Maps-Messaging
diff --git a/‎PROTOCOLS.md‎
Lines changed: 0 additions & 174 deletions b/‎PROTOCOLS.md‎
Lines changed: 0 additions & 174 deletions
diff --git a/‎pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/io/mapsmessaging/auth/AuthManager.java‎
Lines changed: 25 additions & 0 deletions b/‎src/main/java/io/mapsmessaging/auth/AuthManager.java‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎src/main/java/io/mapsmessaging/auth/ServerPermissions.java‎
Lines changed: 79 additions & 0 deletions b/‎src/main/java/io/mapsmessaging/auth/ServerPermissions.java‎
Lines changed: 79 additions & 0 deletions
@@ -145,7 +145,7 @@
     <!-- Second level dependencies -->
     <maps.storage.version>2.5.2-SNAPSHOT</maps.storage.version>
     <maps.device.version>3.0.1-SNAPSHOT</maps.device.version>
-    <maps.auth.version>2.0.2-SNAPSHOT</maps.auth.version>
+    <maps.auth.version>3.0.0-SNAPSHOT</maps.auth.version>
 
 
   </properties>
 
@@ -34,6 +34,8 @@
 import io.mapsmessaging.security.access.Group;
 import io.mapsmessaging.security.access.Identity;
 import io.mapsmessaging.security.access.mapping.GroupIdMap;
+import io.mapsmessaging.security.authorisation.Permission;
+import io.mapsmessaging.security.authorisation.ProtectedResource;
 import io.mapsmessaging.security.identity.IdentityLookupFactory;
 import io.mapsmessaging.security.identity.principals.UniqueIdentifierPrincipal;
 import io.mapsmessaging.utilities.Agent;
@@ -169,6 +171,29 @@ public SessionPrivileges getQuota(UUID userId) {
     return null;
   }
 
+
+  public boolean canAccess(Identity identity, Permission permission, ProtectedResource resource) {
+    return authenticationStorage.canAccess(identity, permission, resource);
+  }
+
+  public void grant(Identity identity, Permission permission, ProtectedResource resource) {
+    authenticationStorage.grant(identity, permission, resource);
+  }
+
+  public void grant(Group group, Permission permission, ProtectedResource resource) {
+    authenticationStorage.grant(group, permission, resource);
+  }
+
+  public void revoke(Identity identity, Permission permission, ProtectedResource resource) {
+    authenticationStorage.revoke(identity, permission, resource);
+  }
+
+  public void revoke(Group group, Permission permission, ProtectedResource resource) {
+    authenticationStorage.revoke(group, permission, resource);
+  }
+
+
+
   private AuthManager() {
     logger = LoggerFactory.getLogger(AuthManager.class);
     config = ConfigurationManager.getInstance().getConfiguration(AuthManagerConfig.class);
 
@@ -0,0 +1,79 @@
+/*
+ *
+ *  Copyright [ 2020 - 2024 ] Matthew Buckton
+ *  Copyright [ 2024 - 2025 ] MapsMessaging B.V.
+ *
+ *  Licensed under the Apache License, Version 2.0 with the Commons Clause
+ *  (the "License"); you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at:
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://commonsclause.com/
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package io.mapsmessaging.auth;
+
+
+import io.mapsmessaging.security.authorisation.Permission;
+import lombok.Getter;
+
+@Getter
+public enum ServerPermissions implements Permission {
+
+  READ("read", "Allows Read access to the resource", 0),
+  WRITE("write", "Allows Write access to the resource", 1),
+  DELETE("delete", "Allows Delete access to the resource", 2),
+  CREATE("create", "Allows Create access to the resource", 3),
+  SUBSCRIBE("subscribe", "Allows Subscription access to the topic", 4),
+  PUBLISH("publish", "Allows Publish access to the topic", 5),
+  PUBLISH_RETAINED("retain", "Allows Retain access to the topic", 6),
+  CONNECT("connect", "allows user to connect", 7),
+  MANAGE("manage", "allows user to manage resource", 8)
+  ;
+
+  private final String name;
+  private final String description;
+  private final long mask;
+
+  ServerPermissions(final String name, final String description, final long mask) {
+    this.name = name;
+    this.description = description;
+    this.mask = 1L <<mask;
+  }
+
+  public static String generateOpenFgaModel() {
+    StringBuilder stringBuilder = new StringBuilder();
+
+    stringBuilder.append("model\n");
+    stringBuilder.append("  schema 1.1\n");
+    stringBuilder.append("\n");
+    stringBuilder.append("type user\n");
+    stringBuilder.append("\n");
+    stringBuilder.append("type group\n");
+    stringBuilder.append("  relations\n");
+    stringBuilder.append("    define member: [user]\n");
+    stringBuilder.append("\n");
+    stringBuilder.append("type resource\n");
+    stringBuilder.append("  relations\n");
+
+    for (ServerPermissions serverPermission : ServerPermissions.values()) {
+      String permissionName = serverPermission.getName();
+      stringBuilder
+          .append("    define ")
+          .append(permissionName)
+          .append(": [user, group#member]\n");
+    }
+
+    return stringBuilder.toString();
+  }
+
+  public static void main(String[] args) {
+    System.err.println(generateOpenFgaModel());
+  }
+}