c10f6027a38f554a7227b2772c9ec809a341bc4c
java/com.sap.sailing.domain.common/src/com/sap/sailing/domain/common/security/SecuredDomainType.java
| ... | ... | @@ -52,12 +52,6 @@ public class SecuredDomainType extends HasPermissionsImpl { |
| 52 | 52 | public static final HasPermissions TRACKED_RACE = new SecuredDomainType("TRACKED_RACE", |
| 53 | 53 | TrackedRaceActions.ALL_ACTIONS); |
| 54 | 54 | |
| 55 | - public static final HasPermissions IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE = new SecuredDomainType( |
|
| 56 | - "IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE", DefaultActions.READ, DefaultActions.DELETE); |
|
| 57 | - |
|
| 58 | - public static final HasPermissions IP_BLOCKLIST_FOR_USER_CREATION_ABUSE = new SecuredDomainType( |
|
| 59 | - "IP_BLOCKLIST_FOR_USER_CREATION_ABUSE", DefaultActions.READ, DefaultActions.DELETE); |
|
| 60 | - |
|
| 61 | 55 | public static enum EventActions implements Action { |
| 62 | 56 | UPLOAD_MEDIA |
| 63 | 57 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/adminconsole/IPBlocklistTableWrapper.java
| ... | ... | @@ -10,12 +10,12 @@ import com.google.gwt.event.dom.client.ClickEvent; |
| 10 | 10 | import com.google.gwt.event.dom.client.ClickHandler; |
| 11 | 11 | import com.google.gwt.user.cellview.client.AbstractCellTable; |
| 12 | 12 | import com.google.gwt.user.cellview.client.ColumnSortEvent.ListHandler; |
| 13 | -import com.google.gwt.user.client.Command; |
|
| 14 | 13 | import com.google.gwt.user.client.rpc.AsyncCallback; |
| 15 | 14 | import com.google.gwt.user.client.ui.Button; |
| 16 | 15 | import com.google.gwt.user.client.ui.HasVerticalAlignment; |
| 17 | 16 | import com.google.gwt.user.client.ui.HorizontalPanel; |
| 18 | 17 | import com.google.gwt.user.client.ui.Label; |
| 18 | +import com.google.gwt.user.client.ui.Widget; |
|
| 19 | 19 | import com.sap.sailing.gwt.ui.client.SailingServiceWriteAsync; |
| 20 | 20 | import com.sap.sailing.gwt.ui.client.StringMessages; |
| 21 | 21 | import com.sap.sse.common.TimedLock; |
| ... | ... | @@ -24,21 +24,18 @@ import com.sap.sse.gwt.client.celltable.EntityIdentityComparator; |
| 24 | 24 | import com.sap.sse.gwt.client.celltable.RefreshableSelectionModel; |
| 25 | 25 | import com.sap.sse.gwt.client.panels.LabeledAbstractFilterablePanel; |
| 26 | 26 | import com.sap.sse.security.shared.AdminRole; |
| 27 | -import com.sap.sse.security.shared.HasPermissions; |
|
| 28 | -import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
|
| 29 | 27 | import com.sap.sse.security.shared.ServerAdminRole; |
| 30 | -import com.sap.sse.security.shared.WildcardPermission; |
|
| 31 | 28 | import com.sap.sse.security.shared.dto.RoleWithSecurityDTO; |
| 32 | 29 | import com.sap.sse.security.shared.dto.UserDTO; |
| 30 | +import com.sap.sse.security.shared.impl.SecuredSecurityTypes.ServerActions; |
|
| 33 | 31 | import com.sap.sse.security.ui.client.UserService; |
| 34 | -import com.sap.sse.security.ui.client.component.AccessControlledButtonPanel; |
|
| 35 | 32 | import com.sap.sse.security.ui.client.component.SelectedElementsCountingButton; |
| 36 | 33 | |
| 37 | 34 | abstract class IPBlocklistTableWrapper |
| 38 | 35 | extends TableWrapper<IpToTimedLockDTO, RefreshableSelectionModel<IpToTimedLockDTO>> { |
| 39 | 36 | private final UserService userService; |
| 40 | 37 | private final LabeledAbstractFilterablePanel<IpToTimedLockDTO> filterField; |
| 41 | - private final HasPermissions securedDomainType; |
|
| 38 | + private final ServerActions unlockAction; |
|
| 42 | 39 | private final String errorMessageOnDataFailureString; |
| 43 | 40 | |
| 44 | 41 | protected abstract void fetchData(AsyncCallback<HashMap<String, TimedLock>> callback); |
| ... | ... | @@ -46,7 +43,7 @@ abstract class IPBlocklistTableWrapper |
| 46 | 43 | protected abstract void unlockIP(String ip, AsyncCallback<Void> asyncCallback); |
| 47 | 44 | |
| 48 | 45 | public IPBlocklistTableWrapper(final SailingServiceWriteAsync sailingServiceWrite, final UserService userService, |
| 49 | - final HasPermissions securedDomainType, final String errorMessageOnDataFailureString, |
|
| 46 | + final ServerActions unlockAction, final String errorMessageOnDataFailureString, |
|
| 50 | 47 | final StringMessages stringMessages, final ErrorReporter errorReporter) { |
| 51 | 48 | super(sailingServiceWrite, stringMessages, errorReporter, true, true, |
| 52 | 49 | new EntityIdentityComparator<IpToTimedLockDTO>() { |
| ... | ... | @@ -60,7 +57,7 @@ abstract class IPBlocklistTableWrapper |
| 60 | 57 | return t.ip.hashCode(); |
| 61 | 58 | } |
| 62 | 59 | }); |
| 63 | - this.securedDomainType = securedDomainType; |
|
| 60 | + this.unlockAction = unlockAction; |
|
| 64 | 61 | this.userService = userService; |
| 65 | 62 | this.errorMessageOnDataFailureString = errorMessageOnDataFailureString; |
| 66 | 63 | this.filterField = composeFilterField(); |
| ... | ... | @@ -90,7 +87,7 @@ abstract class IPBlocklistTableWrapper |
| 90 | 87 | final Iterable<RoleWithSecurityDTO> roles = user.getRoles(); |
| 91 | 88 | boolean isAdmin = false; |
| 92 | 89 | boolean isServerAdmin = false; |
| 93 | - boolean isDeleteActionPermittedOnDomain = false; |
|
| 90 | + final boolean hasUnlockPermission = userService.hasServerPermission(unlockAction); |
|
| 94 | 91 | for (RoleWithSecurityDTO role : roles) { |
| 95 | 92 | isAdmin = role.getName().equals(AdminRole.getInstance().getName()); |
| 96 | 93 | if (isAdmin) { |
| ... | ... | @@ -101,22 +98,14 @@ abstract class IPBlocklistTableWrapper |
| 101 | 98 | break; |
| 102 | 99 | } |
| 103 | 100 | } |
| 104 | - final Iterable<WildcardPermission> permissions = user.getPermissions(); |
|
| 105 | - for (WildcardPermission permission : permissions) { |
|
| 106 | - isDeleteActionPermittedOnDomain = permission.toString() |
|
| 107 | - .equals(securedDomainType.getStringPermission(DefaultActions.DELETE)); |
|
| 108 | - if (isDeleteActionPermittedOnDomain) { |
|
| 109 | - break; |
|
| 110 | - } |
|
| 111 | - } |
|
| 112 | - return isAdmin || isServerAdmin || isDeleteActionPermittedOnDomain; |
|
| 101 | + return isAdmin || isServerAdmin || hasUnlockPermission; |
|
| 113 | 102 | } |
| 114 | 103 | |
| 115 | - private AccessControlledButtonPanel composeButtonPanel() { |
|
| 116 | - final AccessControlledButtonPanel buttonPanel = new AccessControlledButtonPanel(userService, securedDomainType); |
|
| 117 | - final Button refreshbutton = buttonPanel.addAction(getStringMessages().refresh(), () -> true, new Command() { |
|
| 104 | + private Widget composeButtonPanel() { |
|
| 105 | + final HorizontalPanel buttonPanel = new HorizontalPanel(); |
|
| 106 | + final Button refreshbutton = new Button(getStringMessages().refresh(), new ClickHandler() { |
|
| 118 | 107 | @Override |
| 119 | - public void execute() { |
|
| 108 | + public void onClick(ClickEvent event) { |
|
| 120 | 109 | loadDataAndPopulateTable(); |
| 121 | 110 | } |
| 122 | 111 | }); |
| ... | ... | @@ -142,7 +131,7 @@ abstract class IPBlocklistTableWrapper |
| 142 | 131 | } |
| 143 | 132 | }); |
| 144 | 133 | unlockButton.ensureDebugId("unlockButton"); |
| 145 | - buttonPanel.insertWidgetAtPosition(unlockButton, 1); |
|
| 134 | + buttonPanel.insert(unlockButton, 1); |
|
| 146 | 135 | } |
| 147 | 136 | return buttonPanel; |
| 148 | 137 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/adminconsole/IpToTimedLockDTO.java
| ... | ... | @@ -1,9 +1,11 @@ |
| 1 | 1 | package com.sap.sailing.gwt.ui.adminconsole; |
| 2 | 2 | |
| 3 | -import com.sap.sse.common.TimedLock; |
|
| 4 | 3 | import com.sap.sse.common.Named; |
| 4 | +import com.sap.sse.common.TimedLock; |
|
| 5 | 5 | |
| 6 | 6 | public class IpToTimedLockDTO implements Named { |
| 7 | + private static final long serialVersionUID = 7877190394556881643L; |
|
| 8 | + |
|
| 7 | 9 | public final String ip; |
| 8 | 10 | public final TimedLock timedLock; |
| 9 | 11 |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/adminconsole/LocalServerManagementPanel.java
| ... | ... | @@ -25,7 +25,6 @@ import com.google.gwt.user.client.ui.SimplePanel; |
| 25 | 25 | import com.google.gwt.user.client.ui.SuggestBox; |
| 26 | 26 | import com.google.gwt.user.client.ui.VerticalPanel; |
| 27 | 27 | import com.google.gwt.user.client.ui.Widget; |
| 28 | -import com.sap.sailing.domain.common.security.SecuredDomainType; |
|
| 29 | 28 | import com.sap.sailing.gwt.ui.adminconsole.places.AdminConsoleView.Presenter; |
| 30 | 29 | import com.sap.sailing.gwt.ui.adminconsole.places.advanced.UserGroupManagementPlace; |
| 31 | 30 | import com.sap.sailing.gwt.ui.adminconsole.places.advanced.UserManagementPlace; |
| ... | ... | @@ -42,8 +41,8 @@ import com.sap.sse.gwt.client.IconResources; |
| 42 | 41 | import com.sap.sse.gwt.client.Notification; |
| 43 | 42 | import com.sap.sse.gwt.client.Notification.NotificationType; |
| 44 | 43 | import com.sap.sse.gwt.client.ServerInfoDTO; |
| 45 | -import com.sap.sse.gwt.client.controls.listedit.StringListEditorComposite; |
|
| 46 | 44 | import com.sap.sse.gwt.client.controls.listedit.GenericStringListEditorComposite.ExpandedUi; |
| 45 | +import com.sap.sse.gwt.client.controls.listedit.StringListEditorComposite; |
|
| 47 | 46 | import com.sap.sse.security.shared.HasPermissions; |
| 48 | 47 | import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
| 49 | 48 | import com.sap.sse.security.shared.dto.OwnershipDTO; |
| ... | ... | @@ -149,10 +148,11 @@ public class LocalServerManagementPanel extends SimplePanel { |
| 149 | 148 | } |
| 150 | 149 | |
| 151 | 150 | private Widget createBearerTokenAbusePanel() { |
| 152 | - final ServerDataCaptionPanel panel = new ServerDataCaptionPanel(stringMessages.ipsLockedForBearerTokenAbuse(), 3); |
|
| 151 | + final ServerDataCaptionPanel panel = new ServerDataCaptionPanel(stringMessages.ipsLockedForBearerTokenAbuse(), |
|
| 152 | + 3); |
|
| 153 | 153 | panel.ensureDebugId("bearerTokenAbusePanel"); |
| 154 | 154 | final IPBlocklistTableWrapper table = new IPBlocklistTableWrapper(sailingService, userService, |
| 155 | - SecuredDomainType.IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE, |
|
| 155 | + ServerActions.UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE, |
|
| 156 | 156 | stringMessages.unableToLoadIpsBlockedForBearerTokenAbuse(), stringMessages, errorReporter) { |
| 157 | 157 | @Override |
| 158 | 158 | protected void fetchData(AsyncCallback<HashMap<String, TimedLock>> callback) { |
| ... | ... | @@ -169,10 +169,11 @@ public class LocalServerManagementPanel extends SimplePanel { |
| 169 | 169 | } |
| 170 | 170 | |
| 171 | 171 | private Widget createUserCreationAbusePanel() { |
| 172 | - final ServerDataCaptionPanel panel = new ServerDataCaptionPanel(stringMessages.ipsLockedForUserCreationAbuse(), 3); |
|
| 172 | + final ServerDataCaptionPanel panel = new ServerDataCaptionPanel(stringMessages.ipsLockedForUserCreationAbuse(), |
|
| 173 | + 3); |
|
| 173 | 174 | panel.ensureDebugId("userCreationAbusePanel"); |
| 174 | 175 | final IPBlocklistTableWrapper table = new IPBlocklistTableWrapper(sailingService, userService, |
| 175 | - SecuredDomainType.IP_BLOCKLIST_FOR_USER_CREATION_ABUSE, |
|
| 176 | + ServerActions.UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE, |
|
| 176 | 177 | stringMessages.unableToLoadIpsBlockedForUserCreationAbuse(), stringMessages, errorReporter) { |
| 177 | 178 | @Override |
| 178 | 179 | protected void fetchData(AsyncCallback<HashMap<String, TimedLock>> callback) { |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/server/SailingServiceImpl.java
| ... | ... | @@ -78,6 +78,7 @@ import org.osgi.framework.BundleContext; |
| 78 | 78 | import org.osgi.framework.InvalidSyntaxException; |
| 79 | 79 | import org.osgi.framework.ServiceReference; |
| 80 | 80 | import org.osgi.util.tracker.ServiceTracker; |
| 81 | + |
|
| 81 | 82 | import com.sap.sailing.aiagent.interfaces.AIAgent; |
| 82 | 83 | import com.sap.sailing.competitorimport.CompetitorProvider; |
| 83 | 84 | import com.sap.sailing.domain.abstractlog.AbstractLog; |
| ... | ... | @@ -508,7 +509,6 @@ import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
| 508 | 509 | import com.sap.sse.security.shared.RoleDefinition; |
| 509 | 510 | import com.sap.sse.security.shared.ServerAdminRole; |
| 510 | 511 | import com.sap.sse.security.shared.TypeRelativeObjectIdentifier; |
| 511 | -import com.sap.sse.security.shared.WildcardPermission; |
|
| 512 | 512 | import com.sap.sse.security.shared.dto.SecuredDTO; |
| 513 | 513 | import com.sap.sse.security.shared.dto.StrippedUserGroupDTO; |
| 514 | 514 | import com.sap.sse.security.shared.impl.AccessControlList; |
| ... | ... | @@ -6135,15 +6135,9 @@ public class SailingServiceImpl extends ResultCachingProxiedRemoteServiceServlet |
| 6135 | 6135 | } |
| 6136 | 6136 | }; |
| 6137 | 6137 | if (!isAuthorized) { |
| 6138 | - for (WildcardPermission permission : user.getPermissions()) { |
|
| 6139 | - final boolean hasPermission = permission.toString() |
|
| 6140 | - .equals(SecuredDomainType.IP_BLOCKLIST_FOR_USER_CREATION_ABUSE |
|
| 6141 | - .getStringPermission(DefaultActions.READ)); |
|
| 6142 | - if (hasPermission) { |
|
| 6143 | - isAuthorized = true; |
|
| 6144 | - break; |
|
| 6145 | - } |
|
| 6146 | - } |
|
| 6138 | + // throws UnauthorizedException if fails |
|
| 6139 | + securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE); |
|
| 6140 | + isAuthorized = true; |
|
| 6147 | 6141 | } |
| 6148 | 6142 | if (isAuthorized) { |
| 6149 | 6143 | return securityService.getClientIPBasedTimedLocksForUserCreation(); |
| ... | ... | @@ -6168,15 +6162,9 @@ public class SailingServiceImpl extends ResultCachingProxiedRemoteServiceServlet |
| 6168 | 6162 | } |
| 6169 | 6163 | }; |
| 6170 | 6164 | if (!isAuthorized) { |
| 6171 | - for (WildcardPermission permission : user.getPermissions()) { |
|
| 6172 | - final boolean hasPermission = permission.toString() |
|
| 6173 | - .equals(SecuredDomainType.IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE |
|
| 6174 | - .getStringPermission(DefaultActions.READ)); |
|
| 6175 | - if (hasPermission) { |
|
| 6176 | - isAuthorized = true; |
|
| 6177 | - break; |
|
| 6178 | - } |
|
| 6179 | - } |
|
| 6165 | + // throws UnauthorizedException if fails |
|
| 6166 | + securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE); |
|
| 6167 | + isAuthorized = true; |
|
| 6180 | 6168 | } |
| 6181 | 6169 | if (isAuthorized) { |
| 6182 | 6170 | return securityService.getClientIPBasedTimedLocksForBearerTokenAbuse(); |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/server/SailingServiceWriteImpl.java
| ... | ... | @@ -394,18 +394,17 @@ import com.sap.sse.gwt.shared.filestorage.FileStorageServiceDTO; |
| 394 | 394 | import com.sap.sse.gwt.shared.filestorage.FileStorageServicePropertyErrorsDTO; |
| 395 | 395 | import com.sap.sse.security.Action; |
| 396 | 396 | import com.sap.sse.security.SecurityService; |
| 397 | -import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
|
| 398 | 397 | import com.sap.sse.security.shared.AdminRole; |
| 398 | +import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
|
| 399 | 399 | import com.sap.sse.security.shared.QualifiedObjectIdentifier; |
| 400 | 400 | import com.sap.sse.security.shared.RoleDefinition; |
| 401 | 401 | import com.sap.sse.security.shared.ServerAdminRole; |
| 402 | 402 | import com.sap.sse.security.shared.TypeRelativeObjectIdentifier; |
| 403 | -import com.sap.sse.security.shared.WildcardPermission; |
|
| 404 | 403 | import com.sap.sse.security.shared.impl.Ownership; |
| 405 | 404 | import com.sap.sse.security.shared.impl.Role; |
| 406 | 405 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes; |
| 407 | -import com.sap.sse.security.shared.impl.User; |
|
| 408 | 406 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes.ServerActions; |
| 407 | +import com.sap.sse.security.shared.impl.User; |
|
| 409 | 408 | import com.sap.sse.security.shared.impl.UserGroup; |
| 410 | 409 | import com.sap.sse.security.ui.server.SecurityDTOUtil; |
| 411 | 410 | import com.sap.sse.security.ui.shared.SuccessInfo; |
| ... | ... | @@ -4218,15 +4217,9 @@ public class SailingServiceWriteImpl extends SailingServiceImpl implements Saili |
| 4218 | 4217 | } |
| 4219 | 4218 | }; |
| 4220 | 4219 | if (!isAuthorized) { |
| 4221 | - for (WildcardPermission permission : user.getPermissions()) { |
|
| 4222 | - final boolean hasPermission = permission.toString() |
|
| 4223 | - .equals(SecuredDomainType.IP_BLOCKLIST_FOR_USER_CREATION_ABUSE |
|
| 4224 | - .getStringPermission(DefaultActions.READ)); |
|
| 4225 | - if (hasPermission) { |
|
| 4226 | - isAuthorized = true; |
|
| 4227 | - break; |
|
| 4228 | - } |
|
| 4229 | - } |
|
| 4220 | + // throws UnauthorizedException if fails |
|
| 4221 | + securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE); |
|
| 4222 | + isAuthorized = true; |
|
| 4230 | 4223 | } |
| 4231 | 4224 | if (isAuthorized) { |
| 4232 | 4225 | securityService.releaseUserCreationLockOnIp(ip); |
| ... | ... | @@ -4251,15 +4244,9 @@ public class SailingServiceWriteImpl extends SailingServiceImpl implements Saili |
| 4251 | 4244 | } |
| 4252 | 4245 | }; |
| 4253 | 4246 | if (!isAuthorized) { |
| 4254 | - for (WildcardPermission permission : user.getPermissions()) { |
|
| 4255 | - final boolean hasPermission = permission.toString() |
|
| 4256 | - .equals(SecuredDomainType.IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE |
|
| 4257 | - .getStringPermission(DefaultActions.READ)); |
|
| 4258 | - if (hasPermission) { |
|
| 4259 | - isAuthorized = true; |
|
| 4260 | - break; |
|
| 4261 | - } |
|
| 4262 | - } |
|
| 4247 | + // throws UnauthorizedException if fails |
|
| 4248 | + securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE); |
|
| 4249 | + isAuthorized = true; |
|
| 4263 | 4250 | } |
| 4264 | 4251 | if (isAuthorized) { |
| 4265 | 4252 | securityService.releaseBearerTokenLockOnIp(ip); |
java/com.sap.sse.security.common/src/com/sap/sse/security/shared/impl/SecuredSecurityTypes.java
| ... | ... | @@ -75,6 +75,12 @@ public class SecuredSecurityTypes extends HasPermissionsImpl { |
| 75 | 75 | CONFIGURE_LOCAL_SERVER, |
| 76 | 76 | CONFIGURE_REMOTE_INSTANCES, |
| 77 | 77 | CREATE_OBJECT, |
| 78 | + |
|
| 79 | + GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE, |
|
| 80 | + GET_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE, |
|
| 81 | + |
|
| 82 | + UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE, |
|
| 83 | + UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE, |
|
| 78 | 84 | |
| 79 | 85 | /** |
| 80 | 86 | * This permission is used to check READ-permission on different things. For that the object type to determine |
| ... | ... | @@ -112,11 +118,13 @@ public class SecuredSecurityTypes extends HasPermissionsImpl { |
| 112 | 118 | CONFIGURE_CORS_FILTER |
| 113 | 119 | ; |
| 114 | 120 | |
| 115 | - private static final Action[] ALL_ACTIONS = new Action[] { CONFIGURE_FILE_STORAGE, CONFIGURE_LOCAL_SERVER, |
|
| 121 | + private static final Action[] ALL_ACTIONS = new Action[] { GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE, |
|
| 122 | + GET_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE, UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE, |
|
| 123 | + UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE, CONFIGURE_FILE_STORAGE, CONFIGURE_LOCAL_SERVER, |
|
| 116 | 124 | CONFIGURE_REMOTE_INSTANCES, CREATE_OBJECT, CAN_IMPORT_MASTERDATA, CAN_EXPORT_MASTERDATA, DATA_MINING, |
| 117 | 125 | REPLICATE, START_REPLICATION, READ_REPLICATOR, THREADS, CONFIGURE_AI_AGENT, CONFIGURE_CORS_FILTER, |
| 118 | - DefaultActions.CHANGE_OWNERSHIP, DefaultActions.CHANGE_ACL, DefaultActions.CREATE, DefaultActions.DELETE, |
|
| 119 | - DefaultActions.READ, DefaultActions.UPDATE }; |
|
| 126 | + DefaultActions.CHANGE_OWNERSHIP, DefaultActions.CHANGE_ACL, DefaultActions.CREATE, |
|
| 127 | + DefaultActions.DELETE, DefaultActions.READ, DefaultActions.UPDATE }; |
|
| 120 | 128 | } |
| 121 | 129 | |
| 122 | 130 | /** |