/
ImmutableAclEntry.java
executable file
·265 lines (229 loc) · 11.6 KB
/
ImmutableAclEntry.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
/*
* Copyright (c) 2017-2018 Bosch Software Innovations GmbH.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v2.0
* which accompanies this distribution, and is available at
* https://www.eclipse.org/org/documents/epl-2.0/index.php
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.model.things;
import static org.eclipse.ditto.model.base.common.ConditionChecker.checkNotNull;
import java.text.MessageFormat;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.function.Supplier;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import org.eclipse.ditto.json.JsonFactory;
import org.eclipse.ditto.json.JsonField;
import org.eclipse.ditto.json.JsonFieldDefinition;
import org.eclipse.ditto.json.JsonMissingFieldException;
import org.eclipse.ditto.json.JsonObject;
import org.eclipse.ditto.json.JsonParseException;
import org.eclipse.ditto.json.JsonValue;
import org.eclipse.ditto.model.base.auth.AuthorizationModelFactory;
import org.eclipse.ditto.model.base.auth.AuthorizationSubject;
import org.eclipse.ditto.model.base.exceptions.DittoJsonException;
import org.eclipse.ditto.model.base.json.FieldType;
import org.eclipse.ditto.model.base.json.JsonSchemaVersion;
/**
* An immutable implementation of {@link AclEntry}.
*/
@Immutable
final class ImmutableAclEntry implements AclEntry {
private static final JsonFieldDefinition<Integer> JSON_SCHEMA_VERSION =
JsonFactory.newIntFieldDefinition(JsonSchemaVersion.getJsonKey(), FieldType.SPECIAL, FieldType.HIDDEN,
JsonSchemaVersion.V_1);
private final AuthorizationSubject authSubject;
private final Permissions permissions;
private ImmutableAclEntry(final AuthorizationSubject theAuthSubject, final Set<Permission> thePermissions) {
authSubject = checkNotNull(theAuthSubject, "authorization subject");
checkNotNull(thePermissions, "permissions");
permissions = thePermissions.isEmpty() ? AccessControlListModelFactory.noPermissions()
: AccessControlListModelFactory.newPermissions(thePermissions);
}
/**
* Returns a new {@code AclEntry} object of the given permission and Authorization Subject.
*
* @param authSubject the Authorization Subject of the new ACL entry.
* @param permission the permission of the new ACL entry.
* @param furtherPermissions additional permissions of the new ACL entry.
* @return a new {@code AclEntry} object.
* @throws NullPointerException if any argument is {@code null}.
*/
public static AclEntry of(final AuthorizationSubject authSubject, final Permission permission,
final Permission... furtherPermissions) {
checkNotNull(permission, "permission of this entry");
checkNotNull(furtherPermissions, "further permissions of this entry");
final Set<Permission> permissions = EnumSet.of(permission);
Collections.addAll(permissions, furtherPermissions);
return of(authSubject, permissions);
}
/**
* Returns a new {@code AclEntry} object of the given permission and Authorization Subject.
*
* @param authSubject the Authorization Subject of the new ACL entry.
* @param permissions the ACL permissions of the new ACL entry.
* @return a new {@code AclEntry} object.
* @throws NullPointerException if any argument is {@code null}.
*/
public static AclEntry of(final AuthorizationSubject authSubject, final Iterable<Permission> permissions) {
if (permissions instanceof Set) {
return new ImmutableAclEntry(authSubject, (Set<Permission>) permissions);
}
final Set<Permission> permissionSet = EnumSet.noneOf(Permission.class);
permissions.forEach(permissionSet::add);
return new ImmutableAclEntry(authSubject, permissionSet);
}
/**
* Creates a new {@code AclEntry} object based on the specified JSON key and JSON value.
*
* @param jsonKey the JSON key which is assumed to be the ID of an Authorization Subject.
* @param jsonValue the JSON value containing the permissions for the Authorization Subject denoted by {@code
* jsonKey}. This value is supposed to be a {@link JsonObject}.
* @return a new {@code AclEntry} object which is initialised with the values extracted from {@code jsonKey} and
* {@code jsonValue}.
* @throws NullPointerException if any argument is {@code null}.
* @throws JsonParseException if {@code jsonValue} is not a JSON object or the JSON has not the expected format.
* @throws AclEntryInvalidException if the ACL entry does not contain any known permission which evaluates to {@code
* true} or {@code false}.
*/
public static AclEntry of(final CharSequence jsonKey, final JsonValue jsonValue) {
validate(jsonKey, jsonValue);
final JsonObject permissionsJsonObject = jsonValue.asObject();
final AuthorizationSubject authorizationSubject = AuthorizationModelFactory.newAuthSubject(jsonKey);
final Set<Permission> permissions = EnumSet.noneOf(Permission.class);
for (final Permission permission : Permission.values()) {
final Optional<JsonValue> permissionValue = permissionsJsonObject.getValue(permission.toJsonKey());
validate(jsonKey, permission, permissionValue);
if (permissionValue.map(JsonValue::asBoolean).orElse(false)) {
permissions.add(permission);
}
}
final AclEntry result = ImmutableAclEntry.of(authorizationSubject, permissions);
validate(result);
return result;
}
private static void validate(final CharSequence jsonKey, final JsonValue jsonValue) {
checkNotNull(jsonKey, "JSON key");
checkNotNull(jsonValue, "JSON value");
final String msgTemplate =
"Expected for Authorization Subject ''{0}'' a JSON object containing all of {1}" + " but got <{2}>!";
final Supplier<String> descriptionSupplier =
() -> MessageFormat.format(msgTemplate, jsonKey, Permission.allToString(), jsonValue);
if (!jsonValue.isObject()) {
throw new DittoJsonException(JsonParseException.newBuilder() //
.description(descriptionSupplier) //
.build());
}
final JsonObject permissionsJsonObject = jsonValue.asObject();
if (permissionsJsonObject.isEmpty()) {
throw AclEntryInvalidException.newBuilder() //
.description(descriptionSupplier) //
.build();
}
}
private static void validate(final CharSequence authSubjectId, final Permission permission,
final Optional<JsonValue> permissionValue) {
if (permissionValue.isPresent()) {
final JsonValue permissionJsonValue = permissionValue.get();
if (!permissionJsonValue.isBoolean()) {
final String descTemplate = "Expected for permission ''{0}'' of Authorization Subject ''{1}''"
+ " the value <true> or <false> but got <{2}>!";
throw AclEntryInvalidException.newBuilder()
.message(MessageFormat.format(descTemplate, permission, authSubjectId, permissionValue.get()))
.build();
}
} else {
final String descTemplate = "Expected for Authorization Subject ''{0}'' the permission ''{1}''"
+ " with value <true> or <false> but the permission is absent at all!";
throw AclEntryInvalidException.newBuilder()
.message(MessageFormat.format(descTemplate, authSubjectId, permission))
.build();
}
}
private static void validate(final AclEntry aclEntry) {
final Permissions entryPermissions = aclEntry.getPermissions();
if (entryPermissions.isEmpty()) {
final String descTemplate =
"The ACL entry for ''{0}'' did not contain any permission of {1} which evaluates to <true>!";
final AuthorizationSubject authorizationSubject = aclEntry.getAuthorizationSubject();
final String allPermissions = Permission.allToString();
throw AclEntryInvalidException.newBuilder()
.message(MessageFormat.format(descTemplate, authorizationSubject.getId(), allPermissions))
.build();
}
}
/**
* Creates a new {@code AclEntry} object from the specified JSON object. If, for any reason, the specified JSON
* object contains more than one field with Authorization Subject/permissions pairs only the first field is used
* while all remaining fields are ignored.
*
* @param jsonObject a JSON object which provides the data for the ACL entry to be created.
* @return a new ACL entry which is initialised with the extracted data from {@code jsonObject}.
* @throws NullPointerException if {@code jsonObject} is {@code null}.
* @throws DittoJsonException if {@code jsonObject} <ul> <li>is empty,</li> <li>contains only a field with the schema
* version</li> <li>or it contains more than two fields.</li> </ul>
*/
public static AclEntry fromJson(final JsonObject jsonObject) {
checkNotNull(jsonObject, "JSON object");
return jsonObject.stream()
.filter(field -> !Objects.equals(field.getKey(), JsonSchemaVersion.getJsonKey()))
.findFirst()
.map(field -> ImmutableAclEntry.of(field.getKey(), field.getValue()))
.orElseThrow(() -> new DittoJsonException(JsonMissingFieldException.newBuilder()
.message("The JSON object for 'aclEntry' is missing.")
.build()));
}
@Override
public AuthorizationSubject getAuthorizationSubject() {
return authSubject;
}
@Override
public boolean contains(final Permission permission) {
return permissions.contains(permission);
}
@Override
public boolean containsAll(@Nullable final Collection<Permission> permissions) {
return (null != permissions) && this.permissions.containsAll(permissions);
}
@Override
public Permissions getPermissions() {
return AccessControlListModelFactory.newPermissions(permissions);
}
@Override
public JsonObject toJson(final JsonSchemaVersion schemaVersion, final Predicate<JsonField> thePredicate) {
final Predicate<JsonField> predicate = schemaVersion.and(thePredicate);
return JsonFactory.newObjectBuilder()
.set(JSON_SCHEMA_VERSION, schemaVersion.toInt(), predicate)
// Explicitly DON'T pass the predicate to permissions!
.set(authSubject.getId(), permissions.toJson(schemaVersion))
.build();
}
@Override
public boolean equals(final Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
final ImmutableAclEntry aclEntry = (ImmutableAclEntry) o;
return Objects.equals(authSubject, aclEntry.authSubject) && Objects.equals(permissions, aclEntry.permissions);
}
@Override
public int hashCode() {
return Objects.hash(authSubject, permissions);
}
@Override
public String toString() {
return getClass().getSimpleName() + " [" + "authSubject=" + authSubject + ", permissions=" + permissions + "]";
}
}