Fix TENANT_CONFIGURATION > READ_GATEWAY_SECURITY_TOKEN imply (#2650)

avgustinmm · web-flow · commit 9b121b3431c7 · 2025-09-04T16:09:17.000+03:00
Signed-off-by: Avgustin Marinov &lt;Avgustin.Marinov@bosch.com&gt;
diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
@@ -140,7 +140,7 @@ public final class SpPermission {
             TENANT_CONFIGURATION + IMPLY_READ + TENANT_CONFIGURATION + "\n" +
             TENANT_CONFIGURATION + IMPLY_UPDATE + TENANT_CONFIGURATION + "\n" +
             TENANT_CONFIGURATION + IMPLY_DELETE + TENANT_CONFIGURATION + "\n" +
-            TENANT_CONFIGURATION + IMPLY_CREATE + READ_GATEWAY_SECURITY_TOKEN + "\n";
+            TENANT_CONFIGURATION + " > " + READ_GATEWAY_SECURITY_TOKEN + "\n";
 
     // @formatter:on
     private static final SingletonSupplier<List<String>> ALL_AUTHORITIES = SingletonSupplier.of(() -> {
diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpRole.java
@@ -34,6 +34,8 @@ public final class SpRole {
 
     private static final String IMPLIES = " > ";
     private static final String LINE_BREAK = "\n";
+
+    // @formatter:off
     public static final String TARGET_ADMIN_HIERARCHY =
             TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET + LINE_BREAK +
             TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET_SECURITY_TOKEN + LINE_BREAK +
@@ -44,12 +46,6 @@ public final class SpRole {
             TARGET_ADMIN + IMPLIES + SpPermission.UPDATE_TARGET_TYPE + LINE_BREAK +
             TARGET_ADMIN + IMPLIES + SpPermission.CREATE_PREFIX + SpPermission.TARGET_TYPE + LINE_BREAK +
             TARGET_ADMIN + IMPLIES + SpPermission.DELETE_TARGET_TYPE + LINE_BREAK;
-    public static final String REPOSITORY_ADMIN_HIERARCHY =
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_REPOSITORY + LINE_BREAK +
-            REPOSITORY_ADMIN + IMPLIES + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + LINE_BREAK;
     public static final String ROLLOUT_ADMIN_HIERARCHY =
             ROLLOUT_ADMIN + IMPLIES + SpPermission.READ_ROLLOUT + LINE_BREAK +
             ROLLOUT_ADMIN + IMPLIES + SpPermission.CREATE_ROLLOUT + LINE_BREAK +
@@ -65,11 +61,18 @@ public final class SpRole {
     public static final String SYSTEM_ROLE_HIERARCHY =
             SYSTEM_ROLE + IMPLIES + TENANT_ADMIN + LINE_BREAK +
             SYSTEM_ROLE + IMPLIES + SpPermission.SYSTEM_ADMIN + LINE_BREAK;
+    public static final String REPOSITORY_ADMIN_HIERARCHY =
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_REPOSITORY + LINE_BREAK +
+            REPOSITORY_ADMIN + IMPLIES + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + LINE_BREAK;
 
     public static final String DEFAULT_ROLE_HIERARCHY =
             TARGET_ADMIN_HIERARCHY +
             REPOSITORY_ADMIN_HIERARCHY +
             ROLLOUT_ADMIN_HIERARCHY +
             TENANT_ADMIN_HIERARCHY +
             SYSTEM_ROLE_HIERARCHY;
+    // @formatter:on
 }
