*
* @param artifactSha1Hash
* no longer needed
* @param moduleId
* the garbage collection call is made for
*
* @return <code>true</code> if an binary was actually garbage collected
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_DELETE_REPOSITORY)
boolean clearArtifactBinary(@NotEmpty String artifactSha1Hash, long moduleId);
/**
* Deletes {@link Artifact} based on given id.
*
@@ -151,7 +135,7 @@ public interface ArtifactManagement {
*
* @param pageReq
* Pageable parameter
* @param swId
* @param softwareModuleId
* software module id
* @return Page<Artifact>
*
@@ -159,12 +143,12 @@ public interface ArtifactManagement {
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<Artifact> findBySoftwareModule(@NotNull Pageable pageReq, long swId);
Page<Artifact> findBySoftwareModule(@NotNull Pageable pageReq, long softwareModuleId);
/**
* Count local artifacts for a base software module.
*
* @param swId
* @param softwareModuleId
* software module id
* @return count by software module
*
@@ -172,7 +156,7 @@ public interface ArtifactManagement {
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
long countBySoftwareModule(long swId);
long countBySoftwareModule(long softwareModuleId);
/**
* Loads {@link DbArtifact} from store for given {@link Artifact}.

View File

@@ -472,17 +472,6 @@ public interface ControllerManagement {
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER)
void updateActionExternalRef(long actionId, @NotEmpty String externalRef);
/**
* Retrieves list of {@link Action}s which matches the provided
* externalRefs.
*
* @param externalRefs
* for which the actions need to be fetched.
* @return list of {@link Action}s matching the externalRefs.
*/
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER)
List<Action> getActiveActionsByExternalRef(@NotNull List<String> externalRefs);
/**
* Retrieves an {@link Action} using {@link Action#getExternalRef()}
*

View File

@@ -207,12 +207,10 @@ public interface DeploymentManagement {
long countActionsByTarget(@NotNull String rsqlParam, @NotEmpty String controllerId);
/**
* @return the total amount of stored action status
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countActionStatusAll();
/**
* Returns total count of all actions
* <p/>
* No access control applied.
*
* @return the total amount of stored actions
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
@@ -220,6 +218,8 @@ public interface DeploymentManagement {
/**
* Counts the actions which match the given query.
* <p/>
* No access control applied.
*
* @param rsqlParam
* RSQL query.
@@ -241,29 +241,6 @@ public interface DeploymentManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countActionsByTarget(@NotEmpty String controllerId);
/**
* Counts all active {@link Action}s referring to the given DistributionSet.
*
* @param distributionSet
* DistributionSet to count the {@link Action}s from
* @return the count of actions referring to the given distributionSet
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countActionsByDistributionSetIdAndActiveIsTrue(Long distributionSet);
/**
* Counts all active {@link Action}s referring to the given DistributionSet
* that are not in a given state.
*
* @param distributionSet
* DistributionSet to count the {@link Action}s from
* @param status
* the state the actions should not have
* @return the count of actions referring to the given distributionSet
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countActionsByDistributionSetIdAndActiveIsTrueAndStatusIsNot(Long distributionSet, Status status);
/**
* Get the {@link Action} entity for given actionId.
*
@@ -277,9 +254,10 @@ public interface DeploymentManagement {
/**
* Retrieves all {@link Action}s from repository.
* <p/>
* No access control applied.
*
* @param pageable
* pagination parameter
* @param pageable pagination parameter
* @return a paged list of {@link Action}s
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
@@ -287,35 +265,17 @@ public interface DeploymentManagement {
/**
* Retrieves all {@link Action} entities which match the given RSQL query.
* <p/>
* No access control applied.
*
* @param rsqlParam
* RSQL query string
* @param pageable
* the page request parameter for paging and sorting the result
* @param rsqlParam RSQL query string
* @param pageable the page request parameter for paging and sorting the result
*
* @return a paged list of {@link Action}s.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Slice<Action> findActions(@NotNull String rsqlParam, @NotNull Pageable pageable);
/**
* Retrieves all {@link Action} which assigned to a specific
* {@link DistributionSet}.
*
* @param pageable
* the page request parameter for paging and sorting the result
* @param distributionSetId
* the distribution set which should be assigned to the actions
* in the result
* @return a list of {@link Action} which are assigned to a specific
* {@link DistributionSet}
*
* @throws EntityNotFoundException
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Slice<Action> findActionsByDistributionSet(@NotNull Pageable pageable, long distributionSetId);
/**
* Retrieves all {@link Action}s assigned to a specific {@link Target} and a
* given specification.
@@ -384,7 +344,8 @@ public interface DeploymentManagement {
/**
* Retrieves all messages for an {@link ActionStatus}.
*
* <p/>
* No entity based access control applied.
*
* @param pageable
* the page request parameter for paging and sorting the result
@@ -397,14 +358,15 @@ public interface DeploymentManagement {
/**
* Counts all messages for an {@link ActionStatus}.
* <p/>
* No access control applied.
*
*
* @param pageable
* the page request parameter for paging and sorting the result
* @deprecated Used by UI only. With future removal of UI it could be removed.
* @param actionStatusId
* the id of {@link ActionStatus} to count the messages from
* @return count of messages by a specific {@link ActionStatus} id
*/
@Deprecated(forRemoval = true)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countMessagesByActionStatusId(long actionStatusId);
@@ -520,6 +482,8 @@ public interface DeploymentManagement {
/**
* Starts all scheduled actions of an RolloutGroup parent.
* <p/>
* No entity based access control applied.
*
* @param rolloutId
* the rollout the actions belong to
@@ -533,16 +497,6 @@ public interface DeploymentManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long startScheduledActionsByRolloutGroupParent(long rolloutId, long distributionSetId, Long rolloutGroupParentId);
/**
* All {@link ActionStatus} entries in the repository.
*
* @param pageable
* the pagination parameter
* @return {@link Page} of {@link ActionStatus} entries
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Page<ActionStatus> findActionStatusAll(@NotNull Pageable pageable);
/**
* Returns {@link DistributionSet} that is assigned to given {@link Target}.
*
@@ -570,7 +524,9 @@ public interface DeploymentManagement {
/**
* Deletes actions which match one of the given action status and which have
* not been modified since the given (absolute) time-stamp.
* not been modified since the given (absolute) time-stamp. Used for obsolete actions cleanup.
* <p/>
* No entity based access control applied.
*
* @param status
* Set of action status.
@@ -586,12 +542,11 @@ public interface DeploymentManagement {
* Checks if there is an action for the device with the given controller ID
* that is in the {@link Action.Status#CANCELING} state.
*
* @param controllerId
* of target
* @param targetId of target
* @return if actions in CANCELING state are present
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
boolean hasPendingCancellations(@NotEmpty String controllerId);
boolean hasPendingCancellations(@NotNull Long targetId);
/**
* Cancels all actions that refer to a given distribution set. This method

View File

@@ -53,7 +53,7 @@ public interface DistributionSetManagement
/**
* Assigns {@link SoftwareModule} to existing {@link DistributionSet}.
*
* @param setId
* @param id
* to assign and update
* @param moduleIds
* to get assigned
@@ -76,13 +76,13 @@ public interface DistributionSetManagement
* for the addressed {@link DistributionSet}.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSet assignSoftwareModules(long setId, @NotEmpty Collection<Long> moduleIds);
DistributionSet assignSoftwareModules(long id, @NotEmpty Collection<Long> moduleIds);
/**
* Assign a {@link DistributionSetTag} assignment to given
* {@link DistributionSet}s.
*
* @param setIds
* @param ids
* to assign for
* @param tagId
* to assign
@@ -94,12 +94,12 @@ public interface DistributionSetManagement
* distribution sets.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
List<DistributionSet> assignTag(@NotEmpty Collection<Long> setIds, long tagId);
List<DistributionSet> assignTag(@NotEmpty Collection<Long> ids, long tagId);
/**
* Creates a list of distribution set meta data entries.
*
* @param setId
* @param id
* if the {@link DistributionSet} the metadata has to be created
* for
* @param metadata
@@ -118,12 +118,12 @@ public interface DistributionSetManagement
* for the addressed {@link DistributionSet}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
List<DistributionSetMetadata> createMetaData(long setId, @NotEmpty Collection<MetaData> metadata);
List<DistributionSetMetadata> createMetaData(long id, @NotEmpty Collection<MetaData> metadata);
/**
* Deletes a distribution set meta data entry.
*
* @param setId
* @param id
* where meta data has to be deleted
* @param key
* of the meta data element
@@ -132,7 +132,7 @@ public interface DistributionSetManagement
* if given set does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
void deleteMetaData(long setId, @NotEmpty String key);
void deleteMetaData(long id, @NotEmpty String key);
/**
* Retrieves the distribution set for a given action.
@@ -154,13 +154,13 @@ public interface DistributionSetManagement
* Note: for performance reasons it is recommended to use {@link #get(Long)}
* if details are not necessary.
*
* @param setId
* @param id
* to look for.
*
* @return {@link DistributionSet}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Optional<DistributionSet> getWithDetails(long setId);
Optional<DistributionSet> getWithDetails(long id);
/**
* Find distribution set by name and version.
@@ -234,7 +234,7 @@ public interface DistributionSetManagement
*
* @param pageable
* the page request to page the result
* @param setId
* @param id
* the distribution set id to retrieve the meta data from
*
* @return a paged result of all meta data entries for a given distribution
@@ -244,14 +244,12 @@ public interface DistributionSetManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<DistributionSetMetadata> findMetaDataByDistributionSetId(@NotNull Pageable pageable, long setId);
Page<DistributionSetMetadata> findMetaDataByDistributionSetId(@NotNull Pageable pageable, long id);
/**
* Counts all meta data by the given distribution set id.
*
* @param pageable
* the page request to page the result
* @param setId
* @param id
* the distribution set id to retrieve the meta data count from
*
* @return count of ds metadata
@@ -260,14 +258,14 @@ public interface DistributionSetManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
long countMetaDataByDistributionSetId(long setId);
long countMetaDataByDistributionSetId(long id);
/**
* Finds all meta data by the given distribution set id.
*
* @param pageable
* the page request to page the result
* @param setId
* @param id
* the distribution set id to retrieve the meta data from
* @param rsqlParam
* rsql query string
@@ -286,8 +284,8 @@ public interface DistributionSetManagement
* of distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<DistributionSetMetadata> findMetaDataByDistributionSetIdAndRsql(@NotNull Pageable pageable, long setId,
@NotNull String rsqlParam);
Page<DistributionSetMetadata> findMetaDataByDistributionSetIdAndRsql(@NotNull Pageable pageable,
long id, @NotNull String rsqlParam);
/**
* Finds all {@link DistributionSet}s based on completeness.
@@ -409,7 +407,7 @@ public interface DistributionSetManagement
/**
* Finds a single distribution set meta data by its id.
*
* @param setId
* @param id
* of the {@link DistributionSet}
* @param key
* of the meta data element
@@ -419,19 +417,19 @@ public interface DistributionSetManagement
* is set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Optional<DistributionSetMetadata> getMetaDataByDistributionSetId(long setId, @NotEmpty String key);
Optional<DistributionSetMetadata> getMetaDataByDistributionSetId(long id, @NotEmpty String key);
/**
* Checks if a {@link DistributionSet} is currently in use by a target in
* the repository.
*
* @param setId
* @param id
* to check
*
* @return <code>true</code> if in use
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
boolean isInUse(long setId);
boolean isInUse(long id);
/**
* Toggles {@link DistributionSetTag} assignment to given
@@ -439,7 +437,7 @@ public interface DistributionSetManagement
* the list have the {@link Tag} not yet assigned, they will be. Only if all
* of theme have the tag already assigned they will be removed instead.
*
* @param setIds
* @param ids
* to toggle for
* @param tagName
* to toggle
@@ -450,13 +448,13 @@ public interface DistributionSetManagement
* if given tag does not exist or (at least one) module
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSetTagAssignmentResult toggleTagAssignment(@NotEmpty Collection<Long> setIds, @NotNull String tagName);
DistributionSetTagAssignmentResult toggleTagAssignment(@NotEmpty Collection<Long> ids, @NotNull String tagName);
/**
* Unassigns a {@link SoftwareModule} form an existing
* {@link DistributionSet}.
*
* @param setId
* @param id
* to get unassigned form
* @param moduleId
* to be unassigned
@@ -470,13 +468,13 @@ public interface DistributionSetManagement
* the DS is already in use.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSet unassignSoftwareModule(long setId, long moduleId);
DistributionSet unassignSoftwareModule(long id, long moduleId);
/**
* Unassign a {@link DistributionSetTag} assignment to given
* {@link DistributionSet}.
*
* @param setId
* @param id
* to unassign for
* @param tagId
* to unassign
@@ -486,12 +484,12 @@ public interface DistributionSetManagement
* if set or tag with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSet unAssignTag(long setId, long tagId);
DistributionSet unAssignTag(long id, long tagId);
/**
* Updates a distribution set meta data value if corresponding entry exists.
*
* @param setId
* @param id
* {@link DistributionSet} of the meta data entry to be updated
* @param metadata
* meta data entry to be updated
@@ -502,7 +500,7 @@ public interface DistributionSetManagement
* updated
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSetMetadata updateMetaData(long setId, @NotNull MetaData metadata);
DistributionSetMetadata updateMetaData(long id, @NotNull MetaData metadata);
/**
* Count all {@link DistributionSet}s in the repository that are not marked
@@ -523,48 +521,47 @@ public interface DistributionSetManagement
* Count all {@link org.eclipse.hawkbit.repository.model.Rollout}s by status for
* Distribution Set.
*
* @param dsId
* @param id
* to look for
*
* @return List of Statistics for {@link org.eclipse.hawkbit.repository.model.Rollout}s status counts
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
List<Statistic> countRolloutsByStatusForDistributionSet(@NotNull Long dsId);
List<Statistic> countRolloutsByStatusForDistributionSet(@NotNull Long id);
/**
* Count all {@link org.eclipse.hawkbit.repository.model.Action}s by status for
* Distribution Set.
*
* @param dsId
* @param id
* to look for
*
* @return List of Statistics for {@link org.eclipse.hawkbit.repository.model.Action}s status counts
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
List<Statistic> countActionsByStatusForDistributionSet(@NotNull Long dsId);
List<Statistic> countActionsByStatusForDistributionSet(@NotNull Long id);
/**
* Count all {@link org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate}s
* for Distribution Set.
*
* @param dsId
* @param id
* to look for
*
* @return number of {@link org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate}s
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Long countAutoAssignmentsForDistributionSet(@NotNull Long dsId);
Long countAutoAssignmentsForDistributionSet(@NotNull Long id);
/**
* Sets the specified {@link DistributionSet} as invalidated.
*
* @param set
* @param distributionSet
* the ID of the {@link DistributionSet} to be set to invalid
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
void invalidate(DistributionSet set);
void invalidate(DistributionSet distributionSet);
}

View File

@@ -61,7 +61,7 @@ public interface DistributionSetTagManagement extends RepositoryManagement<Distr
* @param pageable
* information for page size, offset and sort order.
*
* @param setId
* @param distributionSetId
* of the {@link DistributionSet}
* @return page of the found {@link TargetTag}s
*
@@ -69,6 +69,5 @@ public interface DistributionSetTagManagement extends RepositoryManagement<Distr
* if {@link DistributionSet} with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<DistributionSetTag> findByDistributionSet(@NotNull Pageable pageable, long setId);
Page<DistributionSetTag> findByDistributionSet(@NotNull Pageable pageable, long distributionSetId);
}

View File

@@ -52,7 +52,7 @@ public interface DistributionSetTypeManagement
/**
* Assigns {@link DistributionSetType#getMandatoryModuleTypes()}.
*
* @param dsTypeId
* @param id
* to update
* @param softwareModuleTypeIds
* to assign
@@ -71,15 +71,14 @@ public interface DistributionSetTypeManagement
* exceeded for the addressed {@link DistributionSetType}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSetType assignOptionalSoftwareModuleTypes(long dsTypeId,
@NotEmpty Collection<Long> softwareModuleTypeIds);
DistributionSetType assignOptionalSoftwareModuleTypes(long id, @NotEmpty Collection<Long> softwareModuleTypeIds);
/**
* Assigns {@link DistributionSetType#getOptionalModuleTypes()}.
*
* @param dsTypeId
* @param id
* to update
* @param softwareModuleTypes
* @param softwareModuleTypeIds
* to assign
* @return updated {@link DistributionSetType}
*
@@ -96,17 +95,16 @@ public interface DistributionSetTypeManagement
* exceeded for the addressed {@link DistributionSetType}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSetType assignMandatorySoftwareModuleTypes(long dsTypeId,
@NotEmpty Collection<Long> softwareModuleTypes);
DistributionSetType assignMandatorySoftwareModuleTypes(long id, @NotEmpty Collection<Long> softwareModuleTypeIds);
/**
* Unassigns a {@link SoftwareModuleType} from the
* {@link DistributionSetType}. Does nothing if {@link SoftwareModuleType}
* has not been assigned in the first place.
*
* @param dsTypeId
* @param id
* to update
* @param softwareModuleId
* @param softwareModuleTypeId
* to unassign
* @return updated {@link DistributionSetType}
*
@@ -118,6 +116,5 @@ public interface DistributionSetTypeManagement
* by a {@link DistributionSet}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
DistributionSetType unassignSoftwareModuleType(long dsTypeId, long softwareModuleId);
DistributionSetType unassignSoftwareModuleType(long id, long softwareModuleTypeId);
}

View File

@@ -68,6 +68,8 @@ public interface RolloutManagement {
/**
* Counts all {@link Rollout}s for a specific {@link DistributionSet} that
* are stoppable
* <p/>
* No access control applied
*
* @param setId
* the distribution set

View File

@@ -108,7 +108,7 @@ public interface SoftwareModuleManagement
/**
* Deletes a software module meta data entry.
*
* @param moduleId
* @param id
* where meta data has to be deleted
* @param key
* of the metda data element
@@ -117,14 +117,14 @@ public interface SoftwareModuleManagement
* of module or metadata entry does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
void deleteMetaData(long moduleId, @NotEmpty String key);
void deleteMetaData(long id, @NotEmpty String key);
/**
* Returns all modules assigned to given {@link DistributionSet}.
*
* @param pageable
* the page request to page the result set
* @param setId
* @param distributionSetId
* to search for
*
* @return all {@link SoftwareModule}s that are assigned to given
@@ -134,12 +134,12 @@ public interface SoftwareModuleManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<SoftwareModule> findByAssignedTo(@NotNull Pageable pageable, long setId);
Page<SoftwareModule> findByAssignedTo(@NotNull Pageable pageable, long distributionSetId);
/**
* Returns count of all modules assigned to given {@link DistributionSet}.
*
* @param setId
* @param distributionSetId
* to search for
*
* @return count of {@link SoftwareModule}s that are assigned to given
@@ -149,7 +149,7 @@ public interface SoftwareModuleManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
long countByAssignedTo(long setId);
long countByAssignedTo(long distributionSetId);
/**
* Filter {@link SoftwareModule}s with given
@@ -192,7 +192,7 @@ public interface SoftwareModuleManagement
/**
* Finds a single software module meta data by its id.
*
* @param moduleId
* @param id
* where meta data has to be found
* @param key
* of the meta data element
@@ -202,14 +202,14 @@ public interface SoftwareModuleManagement
* is module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Optional<SoftwareModuleMetadata> getMetaDataBySoftwareModuleId(long moduleId, @NotEmpty String key);
Optional<SoftwareModuleMetadata> getMetaDataBySoftwareModuleId(long id, @NotEmpty String key);
/**
* Finds all meta data by the given software module id.
*
* @param pageable
* the page request to page the result
* @param moduleId
* @param id
* the software module id to retrieve the meta data from
*
* @return a paged result of all meta data entries for a given software
@@ -219,12 +219,12 @@ public interface SoftwareModuleManagement
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<SoftwareModuleMetadata> findMetaDataBySoftwareModuleId(@NotNull Pageable pageable, long moduleId);
Page<SoftwareModuleMetadata> findMetaDataBySoftwareModuleId(@NotNull Pageable pageable, long id);
/**
* Counts all meta data by the given software module id.
*
* @param moduleId
* @param id
* the software module id to retrieve the meta data count from
*
* @return count of all meta data entries for a given software module id
@@ -233,7 +233,7 @@ public interface SoftwareModuleManagement
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
long countMetaDataBySoftwareModuleId(long moduleId);
long countMetaDataBySoftwareModuleId(long id);
/**
* Finds all meta data by the given software module id where
@@ -241,7 +241,7 @@ public interface SoftwareModuleManagement
*
* @param pageable
* the page request to page the result
* @param moduleId
* @param id
* the software module id to retrieve the meta data from
*
* @return a paged result of all meta data entries for a given software
@@ -252,14 +252,14 @@ public interface SoftwareModuleManagement
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<SoftwareModuleMetadata> findMetaDataBySoftwareModuleIdAndTargetVisible(@NotNull Pageable pageable,
long moduleId);
long id);
/**
* Finds all meta data by the given software module id.
*
* @param pageable
* the page request to page the result
* @param moduleId
* @param id
* the software module id to retrieve the meta data from
* @param rsqlParam
* filter definition in RSQL syntax
@@ -278,7 +278,7 @@ public interface SoftwareModuleManagement
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page<SoftwareModuleMetadata> findMetaDataByRsql(@NotNull Pageable pageable, long moduleId,
Page<SoftwareModuleMetadata> findMetaDataByRsql(@NotNull Pageable pageable, long id,
@NotNull String rsqlParam);
/**
@@ -296,7 +296,7 @@ public interface SoftwareModuleManagement
*
* @param pageable
* page parameter
* @param orderByDistributionId
* @param orderByDistributionSetId
* the ID of distribution set to be ordered on top
* @param searchText
* filtered as "like" on {@link SoftwareModule#getName()}
@@ -310,7 +310,7 @@ public interface SoftwareModuleManagement
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Slice<AssignedSoftwareModule> findAllOrderBySetAssignmentAndModuleNameAscModuleVersionAsc(
@NotNull Pageable pageable, long orderByDistributionId, String searchText, Long typeId);
@NotNull Pageable pageable, long orderByDistributionSetId, String searchText, Long typeId);
/**
* Retrieves the {@link SoftwareModule}s by their {@link SoftwareModuleType}

View File

@@ -111,6 +111,8 @@ public interface TargetFilterQueryManagement {
/**
* Counts all target filters that have a given auto assign distribution set
* assigned.
* <p/>
* No access control applied
*
* @param autoAssignDistributionSetId
* the id of the distribution set

View File

@@ -69,13 +69,13 @@ public interface TargetManagement {
/**
* Counts number of targets with the given distribution set assigned.
*
* @param distId to search for
* @param distributionSetId to search for
* @return number of found {@link Target}s.
* @throws EntityNotFoundException if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+ SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
long countByAssignedDistributionSet(long distId);
long countByAssignedDistributionSet(long distributionSetId);
/**
* Count {@link Target}s for all the given filter parameters.
@@ -95,25 +95,25 @@ public interface TargetManagement {
/**
* Get the count of targets with the given distribution set id.
*
* @param distId to search for
* @param distributionSetId to search for
* @return number of found {@link Target}s.
* @throws EntityNotFoundException if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+ SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
long countByInstalledDistributionSet(long distId);
long countByInstalledDistributionSet(long distributionSetId);
/**
* Checks if there is already a {@link Target} that has the given
* distribution set Id assigned or installed.
*
* @param distId to search for
* @param distributionSetId to search for
* @return <code>true</code> if a {@link Target} exists.
* @throws EntityNotFoundException if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+ SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
boolean existsByInstalledOrAssignedDistributionSet(long distId);
boolean existsByInstalledOrAssignedDistributionSet(long distributionSetId);
/**
* Count {@link TargetFilterQuery}s for given target filter query.
@@ -131,13 +131,13 @@ public interface TargetManagement {
*
* @param rsqlParam
* filter definition in RSQL syntax
* @param dsTypeId
* @param distributionSetId
* ID of the {@link DistributionSetType} the targets need to be
* compatible with
* @return the found number of{@link Target}s
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countByRsqlAndCompatible(@NotEmpty String rsqlParam, @NotNull Long dsTypeId);
long countByRsqlAndCompatible(@NotEmpty String rsqlParam, @NotNull Long distributionSetId);
/**
* Count all targets with failed actions for specific Rollout
@@ -214,31 +214,31 @@ public interface TargetManagement {
/**
* Deletes all targets with the given IDs.
*
* @param targetIDs
* @param ids
* the IDs of the targets to be deleted
*
* @throws EntityNotFoundException
* if (at least one) of the given target IDs does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_DELETE_TARGET)
void delete(@NotEmpty Collection<Long> targetIDs);
void delete(@NotEmpty Collection<Long> ids);
/**
* Deletes target with the given controller ID.
*
* @param controllerID
* @param controllerId
* the controller ID of the target to be deleted
*
* @throws EntityNotFoundException
* if target with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_DELETE_TARGET)
void deleteByControllerID(@NotEmpty String controllerID);
void deleteByControllerID(@NotEmpty String controllerId);
/**
* Finds all targets for all the given parameter {@link TargetFilterQuery}
* and that don't have the specified distribution set in their action
* history and are compatible with the passed {@link DistributionSetType}.
* Finds all targets for all the given parameter {@link TargetFilterQuery} and
* that don't have the specified distribution set in their action history and
* are compatible with the passed {@link DistributionSetType}.
*
* @param pageRequest
* the pageRequest to enhance the query for paging and sorting
@@ -251,9 +251,9 @@ public interface TargetManagement {
* @throws EntityNotFoundException
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Slice<Target> findByTargetFilterQueryAndNonDSAndCompatible(@NotNull Pageable pageRequest, long distributionSetId,
@NotNull String rsqlParam);
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
Slice<Target> findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(@NotNull Pageable pageRequest,
long distributionSetId, @NotNull String rsqlParam);
/**
* Counts all targets for all the given parameter {@link TargetFilterQuery}
@@ -269,8 +269,8 @@ public interface TargetManagement {
* @throws EntityNotFoundException
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countByRsqlAndNonDSAndCompatible(long distributionSetId, @NotNull String rsqlParam);
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
long countByRsqlAndNonDSAndCompatibleAndUpdatable(long distributionSetId, @NotNull String rsqlParam);
/**
* Finds all targets for all the given parameter {@link TargetFilterQuery}
@@ -285,11 +285,11 @@ public interface TargetManagement {
* filter definition in RSQL syntax
* @param distributionSetType
* type of the {@link DistributionSet} the targets must be
* compatible with
* compatible withs
* @return a page of the found {@link Target}s
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Slice<Target> findByTargetFilterQueryAndNotInRolloutGroupsAndCompatible(@NotNull Pageable pageRequest,
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
Slice<Target> findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatable(@NotNull Pageable pageRequest,
@NotEmpty Collection<Long> groups, @NotNull String rsqlParam,
@NotNull DistributionSetType distributionSetType);
@@ -320,13 +320,13 @@ public interface TargetManagement {
* @param rsqlParam
* filter definition in RSQL syntax
* @param distributionSetType
* type of the {@link DistributionSet} the targets must be
* compatible with
* type of the {@link DistributionSet} the targets must be compatible
* with
* @return count of the found {@link Target}s
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countByRsqlAndNotInRolloutGroupsAndCompatible(@NotEmpty Collection<Long> groups, @NotNull String rsqlParam,
@NotNull DistributionSetType distributionSetType);
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
long countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(@NotEmpty Collection<Long> groups,
@NotNull String rsqlParam, @NotNull DistributionSetType distributionSetType);
/**
* Counts all targets with failed actions for specific Rollout
@@ -363,7 +363,7 @@ public interface TargetManagement {
*
* @param pageReq
* page parameter
* @param distributionSetID
* @param distributionSetId
* the ID of the {@link DistributionSet}
*
*
@@ -373,7 +373,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET)
Page<Target> findByAssignedDistributionSet(@NotNull Pageable pageReq, long distributionSetID);
Page<Target> findByAssignedDistributionSet(@NotNull Pageable pageReq, long distributionSetId);
/**
* Retrieves {@link Target}s by the assigned {@link DistributionSet}
@@ -381,7 +381,7 @@ public interface TargetManagement {
*
* @param pageReq
* page parameter
* @param distributionSetID
* @param distributionSetId
* the ID of the {@link DistributionSet}
* @param rsqlParam
* the specification to filter the result set
@@ -396,7 +396,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET)
Page<Target> findByAssignedDistributionSetAndRsql(@NotNull Pageable pageReq, long distributionSetID,
Page<Target> findByAssignedDistributionSetAndRsql(@NotNull Pageable pageReq, long distributionSetId,
@NotNull String rsqlParam);
/**
@@ -442,7 +442,7 @@ public interface TargetManagement {
*
* @param pageReq
* page parameter
* @param distributionSetID
* @param distributionSetId
* the ID of the {@link DistributionSet}
*
* @return the found {@link Target}s
@@ -451,7 +451,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET)
Page<Target> findByInstalledDistributionSet(@NotNull Pageable pageReq, long distributionSetID);
Page<Target> findByInstalledDistributionSet(@NotNull Pageable pageReq, long distributionSetId);
/**
* retrieves {@link Target}s by the installed {@link DistributionSet}
@@ -557,7 +557,7 @@ public interface TargetManagement {
*
* @param pageable
* the page request to page the result set
* @param orderByDistributionId
* @param orderByDistributionSetId
* {@link DistributionSet#getId()} to be ordered by
* @param filterParams
* the filters to apply; only filters are enabled that have non-null
@@ -569,7 +569,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Slice<Target> findByFilterOrderByLinkedDistributionSet(@NotNull Pageable pageable, long orderByDistributionId,
Slice<Target> findByFilterOrderByLinkedDistributionSet(@NotNull Pageable pageable, long orderByDistributionSetId,
@NotNull FilterParams filterParams);
/**
@@ -656,12 +656,12 @@ public interface TargetManagement {
* assignment outcome.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
TargetTypeAssignmentResult unAssignType(@NotEmpty Collection<String> controllerIds);
TargetTypeAssignmentResult unassignType(@NotEmpty Collection<String> controllerIds);
/**
* Un-assign a {@link TargetTag} assignment to given {@link Target}.
*
* @param controllerID
* @param controllerId
* to un-assign for
* @param targetTagId
* to un-assign
@@ -671,23 +671,23 @@ public interface TargetManagement {
* if TAG with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
Target unAssignTag(@NotEmpty String controllerID, long targetTagId);
Target unassignTag(@NotEmpty String controllerId, long targetTagId);
/**
* Un-assign a {@link TargetType} assignment to given {@link Target}.
*
* @param controllerID
* @param controllerId
* to un-assign for
* @return the unassigned target
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
Target unAssignType(@NotEmpty String controllerID);
Target unassignType(@NotEmpty String controllerId);
/**
* Assign a {@link TargetType} assignment to given {@link Target}.
*
* @param controllerID
* @param controllerId
* to un-assign for
* @param targetTypeId
* Target type id
@@ -697,7 +697,7 @@ public interface TargetManagement {
* if TargetType with given target ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
Target assignType(@NotEmpty String controllerID, @NotNull Long targetTypeId);
Target assignType(@NotEmpty String controllerId, @NotNull Long targetTypeId);
/**
* updates the {@link Target}.
@@ -940,5 +940,4 @@ public interface TargetManagement {
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
TargetMetadata updateMetadata(@NotEmpty String controllerId, @NotNull MetaData metadata);
}

View File

@@ -164,24 +164,23 @@ public interface TargetTypeManagement {
TargetType update(@NotNull @Valid TargetTypeUpdate update);
/**
* @param targetTypeId
* @param id
* Target type ID
* @param distributionSetTypeIds
* Distribution set ID
* @return Target type
*/
@PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
TargetType assignCompatibleDistributionSetTypes(long targetTypeId,
TargetType assignCompatibleDistributionSetTypes(long id,
@NotEmpty Collection<Long> distributionSetTypeIds);
/**
* @param targetTypeId
* @param id
* Target type ID
* @param distributionSetTypeIds
* Distribution set ID
* @return Target type
*/
@PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
TargetType unassignDistributionSetType(long targetTypeId, long distributionSetTypeIds);
TargetType unassignDistributionSetType(long id, long distributionSetTypeIds);
}

View File

@@ -36,7 +36,11 @@ public class InsufficientPermissionException extends AbstractServerRtException {
/**
* creates new InsufficientPermissionException.
*/
public InsufficientPermissionException(final String message) {
super(message, SpServerError.SP_INSUFFICIENT_PERMISSION);
}
public InsufficientPermissionException() {
this(null);
super(SpServerError.SP_INSUFFICIENT_PERMISSION, null);
}
}

View File

@@ -108,6 +108,11 @@ public interface Rollout extends NamedEntity {
*/
Optional<Integer> getWeight();
/**
* @return the stored access control context (if present)
*/
Optional<String> getAccessControlContext();
/**
*
* State machine for rollout.

View File

@@ -73,8 +73,7 @@ public interface TargetFilterQuery extends TenantAwareBaseEntity {
ActionType getAutoAssignActionType();
/**
* @return the weight of the {@link Action}s created during an auto
* assignment.
* @return the weight of the {@link Action}s created during an auto assignment.
*/
Optional<Integer> getAutoAssignWeight();
@@ -88,4 +87,10 @@ public interface TargetFilterQuery extends TenantAwareBaseEntity {
* (considered with confirmation flow active)
*/
boolean isConfirmationRequired();
/**
* Defining a serialized access control context which needs to be set when
* performing the auto-assignment by the scheduler
*/
Optional<String> getAccessControlContext();
}