Modifies Registries TargetInformation to accept List of Ids (eclipse-…

…basyx#308) Co-authored-by: FriedJannik <[email protected]>
geso02 · Jun 13, 2024 · 127c2f1 · 127c2f1
1 parent a8999d5
commit 127c2f1
Show file tree

Hide file tree

Showing 17 changed files with 248 additions and 207 deletions.
diff --git a/...pse/digitaltwin/basyx/aasregistry/feature/authorization/AasRegistryTargetInformation.java b/...pse/digitaltwin/basyx/aasregistry/feature/authorization/AasRegistryTargetInformation.java
@@ -27,6 +27,7 @@
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
@@ -42,23 +43,23 @@
 @TargetInformationSubtype(getValue = "aas-registry")
 public class AasRegistryTargetInformation implements TargetInformation {
 
-	private String aasId;
+	private List<String> aasIds;
 
 	@JsonCreator
-	public AasRegistryTargetInformation(final @JsonProperty("aasId") String aasId) {
-		this.aasId = aasId;
+	public AasRegistryTargetInformation(final @JsonProperty("aasIds") List<String> aasIds) {
+		this.aasIds = aasIds;
 	}
 
 	@Override
 	public Map<String, Object> toMap() {
 		final Map<String, Object> map = new HashMap<>();
-		map.put("aasId", aasId);
+		map.put("aasIds", aasIds);
 		return map;
 	}
 
 	@Override
 	public int hashCode() {
-		return Objects.hash(aasId);
+		return Objects.hash(aasIds);
 	}
 
 	@Override
@@ -70,16 +71,16 @@ public boolean equals(Object obj) {
 		if (getClass() != obj.getClass())
 			return false;
 		AasRegistryTargetInformation other = (AasRegistryTargetInformation) obj;
-		return Objects.equals(aasId, other.aasId);
+		return Objects.equals(aasIds, other.aasIds);
 	}
 
 	@Override
 	public String toString() {
-		return "AasTargetInformation [aasId=" + aasId + "]";
+		return "AasTargetInformation [aasIds=" + aasIds + "]";
 	}
 
-	public String getAasId() {
-		return aasId;
+	public List<String> getAasIds() {
+		return aasIds;
 	}
 
 }
diff --git a/...pse/digitaltwin/basyx/aasregistry/feature/authorization/AuthorizedAasRegistryStorage.java b/...pse/digitaltwin/basyx/aasregistry/feature/authorization/AuthorizedAasRegistryStorage.java
@@ -25,6 +25,8 @@
 
 package org.eclipse.digitaltwin.basyx.aasregistry.feature.authorization;
 
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
 
@@ -62,19 +64,19 @@ public AuthorizedAasRegistryStorage(AasRegistryStorage decorated, RbacPermission
 
 	@Override
 	public CursorResult<List<AssetAdministrationShellDescriptor>> getAllAasDescriptors(PaginationInfo pRequest, DescriptorFilter filter) {
-		assertHasPermission(Action.READ, AasRegistryTargetPermissionVerifier.ALL_ALLOWED_WILDCARD);
+		assertHasPermission(Action.READ, getIdAsList(AasRegistryTargetPermissionVerifier.ALL_ALLOWED_WILDCARD));
 		return decorated.getAllAasDescriptors(pRequest, filter);
 	}
 
 	@Override
 	public AssetAdministrationShellDescriptor getAasDescriptor(String aasDescriptorId) throws AasDescriptorNotFoundException {
-		assertHasPermission(Action.READ, aasDescriptorId);
+		assertHasPermission(Action.READ, getIdAsList(aasDescriptorId));
 		return decorated.getAasDescriptor(aasDescriptorId);
 	}
 
 	@Override
 	public void insertAasDescriptor(AssetAdministrationShellDescriptor descr) throws AasDescriptorAlreadyExistsException {
-		assertHasPermission(Action.CREATE, descr.getId());
+		assertHasPermission(Action.CREATE, getIdAsList(descr.getId()));
 		decorated.insertAasDescriptor(descr);
 	}
 
@@ -83,69 +85,73 @@ public void replaceAasDescriptor(String aasDescriptorId, AssetAdministrationShel
 		String newId = descriptor.getId();
 
 		if (!aasDescriptorId.equals(newId)) {
-			assertHasPermission(Action.DELETE, aasDescriptorId);
-			assertHasPermission(Action.CREATE, newId);
+			assertHasPermission(Action.DELETE, getIdAsList(aasDescriptorId));
+			assertHasPermission(Action.CREATE, getIdAsList(newId));
 		} else
-			assertHasPermission(Action.UPDATE, aasDescriptorId);
+			assertHasPermission(Action.UPDATE, getIdAsList(aasDescriptorId));
 
 		decorated.replaceAasDescriptor(aasDescriptorId, descriptor);
 	}
 
 	@Override
 	public void removeAasDescriptor(String aasDescriptorId) throws AasDescriptorNotFoundException {
-		assertHasPermission(Action.DELETE, aasDescriptorId);
+		assertHasPermission(Action.DELETE, getIdAsList(aasDescriptorId));
 		decorated.removeAasDescriptor(aasDescriptorId);
 	}
 
 	@Override
 	public CursorResult<List<SubmodelDescriptor>> getAllSubmodels(String aasDescriptorId, PaginationInfo pRequest) throws AasDescriptorNotFoundException {
-		assertHasPermission(Action.READ, aasDescriptorId);
+		assertHasPermission(Action.READ, getIdAsList(aasDescriptorId));
 		return decorated.getAllSubmodels(aasDescriptorId, pRequest);
 	}
 
 	@Override
 	public SubmodelDescriptor getSubmodel(String aasDescriptorId, String submodelId) throws AasDescriptorNotFoundException, SubmodelNotFoundException {
-		assertHasPermission(Action.READ, aasDescriptorId);
+		assertHasPermission(Action.READ, getIdAsList(aasDescriptorId));
 		return decorated.getSubmodel(aasDescriptorId, submodelId);
 	}
 
 	@Override
 	public void insertSubmodel(String aasDescriptorId, SubmodelDescriptor submodel) throws AasDescriptorNotFoundException, SubmodelAlreadyExistsException {
-		assertHasPermission(Action.UPDATE, aasDescriptorId);		
+		assertHasPermission(Action.UPDATE, getIdAsList(aasDescriptorId));
 		decorated.insertSubmodel(aasDescriptorId, submodel);
 	}
 
 	@Override
 	public void replaceSubmodel(String aasDescriptorId, String submodelId, SubmodelDescriptor submodel) throws AasDescriptorNotFoundException, SubmodelNotFoundException {
-		assertHasPermission(Action.UPDATE, aasDescriptorId);
+		assertHasPermission(Action.UPDATE, getIdAsList(aasDescriptorId));
 		decorated.replaceSubmodel(aasDescriptorId, submodelId, submodel);
 	}
 
 	@Override
 	public void removeSubmodel(String aasDescriptorId, String submodelId) throws AasDescriptorNotFoundException, SubmodelNotFoundException {
-		assertHasPermission(Action.UPDATE, aasDescriptorId);
+		assertHasPermission(Action.UPDATE, getIdAsList(aasDescriptorId));
 		decorated.removeSubmodel(aasDescriptorId, submodelId);
 	}
 
 	@Override
 	public Set<String> clear() {
-		assertHasPermission(Action.DELETE, AasRegistryTargetPermissionVerifier.ALL_ALLOWED_WILDCARD);
+		assertHasPermission(Action.DELETE, getIdAsList(AasRegistryTargetPermissionVerifier.ALL_ALLOWED_WILDCARD));
 		return decorated.clear();
 	}
 
 	@Override
 	public ShellDescriptorSearchResponse searchAasDescriptors(ShellDescriptorSearchRequest request) {
-		assertHasPermission(Action.READ, AasRegistryTargetPermissionVerifier.ALL_ALLOWED_WILDCARD);
+		assertHasPermission(Action.READ, getIdAsList(AasRegistryTargetPermissionVerifier.ALL_ALLOWED_WILDCARD));
 		return decorated.searchAasDescriptors(request);
 	}
 
-	private void assertHasPermission(Action action, String aasId) {
-		boolean isAuthorized = permissionResolver.hasPermission(action, new AasRegistryTargetInformation(aasId));
+	private void assertHasPermission(Action action, List<String> assIds) {
+		boolean isAuthorized = permissionResolver.hasPermission(action, new AasRegistryTargetInformation(assIds));
 		throwExceptionIfInsufficientPermission(isAuthorized);
 	}
 
 	private void throwExceptionIfInsufficientPermission(boolean isAuthorized) {
 		if (!isAuthorized)
 			throw new InsufficientPermissionException("Insufficient Permission: The current subject does not have the required permissions for this operation.");
 	}
+
+	private List<String> getIdAsList(String id) {
+		return new ArrayList<>(Arrays.asList(id));
+	}
 }
diff --git a/...win/basyx/aasregistry/feature/authorization/rbac/AasRegistryTargetPermissionVerifier.java b/...win/basyx/aasregistry/feature/authorization/rbac/AasRegistryTargetPermissionVerifier.java
@@ -29,6 +29,8 @@
 import org.eclipse.digitaltwin.basyx.authorization.rbac.RbacRule;
 import org.eclipse.digitaltwin.basyx.authorization.rbac.TargetPermissionVerifier;
 
+import java.util.List;
+
 /**
  * Verifies the {@link AasRegistryTargetInformation} against the {@link RbacRule}
  *
@@ -37,14 +39,26 @@
 public class AasRegistryTargetPermissionVerifier implements TargetPermissionVerifier<AasRegistryTargetInformation> {
 
 	public static final String ALL_ALLOWED_WILDCARD = "*";
-	
+
 	@Override
 	public boolean isVerified(RbacRule rbacRule, AasRegistryTargetInformation targetInformation) {
-		String shellId = targetInformation.getAasId();
-		
+		List<String> targetInformationShellIds = targetInformation.getAasIds();
+
 		AasRegistryTargetInformation rbacRuleAasTargetInformation = (AasRegistryTargetInformation) rbacRule.getTargetInformation();
-
-		return rbacRuleAasTargetInformation.getAasId().equals(ALL_ALLOWED_WILDCARD) || rbacRuleAasTargetInformation.getAasId().equals(shellId);
+
+		List<String> rbacRuleShellIds = rbacRuleAasTargetInformation.getAasIds();
+
+		return areShellsAllowed(rbacRuleShellIds, targetInformationShellIds);
+	}
+
+	private boolean areShellsAllowed(List<String> rbacRuleShellIds, List<String> targetInformationShellIds) {
+
+		return allShellsAllowed(rbacRuleShellIds) || rbacRuleShellIds.containsAll(targetInformationShellIds);
+	}
+
+	private boolean allShellsAllowed(List<String> rbacRuleShellIds) {
+
+		return rbacRuleShellIds.size() == 1 && rbacRuleShellIds.get(0).equals(ALL_ALLOWED_WILDCARD);
 	}
 
 }