Add distribution set and target type fine grained permissions (#2545)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-07-14 14:52:36 +03:00
committed by GitHub
parent c3fdd9fcc8
commit e7373275bf
53 changed files with 506 additions and 476 deletions

View File

@@ -14,7 +14,7 @@ import java.util.Collections;
import java.util.Objects;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemCache;
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemStatisticsRest;
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemTenantServiceUsage;

View File

@@ -69,7 +69,9 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* GET targettypes returns Forbidden when permission is missing
*/
@Test
@WithUser(principal = "targetTypeTester", allSpPermissions = true, removeFromAllPermission = { SpPermission.READ_TARGET })
@WithUser(
principal = "targetTypeTester", allSpPermissions = true,
removeFromAllPermission = { SpPermission.READ_TARGET, SpPermission.READ_TARGET_TYPE })
void getTargetTypesWithoutPermission() throws Exception {
mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
.andDo(MockMvcResultPrinter.print())

View File

@@ -52,7 +52,10 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
* Tests whether request returns distribution set if a role with scope is granted for the user
*/
@Test
@WithUser(authorities = { SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY + "/name==DsOne" }, autoCreateTenant = false)
@WithUser(authorities = {
SpPermission.CREATE_REPOSITORY,
SpPermission.READ_REPOSITORY,
SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
void successIfHasRoleWithScope() throws Exception {
createDsOne("successIfHasRoleWithScope");
mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
@@ -65,7 +68,10 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
* Tests whether request doesn't return distribution set if a role with scope doesn't grant access
*/
@Test
@WithUser(authorities = { SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY + "/name==DsOne2" }, autoCreateTenant = false)
@WithUser(authorities = {
SpPermission.CREATE_REPOSITORY,
SpPermission.READ_REPOSITORY,
SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne2" }, autoCreateTenant = false)
void failIfHasNoForbiddingScope() throws Exception {
createDsOne("failIfHasNoForbiddingScope");
mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {