Execute rollouts and auto assignments in the correct user context (#1100)

* Execute rollouts and auto assignments in correct user context Signed-off-by: Stefan Behl <stefan.behl@bosch.io> * Fix PR review findings Signed-off-by: Stefan Behl <stefan.behl@bosch.io> * Cleanup usage of lenient Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
2021-04-15 12:23:14 +02:00
parent eaf6be8c94
commit cf67467fb5
14 changed files with 354 additions and 90 deletions
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
@@ -42,7 +42,27 @@ public interface TenantAware {
     * @throws any
     *             kind of {@link RuntimeException}
     */
-    <T> T runAsTenant(final String tenant, TenantRunner<T> tenantRunner);
+    <T> T runAsTenant(String tenant, TenantRunner<T> tenantRunner);
+
+    /**
+     * Gives the possibility to run a certain code under a specific given
+     * {@code tenant} and {@code username}. Only the given {@link TenantRunner} is executed under the
+     * specific tenant and user e.g. under control of an {@link ThreadLocal}. After the
+     * {@link TenantRunner} it must be ensured that the original tenant before
+     * this invocation is reset.
+     *
+     * @param tenant
+     *            the tenant which the specific code should run with
+     * @param username
+     *            the username which the specific code should run with
+     * @param tenantRunner
+     *            the runner which is implemented to run this specific code
+     *            under the given tenant
+     * @return the return type of the {@link TenantRunner}
+     * @throws any
+     *             kind of {@link RuntimeException}
+     */
+    <T> T runAsTenantAsUser(String tenant, String username, TenantRunner<T> tenantRunner);

    /**
     * An {@link TenantRunner} interface which allows to run specific code under
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java
@@ -0,0 +1,30 @@
+/**
+ * Copyright (c) 2020 Bosch.IO GmbH and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.eclipse.hawkbit.tenancy;
+
+import java.util.Collection;
+
+/**
+ * The service responsible for making the lookup for user authorities/roles
+ * based on his tenant and username
+ */
+@FunctionalInterface
+public interface UserAuthoritiesResolver {
+
+    /**
+     * User authorities/roles lookup based on the tenant and the username
+     *
+     * @param tenant
+     *            The tenant that this user belongs to
+     * @param username
+     *            The username of the user
+     * @return a {@link Collection} of authorities/roles for this user
+     */
+    Collection<String> getUserAuthorities(String tenant, String username);
+}