static void ValidateRule(AuthorizationProperties.Rule rule, int order, List <string> errors, string source) { if (rule.Operations.Count == 0) { errors.Add($"Statement {order}: {source}: Operations list must not be empty"); } if (rule.Resources.Count == 0 && !IsConnectOperation(rule)) { errors.Add($"Statement {order}: {source}: Resources list must not be empty"); } foreach (var operation in rule.Operations) { if (!validOperations.Contains(operation)) { errors.Add($"Statement {order}: {source}: Unknown mqtt operation: {operation}. List of supported operations: mqtt:publish, mqtt:subscribe, mqtt:connect"); } ValidateVariables(operation, order, errors); } foreach (var resource in rule.Resources) { if (string.IsNullOrEmpty(resource) || !IsValidTopicFilter(resource)) { errors.Add($"Statement {order}: {source}: Resource (topic filter) is invalid: {resource}"); } ValidateVariables(resource, order, errors); } }
private static bool IsConnectOperation(AuthorizationProperties.Rule rule) { return(rule.Operations.Count == 1 && rule.Operations[0] == "mqtt:connect"); }