subjectIssuer -> labelScoped.setSubject(subjectIssuer, sid)); labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ, Permission.WRITE); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.READ)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(Thing.JsonFields.ACL.getPointer()), Permission.READ, Permission.WRITE); } else { labelScoped.setRevokedPermissions(PoliciesResourceType.thingResource(Thing.JsonFields.ACL.getPointer()), Permission.WRITE);
private static Optional<Policy> getDefaultPolicy(final AuthorizationContext authorizationContext, final CharSequence thingId) { final Optional<Subject> subjectOptional = authorizationContext.getFirstAuthorizationSubject() .map(AuthorizationSubject::getId) .map(SubjectId::newInstance) .map(Subject::newInstance); return subjectOptional.map(subject -> Policy.newBuilder(thingId) .forLabel(DEFAULT_POLICY_ENTRY_LABEL) .setSubject(subject) .setGrantedPermissions(PoliciesResourceType.thingResource("/"), org.eclipse.ditto.services.models.things.Permission.DEFAULT_THING_PERMISSIONS) .setGrantedPermissions(PoliciesResourceType.policyResource("/"), org.eclipse.ditto.services.models.policies.Permission.DEFAULT_POLICY_PERMISSIONS) .setGrantedPermissions(PoliciesResourceType.messageResource("/"), org.eclipse.ditto.services.models.policies.Permission.DEFAULT_POLICY_PERMISSIONS) .build()); }
.removeSubject(sd.getSubjectId()) .setRevision(lastSequenceNr()) .setModified(sd.getTimestamp().orElse(null)) .build()) .removeResource(rd.getResourceKey()) .setRevision(lastSequenceNr()) .setModified(rd.getTimestamp().orElse(null)) .build())
.removeSubject(sd.getSubjectId()) .setRevision(lastSequenceNr()) .setModified(sd.getTimestamp().orElse(null)) .build()) .removeResource(rd.getResourceKey()) .setRevision(lastSequenceNr()) .setModified(rd.getTimestamp().orElse(null)) .build())
subjectIssuer -> labelScoped.setSubject(subjectIssuer, sid)); labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ, Permission.WRITE); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.READ)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(Thing.JsonFields.ACL.getPointer()), Permission.READ, Permission.WRITE); } else { labelScoped.setRevokedPermissions(PoliciesResourceType.thingResource(Thing.JsonFields.ACL.getPointer()), Permission.WRITE);
/** * Set the given permissions on the specified {@code resourcePath} as "granted" to this * builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param grantedPermission the Permission to set as "grant"ed on the Resource in the label. * @param furtherGrantedPermissions further Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. * @throws IllegalArgumentException if {@code resourceType} is empty. */ default LabelScoped setGrantedPermissions(final String resourceType, final JsonPointer resourcePath, final String grantedPermission, final String... furtherGrantedPermissions) { setGrantedPermissionsFor(getLabel(), resourceType, resourcePath, grantedPermission, furtherGrantedPermissions); return this; }
/** * Set the given permissions on the specified {@code resourceType} and {@code resourcePath} as "granted" to * this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param grantedPermission the Permission to set as "grant"ed on the Resource in the label. * @param furtherGrantedPermissions further Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. * @throws IllegalArgumentException if {@code resourceType} is empty. */ default LabelScoped setGrantedPermissions(final String resourceType, final CharSequence resourcePath, final String grantedPermission, final String... furtherGrantedPermissions) { setGrantedPermissions(resourceType, JsonPointer.of(resourcePath), grantedPermission, furtherGrantedPermissions); return this; }
/** * Set the given permissions on the specified {@code resourceType} and {@code resourcePath} as "revoked" to this * builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param revokedPermission the Permission to set as "revoke"ed on the Resource in the label. * @param furtherRevokedPermissions further Permissions to set as "revoke"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setRevokedPermissions(final String resourceType, final CharSequence resourcePath, final String revokedPermission, final String... furtherRevokedPermissions) { setRevokedPermissions(resourceType, JsonPointer.of(resourcePath), revokedPermission, furtherRevokedPermissions); return this; }
/** * Set the given {@link Permissions} on the specified {@code resourceType} and {@code resourcePath} as "granted" * to this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param grantedPermissions the Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. * @throws IllegalArgumentException if {@code resourceType} is empty. */ default LabelScoped setGrantedPermissions(final String resourceType, final JsonPointer resourcePath, final Permissions grantedPermissions) { setGrantedPermissionsFor(getLabel(), resourceType, resourcePath, grantedPermissions); return this; }
/** * Set the given permissions on the specified {@code resourceType} and {@code resourcePath} as "revoked" * to this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param revokedPermission the Permission to set as "revoke"ed on the Resource in the label. * @param furtherRevokedPermissions further Permissions to set as "revoke"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setRevokedPermissions(final String resourceType, final JsonPointer resourcePath, final String revokedPermission, final String... furtherRevokedPermissions) { setRevokedPermissionsFor(getLabel(), resourceType, resourcePath, revokedPermission, furtherRevokedPermissions); return this; }
/** * Set the given {@link String}s on the specified {@code resourceKey} * as "granted" to this builder. * * @param resourceKey the ResourceKey to set the permissions on. * @param grantedPermission the Permission to set as "grant"ed on the Resource in the label. * @param furtherGrantedPermissions further Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setGrantedPermissions(final ResourceKey resourceKey, final String grantedPermission, final String... furtherGrantedPermissions) { setGrantedPermissionsFor(getLabel(), resourceKey, grantedPermission, furtherGrantedPermissions); return this; }
/** * Set the given {@link Permissions} on the specified {@code resourceType} and {@code resourcePath} * as "granted" to this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param grantedPermissions the Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setGrantedPermissions(final String resourceType, final CharSequence resourcePath, final Permissions grantedPermissions) { setGrantedPermissions(resourceType, JsonPointer.of(resourcePath), grantedPermissions); return this; }
/** * Set the given permissions on the specified {@code resourceType} and {@code resourcePath} as "revoked" to * this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param revokedPermissions the Permissions to set as "revoke"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setRevokedPermissions(final String resourceType, final JsonPointer resourcePath, final Permissions revokedPermissions) { setRevokedPermissionsFor(getLabel(), resourceType, resourcePath, revokedPermissions); return this; }
/** * Sets the given {@link Subject} to the specified {@code label} to this builder. A previous entry with the same * {@code subjectId} in the {@link Label} is replaced by the specified one. Sets the subject type * to {@link SubjectType#GENERATED}. * * @param issuer the SubjectId's {@code issuer}. * @param subject the character sequence for the SubjectId's {@code subject}. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setSubject(final SubjectIssuer issuer, final CharSequence subject) { setSubjectFor(getLabel(), Subject.newInstance(issuer, subject)); return this; }
/** * Sets the given {@link Subject} to the specified {@code label} to this builder. A previous entry with the same * {@code subjectId} in the {@link Label} is replaced by the specified one. * * @param issuer the SubjectId's {@code issuer}. * @param subject the character sequence for the SubjectId's {@code subject}. * @param subjectType the type of the subject to set. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setSubject(final SubjectIssuer issuer, final CharSequence subject, final SubjectType subjectType) { setSubjectFor(getLabel(), Subject.newInstance(issuer, subject, subjectType)); return this; }
/** * Set the given permissions on the specified {@code resourceKey} as "revoked" to this builder. * * @param resourceKey the ResourceKey to set the permissions on. * @param revokedPermission the Permission to set as "revoke"ed on the Resource in the label. * @param furtherRevokedPermissions further Permissions to set as "revoke"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setRevokedPermissions(final ResourceKey resourceKey, final String revokedPermission, final String... furtherRevokedPermissions) { setRevokedPermissionsFor(getLabel(), resourceKey, revokedPermission, furtherRevokedPermissions); return this; }
/** * Set the given permissions on the specified {@code resourceType} and {@code resourcePath} as "revoked" to this * builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param revokedPermissions the Permissions to set as "revoke"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setRevokedPermissions(final String resourceType, final CharSequence resourcePath, final Permissions revokedPermissions) { setRevokedPermissions(resourceType, JsonPointer.of(resourcePath), revokedPermissions); return this; }
/** * Sets the given {@link Subjects} to the specified {@code label} to this builder. All previous entries with the * same * {@code subjectId} in the {@link Label} are replaced by the specified ones. * * @param subjects the Subjects to set for the PolicyEntry identified by the {@code label}. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setSubjects(final Subjects subjects) { setSubjectsFor(getLabel(), subjects); return this; }
/** * Removes the subject identified by the specified {@code issuer} and {@code subject} from this builder. * * @param issuer the SubjectId's {@code issuer} to remove from the PolicyEntry identified by the {@code label}. * @param subject the character sequence for the SubjectId's {@code subject} to remove from the PolicyEntry * identified by the {@code label}. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped removeSubject(final SubjectIssuer issuer, final CharSequence subject) { removeSubjectFor(getLabel(), SubjectId.newInstance(issuer, subject)); return this; }
/** * Removes the specified {@code resource} from this builder. * * @param resource the Resource to remove from the PolicyEntry identified by the {@code label}. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped removeResource(final Resource resource) { removeResourceFor(getLabel(), resource); return this; }