Type Access Controllers enabled by default if AC is enabled (#2694)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -62,7 +62,7 @@ public interface ArtifactManagement extends PermissionSupport {
|
||||
* @param isEncrypted flag to indicate if artifact is encrypted.
|
||||
* @return loaded {@link StoredArtifactInfo}
|
||||
*/
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
@PreAuthorize("hasAuthority('" + SpPermission.READ_SOFTWARE_MODULE_DOWNLOAD + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||
ArtifactStream getArtifactStream(@NotEmpty String sha1Hash, long softwareModuleId, final boolean isEncrypted);
|
||||
|
||||
/**
|
||||
|
||||
@@ -107,7 +107,7 @@ public class AccessControllerConfiguration {
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.target-type.enabled", havingValue = "true")
|
||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.target-type.enabled", havingValue = "true", matchIfMissing = true)
|
||||
AccessController<JpaTargetType> targetTypeAccessController() {
|
||||
return new DefaultAccessController<>(TargetTypeFields.class, SpPermission.TARGET_TYPE);
|
||||
}
|
||||
@@ -119,7 +119,7 @@ public class AccessControllerConfiguration {
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.software-module-type.enabled", havingValue = "true")
|
||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.software-module-type.enabled", havingValue = "true", matchIfMissing = true)
|
||||
AccessController<JpaSoftwareModuleType> softwareModuleTypeAccessController() {
|
||||
return new DefaultAccessController<>(SoftwareModuleTypeFields.class, SpPermission.SOFTWARE_MODULE_TYPE);
|
||||
}
|
||||
@@ -131,7 +131,7 @@ public class AccessControllerConfiguration {
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.distribution-set-type.enabled", havingValue = "true")
|
||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.distribution-set-type.enabled", havingValue = "true", matchIfMissing = true)
|
||||
AccessController<JpaDistributionSetType> distributionSetTypeAccessController() {
|
||||
return new DefaultAccessController<>(DistributionSetTypeFields.class, SpPermission.DISTRIBUTION_SET_TYPE);
|
||||
}
|
||||
|
||||
@@ -38,7 +38,7 @@ import org.springframework.test.context.TestPropertySource;
|
||||
* Story: Test Target Type Access Controller
|
||||
*/
|
||||
@ContextConfiguration(classes = { AccessControllerConfiguration.class })
|
||||
@TestPropertySource(properties = { "hawkbit.acm.access-controller.target-type.enabled=true", "hawkbit.acm.access-controller.enabled=true" })
|
||||
@TestPropertySource(properties = "hawkbit.acm.access-controller.enabled=true")
|
||||
class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
/**
|
||||
|
||||
@@ -400,7 +400,7 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true, removeFromAllPermission = {
|
||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD,
|
||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.READ_SOFTWARE_MODULE_DOWNLOAD,
|
||||
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
||||
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
|
||||
assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||
|
||||
Reference in New Issue
Block a user