/
newThing.yml
45 lines (37 loc) · 1.91 KB
/
newThing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
type: object
properties:
_policy:
allOf:
- $ref: '#/components/schemas/Policy'
description: |-
The initial policy to create for this thing. This will create a separate policy entity managed by resource `/policies/{thingId}`.
Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request.
_copyPolicyFrom:
type: string
description: |-
This field may contain
* the policy ID of an existing policy.
The policy is copied and used for this newly created thing. The
caller needs to have READ and WRITE<sup>*</sup> access to the policy.
* a placeholder reference to a thing in the format {{ ref:things/[thingId]/policyId }} where you need to
replace [thingId] with a valid thing ID.
The newly created thing will then obtain a copy of the policy of
the referenced thing. The caller needs to have READ access to the thing and READ and WRITE<sup>*</sup>
access to the policy of the thing.
<sup>*</sup> The check for WRITE permission avoids locking yourself out of the newly created policy. You can
bypass this check by setting the header `allowPolicyLockout` to `true`. Be aware that the authorized
subject cannot modify the policy if you do not assign WRITE permission on the policy resource!
If you want to specify a policy ID for the copied policy, use the policyId field.
This field must not be used together with the field _policy. If you specify both _policy and _copyPolicyFrom
this will lead to an error response.
policyId:
type: string
description: |-
The policy ID used for controlling access to this thing. Managed by
resource `/policies/{policyId}`.
definition:
$ref: '#/components/schemas/Definition'
attributes:
$ref: '#/components/schemas/Attributes'
features:
$ref: '#/components/schemas/Features'