added resource and firmware to the AccessValidator

@@ -80,7 +80,7 @@ public class FirmwareController extends BaseController {
         checkParameter(FIRMWARE_ID, strFirmwareId);
         try {
             FirmwareId firmwareId = new FirmwareId(toUUID(strFirmwareId));
-            return checkFirmwareInfoId(firmwareId, Operation.READ);
+            return checkNotNull(firmwareService.findFirmwareInfoById(getTenantId(), firmwareId));
         } catch (Exception e) {
             throw handleException(e);
         }

@@ -30,6 +30,8 @@ import org.thingsboard.server.common.data.Customer;
 import org.thingsboard.server.common.data.Device;
 import org.thingsboard.server.common.data.DeviceProfile;
 import org.thingsboard.server.common.data.EntityView;
+import org.thingsboard.server.common.data.FirmwareInfo;
+import org.thingsboard.server.common.data.TbResourceInfo;
 import org.thingsboard.server.common.data.Tenant;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.asset.Asset;
@@ -44,8 +46,10 @@ import org.thingsboard.server.common.data.id.EdgeId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.EntityIdFactory;
 import org.thingsboard.server.common.data.id.EntityViewId;
+import org.thingsboard.server.common.data.id.FirmwareId;
 import org.thingsboard.server.common.data.id.RuleChainId;
 import org.thingsboard.server.common.data.id.RuleNodeId;
+import org.thingsboard.server.common.data.id.TbResourceId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.rule.RuleChain;
@@ -59,6 +63,8 @@ import org.thingsboard.server.dao.device.DeviceService;
 import org.thingsboard.server.dao.edge.EdgeService;
 import org.thingsboard.server.dao.entityview.EntityViewService;
 import org.thingsboard.server.dao.exception.IncorrectParameterException;
+import org.thingsboard.server.dao.firmware.FirmwareService;
+import org.thingsboard.server.dao.resource.ResourceService;
 import org.thingsboard.server.dao.rule.RuleChainService;
 import org.thingsboard.server.dao.tenant.TenantService;
 import org.thingsboard.server.dao.usagerecord.ApiUsageStateService;
@@ -125,6 +131,12 @@ public class AccessValidator {
     @Autowired
     protected ApiUsageStateService apiUsageStateService;
 
+    @Autowired
+    protected ResourceService resourceService;
+
+    @Autowired
+    protected FirmwareService firmwareService;
+
     private ExecutorService executor;
 
     @PostConstruct
@@ -217,6 +229,12 @@ public class AccessValidator {
             case API_USAGE_STATE:
                 validateApiUsageState(currentUser, operation, entityId, callback);
                 return;
+            case TB_RESOURCE:
+                validateResource(currentUser, operation, entityId, callback);
+                return;
+            case FIRMWARE:
+                validateFirmware(currentUser, operation, entityId, callback);
+                return;
             default:
                 //TODO: add support of other entities
                 throw new IllegalStateException("Not Implemented!");
@@ -282,6 +300,40 @@ public class AccessValidator {
         }
     }
 
+    private void validateFirmware(final SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) {
+        if (currentUser.isSystemAdmin()) {
+            callback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
+        } else {
+            FirmwareInfo firmware = firmwareService.findFirmwareInfoById(currentUser.getTenantId(), new FirmwareId(entityId.getId()));
+            if (firmware == null) {
+                callback.onSuccess(ValidationResult.entityNotFound("Firmware with requested id wasn't found!"));
+            } else {
+                try {
+                    accessControlService.checkPermission(currentUser, Resource.FIRMWARE, operation, entityId, firmware);
+                } catch (ThingsboardException e) {
+                    callback.onSuccess(ValidationResult.accessDenied(e.getMessage()));
+                }
+                callback.onSuccess(ValidationResult.ok(firmware));
+            }
+        }
+    }
+
+    private void validateResource(SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) {
+        ListenableFuture<TbResourceInfo> resourceFuture = resourceService.findResourceInfoByIdAsync(currentUser.getTenantId(), new TbResourceId(entityId.getId()));
+        Futures.addCallback(resourceFuture, getCallback(callback, resource -> {
+            if (resource == null) {
+                return ValidationResult.entityNotFound("Resource with requested id wasn't found!");
+            } else {
+                try {
+                    accessControlService.checkPermission(currentUser, Resource.TB_RESOURCE, operation, entityId, resource);
+                } catch (ThingsboardException e) {
+                    return ValidationResult.accessDenied(e.getMessage());
+                }
+                return ValidationResult.ok(resource);
+            }
+        }), executor);
+    }
+
     private void validateAsset(final SecurityUser currentUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> callback) {
         if (currentUser.isSystemAdmin()) {
             callback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));