+
+#ifdef MULTIPLE_OWNER
+/**
+ * Compare the request's subject to SubOwner.
+ *
+ * @return true if context->subjectId exist subowner list, else false.
+ */
+static bool IsRequestFromSubOwner(PEContext_t *context)
+{
+ bool retVal = false;
+
+ if(NULL == context)
+ {
+ return retVal;
+ }
+
+ if(IsSubOwner(&context->subject))
+ {
+ retVal = true;
+ }
+
+ if(true == retVal)
+ {
+ OIC_LOG(INFO, TAG, "PE.IsRequestFromSubOwner(): returning true");
+ }
+ else
+ {
+ OIC_LOG(INFO, TAG, "PE.IsRequestFromSubOwner(): returning false");
+ }
+
+ return retVal;
+}
+
+
+/**
+ * Verify the SubOwner's request.
+ *
+ * @return true if request is valid, else false.
+ */
+static bool IsValidRequestFromSubOwner(PEContext_t *context)
+{
+ bool isValidRequest = false;
+
+ if(NULL == context)
+ {
+ return isValidRequest;
+ }
+
+ switch(context->resourceType)
+ {
+ case OIC_R_DOXM_TYPE:
+ //SubOwner has READ permission only for DOXM
+ if(PERMISSION_READ == context->permission)
+ {
+ isValidRequest = true;
+ }
+ break;
+ case OIC_R_PSTAT_TYPE:
+ //SubOwner has full permsion for PSTAT except RESET
+ isValidRequest = IsValidPstatAccessForSubOwner(context->payload, context->payloadSize);
+ break;
+ case OIC_R_CRED_TYPE:
+ //SubOwner can only access the credential which is registered as the eowner.
+ isValidRequest = IsValidCredentialAccessForSubOwner(&context->subject, context->payload, context->payloadSize);
+ break;
+ case OIC_R_ACL_TYPE:
+ //SubOwner can only access the ACL which is registered as the eowner.
+ isValidRequest = IsValidAclAccessForSubOwner(&context->subject, context->payload, context->payloadSize);
+ break;
+ default:
+ //SubOwner has full permission for all resource except the security resource
+ isValidRequest = true;
+ break;
+ }
+
+ if(isValidRequest)
+ {
+ OIC_LOG(INFO, TAG, "PE.IsValidRequestFromSubOwner(): returning true");
+ }
+ else
+ {
+ OIC_LOG(INFO, TAG, "PE.IsValidRequestFromSubOwner(): returning false");
+ }
+
+ return isValidRequest;
+}
+#endif //MULTIPLE_OWNER
+
+
+// TODO - remove these function placeholders as they are implemented
+// in the resource entity handler code.
+// Note that because many SVRs do not have a rowner, in those cases we
+// just return "OC_STACK_ERROR" which results in a "false" return by
+// IsRequestFromResourceOwner().
+// As these SVRs are revised to have a rowner, these functions should be
+// replaced (see pstatresource.c for example of GetPstatRownerId).
+
+OCStackResult GetCrlRownerId(OicUuid_t *rowner)
+{
+ OC_UNUSED(rowner);
+ rowner = NULL;
+ return OC_STACK_ERROR;
+}
+
+OCStackResult GetSaclRownerId(OicUuid_t *rowner)
+{
+ OC_UNUSED(rowner);
+ rowner = NULL;
+ return OC_STACK_ERROR;
+}
+
+static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = {
+ GetAclRownerId,
+ GetAmaclRownerId,
+ GetCredRownerId,
+ GetCrlRownerId,
+ GetDoxmRownerId,
+ GetDpairingRownerId,
+ GetPconfRownerId,
+ GetPstatRownerId,
+ GetSaclRownerId,
+};
+
+/**
+ * Compare the request's subject to resource.ROwner.
+ *
+ * @return true if context->subjectId equals SVR rowner id, else return false
+ */
+bool IsRequestFromResourceOwner(PEContext_t *context)
+{
+ bool retVal = false;
+ OicUuid_t resourceOwner;
+
+ if(NULL == context)
+ {
+ return false;
+ }
+
+ if((OIC_R_ACL_TYPE <= context->resourceType) && \
+ (OIC_SEC_SVR_TYPE_COUNT > context->resourceType))
+ {
+ if(OC_STACK_OK == GetSvrRownerId[(int)context->resourceType](&resourceOwner))
+ {
+ retVal = UuidCmp(&context->subject, &resourceOwner);
+ }
+ }
+
+ if(true == retVal)
+ {
+ OIC_LOG(INFO, TAG, "PE.IsRequestFromResourceOwner(): returning true");
+ }
+ else
+ {
+ OIC_LOG(INFO, TAG, "PE.IsRequestFromResourceOwner(): returning false");
+ }
+
+ return retVal;
+}
+
+INLINE_API bool IsRequestSubjectEmpty(PEContext_t *context)
+{
+ OicUuid_t emptySubject = {.id={0}};
+
+ if(NULL == context)
+ {
+ return false;
+ }
+
+ return (memcmp(&context->subject, &emptySubject, sizeof(OicUuid_t)) == 0) ?
+ true : false;
+}
+