In internal Ditto pub/sub, don't only filter for `authorizationSubject`, but also to subscribed `namespaces`
thjaeckle opened this issue · comments
Currently, when e.g. a connection in Ditto's "connectivity" service subscribes for "thing events" (modifications) to publish to e.g. a Kafka topic, it will receive all the events which the configured "authorizationContext"
subject is allowed to "READ".
So it will receive all events and then apply the optionally defined RQL filter
statement as well as the defined namespaces
(also as a filter criteria).
The RQL filter
cannot be filtered on pub/sub level, however the namespaces
could be.
In the best case, the namespaces
(if defined) would also be used when subscribing via Ditto pub/sub to the internal topic and a connection which e.g. is only interested in events of namespace foo
would not get notified about events in namespace bar
, even if it would have READ
permissions for those things.