private static Optional<Policy> getDefaultPolicy(final AuthorizationContext authorizationContext, final CharSequence thingId) { final Optional<Subject> subjectOptional = authorizationContext.getFirstAuthorizationSubject() .map(AuthorizationSubject::getId) .map(SubjectId::newInstance) .map(Subject::newInstance); return subjectOptional.map(subject -> Policy.newBuilder(thingId) .forLabel(DEFAULT_POLICY_ENTRY_LABEL) .setSubject(subject) .setGrantedPermissions(PoliciesResourceType.thingResource("/"), org.eclipse.ditto.services.models.things.Permission.DEFAULT_THING_PERMISSIONS) .setGrantedPermissions(PoliciesResourceType.policyResource("/"), org.eclipse.ditto.services.models.policies.Permission.DEFAULT_POLICY_PERMISSIONS) .setGrantedPermissions(PoliciesResourceType.messageResource("/"), org.eclipse.ditto.services.models.policies.Permission.DEFAULT_POLICY_PERMISSIONS) .build()); }
aclEntry.getPermissions() .contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ, Permission.WRITE); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.READ)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(Thing.JsonFields.ACL.getPointer()), Permission.READ, Permission.WRITE); } else {
aclEntry.getPermissions() .contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ, Permission.WRITE); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.READ)) { labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.READ); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.READ); } else if (aclEntry.getPermissions().contains(org.eclipse.ditto.model.things.Permission.WRITE)) { labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.messageResource(ROOT_PATH), Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.policyResource(ROOT_PATH), Permission.READ, Permission.WRITE); labelScoped.setGrantedPermissions(PoliciesResourceType.thingResource(Thing.JsonFields.ACL.getPointer()), Permission.READ, Permission.WRITE); } else {
/** * Set the given permissions on the specified {@code resourceType} and {@code resourcePath} as "granted" to * this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param grantedPermission the Permission to set as "grant"ed on the Resource in the label. * @param furtherGrantedPermissions further Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. * @throws IllegalArgumentException if {@code resourceType} is empty. */ default LabelScoped setGrantedPermissions(final String resourceType, final CharSequence resourcePath, final String grantedPermission, final String... furtherGrantedPermissions) { setGrantedPermissions(resourceType, JsonPointer.of(resourcePath), grantedPermission, furtherGrantedPermissions); return this; }
/** * Set the given {@link Permissions} on the specified {@code resourceType} and {@code resourcePath} * as "granted" to this builder. * * @param resourceType the type of the Resource to set the permissions on. * @param resourcePath the path of the Resource to set the permissions on. * @param grantedPermissions the Permissions to set as "grant"ed on the Resource in the label. * @return this builder to allow method chaining. * @throws NullPointerException if any argument is {@code null}. */ default LabelScoped setGrantedPermissions(final String resourceType, final CharSequence resourcePath, final Permissions grantedPermissions) { setGrantedPermissions(resourceType, JsonPointer.of(resourcePath), grantedPermissions); return this; }