Add distribution set and target type fine grained permissions (#2545)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -14,7 +14,7 @@ import java.util.Collections;
|
||||
import java.util.Objects;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemCache;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemStatisticsRest;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemTenantServiceUsage;
|
||||
|
||||
@@ -69,7 +69,9 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* GET targettypes returns Forbidden when permission is missing
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "targetTypeTester", allSpPermissions = true, removeFromAllPermission = { SpPermission.READ_TARGET })
|
||||
@WithUser(
|
||||
principal = "targetTypeTester", allSpPermissions = true,
|
||||
removeFromAllPermission = { SpPermission.READ_TARGET, SpPermission.READ_TARGET_TYPE })
|
||||
void getTargetTypesWithoutPermission() throws Exception {
|
||||
mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
|
||||
@@ -52,7 +52,10 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
|
||||
* Tests whether request returns distribution set if a role with scope is granted for the user
|
||||
*/
|
||||
@Test
|
||||
@WithUser(authorities = { SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY + "/name==DsOne" }, autoCreateTenant = false)
|
||||
@WithUser(authorities = {
|
||||
SpPermission.CREATE_REPOSITORY,
|
||||
SpPermission.READ_REPOSITORY,
|
||||
SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne" }, autoCreateTenant = false)
|
||||
void successIfHasRoleWithScope() throws Exception {
|
||||
createDsOne("successIfHasRoleWithScope");
|
||||
mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
|
||||
@@ -65,7 +68,10 @@ class PreAuthorizeEnabledTest extends AbstractSecurityTest {
|
||||
* Tests whether request doesn't return distribution set if a role with scope doesn't grant access
|
||||
*/
|
||||
@Test
|
||||
@WithUser(authorities = { SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY + "/name==DsOne2" }, autoCreateTenant = false)
|
||||
@WithUser(authorities = {
|
||||
SpPermission.CREATE_REPOSITORY,
|
||||
SpPermission.READ_REPOSITORY,
|
||||
SpPermission.READ_DISTRIBUTION_SET + "/name==DsOne2" }, autoCreateTenant = false)
|
||||
void failIfHasNoForbiddingScope() throws Exception {
|
||||
createDsOne("failIfHasNoForbiddingScope");
|
||||
mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
|
||||
|
||||
Reference in New Issue
Block a user