Rules logic and cloud events standard

appinfo/routes.php

@@ -8,6 +8,7 @@
 		'Jobs' => ['url' => 'api/jobs'],
 		'Synchronizations' => ['url' => 'api/synchronizations'],
 		'Consumers' => ['url' => 'api/consumers'],
+		'Rules' => ['url' => 'api/rules'],
 	],
 	'routes' => [
 		['name' => 'dashboard#page', 'url' => '/', 'verb' => 'GET'],

docs/cloudevents.md

@@ -2,12 +2,44 @@
 
 We facilitate subscriptions on a pub/sub model. This is based on [CloudEvents](https://cloudevents.io/) but also supports the [NL GOV profile for CloudEvents](https://www.logius.nl/domeinen/gegevensuitwisseling/nl-gov-profile-cloudevents). More documentation can be found [here](https://gitdocumentatie.logius.nl/publicatie/notificatieservices/CloudEvents-NL/).
 
-## Subsribers 
+# Event System
 
-## Publishers
+## Event Subscriptions
 
-## Endpoints
+The OpenConnector platform implements the [CloudEvents Subscription API specification](https://github.com/cloudevents/spec/blob/main/subscriptions/spec.md) to manage event subscriptions. This allows consumers to subscribe to specific events and receive them through various delivery mechanisms.
 
-## Mappings
+### Subscription Styles
 
-## Events
+The platform supports two subscription styles:
+
+- **Push**: Events are actively sent to the subscriber's endpoint (sink)
+- **Pull**: Subscribers fetch events from the platform
+
+### Subscription Properties
+
+Each subscription contains the following properties:
+
+- `id`: Unique identifier for the subscription
+- `source`: URI identifying where events originate
+- `types`: Array of CloudEvent type values to subscribe to
+- `config`: Subscription-specific configuration
+- `filters`: Array of filter expressions for event matching
+- `sink`: URI where events should be delivered
+- `protocol`: Delivery protocol (HTTP, MQTT, AMQP, etc.)
+- `protocolSettings`: Protocol-specific settings
+- `style`: Delivery style ('push' or 'pull')
+- `status`: Subscription status
+- `userId`: Owner of the subscription
+
+### Filter Dialects
+
+The platform supports the following filter dialects as defined in the CloudEvents specification:
+
+- `exact`: Exact matching of attribute values
+- `prefix`: Prefix matching of attribute values
+- `suffix`: Suffix matching of attribute values
+- `all`: Logical AND of multiple filters
+- `any`: Logical OR of multiple filters
+- `not`: Logical NOT of a filter
+
+### Example Subscription

docs/rules/rules.md

@@ -0,0 +1,100 @@
+# Rules
+
+Rules are components that can be associated with endpoints to add additional functionality. Based on the current codebase, rules are stored as string IDs and can be attached to multiple endpoints.
+
+## Adding Rules to Endpoints
+
+Rules can be added to endpoints through the AddEndpointRule modal component. The process works as follows:
+
+1. Select a rule from the available rule options dropdown
+2. The rule ID is added to the endpoint's `rules` array property
+3. The endpoint is updated with the new rule association
+4. On success, the modal closes automatically after 2 seconds
+
+## Rule Properties
+
+Rules have several key properties that define their behavior:
+
+- uuid: A unique identifier string for the rule
+- name: The display name of the rule
+- description: A detailed description of the rule's purpose
+- action: Specifies when the rule triggers (create, read, update, delete)
+- timing: Controls if rule runs 'before' or 'after' the action (defaults to 'before')
+- conditions: JSON Logic format conditions that determine when rule applies
+- type: The rule type (mapping, error, script, synchronization, authentication, download, upload, locking)
+- configuration: Type-specific configuration stored as JSON
+- order: Integer determining execution order when multiple rules exist
+
+The properties work together to define:
+
+1. When the rule executes (action + timing)
+2. Under what conditions it runs (conditions)
+3. What functionality it provides (type + configuration) 
+4. The sequence of execution (order)
+
+Rules are stored in a structured format but referenced by endpoints using their UUID strings in an array format.
+
+## Rule Implementation
+
+The current implementation shows:
+
+- Rules are managed through a dedicated API endpoint at `/api/rules`
+- Rules can be retrieved and managed through the Rules resource controller
+- Rule IDs are stored and validated as strings within endpoints
+- The endpoint entity ensures rules are always stored as an array
+
+## Rule Types
+
+### Authentication Rules
+
+Authentication rules control access to endpoints by validating user credentials and permissions. Configuration options include:
+
+- type: The authentication method to use
+  - basic: Basic HTTP authentication
+  - jwt: JSON Web Token authentication
+  - jwt-zgw: ZGW-specific JWT authentication
+  - oauth: OAuth 2.0 authentication
+- users: Array of specific users allowed to access the endpoint
+- groups: Array of user groups allowed to access the endpoint
+
+### Download Rules
+
+Download rules handle file access and retrieval. Configuration includes:
+
+- fileIdPosition: Specifies the position of the file ID in the URL path
+- Automatic validation of user access rights to requested files
+
+### Upload Rules
+
+Upload rules manage file upload functionality and restrictions. Configuration includes:
+
+- path: The target directory path for uploaded files
+- allowedTypes: Comma-separated list of allowed file extensions (e.g., jpg,png,pdf)
+- maxSize: Maximum allowed file size in megabytes
+
+### Locking Rules
+
+Locking rules provide exclusive access control for resources. Configuration includes:
+
+- action: The locking operation to perform
+  - lock: Lock a resource for exclusive access
+  - unlock: Release a previously locked resource
+- timeout: Duration in minutes before the lock automatically expires
+
+## Rule Validation
+
+When adding rules to an endpoint:
+
+- The rules array is initialized if it doesn't exist
+- Existing rule IDs are converted to strings
+- New rule IDs are validated before being added
+- The endpoint is revalidated after rule changes
+
+## Error Handling
+
+The rule addition process includes:
+
+- Validation that a rule is selected before saving
+- Error catching and display if the save fails
+- Loading state management during the save process
+- Success/error message display to the user

lib/Controller/EndpointsController.php

@@ -197,6 +197,8 @@ public function destroy(int $id): JSONResponse
 	 */
 	public function handlePath(string $_path): JSONResponse
 	{
+		// @todo: move to a rule service
+		/*
 		try {
 			$token = $this->request->getHeader('Authorization');
 			$this->authorizationService->authorize(authorization: $token);
@@ -206,6 +208,7 @@ public function handlePath(string $_path): JSONResponse
 				statusCode: 401
 			);
 		}
+		*/
 
 		// Find matching endpoints for the given path and method
 		$matchingEndpoints = $this->endpointMapper->findByPathRegex(