Add distribution set and target type fine grained permissions (#2545)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-07-14 14:52:36 +03:00
committed by GitHub
parent c3fdd9fcc8
commit e7373275bf
53 changed files with 506 additions and 476 deletions

View File

@@ -11,9 +11,10 @@ package org.eclipse.hawkbit.repository.jpa.acm;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_DISTRIBUTION_SET;
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_REPOSITORY;
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET;
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_REPOSITORY;
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_DISTRIBUTION_SET;
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET;
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.runAs;
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUser;
@@ -38,6 +39,9 @@ import org.springframework.data.domain.Pageable;
import org.springframework.test.context.ContextConfiguration;
/**
* Note: Still all test gets READ_REPOSITORY since find methods are inherited with request for READ_REPOSITORY. However,
* using READ_DISTRIBUTION_SET scoping - the scopes still work.
* <p/>
* Feature: Component Tests - Access Control<br/>
* Story: Test Distribution Set Access Controller
*/
@@ -56,7 +60,8 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
final Action hiddenAction = testdataFactory.performAssignment(hidden);
runAs(withUser("user",
READ_REPOSITORY + "/id==" + permitted.getId(),
READ_REPOSITORY,
READ_DISTRIBUTION_SET + "/id==" + permitted.getId(),
READ_TARGET +"/controllerId==" + permittedAction.getTarget().getControllerId()), () -> {
final Long permittedActionId = permitted.getId();
@@ -125,8 +130,9 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
final SoftwareModule swModule = testdataFactory.createSoftwareModuleOs();
runAs(withUser("user",
READ_REPOSITORY + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
UPDATE_REPOSITORY + "/id==" + permitted.getId()), () -> {
READ_REPOSITORY,
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId()), () -> {
// verify distributionSetManagement#assignSoftwareModules
final List<Long> singleModuleIdList = Collections.singletonList(swModule.getId());
assertThat(distributionSetManagement.assignSoftwareModules(permitted.getId(), singleModuleIdList))
@@ -185,8 +191,9 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
distributionSetManagement.assignTag(Arrays.asList(permitted.getId(), readOnly.getId(), hidden.getId()), dsTagId);
runAs(withUser("user",
READ_REPOSITORY + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
UPDATE_REPOSITORY + "/id==" + permitted.getId()), () -> {
READ_REPOSITORY,
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId()), () -> {
assertThat(distributionSetManagement.findByTag(dsTagId, Pageable.unpaged()).get().map(Identifiable::getId)
.toList()).containsOnly(permitted.getId(), readOnly.getId());
@@ -252,8 +259,9 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
.create(entityFactory.targetFilterQuery().create().name("test").query("id==*"));
runAs(withUser("user",
READ_REPOSITORY + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
UPDATE_REPOSITORY + "/id==" + permitted.getId(),
READ_REPOSITORY,
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId(),
// read / update target needed to update target filter query
READ_TARGET, UPDATE_TARGET), () -> {
assertThat(targetFilterQueryManagement

View File

@@ -11,15 +11,13 @@ package org.eclipse.hawkbit.repository.jpa.acm;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.eclipse.hawkbit.im.authentication.SpPermission.DELETE_TARGET;
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET;
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET;
import static org.eclipse.hawkbit.im.authentication.SpPermission.DELETE_TARGET_TYPE;
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET_TYPE;
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET_TYPE;
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.runAs;
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUser;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Stream;
import org.eclipse.hawkbit.repository.Identifiable;
import org.eclipse.hawkbit.repository.builder.TargetTypeCreate;
@@ -27,8 +25,6 @@ import org.eclipse.hawkbit.repository.builder.TargetTypeUpdate;
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.jpa.model.JpaTargetType;
import org.eclipse.hawkbit.repository.jpa.specifications.TargetTypeSpecification;
import org.eclipse.hawkbit.repository.model.TargetType;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.Pageable;
@@ -49,7 +45,7 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
final TargetType permittedTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type1"));
final TargetType hiddenTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type2"));
runAs(withUser("user", READ_TARGET + "/id==" + permittedTargetType.getId()), () -> {
runAs(withUser("user", READ_TARGET_TYPE + "/id==" + permittedTargetType.getId()), () -> {
// verify targetTypeManagement#findAll
assertThat(targetTypeManagement.findAll(Pageable.unpaged()).get().map(Identifiable::getId).toList())
.containsOnly(permittedTargetType.getId());
@@ -111,8 +107,8 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
final TargetType readOnlyTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type2"));
runAs(withUser("user",
READ_TARGET + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
DELETE_TARGET + "/id==" + manageableTargetType.getId()), () -> {
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
DELETE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
// delete the manageableTargetType
targetTypeManagement.delete(manageableTargetType.getId());
@@ -132,8 +128,8 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
final TargetType readOnlyTargetType = targetTypeManagement.create(entityFactory.targetType().create().name("type2"));
runAs(withUser("user",
READ_TARGET + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
UPDATE_TARGET + "/id==" + manageableTargetType.getId()), () -> {
READ_TARGET_TYPE + "/id==" + manageableTargetType.getId() + " or id==" + readOnlyTargetType.getId(),
UPDATE_TARGET_TYPE + "/id==" + manageableTargetType.getId()), () -> {
// update the manageableTargetType
targetTypeManagement.update(entityFactory.targetType().update(manageableTargetType.getId())
.name(manageableTargetType.getName() + "/new").description("newDesc"));
@@ -151,7 +147,7 @@ class TargetTypeAccessControllerTest extends AbstractJpaIntegrationTest {
*/
@Test
void verifyTargetTypeCreationBlockedByAccessController() {
runAs(withUser("user", READ_TARGET, UPDATE_TARGET), () -> {
runAs(withUser("user", READ_TARGET_TYPE, UPDATE_TARGET_TYPE), () -> {
// verify targetTypeManagement#create for any type
final TargetTypeCreate targetTypeCreate = entityFactory.targetType().create().name("type1");
assertThatThrownBy(() -> targetTypeManagement.create(targetTypeCreate))

View File

@@ -13,6 +13,7 @@ import java.io.ByteArrayInputStream;
import java.util.List;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
import org.eclipse.hawkbit.repository.test.util.WithUser;
@@ -59,7 +60,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void getPermissionCheck() {
assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.READ_REPOSITORY));
assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> artifactManagement.get(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
/**
@@ -70,7 +71,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L),
List.of(SpPermission.READ_REPOSITORY), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
/**
@@ -79,7 +80,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void findFirstBySHA1PermissionCheck() {
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.READ_REPOSITORY));
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
/**
@@ -88,7 +89,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void getByFilenamePermissionCheck() {
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.READ_REPOSITORY));
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
/**
@@ -113,7 +114,7 @@ class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void loadArtifactBinaryPermissionCheck() {
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
}

View File

@@ -12,6 +12,7 @@ package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@@ -45,7 +46,7 @@ class ConfirmationManagementSecurityTest extends AbstractJpaIntegrationTest {
void getStatusPermissionsCheck() {
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.READ_TARGET),
List.of(SpPermission.CREATE_TARGET));
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_TARGET));
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_TARGET));
}
/**

View File

@@ -13,7 +13,8 @@ import java.net.URI;
import java.util.List;
import java.util.Map;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.SpRole;
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.exception.CancelActionNotAllowedException;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
@@ -33,7 +34,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void addCancelActionStatusPermissionsCheck() {
assertPermissions(() -> controllerManagement.addCancelActionStatus(entityFactory.actionStatus().create(0L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -41,7 +42,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
*/
@Test
void getSoftwareModulePermissionsCheck() {
assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -50,7 +51,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void findTargetVisibleMetaDataBySoftwareModuleIdPermissionsCheck() {
assertPermissions(() -> controllerManagement.findTargetVisibleMetaDataBySoftwareModuleId(List.of(1L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -59,7 +60,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void addInformationalActionStatusPermissionsCheck() {
assertPermissions(() -> controllerManagement.addInformationalActionStatus(entityFactory.actionStatus().create(0L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -68,7 +69,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void addUpdateActionStatusPermissionsCheck() {
assertPermissions(() -> controllerManagement.addUpdateActionStatus(entityFactory.actionStatus().create(0L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -77,7 +78,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void findActiveActionWithHighestWeightPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActiveActionWithHighestWeight("controllerId"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -86,7 +87,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void findActiveActionsWithHighestWeightPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActiveActionsWithHighestWeight("controllerId", 1),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -94,7 +95,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
*/
@Test
void findActionWithDetailsPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -103,7 +104,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void findActionStatusByActionPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActionStatusByAction(1L, Pageable.unpaged()),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -112,7 +113,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void findOrRegisterTargetIfItDoesNotExistPermissionsCheck() {
assertPermissions(() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress")),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -122,7 +123,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
void findOrRegisterTargetIfItDoesNotExistWithDetailsPermissionsCheck() {
assertPermissions(
() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress"), "name", "type"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -131,7 +132,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void getActionForDownloadByTargetAndSoftwareModulePermissionsCheck() {
assertPermissions(() -> controllerManagement.getActionForDownloadByTargetAndSoftwareModule("controllerId", 1L),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -139,7 +140,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
*/
@Test
void getPollingTimePermissionsCheck() {
assertPermissions(() -> controllerManagement.getPollingTime(null), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
assertPermissions(() -> controllerManagement.getPollingTime(null), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -156,7 +157,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
// expected since action is not found
}
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -165,7 +166,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void hasTargetArtifactAssignedPermissionsCheck() {
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned("controllerId", "sha1Hash"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -174,7 +175,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void hasTargetArtifactAssignedByIdPermissionsCheck() {
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned(1L, "sha1Hash"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -183,7 +184,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void updateControllerAttributesPermissionsCheck() {
assertPermissions(() -> controllerManagement.updateControllerAttributes("controllerId", Map.of(), null),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -192,9 +193,9 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void getByControllerIdPermissionsCheck() {
assertPermissions(() -> controllerManagement.getByControllerId("controllerId"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
assertPermissions(() -> controllerManagement.getByControllerId("controllerId"),
List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
List.of(SpRole.SYSTEM_ROLE));
}
/**
@@ -202,8 +203,8 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
*/
@Test
void getPermissionsCheck() {
assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
assertPermissions(() -> controllerManagement.get(1L), List.of(SpringEvalExpressions.CONTROLLER_ROLE));
assertPermissions(() -> controllerManagement.get(1L), List.of(SpRole.SYSTEM_ROLE));
}
/**
@@ -212,7 +213,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void getActionHistoryMessagesPermissionsCheck() {
assertPermissions(() -> controllerManagement.getActionHistoryMessages(1L, 1),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -229,7 +230,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
// expected since action is not found
}
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -240,7 +241,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> {
controllerManagement.updateActionExternalRef(1L, "externalRef");
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -249,7 +250,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void getActionByExternalRefPermissionsCheck() {
assertPermissions(() -> controllerManagement.getActionByExternalRef("externalRef"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -260,7 +261,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> {
controllerManagement.deleteExistingTarget("controllerId");
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -271,7 +272,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
final Target target = testdataFactory.createTarget();
assertPermissions(
() -> controllerManagement.getInstalledActionByTarget(target),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -281,7 +282,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
void activateAutoConfirmationPermissionsCheck() {
assertPermissions(
() -> controllerManagement.activateAutoConfirmation("controllerId", "initiator", "remark"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -292,7 +293,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> {
controllerManagement.deactivateAutoConfirmation("controllerId");
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}, List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
/**
@@ -301,7 +302,7 @@ class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void updateOfflineAssignedVersionPermissionsCheck() {
assertPermissions(() -> controllerManagement.updateOfflineAssignedVersion("controllerId", "distributionName", "version"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
List.of(SpringEvalExpressions.CONTROLLER_ROLE));
}
}

View File

@@ -12,8 +12,8 @@ package org.eclipse.hawkbit.repository.jpa.management;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatNoException;
import static org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions.CONTROLLER_ROLE;
import static org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS;
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.CONTROLLER_ROLE;
import static org.eclipse.hawkbit.im.authentication.SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS;
import static org.eclipse.hawkbit.repository.jpa.configuration.Constants.TX_RT_MAX;
import static org.eclipse.hawkbit.repository.model.Action.ActionType.DOWNLOAD_ONLY;
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.runAs;

View File

@@ -13,6 +13,7 @@ import java.util.List;
import java.util.Set;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.SpRole;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.Action;
import org.eclipse.hawkbit.repository.model.DeploymentRequest;
@@ -273,7 +274,7 @@ class DeploymentManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
void deleteActionsByStatusAndLastModifiedBeforePermissionsCheck() {
assertPermissions(() -> deploymentManagement.deleteActionsByStatusAndLastModifiedBefore(Set.of(Action.Status.CANCELED), 1L),
List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
List.of(SpRole.SYSTEM_ROLE));
}
/**

View File

@@ -32,6 +32,7 @@ import org.assertj.core.api.Assertions;
import org.assertj.core.api.Condition;
import org.awaitility.Awaitility;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.SpRole;
import org.eclipse.hawkbit.repository.Identifiable;
import org.eclipse.hawkbit.repository.OffsetBasedPageRequest;
import org.eclipse.hawkbit.repository.builder.RolloutCreate;
@@ -1436,7 +1437,7 @@ class RolloutManagementTest extends AbstractJpaIntegrationTest {
SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.HANDLE_ROLLOUT);
final WithUser userWithSystemRole = SecurityContextSwitch.withUser(
"user_with_system_role",
SpPermission.SpringEvalExpressions.SYSTEM_ROLE);
SpRole.SYSTEM_ROLE);
final String filter = "controllerId==" + rolloutName + "-*";
// create scheduled rollout fails without handle rollout permission

View File

@@ -13,6 +13,8 @@ import java.util.List;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.SpRole;
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@@ -50,7 +52,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> {
systemManagement.forEachTenant(log::info);
return null;
}, List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
}, List.of(SpRole.SYSTEM_ROLE));
}
/**
@@ -77,7 +79,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_REPOSITORY), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_TARGET), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_TENANT_CONFIGURATION), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
/**
@@ -88,7 +90,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.READ_REPOSITORY), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.READ_TARGET), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.READ_TENANT_CONFIGURATION), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
assertPermissions(() -> systemManagement.getTenantMetadataWithoutDetails(), List.of(SpringEvalExpressions.CONTROLLER_ROLE), List.of(SpPermission.CREATE_REPOSITORY));
}
/**
@@ -96,7 +98,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
*/
@Test
void getTenantMetadataByTenantPermissionsCheck() {
assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpRole.SYSTEM_ROLE));
}
/**
@@ -104,7 +106,7 @@ class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
*/
@Test
void createTenantMetadataPermissionsCheck() {
assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpRole.SYSTEM_ROLE));
}
/**

View File

@@ -15,7 +15,7 @@ import java.io.ByteArrayInputStream;
import java.util.List;
import java.util.Random;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.im.authentication.SpRole;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
import org.eclipse.hawkbit.repository.model.DistributionSet;
@@ -137,27 +137,27 @@ class SystemManagementTest extends AbstractJpaIntegrationTest {
for (int i = 0; i < tenants; i++) {
final String tenantname = "TENANT" + i;
SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false,
SpringEvalExpressions.SYSTEM_ROLE), () -> {
systemManagement.getTenantMetadataWithoutDetails();
if (artifactSize > 0) {
createTestArtifact(random);
createDeletedTestArtifact(random);
}
if (targets > 0) {
final List<Target> createdTargets = createTestTargets(targets);
if (updates > 0) {
for (int x = 0; x < updates; x++) {
final DistributionSet ds = testdataFactory
.createDistributionSet("to be deployed" + x, true);
assignDistributionSet(ds, createdTargets);
SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false, SpRole.SYSTEM_ROLE),
() -> {
systemManagement.getTenantMetadataWithoutDetails();
if (artifactSize > 0) {
createTestArtifact(random);
createDeletedTestArtifact(random);
}
}
}
if (targets > 0) {
final List<Target> createdTargets = createTestTargets(targets);
if (updates > 0) {
for (int x = 0; x < updates; x++) {
final DistributionSet ds = testdataFactory
.createDistributionSet("to be deployed" + x, true);
return null;
});
assignDistributionSet(ds, createdTargets);
}
}
}
return null;
});
}
return random;