use of org.openremote.manager.rules.RulesService in project openremote by openremote.
the class Main method main.
public static void main(String[] args) throws Exception {
List<ContainerService> services = new ArrayList<ContainerService>() {
{
addAll(Arrays.asList(new TimerService(), new ManagerExecutorService(), new I18NService(), new ManagerPersistenceService(), new MessageBrokerSetupService(), new ManagerIdentityService(), new SetupService(), new ClientEventService(), new RulesetStorageService(), new RulesService(), new AssetStorageService(), new AssetDatapointService(), new AssetAttributeLinkingService(), new AssetProcessingService(), new MessageBrokerService()));
ServiceLoader.load(Protocol.class).forEach(this::add);
addAll(Arrays.asList(new AgentService(), new SimulatorService(), new MapService(), new NotificationService(), new ConsoleAppService(), new ManagerWebService()));
}
};
new Container(services).startBackground();
}
use of org.openremote.manager.rules.RulesService in project openremote by openremote.
the class AssetProcessingService method init.
@Override
public void init(Container container) throws Exception {
timerService = container.getService(TimerService.class);
identityService = container.getService(ManagerIdentityService.class);
persistenceService = container.getService(PersistenceService.class);
rulesService = container.getService(RulesService.class);
agentService = container.getService(AgentService.class);
assetStorageService = container.getService(AssetStorageService.class);
assetDatapointService = container.getService(AssetDatapointService.class);
assetAttributeLinkingService = container.getService(AssetAttributeLinkingService.class);
messageBrokerService = container.getService(MessageBrokerService.class);
clientEventService = container.getService(ClientEventService.class);
clientEventService.addSubscriptionAuthorizer((auth, subscription) -> {
if (!subscription.isEventType(AttributeEvent.class)) {
return false;
}
// Always must have a filter, as you can't subscribe to ALL asset attribute events
if (subscription.getFilter() != null && subscription.getFilter() instanceof AttributeEvent.EntityIdFilter) {
AttributeEvent.EntityIdFilter filter = (AttributeEvent.EntityIdFilter) subscription.getFilter();
// Superuser can get attribute events for any asset
if (auth.isSuperUser())
return true;
// Regular user must have role
if (!auth.hasResourceRole(ClientRole.READ_ASSETS.getValue(), Constants.KEYCLOAK_CLIENT_ID)) {
return false;
}
boolean isRestrictedUser = identityService.getIdentityProvider().isRestrictedUser(auth.getUserId());
// Client can subscribe to several assets
for (String assetId : filter.getEntityId()) {
Asset asset = assetStorageService.find(assetId);
// If the asset doesn't exist, subscription must fail
if (asset == null)
return false;
if (isRestrictedUser) {
// Restricted users can only get attribute events for their linked assets
if (!assetStorageService.isUserAsset(auth.getUserId(), assetId))
return false;
// TODO Restricted clients should only receive events for RESTRICTED_READ attributes!
} else {
// Regular users can only get attribute events for assets in their realm
if (!asset.getTenantRealm().equals(auth.getAuthenticatedRealm()))
return false;
}
}
return true;
}
return false;
});
processors.add(agentService);
processors.add(rulesService);
processors.add(assetDatapointService);
processors.add(assetAttributeLinkingService);
container.getService(MessageBrokerSetupService.class).getContext().addRoutes(this);
}
Aggregations