Added $filters to AAS QL & enhanced Fragment Fieldidentifiers

[Martin187187]

• implements Add optional FILTER to Query #517
• added new Query Language Filter chapter in Query Language chapter.
• Enhanced the FieldIdentifier Fragment Definition from just plain string to a BNF specification. => allow non leaf paths and disallow required paths.
• updated Json schema & api accordingly.
• Addition does not introduce breaking changes because it only adds new optional field
• allow multiple filters instead of just 1 in the current security specification

[CLAassistant]

All committers have signed the CLA.

[Martin187187]

I would really like to remove the following section in the Json Security specification:

"FRAGMENT": {
          "type": "string"
        },
        "FILTER": {
          "$ref": "#/definitions/logicalExpression",
          "additionalProperties": false
        },
        "USEFILTER": {
          "type": "string"
        }, 

This is redundant because of the newly introduced FILTERLIST:

"FILTERLIST": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/SecurityQueryFilter"
          }
        } 

I didnt remove it to not cause any breaking changes.

[mdanish98]

Hi @Martin187187 ,

thanks a lot for this pull request.

I have reviewed this PR and provided the following review remarks mainly for naming inconsistency. Please note that the naming inconsistency might not be limited to what I pointed out, so please check other files and locations.

[mdanish98]

This should be either $condition or $formula depending on the final decision, as pointed out in another comment.

[mdanish98]

There are some naming inconsistency:
Here in query-json-schema.json uses $formula (lines 750 & 761)
openapi.yaml still uses $condition (lines 802 & 812)
query-language.adoc also has $condition (e.g., line 690)

We should use either $condition or $formula to be consistent.

[Martin187187]

I agree that $condition is the better choice, and I will update $formula accordingly. That said, the security layer currently relies on FORMULA, as defined in the specification, which introduces a naming inconsistency.

[mdanish98]

Highlighting the naming inconsistency as explained in the above comment.

[mdanish98]

Highlighting the naming inconsistency as explained in the above comment.

[mdanish98]

Please update all JSON examples that use $condition to use $formula. Also, I have noticed that some examples uses condition without a $ prefix, so please consider this also when you search and replace.

[Martin187187]

I would rather use $condition. I there a reason why you prefer $formula?

[mdanish98]

No, I don't have any preferences, please use whatever makes sense and aligns with the AAS QL. This remarks is only to make sure whichever we decide, we use it everywhere and not a mix.

[BirgitBoss]

I think in Security in ACL it is FORMULA (and CONDITION) whereas in the query language only "condition" is used, there is no $formula, only a $condition in Part 2

[mdanish98]

Also, I am seeing some alerts from GitHub code scanning, please either fix it or dismiss it.

[Martin187187]

Hi @Martin187187 ,

thanks a lot for this pull request.

I have reviewed this PR and provided the following review remarks mainly for naming inconsistency. Please note that the naming inconsistency might not be limited to what I pointed out, so please check other files and locations.

Thanks alot for your review @mdanish98. I fixed the naming inconsistencies.

[Martin187187]

I changed a lot here because:

• added Fragment Field Identifier that are used to express what to filter (different to normal field identifier
• I noticed huge gaps between the json and bnf. I fixed the inconsistencies in the BNF so JSON schema has no breaking changes

[Martin187187]

I’ve updated this PR after identifying several inconsistencies and gaps between the JSON Schema and the BNF.

Specifically:

• Aligned the BNF with the JSON Schema to ensure consistent terminology (e.g., avoiding different keywords for the same concept).
• Improved and clarified the required logic in the JSON Schema.
• Verified the updated schema against existing access rules and queries currently used in BaSyx to ensure compatibility and correctness.

If you’d like to review the test cases or see how I validated the schema, you can find them here:
https://github.com/Martin187187/basyx-go-components/tree/json-schema-tests/internal/common/security/schema_tests

Happy to provide additional test data or walk through the validation approach if needed.

[Martin187187]

There was a significant discrepancy between the security JSON schema and the API JSON schema. In the security specification, the fragment object is nested inside the filter object, but this is not the case in the API schema. I have now updated both documents to use the security version for consistency.

[BirgitBoss]

So is it a bug for 3.0.2?

[Martin187187]

yes it is fixed already

[Martin187187]

blocked by #548

[mdanish98]

Hi @Martin187187 , thanks for addressing the remarks, I will wait for the #548 to be concluded first and then resume the review.

[sebbader-sap]

@mdanish98 #548 has been merged.

[sebbader-sap]

@Martin187187 is the PR still in "draft" or now in the "ready for review" state?

[Martin187187]

@Martin187187 is the PR still in "draft" or now in the "ready for review" state?

I will have to resolve conflicts caused by the bugfixes. So it is currenlty only a draft.

[BirgitBoss]

Do we really add
documentation/IDTA-01002-3/modules/ROOT/pages/http-rest-api/test/query/test1.json
to the documentation?

[BirgitBoss]

probably it would be better to include a .json file for better checks (same in Part 1 vor Value-Only Schema)

[BirgitBoss]

I recommend to add an annex with complete examples like in Security: https://industrialdigitaltwin.io/aas-specifications/IDTA-01004/v3.0.2/annex/text-access-rule-examples.html

[Martin187187]

I resolved all conflicts. This is ready for final review now

[Martin187187]

yes it is fixed already

[Martin187187]

For review you can use https://regex101.com/ to verify regex changes and https://bnfplayground.pauliankline.com/ for bnf changes