feat: remove MvdScopeTransformer (#384)

* feat: remove unrecognized scope fallback * chore: fix style * feat: remove MvdScopeTransformer * docs: update readme

feat: remove MvdScopeTransformer (#384)
ca48bd9f · Thomas Nijman · GitHub · 65948ffb · ca48bd9f · ca48bd9f
Unverified Commit ca48bd9f authored 9 months ago by Thomas Nijman Committed by GitHub 9 months ago
--- a/README.md
+++ b/README.md
@@ -735,18 +735,7 @@ DataProcessor VC.
 > Hint: all credentials, where the `credentialSubject` has the same shape/schema can be evaluated by the same function!
-### 8.5 Scope-to-criterion transformer
+### 8.5 Super-user seeding
-When IdentityHub receives a Presentation query, that carries an access token, it must be able to convert a scope string
-into a filter expression, for example `org.eclipse.edc.vc.type:DataProcessorCredential:read` is converted into
-`verifiableCredential.credential.type = DataProcessorCredential`. This filter expression is then used by IdentityHub to
-query for `DataProcessorCredentials` in the database.
-This is implemented in the
-[MvdScopeTransformer.java](launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java)
-class.
-### 8.6 Super-user seeding
 IdentityHub's [Identity
 API](https://github.com/eclipse-edc/IdentityHub/blob/main/docs/developer/architecture/identityhub-apis.md#identity-api)
@@ -861,3 +850,13 @@ Kubernetes deployments.
 The [JwtSigner.java](launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java) test class can be
 used to re-generate and sign all credentials.
+### 10.4 Default scope-to-criterion transformer
+When IdentityHub receives a Presentation query, that carries an access token, it must be able to convert a scope string
+into a filter expression, for example `org.eclipse.edc.vc.type:DataProcessorCredential:read` is converted into
+`verifiableCredential.credential.type = DataProcessorCredential`. This filter expression is then used by IdentityHub to
+query for `DataProcessorCredentials` in the database.
+The MVD uses the default `EdcScopeToCriterionTransformer` to achieve this. It is recommended to implement a custom
+`ScopeToCriterionTransformer` for an actual production scenario.
\ No newline at end of file
--- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java
+++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java
@@ -14,12 +14,10 @@
 package org.eclipse.edc.demo.dcp.ih;
-import org.eclipse.edc.identityhub.spi.ScopeToCriterionTransformer;
 import org.eclipse.edc.identityhub.spi.store.CredentialStore;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.model.VerifiableCredentialResource;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
-import org.eclipse.edc.runtime.metamodel.annotation.Provider;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
@@ -27,7 +25,6 @@ import org.eclipse.edc.spi.types.TypeManager;
 import java.io.File;
 import java.io.IOException;
-import java.util.List;
 import java.util.stream.Stream;
 import static org.eclipse.edc.spi.constants.CoreConstants.JSON_LD;
@@ -60,11 +57,6 @@ public class IdentityHubExtension implements ServiceExtension {
        }
    }
-    @Provider
-    public ScopeToCriterionTransformer createScopeTransformer() {
-        return new MvdScopeTransformer(List.of("MembershipCredential", "DataProcessorCredential"));
-    }
    private void seedCredentials(String credentialsSourceDirectory, Monitor monitor) throws IOException {
        var absPath = new File(credentialsSourceDirectory).getAbsoluteFile();

--- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java
+++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java
-/*
- *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- *  This program and the accompanying materials are made available under the
- *  terms of the Apache License, Version 2.0 which is available at
- *  https://www.apache.org/licenses/LICENSE-2.0
- *
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Contributors:
- *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
- *
- */
-package org.eclipse.edc.demo.dcp.ih;
-import org.eclipse.edc.identityhub.query.EdcScopeToCriterionTransformer;
-import org.eclipse.edc.spi.query.Criterion;
-import org.eclipse.edc.spi.result.Result;
-import java.util.List;
-import static org.eclipse.edc.spi.result.Result.failure;
-import static org.eclipse.edc.spi.result.Result.success;
-public class MvdScopeTransformer extends EdcScopeToCriterionTransformer {
-    private final List<String> knownCredentialTypes;
-    public MvdScopeTransformer(List<String> knownCredentialTypes) {
-        this.knownCredentialTypes = knownCredentialTypes;
-    }
-    @Override
-    public Result<Criterion> transform(String scope) {
-        var tokens = tokenize(scope);
-        if (tokens.failed()) {
-            return failure("Scope string cannot be converted: %s".formatted(tokens.getFailureDetail()));
-        }
-        var credentialType = tokens.getContent()[1];
-        if (!knownCredentialTypes.contains(credentialType)) {
-            //select based on the credentialSubject.level property
-            // even though "claims" is a Map, we need to access it using the dot notation. See ReflectionUtil.java
-            return success(new Criterion("verifiableCredential.credential.credentialSubject.claims.level", "=", credentialType));
-        } else {
-            return success(new Criterion(TYPE_OPERAND, CONTAINS_OPERATOR, credentialType));
-        }
-    }
-}