Issue #1228: apply policy enforcement to live-channel-condition in ad…

…dition to condition header

Signed-off-by: Yufei Cai <yufei.cai@bosch.io>

base/model/src/main/java/org/eclipse/ditto/base/model/headers/EnumValueValidator.java

@@ -75,8 +75,7 @@ private static Set<String> groupByNormalizedName(final Enum<?>[] enumValues) {
 
     private static String formatErrorDescription(final Collection<String> normalizedNames) {
         final String valuesString = normalizedNames.stream()
-                .map(name -> "<" + name + ">")
-                .collect(Collectors.joining(", "));
+                .collect(Collectors.joining(">, <", "<", ">"));
         return MessageFormat.format("The value must either be one of: {0}.", valuesString);
     }
 }

concierge/service/src/main/java/org/eclipse/ditto/concierge/service/enforcement/ThingCommandEnforcement.java

@@ -816,6 +816,10 @@ static <T extends ThingCommand<T>> T authorizeByPolicyOrThrow(final Enforcer pol
         if (!(command instanceof CreateThing) && condition.isPresent()) {
             enforceReadPermissionOnCondition(condition.get(), policyEnforcer, dittoHeaders);
         }
+        final var liveChannelCondition = dittoHeaders.getLiveChannelCondition();
+        if ((command instanceof ThingQueryCommand) && liveChannelCondition.isPresent()) {
+            enforceReadPermissionOnCondition(liveChannelCondition.get(), policyEnforcer, dittoHeaders);
+        }
 
         if (commandAuthorized) {
             return AbstractEnforcement.addEffectedReadSubjectsToThingSignal(command, policyEnforcer);