-
Notifications
You must be signed in to change notification settings - Fork 215
/
ThingEnforcement.java
107 lines (96 loc) · 4.74 KB
/
ThingEnforcement.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/*
* Copyright (c) 2022 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.things.service.enforcement;
import java.util.List;
import java.util.concurrent.CompletionStage;
import org.eclipse.ditto.base.model.signals.Signal;
import org.eclipse.ditto.base.model.signals.commands.CommandResponse;
import org.eclipse.ditto.policies.enforcement.AbstractEnforcementReloaded;
import org.eclipse.ditto.policies.enforcement.PolicyEnforcer;
import org.eclipse.ditto.policies.enforcement.config.EnforcementConfig;
import org.eclipse.ditto.policies.model.Policy;
import org.eclipse.ditto.things.model.Thing;
import org.eclipse.ditto.things.model.signals.commands.modify.CreateThing;
import akka.actor.ActorRef;
import akka.actor.ActorSystem;
/**
* Authorizes {@link Signal}s and filters {@link CommandResponse}s related to things by applying different included
* {@link ThingEnforcementStrategy}s.
*/
public final class ThingEnforcement extends AbstractEnforcementReloaded<Signal<?>, CommandResponse<?>> {
private final List<ThingEnforcementStrategy> enforcementStrategies;
public ThingEnforcement(final ActorRef policiesShardRegion, final ActorSystem actorSystem,
final EnforcementConfig enforcementConfig) {
super(actorSystem);
enforcementStrategies = List.of(
new LiveSignalEnforcement(actorSystem),
new ThingCommandEnforcement(actorSystem, policiesShardRegion, enforcementConfig)
);
}
@Override
public CompletionStage<Signal<?>> authorizeSignal(final Signal<?> signal, final PolicyEnforcer policyEnforcer) {
final Signal<?> adaptedSignal;
if (signal instanceof CreateThing createThing) {
final Thing thingWithBestEffortPolicyId = createThing.getThing()
.toBuilder()
.setPolicyId(policyEnforcer.getPolicy().flatMap(Policy::getEntityId).orElse(null))
.build();
adaptedSignal = CreateThing.of(
thingWithBestEffortPolicyId,
createThing.getInitialPolicy().orElse(null),
createThing.getPolicyIdOrPlaceholder().orElse(null),
createThing.getDittoHeaders()
);
} else {
adaptedSignal = signal;
}
return enforcementStrategies.stream()
.filter(strategy -> strategy.isApplicable(adaptedSignal))
.findFirst()
.map(strategy -> strategy.getEnforcement().authorizeSignal(adaptedSignal, policyEnforcer))
.orElseThrow(() -> new IllegalArgumentException(
"Unsupported signal to perform authorizeSignal: " + adaptedSignal
));
}
@Override
public CompletionStage<Signal<?>> authorizeSignalWithMissingEnforcer(final Signal<?> signal) {
return enforcementStrategies.stream()
.filter(strategy -> strategy.isApplicable(signal))
.findFirst()
.map(strategy -> strategy.getEnforcement().authorizeSignalWithMissingEnforcer(signal))
.orElseThrow(() -> new IllegalArgumentException(
"Unsupported signal to perform authorizeSignalWithMissingEnforcer: " + signal
));
}
@Override
public boolean shouldFilterCommandResponse(final CommandResponse<?> commandResponse) {
return enforcementStrategies.stream()
.filter(strategy -> strategy.responseIsApplicable(commandResponse))
.findFirst()
.map(strategy -> strategy.getEnforcement().shouldFilterCommandResponse(commandResponse))
.orElseThrow(() -> new IllegalArgumentException(
"Unsupported command response to perform shouldFilterCommandResponse: " + commandResponse
));
}
@Override
public CompletionStage<CommandResponse<?>> filterResponse(final CommandResponse<?> commandResponse,
final PolicyEnforcer policyEnforcer) {
return enforcementStrategies.stream()
.filter(strategy -> strategy.responseIsApplicable(commandResponse))
.findFirst()
.map(strategy -> strategy.getEnforcement().filterResponse(commandResponse, policyEnforcer))
.orElseThrow(() -> new IllegalArgumentException(
"Unsupported command response to perform filterResponse: " + commandResponse
));
}
}