add method addEffectedReadSubjectsToThingLiveSignal to LiveSignalEnfo…

…rcement to restore previous behavior of read subject determination; Signed-off-by: Stefan Maute <stefan.maute@bosch.io>
eclipse-ditto · Oct 13, 2021 · 996870c · 996870c
1 parent 88f8745
commit 996870c
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/.../src/main/java/org/eclipse/ditto/concierge/service/enforcement/LiveSignalEnforcement.java b/.../src/main/java/org/eclipse/ditto/concierge/service/enforcement/LiveSignalEnforcement.java
@@ -46,6 +46,7 @@
 import org.eclipse.ditto.policies.model.enforcers.EffectedSubjects;
 import org.eclipse.ditto.policies.model.enforcers.Enforcer;
 import org.eclipse.ditto.protocol.UnknownCommandException;
+import org.eclipse.ditto.things.model.ThingConstants;
 import org.eclipse.ditto.things.model.ThingId;
 import org.eclipse.ditto.things.model.signals.commands.ThingCommand;
 import org.eclipse.ditto.things.model.signals.commands.exceptions.EventSendNotAllowedException;
@@ -228,7 +229,7 @@ private CompletionStage<Contextual<WithDittoHeaders>> enforceLiveSignal(final St
 
                 ThingCommandEnforcement.authorizeByPolicyOrThrow(enforcer, (ThingCommand<?>) liveSignal);
                 final ThingCommand<?> withReadSubjects =
-                        addEffectedReadSubjectsToThingSignal((ThingCommand<?>) liveSignal, enforcer);
+                        addEffectedReadSubjectsToThingLiveSignal((ThingCommand<?>) liveSignal, enforcer);
                 log(withReadSubjects).info("Live Command was authorized: <{}>", withReadSubjects);
                 return publishLiveSignal(withReadSubjects, THING_COMMAND_ACK_EXTRACTOR, liveSignalPub.command());
             default:
@@ -240,6 +241,27 @@ private CompletionStage<Contextual<WithDittoHeaders>> enforceLiveSignal(final St
         }
     }
 
+    /**
+     * Extend a signal by subject headers given with granted and revoked READ access.
+     * The subjects are provided by the given enforcer for the resource type {@link org.eclipse.ditto.things.model.ThingConstants#ENTITY_TYPE}.
+     *
+     * @param signal the signal to extend.
+     * @param enforcer the enforcer.
+     * @return the extended signal.
+     */
+    static <T extends Signal<T>> T addEffectedReadSubjectsToThingLiveSignal(final Signal<T> signal,
+            final Enforcer enforcer) {
+
+        final var resourceKey = ResourceKey.newInstance(ThingConstants.ENTITY_TYPE, signal.getResourcePath());
+        final var effectedSubjects = enforcer.getSubjectsWithPermission(resourceKey, Permission.READ);
+        final var newHeaders = DittoHeaders.newBuilder(signal.getDittoHeaders())
+                .readGrantedSubjects(effectedSubjects.getGranted())
+                .readRevokedSubjects(effectedSubjects.getRevoked())
+                .build();
+
+        return signal.setDittoHeaders(newHeaders);
+    }
+
     private CompletionStage<Contextual<WithDittoHeaders>> enforceLiveEvent(final Signal<?> liveSignal,
             final Enforcer enforcer) {