Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new endpoint checkpermissions #2047

Merged
merged 16 commits into from
Nov 6, 2024
Merged

Add new endpoint checkpermissions #2047

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
a237bf2
Add new endpoint checkpermissions
hu-ahmed Oct 21, 2024
88a3615
fix missing license
hu-ahmed Oct 21, 2024
20a230d
fix missing license
hu-ahmed Oct 21, 2024
af247ab
resolve comments and apply sudo policy check permissions
hu-ahmed Oct 24, 2024
eeb1ce2
handling exceptions and add java doc
hu-ahmed Oct 25, 2024
8cb9cbd
Resolve comments and improve exception handling
hu-ahmed Oct 28, 2024
7588065
Add unit test
hu-ahmed Oct 28, 2024
800bbf6
fix license error
hu-ahmed Oct 29, 2024
1361cbd
remove actor name and mutable map
hu-ahmed Oct 29, 2024
2181be3
fix failing unit tests after adding new route and command
thjaeckle Oct 29, 2024
dd689ed
update documentation and openapi
hu-ahmed Oct 30, 2024
5d08e89
update documentation
hu-ahmed Oct 30, 2024
055f3c4
review: perform some minor syntactic tweaks
thjaeckle Oct 30, 2024
2ee22fc
update documentation
hu-ahmed Oct 30, 2024
6a6f7aa
update documentation
hu-ahmed Oct 30, 2024
880c3f1
exclude intentionally changed method signature from binary comp. check
thjaeckle Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions ...e/src/main/java/org/eclipse/ditto/edge/service/dispatching/EdgeCommandForwarderActor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,10 @@
import org.eclipse.ditto.internal.utils.config.ScopedConfig;
import org.eclipse.ditto.messages.model.signals.commands.MessageCommand;
import org.eclipse.ditto.messages.model.signals.commands.MessageCommandResponse;
import org.eclipse.ditto.policies.api.commands.sudo.CheckPolicyPermissions;
import org.eclipse.ditto.policies.model.PolicyConstants;
import org.eclipse.ditto.policies.model.signals.commands.PolicyCommand;
import org.eclipse.ditto.things.api.commands.sudo.SudoRetrieveThing;
import org.eclipse.ditto.things.api.commands.sudo.SudoRetrieveThings;
import org.eclipse.ditto.things.model.ThingConstants;
import org.eclipse.ditto.things.model.signals.commands.ThingCommand;
Expand Down Expand Up @@ -144,7 +146,9 @@ public Receive createReceive() {
)
.match(RetrieveThings.class, this::forwardToThingsAggregatorProxy)
.match(SudoRetrieveThings.class, this::forwardToThingsAggregatorProxy)
.match(SudoRetrieveThing.class, this::forwardToThings)
.match(PolicyCommand.class, this::forwardToPolicies)
.match(CheckPolicyPermissions.class, this::forwardToPolicies)
.match(RetrieveAllConnectionIds.class, this::forwardToConnectivityPubSub)
.match(ConnectivityCommand.class, this::forwardToConnectivity)
.match(ConnectivitySudoCommand.class, this::forwardToConnectivity)
Expand Down Expand Up @@ -291,6 +295,7 @@ private void forwardToThingSearch(final Command<?> command) {
pubSubMediator.tell(DistPubSubAccess.send(ThingsSearchConstants.SEARCH_ACTOR_PATH, command), getSender());
}


private void handleUnknownSignal(final Signal<?> signal) {
applySignalTransformation(signal, sender())
.thenAccept(transformedSignal -> {
Expand Down
11 changes: 11 additions & 0 deletions ...ain/java/org/eclipse/ditto/gateway/service/endpoints/actors/AbstractHttpRequestActor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
import org.eclipse.ditto.edge.service.acknowledgements.things.ThingLiveCommandAckRequestSetter;
import org.eclipse.ditto.edge.service.acknowledgements.things.ThingModifyCommandAckRequestSetter;
import org.eclipse.ditto.gateway.api.GatewayServiceUnavailableException;
import org.eclipse.ditto.gateway.service.endpoints.routes.checkpermissions.CheckPermissions;
import org.eclipse.ditto.gateway.service.endpoints.routes.whoami.DefaultUserInformation;
import org.eclipse.ditto.gateway.service.endpoints.routes.whoami.Whoami;
import org.eclipse.ditto.gateway.service.endpoints.routes.whoami.WhoamiResponse;
Expand Down Expand Up @@ -236,6 +237,7 @@ public AbstractActor.Receive handleMessage() {
}
})
.match(Whoami.class, this::handleWhoami)
.match(CheckPermissions.class, this::handleCheckPermissions)
.match(DittoRuntimeException.class, this::handleDittoRuntimeException)
.match(ReceiveTimeout.class,
receiveTimeout -> {
Expand Down Expand Up @@ -346,6 +348,15 @@ private void rememberResponseLocationUri(final CommandResponse<?> commandRespons
}
}

private void handleCheckPermissions(final CheckPermissions command) {
final ActorRef checkPermissionsActor = getContext().actorOf(
CheckPermissionsActor.props(proxyActor, getSelf(), getReceiveTimeout(command, commandConfig)),
CheckPermissionsActor.ACTOR_NAME
);
getContext().become(getResponseAwaitingBehavior());
checkPermissionsActor.tell(command, getSelf());
}

private void handleWhoami(final Whoami command) {
logger.withCorrelationId(command).debug("Got <{}>.", command);

Expand Down
398 changes: 398 additions & 0 deletions ...c/main/java/org/eclipse/ditto/gateway/service/endpoints/actors/CheckPermissionsActor.java
View file
Open in desktop

Large diffs are not rendered by default.

12 changes: 12 additions & 0 deletions ...y/service/src/main/java/org/eclipse/ditto/gateway/service/endpoints/routes/RootRoute.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
import org.eclipse.ditto.gateway.service.endpoints.directives.RequestTimeoutHandlingDirective;
import org.eclipse.ditto.gateway.service.endpoints.directives.RequestTracingDirective;
import org.eclipse.ditto.gateway.service.endpoints.directives.auth.GatewayAuthenticationDirective;
import org.eclipse.ditto.gateway.service.endpoints.routes.checkpermissions.CheckPermissionsRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.cloudevents.CloudEventsRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.connections.ConnectionsRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.devops.DevOpsRoute;
Expand Down Expand Up @@ -95,6 +96,7 @@ public final class RootRoute extends AllDirectives {
private final WebSocketRouteBuilder websocketRouteBuilder;
private final StatsRoute statsRoute;
private final WhoamiRoute whoamiRoute;
private final CheckPermissionsRoute checkPermissionsRoute;
private final CloudEventsRoute cloudEventsRoute;

private final CustomApiRoutesProvider customApiRoutesProvider;
Expand Down Expand Up @@ -126,6 +128,7 @@ private RootRoute(final Builder builder) {
websocketRouteBuilder = builder.websocketRouteBuilder;
statsRoute = builder.statsRoute;
whoamiRoute = builder.whoamiRoute;
checkPermissionsRoute = builder.checkPermissionsRoute;
cloudEventsRoute = builder.cloudEventsRoute;
customApiRoutesProvider = builder.customApiRoutesProvider;
routeBaseProperties = builder.routeBaseProperties;
Expand Down Expand Up @@ -322,6 +325,8 @@ private Route buildApiSubRoutes(final RequestContext ctx, final DittoHeaders dit
thingSearchRoute.buildSearchRoute(ctx, dittoHeaders),
// /api/{apiVersion}/whoami
whoamiRoute.buildWhoamiRoute(ctx, dittoHeaders),
// /api/{apiVersion}/checkPermissions
checkPermissionsRoute.buildCheckPermissionsRoute(ctx, dittoHeaders),
// /api/{apiVersion}/cloudevents
cloudEventsRoute.buildCloudEventsRoute(ctx, dittoHeaders)
).orElse(customApiSubRoutes);
Expand Down Expand Up @@ -440,6 +445,7 @@ private static final class Builder implements RootRouteBuilder {
private WebSocketRouteBuilder websocketRouteBuilder;
private StatsRoute statsRoute;
private WhoamiRoute whoamiRoute;
private CheckPermissionsRoute checkPermissionsRoute;
private CloudEventsRoute cloudEventsRoute;

private CustomApiRoutesProvider customApiRoutesProvider;
Expand Down Expand Up @@ -531,6 +537,12 @@ public RootRouteBuilder whoamiRoute(final WhoamiRoute route) {
return this;
}

@Override
public RootRouteBuilder checkPermissionsRoute(final CheckPermissionsRoute route) {
checkPermissionsRoute = route;
return this;
}

@Override
public RootRouteBuilder cloudEventsRoute(final CloudEventsRoute route) {
cloudEventsRoute = route;
Expand Down
10 changes: 10 additions & 0 deletions ...ce/src/main/java/org/eclipse/ditto/gateway/service/endpoints/routes/RootRouteBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import org.eclipse.ditto.base.model.json.JsonSchemaVersion;
import org.eclipse.ditto.edge.service.headers.DittoHeadersValidator;
import org.eclipse.ditto.gateway.service.endpoints.directives.auth.GatewayAuthenticationDirective;
import org.eclipse.ditto.gateway.service.endpoints.routes.checkpermissions.CheckPermissionsRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.cloudevents.CloudEventsRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.connections.ConnectionsRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.devops.DevOpsRoute;
Expand Down Expand Up @@ -139,6 +140,15 @@ public interface RootRouteBuilder {
*/
RootRouteBuilder whoamiRoute(WhoamiRoute route);

/**
* Sets the check permissions-route.
*
* @param route the route to set.
* @return the Builder to allow method chaining.
* @since 3.7.0
*/
RootRouteBuilder checkPermissionsRoute(CheckPermissionsRoute route);

/**
* Sets the cloud events route.
*
Expand Down
147 changes: 147 additions & 0 deletions ...org/eclipse/ditto/gateway/service/endpoints/routes/checkpermissions/CheckPermissions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
/*
* Copyright (c) 2024 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.gateway.service.endpoints.routes.checkpermissions;

import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.base.model.json.JsonParsableCommand;
import org.eclipse.ditto.json.JsonField;
import org.eclipse.ditto.json.JsonFieldDefinition;
import org.eclipse.ditto.json.JsonObject;
import org.eclipse.ditto.json.JsonObjectBuilder;

import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.function.Predicate;
import java.util.stream.Collectors;

import org.eclipse.ditto.base.api.common.CommonCommand;
import org.eclipse.ditto.base.model.json.JsonSchemaVersion;
import org.eclipse.ditto.json.JsonFactory;

import javax.annotation.concurrent.Immutable;

/**
* Command to check multiple permissions for different resources in a single request.
*
* @since 3.7.0
*/
@Immutable
@JsonParsableCommand(typePrefix = CheckPermissions.TYPE_PREFIX, name = CheckPermissions.NAME)
public final class CheckPermissions extends CommonCommand<CheckPermissions> {

static final String TYPE_PREFIX = CommonCommand.TYPE_PREFIX;

/**
* The name of the command.
*/
static final String NAME = "checkPermissions";

/**
* The type of the command.
*/
public static final String TYPE = TYPE_PREFIX + CheckPermissions.NAME;

private static final JsonFieldDefinition<JsonObject> PERMISSION_CHECKS_FIELD = JsonFactory.newJsonObjectFieldDefinition(
"permissionChecks"
);

private final Map<String, ImmutablePermissionCheck> permissionChecks;

/**
* Constructs a new {@code CheckPermissionsCommand} object.
*
* @param dittoHeaders the headers of the command.
* @param permissionChecks a linked hash map of permission checks to be performed.
*/
private CheckPermissions(final DittoHeaders dittoHeaders,
final Map<String, ImmutablePermissionCheck> permissionChecks) {
super(TYPE, Category.QUERY, dittoHeaders);
this.permissionChecks = Collections.unmodifiableMap(new LinkedHashMap<>(permissionChecks));
}

/**
* Creates a new {@code CheckPermissionsCommand} with the provided headers and permission checks.
*
* @param headers the headers of the command.
* @param permissionChecks the permission checks to be included in the command.
* @return a new {@code CheckPermissionsCommand}.
*/
public static CheckPermissions of(final Map<String, ImmutablePermissionCheck> permissionChecks,
final DittoHeaders headers) {
return new CheckPermissions(headers, permissionChecks);
}

/**
* Creates a {@code CheckPermissionsCommand} from a JSON object.
*
* @param jsonObject the JSON object containing the data.
* @param dittoHeaders the headers of the command.
* @return a new {@code CheckPermissionsCommand}.
*/
public static CheckPermissions fromJson(final JsonObject jsonObject, final DittoHeaders dittoHeaders) {
final LinkedHashMap<String, ImmutablePermissionCheck> permissionChecks = jsonObject.stream()
.collect(Collectors.toMap(
entry -> String.valueOf(entry.getKey()),
entry -> ImmutablePermissionCheck.fromJson(entry.getValue().asObject()),
(oldValue, newValue) -> oldValue,
LinkedHashMap::new
));
return new CheckPermissions(dittoHeaders, permissionChecks);
}

/**
* Returns the permission checks contained in this command.
*
* @return a linked hash map of permission checks.
*/
public Map<String, ImmutablePermissionCheck> getPermissionChecks() {
return permissionChecks;
}

@Override
protected void appendPayload(final JsonObjectBuilder jsonObjectBuilder, final JsonSchemaVersion schemaVersion,
final Predicate<JsonField> predicate) {
JsonObjectBuilder permissionChecksBuilder = JsonFactory.newObjectBuilder();
permissionChecks.forEach((key, permissionCheck) -> permissionChecksBuilder.set(key, permissionCheck.toJson()));
jsonObjectBuilder.set(PERMISSION_CHECKS_FIELD, permissionChecksBuilder.build(), predicate);
}

@Override
public CheckPermissions setDittoHeaders(final DittoHeaders dittoHeaders) {
return new CheckPermissions(dittoHeaders, permissionChecks);
}

@Override
public boolean equals(final Object obj) {
if (this == obj) {
return true;
}
if (obj == null || getClass() != obj.getClass()) {
return false;
}
final CheckPermissions that = (CheckPermissions) obj;
return Objects.equals(permissionChecks, that.permissionChecks) && super.equals(that);
}

@Override
public int hashCode() {
return Objects.hash(super.hashCode(), permissionChecks);
}

@Override
public String toString() {
return getClass().getSimpleName() + "[" + super.toString() + ", permissionChecks=" + permissionChecks + "]";
}
}
Loading
Loading