fix the lookup of artifacts with the same lookup key, e.g. SHA1 hash if
multiple artifacts with key exists for different software modules Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>
This commit is contained in:
@@ -166,6 +166,8 @@ public class AmqpMessageHandlerService extends BaseAmqpService {
|
|||||||
final LocalArtifact localArtifact = findLocalArtifactByFileResource(fileResource);
|
final LocalArtifact localArtifact = findLocalArtifactByFileResource(fileResource);
|
||||||
|
|
||||||
if (localArtifact == null) {
|
if (localArtifact == null) {
|
||||||
|
LOG.info("target {} requested file resource which does not exists to download",
|
||||||
|
secruityToken.getControllerId(), fileResource);
|
||||||
throw new EntityNotFoundException();
|
throw new EntityNotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -175,10 +177,14 @@ public class AmqpMessageHandlerService extends BaseAmqpService {
|
|||||||
// assigned to this controller. Otherwise no controllerId is set =
|
// assigned to this controller. Otherwise no controllerId is set =
|
||||||
// anonymous download
|
// anonymous download
|
||||||
if (secruityToken.getControllerId() != null) {
|
if (secruityToken.getControllerId() != null) {
|
||||||
final Action action = controllerManagement.getActionForDownloadByTargetAndSoftwareModule(
|
LOG.debug("no anonymous download request, doing authentication check for target {} and artifact {}",
|
||||||
secruityToken.getControllerId(), localArtifact.getSoftwareModule());
|
secruityToken.getControllerId(), localArtifact);
|
||||||
LOG.info("Found action for download authentication request action: {}, resource: {}", action,
|
if (!controllerManagement.hasTargetArtifactAssigned(secruityToken.getControllerId(), localArtifact)) {
|
||||||
secruityToken.getFileResource());
|
LOG.info("target {} tried to download artifact {} which is not assigned to the target");
|
||||||
|
throw new EntityNotFoundException();
|
||||||
|
}
|
||||||
|
LOG.info("download security check for target {} and artifact {} granted",
|
||||||
|
secruityToken.getControllerId(), localArtifact);
|
||||||
}
|
}
|
||||||
|
|
||||||
final Artifact artifact = convertDbArtifact(artifactManagement.loadLocalArtifactBinary(localArtifact));
|
final Artifact artifact = convertDbArtifact(artifactManagement.loadLocalArtifactBinary(localArtifact));
|
||||||
|
|||||||
@@ -28,12 +28,14 @@ import org.eclipse.hawkbit.repository.model.Action.Status;
|
|||||||
import org.eclipse.hawkbit.repository.model.ActionStatus;
|
import org.eclipse.hawkbit.repository.model.ActionStatus;
|
||||||
import org.eclipse.hawkbit.repository.model.ActionStatus_;
|
import org.eclipse.hawkbit.repository.model.ActionStatus_;
|
||||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||||
|
import org.eclipse.hawkbit.repository.model.LocalArtifact;
|
||||||
import org.eclipse.hawkbit.repository.model.SoftwareModule;
|
import org.eclipse.hawkbit.repository.model.SoftwareModule;
|
||||||
import org.eclipse.hawkbit.repository.model.Target;
|
import org.eclipse.hawkbit.repository.model.Target;
|
||||||
import org.eclipse.hawkbit.repository.model.TargetInfo;
|
import org.eclipse.hawkbit.repository.model.TargetInfo;
|
||||||
import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
|
import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
|
||||||
import org.eclipse.hawkbit.repository.model.Target_;
|
import org.eclipse.hawkbit.repository.model.Target_;
|
||||||
import org.eclipse.hawkbit.repository.model.TenantConfiguration;
|
import org.eclipse.hawkbit.repository.model.TenantConfiguration;
|
||||||
|
import org.eclipse.hawkbit.repository.specifications.ActionSpecifications;
|
||||||
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
||||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
||||||
import org.hibernate.validator.constraints.NotEmpty;
|
import org.hibernate.validator.constraints.NotEmpty;
|
||||||
@@ -166,6 +168,31 @@ public class ControllerManagement {
|
|||||||
return action.get(0);
|
return action.get(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if a given target has currently or has even been assigned to the
|
||||||
|
* given artifact through the action history list. This can e.g. indicate if
|
||||||
|
* a target is allowed to download a given artifact because it has currently
|
||||||
|
* assigned or had ever been assigned to the target and so it's visible to a
|
||||||
|
* specific target e.g. for downloading.
|
||||||
|
*
|
||||||
|
* @param targetId
|
||||||
|
* the ID of the target to check
|
||||||
|
* @param localArtifact
|
||||||
|
* the artifact to verify if the given target had even been
|
||||||
|
* assigned to
|
||||||
|
* @return {@code true} if the given target has currently or had ever a
|
||||||
|
* relation to the given artifact through the action history,
|
||||||
|
* otherwise {@code false}
|
||||||
|
*/
|
||||||
|
public boolean hasTargetArtifactAssigned(@NotNull final String targetId,
|
||||||
|
@NotNull final LocalArtifact localArtifact) {
|
||||||
|
final Target target = targetRepository.findByControllerId(targetId);
|
||||||
|
if (target == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return actionRepository.count(ActionSpecifications.hasTargetArtifactAssigned(target, localArtifact)) > 0;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Refreshes the time of the last time the controller has been connected to
|
* Refreshes the time of the last time the controller has been connected to
|
||||||
* the server.
|
* the server.
|
||||||
|
|||||||
@@ -0,0 +1,60 @@
|
|||||||
|
/**
|
||||||
|
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
|
||||||
|
*
|
||||||
|
* All rights reserved. This program and the accompanying materials
|
||||||
|
* are made available under the terms of the Eclipse Public License v1.0
|
||||||
|
* which accompanies this distribution, and is available at
|
||||||
|
* http://www.eclipse.org/legal/epl-v10.html
|
||||||
|
*/
|
||||||
|
package org.eclipse.hawkbit.repository.specifications;
|
||||||
|
|
||||||
|
import javax.persistence.criteria.Join;
|
||||||
|
import javax.persistence.criteria.ListJoin;
|
||||||
|
import javax.persistence.criteria.SetJoin;
|
||||||
|
|
||||||
|
import org.eclipse.hawkbit.repository.model.Action;
|
||||||
|
import org.eclipse.hawkbit.repository.model.Action_;
|
||||||
|
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||||
|
import org.eclipse.hawkbit.repository.model.DistributionSet_;
|
||||||
|
import org.eclipse.hawkbit.repository.model.LocalArtifact;
|
||||||
|
import org.eclipse.hawkbit.repository.model.LocalArtifact_;
|
||||||
|
import org.eclipse.hawkbit.repository.model.SoftwareModule;
|
||||||
|
import org.eclipse.hawkbit.repository.model.SoftwareModule_;
|
||||||
|
import org.eclipse.hawkbit.repository.model.Target;
|
||||||
|
import org.springframework.data.jpa.domain.Specification;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Utility class for {@link Action}s {@link Specification}s. The class provides
|
||||||
|
* Spring Data JPQL Specifications.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class ActionSpecifications {
|
||||||
|
|
||||||
|
private ActionSpecifications() {
|
||||||
|
// utility class
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Specification which joins all necessary tables to retrieve the dependency
|
||||||
|
* between a target and a local file assignment through the assigen action
|
||||||
|
* of the target. All actions are included, not only active actions.
|
||||||
|
*
|
||||||
|
* @param target
|
||||||
|
* the target to verfiy if the given artifact is currently
|
||||||
|
* assigned or had been assigned
|
||||||
|
* @param localArtifact
|
||||||
|
* the local artifact to check wherever the target had ever been
|
||||||
|
* assigned
|
||||||
|
* @return a specification to use with spring JPA
|
||||||
|
*/
|
||||||
|
public static Specification<Action> hasTargetArtifactAssigned(final Target target,
|
||||||
|
final LocalArtifact localArtifact) {
|
||||||
|
return (actionRoot, query, cb) -> {
|
||||||
|
final Join<Action, DistributionSet> dsJoin = actionRoot.join(Action_.distributionSet);
|
||||||
|
final SetJoin<DistributionSet, SoftwareModule> modulesJoin = dsJoin.join(DistributionSet_.modules);
|
||||||
|
final ListJoin<SoftwareModule, LocalArtifact> artifactsJoin = modulesJoin.join(SoftwareModule_.artifacts);
|
||||||
|
return cb.and(cb.equal(artifactsJoin.get(LocalArtifact_.id), localArtifact.getId()),
|
||||||
|
cb.equal(actionRoot.get(Action_.target), target));
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user