diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/Hierarchy.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/Hierarchy.java index 31d1f59a1..19b381657 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/Hierarchy.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/Hierarchy.java @@ -18,10 +18,10 @@ public class Hierarchy { // @formatter:off public static final String DEFAULT = SpPermission.TARGET_HIERARCHY + - SpPermission.REPOSITORY_HIERARCHY + SpPermission.SOFTWARE_MODULE_HIERARCHY + SpPermission.DISTRIBUTION_SET_HIERARCHY + SpPermission.TENANT_CONFIGURATION_HIERARCHY + - SpRole.DEFAULT_ROLE_HIERARCHY; + SpRole.DEFAULT_ROLE_HIERARCHY + + SpPermission.REPOSITORY_HIERARCHY; // @formatter:on } \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java index c43c562d4..324f495e5 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java @@ -67,9 +67,9 @@ public final class SpPermission { public static final String READ_DISTRIBUTION_SET = READ_PREFIX + DISTRIBUTION_SET; public static final String UPDATE_DISTRIBUTION_SET = UPDATE_PREFIX + DISTRIBUTION_SET; + public static final String CREATE_REPOSITORY = "CREATE_REPOSITORY"; public static final String READ_REPOSITORY = "READ_REPOSITORY"; public static final String UPDATE_REPOSITORY = "UPDATE_REPOSITORY"; - public static final String CREATE_REPOSITORY = "CREATE_REPOSITORY"; public static final String DELETE_REPOSITORY = "DELETE_REPOSITORY"; public static final String DOWNLOAD_REPOSITORY_ARTIFACT = "DOWNLOAD_REPOSITORY_ARTIFACT"; @@ -108,6 +108,22 @@ public final class SpPermission { READ_TARGET + IMPLY_READ + TARGET_TYPE + "\n" + UPDATE_TARGET + IMPLY_READ + TARGET_TYPE + "\n" + DELETE_TARGET + IMPLY_READ + TARGET_TYPE + "\n"; + public static final String SOFTWARE_MODULE_HIERARCHY = + CREATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + + READ_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + + UPDATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + + DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n"; + public static final String DISTRIBUTION_SET_HIERARCHY = + CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + + READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + + UPDATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + + DELETE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n"; + public static final String TENANT_CONFIGURATION_HIERARCHY = + TENANT_CONFIGURATION + IMPLY_CREATE + TENANT_CONFIGURATION + "\n" + + TENANT_CONFIGURATION + IMPLY_READ + TENANT_CONFIGURATION + "\n" + + TENANT_CONFIGURATION + IMPLY_UPDATE + TENANT_CONFIGURATION + "\n" + + TENANT_CONFIGURATION + IMPLY_DELETE + TENANT_CONFIGURATION + "\n" + + TENANT_CONFIGURATION + " > " + READ_GATEWAY_SECURITY_TOKEN + "\n"; public static final String REPOSITORY_HIERARCHY = CREATE_REPOSITORY + IMPLY_CREATE + TARGET_TYPE + "\n" + READ_REPOSITORY + IMPLY_READ + TARGET_TYPE + "\n" + @@ -129,22 +145,6 @@ public final class SpPermission { READ_REPOSITORY + IMPLY_READ + DISTRIBUTION_SET_TYPE + "\n" + UPDATE_REPOSITORY + IMPLY_UPDATE + DISTRIBUTION_SET_TYPE + "\n" + DELETE_REPOSITORY + IMPLY_DELETE + DISTRIBUTION_SET_TYPE + "\n"; - public static final String SOFTWARE_MODULE_HIERARCHY = - CREATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + - READ_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + - UPDATE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + - DELETE_PREFIX + SOFTWARE_MODULE + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n"; - public static final String DISTRIBUTION_SET_HIERARCHY = - CREATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + - READ_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + - UPDATE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n" + - DELETE_PREFIX + DISTRIBUTION_SET + IMPLY_READ + SOFTWARE_MODULE_TYPE + "\n"; - public static final String TENANT_CONFIGURATION_HIERARCHY = - TENANT_CONFIGURATION + IMPLY_CREATE + TENANT_CONFIGURATION + "\n" + - TENANT_CONFIGURATION + IMPLY_READ + TENANT_CONFIGURATION + "\n" + - TENANT_CONFIGURATION + IMPLY_UPDATE + TENANT_CONFIGURATION + "\n" + - TENANT_CONFIGURATION + IMPLY_DELETE + TENANT_CONFIGURATION + "\n" + - TENANT_CONFIGURATION + " > " + READ_GATEWAY_SECURITY_TOKEN + "\n"; // @formatter:on private static final SingletonSupplier> ALL_AUTHORITIES = SingletonSupplier.of(() -> { diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java index 9d412834d..a01539f91 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java @@ -37,18 +37,18 @@ public final class SpRole { // @formatter:off public static final String TARGET_ADMIN_HIERARCHY = + TARGET_ADMIN + IMPLIES + SpPermission.CREATE_TARGET + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET_SECURITY_TOKEN + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.UPDATE_TARGET + LINE_BREAK + - TARGET_ADMIN + IMPLIES + SpPermission.CREATE_TARGET + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.DELETE_TARGET + LINE_BREAK + + TARGET_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.TARGET_TYPE + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET_TYPE + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.UPDATE_TARGET_TYPE + LINE_BREAK + - TARGET_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.TARGET_TYPE + LINE_BREAK + TARGET_ADMIN + IMPLIES + SpPermission.DELETE_TARGET_TYPE + LINE_BREAK; public static final String ROLLOUT_ADMIN_HIERARCHY = - ROLLOUT_ADMIN + IMPLIES + SpPermission.READ_ROLLOUT + LINE_BREAK + ROLLOUT_ADMIN + IMPLIES + SpPermission.CREATE_ROLLOUT + LINE_BREAK + + ROLLOUT_ADMIN + IMPLIES + SpPermission.READ_ROLLOUT + LINE_BREAK + ROLLOUT_ADMIN + IMPLIES + SpPermission.UPDATE_ROLLOUT + LINE_BREAK + ROLLOUT_ADMIN + IMPLIES + SpPermission.DELETE_ROLLOUT + LINE_BREAK + ROLLOUT_ADMIN + IMPLIES + SpPermission.HANDLE_ROLLOUT + LINE_BREAK + @@ -56,8 +56,8 @@ public final class SpRole { public static final String TENANT_ADMIN_HIERARCHY = TENANT_ADMIN + IMPLIES + TARGET_ADMIN + LINE_BREAK + TENANT_ADMIN + IMPLIES + REPOSITORY_ADMIN + LINE_BREAK + - TENANT_ADMIN + IMPLIES + ROLLOUT_ADMIN + LINE_BREAK + - TENANT_ADMIN + IMPLIES + SpPermission.TENANT_CONFIGURATION + LINE_BREAK; + TENANT_ADMIN + IMPLIES + SpPermission.TENANT_CONFIGURATION + LINE_BREAK + + TENANT_ADMIN + IMPLIES + ROLLOUT_ADMIN + LINE_BREAK; public static final String SYSTEM_ROLE_HIERARCHY = SYSTEM_ROLE + IMPLIES + TENANT_ADMIN + LINE_BREAK + SYSTEM_ROLE + IMPLIES + SpPermission.SYSTEM_ADMIN + LINE_BREAK; @@ -70,9 +70,9 @@ public final class SpRole { public static final String DEFAULT_ROLE_HIERARCHY = TARGET_ADMIN_HIERARCHY + - REPOSITORY_ADMIN_HIERARCHY + ROLLOUT_ADMIN_HIERARCHY + TENANT_ADMIN_HIERARCHY + - SYSTEM_ROLE_HIERARCHY; + SYSTEM_ROLE_HIERARCHY + + REPOSITORY_ADMIN_HIERARCHY; // @formatter:on } \ No newline at end of file