Improve WithUser

hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/Hierarchy.java

@@ -10,6 +10,7 @@
 package org.eclipse.hawkbit.auth;
 
 import lombok.AccessLevel;
+import lombok.Getter;
 import lombok.NoArgsConstructor;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 
@@ -25,12 +26,9 @@ public class Hierarchy {
             SpRole.DEFAULT_ROLE_HIERARCHY;
     // @formatter:on
 
+    @Getter
     private static RoleHierarchy roleHierarchy;
 
-    public static RoleHierarchy getRoleHierarchy() {
-        return roleHierarchy;
-    }
-
     public static void setRoleHierarchy(final RoleHierarchy roleHierarchy) {
         Hierarchy.roleHierarchy = roleHierarchy;
     }

hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpPermission.java

@@ -27,10 +27,9 @@
 
 /**
  * <p>
- * Software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
+ * Tenant software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
  * the authenticated users identity context.
  * </p>
- *
  * <p>
  * The permissions cover CRUD operations for various areas within eclipse hawkBit, like targets, software-artifacts,
  * distribution sets, config-options etc.
@@ -127,7 +126,7 @@ public final class SpPermission {
             TENANT_CONFIGURATION + IMPLY + READ_GATEWAY_SECURITY_TOKEN + LINE_BREAK;
     // @formatter:on
 
-    private static final SingletonSupplier<Set<String>> ALL_TENANT_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
+    private static final SingletonSupplier<Set<String>> ALL_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
 
     private static Set<String> getAuthorities() {
         final Set<String> allPermissions = new HashSet<>();
@@ -155,7 +154,7 @@ private static Set<String> getAuthorities() {
     }
 
     public static Set<String> getAllAuthorities() {
-        return ALL_TENANT_AUTHORITIES.get();
+        return ALL_AUTHORITIES.get();
     }
 
     @SuppressWarnings("java:S3776") // java:S3776 - better in one place for better readability

hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java

@@ -42,6 +42,7 @@
 import java.util.Locale;
 import java.util.TimeZone;
 
+import org.eclipse.hawkbit.auth.SpRole;
 import org.eclipse.hawkbit.ddi.rest.resource.DdiArtifactDownloadTest.DownloadTestConfiguration;
 import org.eclipse.hawkbit.repository.event.remote.DownloadProgressEvent;
 import org.eclipse.hawkbit.repository.model.Artifact;
@@ -157,7 +158,7 @@ void invalidRequestsOnArtifactResource() throws Exception {
      * Tests valid downloads through the artifact resource by identifying the artifact not by ID but file name.
      */
     @Test
-    @WithUser(principal = "4712", authorities = "ROLE_CONTROLLER", allSpPermissions = true)
+    @WithUser(principal = "4712", authorities = { SpRole.CONTROLLER_ROLE, SpRole.TENANT_ADMIN })
     void downloadArtifactThroughFileName() throws Exception {
         synchronized (DdiArtifactDownloadTest.class) {
             downloadProgress = 1;
@@ -231,7 +232,7 @@ void downloadMd5SumThroughControllerApi() throws Exception {
      * Test various HTTP range requests for artifact download, e.g. chunk download or download resume.
      */
     @Test
-    @WithUser(principal = TestdataFactory.DEFAULT_CONTROLLER_ID, authorities = "ROLE_CONTROLLER", allSpPermissions = true)
+    @WithUser(principal = TestdataFactory.DEFAULT_CONTROLLER_ID, authorities = { SpRole.CONTROLLER_ROLE, SpRole.TENANT_ADMIN })
     void rangeDownloadArtifact() throws Exception {
         // create target
         final Target target = testdataFactory.createTarget();

hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/JsonBuilder.java

@@ -18,7 +18,7 @@
 import org.json.JSONObject;
 
 /**
- * Builder class for building certain json strings.
+ * Builder class for building certain JSON strings.
  */
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 @Slf4j

hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResourceTest.java

@@ -39,6 +39,7 @@
 import java.util.stream.Stream;
 
 import com.jayway.jsonpath.JsonPath;
+import org.eclipse.hawkbit.auth.SpRole;
 import org.eclipse.hawkbit.exception.SpServerError;
 import org.eclipse.hawkbit.mgmt.json.model.MgmtId;
 import org.eclipse.hawkbit.mgmt.json.model.distributionset.MgmtActionType;
@@ -836,7 +837,7 @@ void getDistributionSetsWithPagingLimitAndOffsetRequestParameter() throws Except
      * Ensures that multiple DS requested are listed with expected payload.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getDistributionSets() throws Exception {
         // prepare test data
         assertThat(distributionSetManagement.findAll(PAGE)).isEmpty();
@@ -879,7 +880,7 @@ void getDistributionSets() throws Exception {
      * Ensures that single DS requested by ID is listed with expected payload.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getDistributionSet() throws Exception {
         final DistributionSet set = testdataFactory.createUpdatedDistributionSet();
 
@@ -915,7 +916,7 @@ void getDistributionSet() throws Exception {
      * Ensures that multiple DS posted to API are created in the repository.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void createDistributionSets() throws Exception {
         assertThat(distributionSetManagement.findAll(PAGE)).isEmpty();
         final SoftwareModule ah = testdataFactory.createSoftwareModule(TestdataFactory.SM_TYPE_APP);

hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetTypeResourceTest.java

@@ -30,6 +30,7 @@
 import java.util.Set;
 
 import com.jayway.jsonpath.JsonPath;
+import org.eclipse.hawkbit.auth.SpRole;
 import org.eclipse.hawkbit.exception.SpServerError;
 import org.eclipse.hawkbit.mgmt.json.model.distributionsettype.MgmtDistributionSetTypeRequestBodyPost;
 import org.eclipse.hawkbit.mgmt.json.model.softwaremoduletype.MgmtSoftwareModuleTypeAssignment;
@@ -61,7 +62,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
      * Checks the correct behaviour of /rest/v1/distributionsettypes GET requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getDistributionSetTypes() throws Exception {
         DistributionSetType testType = distributionSetTypeManagement.create(
                 DistributionSetTypeManagement.Create.builder()
@@ -103,7 +104,7 @@ void getDistributionSetTypes() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes GET requests with sorting by KEY.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getDistributionSetTypesSortedByKey() throws Exception {
         DistributionSetType testType = distributionSetTypeManagement.create(
                 DistributionSetTypeManagement.Create.builder()
@@ -156,7 +157,7 @@ void getDistributionSetTypesSortedByKey() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes POST requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void createDistributionSetTypes() throws Exception {
         final MvcResult mvcResult = runPostDistributionSetType(createTestDistributionSetTestTypes());
         verifyCreatedDistributionSetTypes(mvcResult);
@@ -166,7 +167,7 @@ void createDistributionSetTypes() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes POST requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void addMandatoryModuleToDistributionSetType() throws Exception {
         DistributionSetType testType = distributionSetTypeManagement.create(
                 DistributionSetTypeManagement.Create.builder()
@@ -192,7 +193,7 @@ void addMandatoryModuleToDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes POST requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void addOptionalModuleToDistributionSetType() throws Exception {
         DistributionSetType testType = distributionSetTypeManagement.create(
                 DistributionSetTypeManagement.Create.builder()
@@ -218,7 +219,7 @@ void addOptionalModuleToDistributionSetType() throws Exception {
      * Verifies quota enforcement for /rest/v1/distributionsettypes/{ID}/optionalmoduletypes POST requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void assignModuleTypesToDistributionSetTypeUntilQuotaExceeded() throws Exception {
         // create software module types
         final int maxSoftwareModuleTypes = quotaManagement.getMaxSoftwareModuleTypesPerDistributionSetType();
@@ -278,7 +279,7 @@ void assignModuleTypesToDistributionSetTypeUntilQuotaExceeded() throws Exception
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes GET requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getMandatoryModulesOfDistributionSetType() throws Exception {
         final DistributionSetType testType = generateTestType();
 
@@ -297,7 +298,7 @@ void getMandatoryModulesOfDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes GET requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getOptionalModulesOfDistributionSetType() throws Exception {
         final DistributionSetType testType = generateTestType();
 
@@ -316,7 +317,7 @@ void getOptionalModulesOfDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes/{ID} GET requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getMandatoryModuleOfDistributionSetType() throws Exception {
         final DistributionSetType testType = generateTestType();
 
@@ -337,7 +338,7 @@ void getMandatoryModuleOfDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes/{ID} GET requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getOptionalModuleOfDistributionSetType() throws Exception {
         final DistributionSetType testType = generateTestType();
 
@@ -358,7 +359,7 @@ void getOptionalModuleOfDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes/{ID} DELETE requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void removeMandatoryModuleToDistributionSetType() throws Exception {
         DistributionSetType testType = generateTestType();
 
@@ -377,7 +378,7 @@ void removeMandatoryModuleToDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes/{ID} DELETE requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void removeOptionalModuleToDistributionSetType() throws Exception {
         DistributionSetType testType = generateTestType();
 
@@ -396,7 +397,7 @@ void removeOptionalModuleToDistributionSetType() throws Exception {
      * Checks the correct behaviour of /rest/v1/distributionsettypes/{ID} GET requests.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getDistributionSetType() throws Exception {
         DistributionSetType testType = distributionSetTypeManagement.create(DistributionSetTypeManagement.Create.builder()
                 .key("test123").name("TestName123").description("Desc123").build());
@@ -431,7 +432,7 @@ void getDistributionSetTypesWithParameter() throws Exception {
      * Checks the correct behaviour of /rest/v1/DistributionSetTypes/{ID} DELETE requests (hard delete scenario).
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void deleteDistributionSetTypeUnused() throws Exception {
         final DistributionSetType testType = distributionSetTypeManagement.create(
                 DistributionSetTypeManagement.Create.builder()
@@ -460,7 +461,7 @@ void deleteDistributionSetTypeThatDoesNotExistLeadsToNotFound() throws Exception
      * Checks the correct behaviour of /rest/v1/DistributionSetTypes/{ID} DELETE requests (soft delete scenario).
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void deleteDistributionSetTypeUsed() throws Exception {
         final DistributionSetType testType = distributionSetTypeManagement.create(
                 DistributionSetTypeManagement.Create.builder()

hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtRolloutResourceTest.java

@@ -35,6 +35,7 @@
 
 import org.awaitility.Awaitility;
 import org.awaitility.core.ConditionFactory;
+import org.eclipse.hawkbit.auth.SpRole;
 import org.eclipse.hawkbit.exception.SpServerError;
 import org.eclipse.hawkbit.mgmt.json.model.rollout.MgmtRolloutResponseBody;
 import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
@@ -344,21 +345,6 @@ void createRolloutWithInvalidBodyReturnsBadRequest() throws Exception {
                 .andExpect(jsonPath("errorCode", equalTo("hawkbit.server.error.rest.body.notReadable")));
     }
 
-    /**
-     * Testing that creating rollout with insufficient permission returns forbidden
-     */
-    @Test
-    @WithUser(allSpPermissions = true, removeFromAllPermission = "CREATE_ROLLOUT")
-    void createRolloutWithInsufficientPermissionReturnsForbidden() throws Exception {
-        final DistributionSet dsA = testdataFactory.createDistributionSet("");
-        mvc.perform(post("/rest/v1/rollouts")
-                        .content(JsonBuilder.rollout("name", "desc", 10, dsA.getId(), "name==test", null))
-                        .contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON))
-                .andDo(MockMvcResultPrinter.print())
-                .andExpect(status().is(403))
-                .andReturn();
-    }
-
     /**
      * Testing that creating rollout with not existing distribution set returns not found
      */

hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleResourceTest.java

@@ -41,6 +41,7 @@
 import org.eclipse.hawkbit.artifact.exception.FileSizeQuotaExceededException;
 import org.eclipse.hawkbit.artifact.exception.StorageQuotaExceededException;
 import org.eclipse.hawkbit.artifact.model.ArtifactStream;
+import org.eclipse.hawkbit.auth.SpRole;
 import org.eclipse.hawkbit.exception.SpServerError;
 import org.eclipse.hawkbit.mgmt.json.model.artifact.MgmtArtifact;
 import org.eclipse.hawkbit.mgmt.json.model.softwaremodule.MgmtSoftwareModule;
@@ -219,7 +220,7 @@ void getMetadataValue() throws Exception {
      * Tests the update of software module metadata. It is verified that only the selected fields for the update are really updated and the modification values are filled (i.e. updated by and at).
      */
     @Test
-    @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+    @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
     void updateSoftwareModuleOnlyDescriptionAndVendorNameUntouched() throws Exception {
         final String knownSWName = "name1";
         final String knownSWVersion = "version1";
@@ -272,7 +273,7 @@ void updateSoftwareModuleOnlyDescriptionAndVendorNameUntouched() throws Exceptio
      * Tests the update of the deletion flag. It is verified that the software module can't be marked as deleted through update operation.
      */
     @Test
-    @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+    @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
     void updateSoftwareModuleDeletedFlag() throws Exception {
         final String knownSWName = "name1";
         final String knownSWVersion = "version1";
@@ -307,7 +308,7 @@ void updateSoftwareModuleDeletedFlag() throws Exception {
      * Tests the lock. It is verified that the software module can be marked as locked through update operation.
      */
     @Test
-    @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+    @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
     void lockSoftwareModule() throws Exception {
         final SoftwareModule sm = softwareModuleManagement.create(
                 SoftwareModuleManagement.Create.builder().type(osType).name("name1").version("version1").build());
@@ -338,7 +339,7 @@ void lockSoftwareModule() throws Exception {
      * Tests the unlock.
      */
     @Test
-    @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+    @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
     void unlockSoftwareModule() throws Exception {
         final SoftwareModule sm = softwareModuleManagement.create(
                 SoftwareModuleManagement.Create.builder().type(osType).name("name1").version("version1").build());
@@ -1105,7 +1106,7 @@ void getSoftwareModulesWithPagingLimitAndOffsetRequestParameter() throws Excepti
      * Test retrieval of all software modules the user has access to.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getSoftwareModules() throws Exception {
         final SoftwareModule os = testdataFactory.createSoftwareModuleOs();
         final SoftwareModule app = testdataFactory.createSoftwareModuleApp();
@@ -1231,7 +1232,7 @@ void getSoftwareModulesWithUnknownFieldErrorFilterParameter() throws Exception {
      * Tests GET request on /rest/v1/softwaremodules/{smId}.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void getSoftwareModule() throws Exception {
         final SoftwareModule os = testdataFactory.createSoftwareModuleOs();
 
@@ -1261,7 +1262,7 @@ void getSoftwareModule() throws Exception {
      * Verifies that the create request actually results in the creation of the modules in the repository.
      */
     @Test
-    @WithUser(principal = "uploadTester", allSpPermissions = true)
+    @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
     void createSoftwareModules() throws Exception {
         final MgmtSoftwareModuleRequestBodyPost os = new MgmtSoftwareModuleRequestBodyPost()
                 .setType(osType.getKey())