private static boolean isAuthorized(final MessageCommand command, final Enforcer enforcer) { return enforcer.hasUnrestrictedPermissions( PoliciesResourceType.messageResource(command.getResourcePath()), command.getDittoHeaders().getAuthorizationContext(), WRITE); }
private static Optional<Policy> getDefaultPolicy(final AuthorizationContext authorizationContext, final CharSequence thingId) { final Optional<Subject> subjectOptional = authorizationContext.getFirstAuthorizationSubject() .map(AuthorizationSubject::getId) .map(SubjectId::newInstance) .map(Subject::newInstance); return subjectOptional.map(subject -> Policy.newBuilder(thingId) .forLabel(DEFAULT_POLICY_ENTRY_LABEL) .setSubject(subject) .setGrantedPermissions(PoliciesResourceType.thingResource("/"), org.eclipse.ditto.services.models.things.Permission.DEFAULT_THING_PERMISSIONS) .setGrantedPermissions(PoliciesResourceType.policyResource("/"), org.eclipse.ditto.services.models.policies.Permission.DEFAULT_POLICY_PERMISSIONS) .setGrantedPermissions(PoliciesResourceType.messageResource("/"), org.eclipse.ditto.services.models.policies.Permission.DEFAULT_POLICY_PERMISSIONS) .build()); }
labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ, Permission.WRITE); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.READ)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.WRITE);
labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ, Permission.WRITE); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.READ)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.WRITE);