Type Access Controllers enabled by default if AC is enabled (#2694)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -62,7 +62,7 @@ public interface ArtifactManagement extends PermissionSupport {
|
|||||||
* @param isEncrypted flag to indicate if artifact is encrypted.
|
* @param isEncrypted flag to indicate if artifact is encrypted.
|
||||||
* @return loaded {@link StoredArtifactInfo}
|
* @return loaded {@link StoredArtifactInfo}
|
||||||
*/
|
*/
|
||||||
@PreAuthorize("hasAuthority('" + SpPermission.SOFTWARE_MODULE_DOWNLOAD + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
@PreAuthorize("hasAuthority('" + SpPermission.READ_SOFTWARE_MODULE_DOWNLOAD + "')" + " or " + SpringEvalExpressions.IS_CONTROLLER)
|
||||||
ArtifactStream getArtifactStream(@NotEmpty String sha1Hash, long softwareModuleId, final boolean isEncrypted);
|
ArtifactStream getArtifactStream(@NotEmpty String sha1Hash, long softwareModuleId, final boolean isEncrypted);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -107,7 +107,7 @@ public class AccessControllerConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.target-type.enabled", havingValue = "true")
|
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.target-type.enabled", havingValue = "true", matchIfMissing = true)
|
||||||
AccessController<JpaTargetType> targetTypeAccessController() {
|
AccessController<JpaTargetType> targetTypeAccessController() {
|
||||||
return new DefaultAccessController<>(TargetTypeFields.class, SpPermission.TARGET_TYPE);
|
return new DefaultAccessController<>(TargetTypeFields.class, SpPermission.TARGET_TYPE);
|
||||||
}
|
}
|
||||||
@@ -119,7 +119,7 @@ public class AccessControllerConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.software-module-type.enabled", havingValue = "true")
|
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.software-module-type.enabled", havingValue = "true", matchIfMissing = true)
|
||||||
AccessController<JpaSoftwareModuleType> softwareModuleTypeAccessController() {
|
AccessController<JpaSoftwareModuleType> softwareModuleTypeAccessController() {
|
||||||
return new DefaultAccessController<>(SoftwareModuleTypeFields.class, SpPermission.SOFTWARE_MODULE_TYPE);
|
return new DefaultAccessController<>(SoftwareModuleTypeFields.class, SpPermission.SOFTWARE_MODULE_TYPE);
|
||||||
}
|
}
|
||||||
@@ -131,7 +131,7 @@ public class AccessControllerConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.distribution-set-type.enabled", havingValue = "true")
|
@ConditionalOnProperty(name = "hawkbit.acm.access-controller.distribution-set-type.enabled", havingValue = "true", matchIfMissing = true)
|
||||||
AccessController<JpaDistributionSetType> distributionSetTypeAccessController() {
|
AccessController<JpaDistributionSetType> distributionSetTypeAccessController() {
|
||||||
return new DefaultAccessController<>(DistributionSetTypeFields.class, SpPermission.DISTRIBUTION_SET_TYPE);
|
return new DefaultAccessController<>(DistributionSetTypeFields.class, SpPermission.DISTRIBUTION_SET_TYPE);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ import org.springframework.test.context.TestPropertySource;
|
|||||||
* Story: Test Target Type Access Controller
|
* Story: Test Target Type Access Controller
|
||||||
*/
|
*/
|
||||||
@ContextConfiguration(classes = { AccessControllerConfiguration.class })
|
@ContextConfiguration(classes = { AccessControllerConfiguration.class })
|
||||||
@TestPropertySource(properties = { "hawkbit.acm.access-controller.target-type.enabled=true", "hawkbit.acm.access-controller.enabled=true" })
|
@TestPropertySource(properties = "hawkbit.acm.access-controller.enabled=true")
|
||||||
class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -400,7 +400,7 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
@WithUser(allSpPermissions = true, removeFromAllPermission = {
|
@WithUser(allSpPermissions = true, removeFromAllPermission = {
|
||||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD,
|
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.READ_SOFTWARE_MODULE_DOWNLOAD,
|
||||||
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
||||||
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
|
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
|
||||||
assertThatExceptionOfType(InsufficientPermissionException.class)
|
assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||||
|
|||||||
@@ -68,13 +68,13 @@ public final class SpPermission {
|
|||||||
public static final String UPDATE_DISTRIBUTION_SET = UPDATE_PREFIX + DISTRIBUTION_SET;
|
public static final String UPDATE_DISTRIBUTION_SET = UPDATE_PREFIX + DISTRIBUTION_SET;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Deprecated since 0.10.0, use {@link #SOFTWARE_MODULE_DOWNLOAD} instead
|
* Deprecated since 0.10.0, use {@link #READ_SOFTWARE_MODULE_DOWNLOAD} instead
|
||||||
*
|
*
|
||||||
* @deprecated since 0.10.0, use {@link #SOFTWARE_MODULE_DOWNLOAD} instead
|
* @deprecated since 0.10.0, use {@link #READ_SOFTWARE_MODULE_DOWNLOAD} instead
|
||||||
*/
|
*/
|
||||||
@Deprecated(since = "0.10.0", forRemoval = true)
|
@Deprecated(since = "0.10.0", forRemoval = true)
|
||||||
public static final String DOWNLOAD_REPOSITORY_ARTIFACT = "DOWNLOAD_REPOSITORY_ARTIFACT";
|
public static final String DOWNLOAD_REPOSITORY_ARTIFACT = "DOWNLOAD_REPOSITORY_ARTIFACT";
|
||||||
public static final String SOFTWARE_MODULE_DOWNLOAD = SOFTWARE_MODULE + "_DOWNLOAD";
|
public static final String READ_SOFTWARE_MODULE_DOWNLOAD = READ_PREFIX + SOFTWARE_MODULE + "_DOWNLOAD";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Permission to read the tenant settings.
|
* Permission to read the tenant settings.
|
||||||
@@ -118,7 +118,7 @@ public final class SpPermission {
|
|||||||
READ_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
READ_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||||
UPDATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
UPDATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||||
DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||||
DOWNLOAD_REPOSITORY_ARTIFACT + IMPLY + SOFTWARE_MODULE_DOWNLOAD + LINE_BREAK;
|
DOWNLOAD_REPOSITORY_ARTIFACT + IMPLY + READ_SOFTWARE_MODULE_DOWNLOAD + LINE_BREAK;
|
||||||
public static final String DISTRIBUTION_SET_HIERARCHY =
|
public static final String DISTRIBUTION_SET_HIERARCHY =
|
||||||
CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
||||||
READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + DISTRIBUTION_SET_TYPE + LINE_BREAK +
|
||||||
@@ -148,7 +148,7 @@ public final class SpPermission {
|
|||||||
// special
|
// special
|
||||||
allPermissions.add(READ_TARGET_SECURITY_TOKEN);
|
allPermissions.add(READ_TARGET_SECURITY_TOKEN);
|
||||||
allPermissions.add(READ_GATEWAY_SECURITY_TOKEN);
|
allPermissions.add(READ_GATEWAY_SECURITY_TOKEN);
|
||||||
allPermissions.add(SOFTWARE_MODULE_DOWNLOAD);
|
allPermissions.add(READ_SOFTWARE_MODULE_DOWNLOAD);
|
||||||
allPermissions.add(APPROVE_ROLLOUT);
|
allPermissions.add(APPROVE_ROLLOUT);
|
||||||
allPermissions.add(HANDLE_ROLLOUT);
|
allPermissions.add(HANDLE_ROLLOUT);
|
||||||
|
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ public final class SpRole {
|
|||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_PREFIX + SpPermission.SOFTWARE_MODULE + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.SOFTWARE_MODULE_DOWNLOAD + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_SOFTWARE_MODULE_DOWNLOAD + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_PREFIX + SpPermission.SOFTWARE_MODULE_TYPE + LINE_BREAK +
|
||||||
|
|||||||
Reference in New Issue
Block a user