Filter options for AAS/SM/CD with Authorization #436
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As an user of the Authorized repositories I want the system to provide the list of all allowed metamodels based on the access rules configuration when requesting for ALL metamodels instead of rejecting the request with 403 if the rules doesn't contain the (*) on the subject information, so that I can get all the allowed metamodels with one request.
Currently, there is no filtering supported when all elements are requested, it simply denies the request when requesting all elements if the target information rule is not configured as wildcard (*).
This option will provide the user with only those elements which are allowed as per the rule.
Rules
Only applicable to the getAll* methods (* -> AssetAdministrationShells/Submodels (including SMElements)/ConceptDescriptions/AasDescriptors/SubmodelDescriptors/AssetLinks) -> please take a look for all methods wherever getAll is applicable.
Applicable for Repositories/Registries/Discovery
If applicable please derive a generic filtering logic instead of specialized one.
The common code for filtering logic should be in basyx.authorization (-> basyx.common)
Entry Points
basyx-java-server-sdk/basyx.aasrepository/basyx.aasrepository-feature-authorization at main · eclipse-basyx/basyx-java-server-sdk (github.com)
basyx-java-server-sdk/basyx.aasregistry/basyx.aasregistry-feature-authorization at main · eclipse-basyx/basyx-java-server-sdk (github.com)
basyx-java-server-sdk/basyx.submodelrepository/basyx.submodelrepository-feature-authorization at main · eclipse-basyx/basyx-java-server-sdk (github.com)
basyx-java-server-sdk/basyx.submodelregistry/basyx.submodelregistry-feature-authorization at main · eclipse-basyx/basyx-java-server-sdk (github.com)
basyx-java-server-sdk/basyx.conceptdescriptionrepository/basyx.conceptdescriptionrepository-feature-authorization at main · eclipse-basyx/basyx-java-server-sdk (github.com)
basyx-java-server-sdk/basyx.aasdiscoveryservice/basyx.aasdiscoveryservice-feature-authorization at main · eclipse-basyx/basyx-java-server-sdk (github.com)
Acceptance Criteria
When requesting all AAS with access rule specified without wildcard (*) then only those filtered AASs which are specified in the rule will be provided instead of rejected request with 403.
Risks and Assumptions
Maybe there will be a need of filter parameters to the Repo/Reg (cf. Reference [A]) classes because it shouldn't filter the response after retrieving all the results. -> This could be solved by introducing a Filtered which extends the Repository/Registry (cf. Reference [A]) and takes the filtering descriptions. And then extending the Authorized with Filtered*.
References & Notes
[A] basyx-java-server-sdk/basyx.aasrepository/basyx.aasrepository-core/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/AasRepository.java at main · eclipse-basyx/basyx-java-server-sdk (github.com)
Dependencies and Blockers
DO THIS TICKET FIRST! https://github.com/orgs/eclipse-basyx/projects/3/views/3?filterQuery=iteration%3A%40next&pane=issue&itemId=79008619 - Filtering of elements at backend only
The text was updated successfully, but these errors were encountered: