Add distribution set and target type fine grained permissions (#2545)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -11,9 +11,10 @@ package org.eclipse.hawkbit.repository.jpa.acm;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_DISTRIBUTION_SET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_REPOSITORY;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_REPOSITORY;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_DISTRIBUTION_SET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET;
|
||||
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.runAs;
|
||||
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUser;
|
||||
@@ -38,6 +39,9 @@ import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
||||
/**
|
||||
* Note: Still all test gets READ_REPOSITORY since find methods are inherited with request for READ_REPOSITORY. However,
|
||||
* using READ_DISTRIBUTION_SET scoping - the scopes still work.
|
||||
* <p/>
|
||||
* Feature: Component Tests - Access Control<br/>
|
||||
* Story: Test Distribution Set Access Controller
|
||||
*/
|
||||
@@ -56,7 +60,8 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final Action hiddenAction = testdataFactory.performAssignment(hidden);
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY + "/id==" + permitted.getId(),
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId(),
|
||||
READ_TARGET +"/controllerId==" + permittedAction.getTarget().getControllerId()), () -> {
|
||||
final Long permittedActionId = permitted.getId();
|
||||
|
||||
@@ -125,8 +130,9 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final SoftwareModule swModule = testdataFactory.createSoftwareModuleOs();
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_REPOSITORY + "/id==" + permitted.getId()), () -> {
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId()), () -> {
|
||||
// verify distributionSetManagement#assignSoftwareModules
|
||||
final List<Long> singleModuleIdList = Collections.singletonList(swModule.getId());
|
||||
assertThat(distributionSetManagement.assignSoftwareModules(permitted.getId(), singleModuleIdList))
|
||||
@@ -185,8 +191,9 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
distributionSetManagement.assignTag(Arrays.asList(permitted.getId(), readOnly.getId(), hidden.getId()), dsTagId);
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_REPOSITORY + "/id==" + permitted.getId()), () -> {
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId()), () -> {
|
||||
assertThat(distributionSetManagement.findByTag(dsTagId, Pageable.unpaged()).get().map(Identifiable::getId)
|
||||
.toList()).containsOnly(permitted.getId(), readOnly.getId());
|
||||
|
||||
@@ -252,8 +259,9 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
.create(entityFactory.targetFilterQuery().create().name("test").query("id==*"));
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_REPOSITORY + "/id==" + permitted.getId(),
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId(),
|
||||
// read / update target needed to update target filter query
|
||||
READ_TARGET, UPDATE_TARGET), () -> {
|
||||
assertThat(targetFilterQueryManagement
|
||||
|
||||
@@ -11,15 +11,13 @@ package org.eclipse.hawkbit.repository.jpa.acm;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.DELETE_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.DELETE_TARGET_TYPE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET_TYPE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET_TYPE;
|
||||
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.runAs;
|
||||
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUser;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import org.eclipse.hawkbit.repository.Identifiable;
|
||||
import org.eclipse.hawkbit.repository.builder.TargetTypeCreate;
|
||||
@@ -27,8 +25,6 @@ import org.eclipse.hawkbit.repository.builder.TargetTypeUpdate;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.jpa.model.JpaTargetType;
|
||||
import org.eclipse.hawkbit.repository.jpa.specifications.TargetTypeSpecification;
|
||||
import org.eclipse.hawkbit.repository.model.TargetType;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
@@ -49,7 +45,7 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final TargetType permittedTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type1"));
|
||||
final TargetType hiddenTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type2"));
|
||||
|
||||
runAs(withUser("user", READ_TARGET + "/id==" + permittedTargetType.getId()), () -> {
|
||||
runAs(withUser("user", READ_TARGET_TYPE + "/id==" + permittedTargetType.getId()), () -> {
|
||||
// verify targetTypeManagement#findAll
|
||||
assertThat(targetTypeManagement.findAll(Pageable.unpaged()).get().map(Identifiable::getId).toList())
|
||||
.containsOnly(permittedTargetType.getId());
|
||||
@@ -111,8 +107,8 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final TargetType readOnlyTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type2"));
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_TARGET + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
|
||||
DELETE_TARGET + "/id==" + manageableTargetType.getId()), () -> {
|
||||
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
|
||||
DELETE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
|
||||
// delete the manageableTargetType
|
||||
targetTypeManagement.delete(manageableTargetType.getId());
|
||||
|
||||
@@ -132,8 +128,8 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final TargetType readOnlyTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type2"));
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_TARGET + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
|
||||
UPDATE_TARGET + "/id==" + manageableTargetType.getId()), () -> {
|
||||
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
|
||||
UPDATE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
|
||||
// update the manageableTargetType
|
||||
targetTypeManagement.update(entityFactory.targetType().update(manageableTargetType.getId())
|
||||
.name(manageableTargetType.getName() + "/new").description("newDesc"));
|
||||
@@ -151,7 +147,7 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void verifyTargetTypeCreationBlockedByAccessController() {
|
||||
runAs(withUser("user", READ_TARGET, UPDATE_TARGET), () -> {
|
||||
runAs(withUser("user", READ_TARGET_TYPE, UPDATE_TARGET_TYPE), () -> {
|
||||
// verify targetTypeManagement#create for any type
|
||||
final TargetTypeCreate targetTypeCreate = entityFactory.targetType().create().name("type1");
|
||||
assertThatThrownBy(() -> targetTypeManagement.create(targetTypeCreate))
|
||||
|
||||
@@ -13,6 +13,7 @@ import java.io.ByteArrayInputStream;
|
||||
import java.util.List;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
@@ -59,7 +60,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void getPermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.get(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -70,7 +71,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L),
|
||||
List.of(SpPermission.READ_REPOSITORY), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -79,7 +80,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void findFirstBySHA1PermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.READ_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -88,7 +89,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void getByFilenamePermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.READ_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -113,7 +114,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void loadArtifactBinaryPermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -12,6 +12,7 @@ package org.eclipse.hawkbit.repository.jpa.management;
|
||||
import java.util.List;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -45,7 +46,7 @@ class ConfirmationManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
void getStatusPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.READ_TARGET),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_TARGET));
|
||||
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -13,7 +13,8 @@ import java.net.URI;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpRole;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.exception.CancelActionNotAllowedException;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
|
||||
@@ -33,7 +34,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void addCancelActionStatusPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.addCancelActionStatus(entityFactory.actionStatus().create(0L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -41,7 +42,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void getSoftwareModulePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -50,7 +51,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void findTargetVisibleMetaDataBySoftwareModuleIdPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findTargetVisibleMetaDataBySoftwareModuleId(List.of(1L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -59,7 +60,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void addInformationalActionStatusPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.addInformationalActionStatus(entityFactory.actionStatus().create(0L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -68,7 +69,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void addUpdateActionStatusPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.addUpdateActionStatus(entityFactory.actionStatus().create(0L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -77,7 +78,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void findActiveActionWithHighestWeightPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActiveActionWithHighestWeight("controllerId"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -86,7 +87,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void findActiveActionsWithHighestWeightPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActiveActionsWithHighestWeight("controllerId", 1),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -94,7 +95,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void findActionWithDetailsPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -103,7 +104,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void findActionStatusByActionPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActionStatusByAction(1L, Pageable.unpaged()),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -112,7 +113,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void findOrRegisterTargetIfItDoesNotExistPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress")),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -122,7 +123,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
void findOrRegisterTargetIfItDoesNotExistWithDetailsPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress"), "name", "type"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -131,7 +132,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void getActionForDownloadByTargetAndSoftwareModulePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getActionForDownloadByTargetAndSoftwareModule("controllerId", 1L),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -139,7 +140,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void getPollingTimePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getPollingTime(null), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
assertPermissions(() -> controllerManagement.getPollingTime(null), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -156,7 +157,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
// expected since action is not found
|
||||
}
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -165,7 +166,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void hasTargetArtifactAssignedPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned("controllerId", "sha1Hash"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -174,7 +175,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void hasTargetArtifactAssignedByIdPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned(1L, "sha1Hash"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -183,7 +184,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void updateControllerAttributesPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.updateControllerAttributes("controllerId", Map.of(), null),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -192,9 +193,9 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void getByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getByControllerId("controllerId"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
assertPermissions(() -> controllerManagement.getByControllerId("controllerId"),
|
||||
List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
List.of(SpRole.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -202,8 +203,8 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
assertPermissions(() -> controllerManagement.get(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
assertPermissions(() -> controllerManagement.get(1L), List.of(SpRole.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -212,7 +213,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void getActionHistoryMessagesPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getActionHistoryMessages(1L, 1),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -229,7 +230,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
// expected since action is not found
|
||||
}
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -240,7 +241,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> {
|
||||
controllerManagement.updateActionExternalRef(1L, "externalRef");
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -249,7 +250,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void getActionByExternalRefPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getActionByExternalRef("externalRef"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -260,7 +261,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> {
|
||||
controllerManagement.deleteExistingTarget("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -271,7 +272,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
final Target target = testdataFactory.createTarget();
|
||||
assertPermissions(
|
||||
() -> controllerManagement.getInstalledActionByTarget(target),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -281,7 +282,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
void activateAutoConfirmationPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> controllerManagement.activateAutoConfirmation("controllerId", "initiator", "remark"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -292,7 +293,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> {
|
||||
controllerManagement.deactivateAutoConfirmation("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -301,7 +302,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void updateOfflineAssignedVersionPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.updateOfflineAssignedVersion("controllerId", "distributionName", "version"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -12,8 +12,8 @@ package org.eclipse.hawkbit.repository.jpa.management;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions.CONTROLLER_ROLE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.CONTROLLER_ROLE;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS;
|
||||
import static org.eclipse.hawkbit.repository.jpa.configuration.Constants.TX_RT_MAX;
|
||||
import static org.eclipse.hawkbit.repository.model.Action.ActionType.DOWNLOAD_ONLY;
|
||||
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.runAs;
|
||||
|
||||
@@ -13,6 +13,7 @@ import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpRole;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.DeploymentRequest;
|
||||
@@ -273,7 +274,7 @@ class DeploymentManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
@Test
|
||||
void deleteActionsByStatusAndLastModifiedBeforePermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.deleteActionsByStatusAndLastModifiedBefore(Set.of(Action.Status.CANCELED), 1L),
|
||||
List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
List.of(SpRole.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -32,6 +32,7 @@ import org.assertj.core.api.Assertions;
|
||||
import org.assertj.core.api.Condition;
|
||||
import org.awaitility.Awaitility;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpRole;
|
||||
import org.eclipse.hawkbit.repository.Identifiable;
|
||||
import org.eclipse.hawkbit.repository.OffsetBasedPageRequest;
|
||||
import org.eclipse.hawkbit.repository.builder.RolloutCreate;
|
||||
@@ -1436,7 +1437,7 @@ class RolloutManagementTest extends AbstractJpaIntegrationTest {
|
||||
SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.HANDLE_ROLLOUT);
|
||||
final WithUser userWithSystemRole = SecurityContextSwitch.withUser(
|
||||
"user_with_system_role",
|
||||
SpPermission.SpringEvalExpressions.SYSTEM_ROLE);
|
||||
SpRole.SYSTEM_ROLE);
|
||||
|
||||
final String filter = "controllerId==" + rolloutName + "-*";
|
||||
// create scheduled rollout fails without handle rollout permission
|
||||
|
||||
@@ -13,6 +13,8 @@ import java.util.List;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.SpRole;
|
||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -50,7 +52,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> {
|
||||
systemManagement.forEachTenant(log::info);
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
}, List.of(SpRole.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -77,7 +79,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_REPOSITORY), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_TARGET), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_TENANT_CONFIGURATION), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -88,7 +90,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.READ_REPOSITORY), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.READ_TARGET), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.READ_TENANT_CONFIGURATION), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -96,7 +98,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void getTenantMetadataByTenantPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpRole.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -104,7 +106,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
void createTenantMetadataPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpRole.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,7 +15,7 @@ import java.io.ByteArrayInputStream;
|
||||
import java.util.List;
|
||||
import java.util.Random;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.im.authentication.SpRole;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
@@ -137,27 +137,27 @@ class SystemManagementTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
for (int i = 0; i < tenants; i++) {
|
||||
final String tenantname = "TENANT" + i;
|
||||
SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false,
|
||||
SpringEvalExpressions.SYSTEM_ROLE), () -> {
|
||||
systemManagement.getTenantMetadataWithoutDetails();
|
||||
if (artifactSize > 0) {
|
||||
createTestArtifact(random);
|
||||
createDeletedTestArtifact(random);
|
||||
}
|
||||
if (targets > 0) {
|
||||
final List<Target> createdTargets = createTestTargets(targets);
|
||||
if (updates > 0) {
|
||||
for (int x = 0; x < updates; x++) {
|
||||
final DistributionSet ds = testdataFactory
|
||||
.createDistributionSet("to be deployed" + x, true);
|
||||
|
||||
assignDistributionSet(ds, createdTargets);
|
||||
SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false, SpRole.SYSTEM_ROLE),
|
||||
() -> {
|
||||
systemManagement.getTenantMetadataWithoutDetails();
|
||||
if (artifactSize > 0) {
|
||||
createTestArtifact(random);
|
||||
createDeletedTestArtifact(random);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (targets > 0) {
|
||||
final List<Target> createdTargets = createTestTargets(targets);
|
||||
if (updates > 0) {
|
||||
for (int x = 0; x < updates; x++) {
|
||||
final DistributionSet ds = testdataFactory
|
||||
.createDistributionSet("to be deployed" + x, true);
|
||||
|
||||
return null;
|
||||
});
|
||||
assignDistributionSet(ds, createdTargets);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
return random;
|
||||
|
||||
Reference in New Issue
Block a user