/
DeleteAclEntryStrategy.java
95 lines (77 loc) · 4 KB
/
DeleteAclEntryStrategy.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*
* Copyright (c) 2017-2018 Bosch Software Innovations GmbH.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v2.0
* which accompanies this distribution, and is available at
* https://www.eclipse.org/org/documents/epl-2.0/index.php
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.services.things.persistence.actors.strategies.commands;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import org.eclipse.ditto.model.base.auth.AuthorizationSubject;
import org.eclipse.ditto.model.base.common.Validator;
import org.eclipse.ditto.model.base.headers.DittoHeaders;
import org.eclipse.ditto.model.things.AccessControlList;
import org.eclipse.ditto.model.things.AclEntry;
import org.eclipse.ditto.model.things.AclValidator;
import org.eclipse.ditto.model.things.Thing;
import org.eclipse.ditto.signals.commands.things.modify.DeleteAclEntry;
import org.eclipse.ditto.signals.commands.things.modify.DeleteAclEntryResponse;
import org.eclipse.ditto.signals.events.things.AclEntryDeleted;
/**
* This strategy handles the {@link DeleteAclEntry} command.
*/
@Immutable
final class DeleteAclEntryStrategy extends AbstractConditionalHeadersCheckingCommandStrategy<DeleteAclEntry, AclEntry> {
/**
* Constructs a new {@code DeleteAclEntryStrategy} object.
*/
DeleteAclEntryStrategy() {
super(DeleteAclEntry.class);
}
@Override
protected Result doApply(final Context context, final Thing thing,
final long nextRevision, final DeleteAclEntry command) {
final AuthorizationSubject authSubject = command.getAuthorizationSubject();
final DittoHeaders dittoHeaders = command.getDittoHeaders();
return extractAcl(thing, command)
.map(acl -> getDeleteAclEntryResult(acl, context, nextRevision, command))
.orElseGet(() -> ResultFactory.newErrorResult(ExceptionFactory.aclEntryNotFound(context.getThingId(),
authSubject, dittoHeaders)));
}
private Optional<AccessControlList> extractAcl(@Nullable final Thing thing, final DeleteAclEntry command) {
final AuthorizationSubject authSubject = command.getAuthorizationSubject();
return getThingOrThrow(thing).getAccessControlList()
.filter(acl -> acl.contains(authSubject));
}
private Result getDeleteAclEntryResult(final AccessControlList acl, final Context context,
final long nextRevision, final DeleteAclEntry command) {
final String thingId = context.getThingId();
final AuthorizationSubject authSubject = command.getAuthorizationSubject();
final DittoHeaders dittoHeaders = command.getDittoHeaders();
final AccessControlList aclWithoutAuthSubject = acl.removeAllPermissionsOf(authSubject);
final Validator validator = getAclValidator(aclWithoutAuthSubject);
if (!validator.isValid()) {
return ResultFactory.newErrorResult(ExceptionFactory.aclInvalid(thingId, validator.getReason(), dittoHeaders));
}
return ResultFactory.newMutationResult(command,
AclEntryDeleted.of(thingId, authSubject, nextRevision, getEventTimestamp(), dittoHeaders),
DeleteAclEntryResponse.of(thingId, authSubject, dittoHeaders), this);
}
private static Validator getAclValidator(final AccessControlList acl) {
return AclValidator.newInstance(acl, Thing.MIN_REQUIRED_PERMISSIONS);
}
@Override
public Optional<AclEntry> determineETagEntity(final DeleteAclEntry command, @Nullable final Thing thing) {
return extractAclEntry(thing, command);
}
private Optional<AclEntry> extractAclEntry(@Nullable final Thing thing, final DeleteAclEntry command) {
final AuthorizationSubject authSubject = command.getAuthorizationSubject();
return getThingOrThrow(thing).getAccessControlList()
.flatMap(acl -> acl.getEntryFor(authSubject));
}
}