@Transactional
 public AccessKey create(@NotNull User user, @NotNull AccessKey accessKey) {
   if (accessKey.getLabel() == null) {
     throw new IllegalParametersException(Messages.LABEL_IS_REQUIRED);
   }
   Optional<AccessKey> akOpt =
       genericDAO
           .createNamedQuery(
               AccessKey.class, "AccessKey.getByUserAndLabel", Optional.<CacheConfig>empty())
           .setParameter("userId", user.getId())
           .setParameter("label", accessKey.getLabel())
           .getResultList()
           .stream()
           .findFirst();
   if (akOpt.isPresent()) {
     logger.error("Access key with label {} already exists", accessKey.getLabel());
     throw new ActionNotAllowedException(Messages.DUPLICATE_LABEL_FOUND);
   }
   if (accessKey.getId() != null) {
     logger.error("Access key id shouldn't be present in request parameters");
     throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS);
   }
   authenticationUtils.validateActions(accessKey);
   AccessKeyProcessor keyProcessor = new AccessKeyProcessor();
   String key = keyProcessor.generateKey();
   accessKey.setKey(key);
   accessKey.setUser(user);
   genericDAO.persist(accessKey);
   for (AccessKeyPermission current : accessKey.getPermissions()) {
     AccessKeyPermission permission = preparePermission(current);
     permission.setAccessKey(accessKey);
     genericDAO.persist(permission);
   }
   return genericDAO.find(AccessKey.class, accessKey.getId());
 }
  @Transactional(propagation = Propagation.SUPPORTS)
  public boolean hasAccessToDevice(AccessKey accessKey, String deviceGuid) {
    Set<AccessKeyPermission> permissions = accessKey.getPermissions();
    Set<String> allowedDevices = new HashSet<>();
    Set<Long> allowedNetworks = new HashSet<>();

    User accessKeyUser = userService.findUserWithNetworks(accessKey.getUser().getId());
    Set<AccessKeyPermission> toRemove = new HashSet<>();

    Device device =
        genericDAO
            .createNamedQuery(Device.class, "Device.findByUUID", of(CacheConfig.refresh()))
            .setParameter("guid", deviceGuid)
            .getSingleResult();

    for (AccessKeyPermission currentPermission : permissions) {
      if (currentPermission.getDeviceGuidsAsSet() == null) {
        allowedDevices.add(null);
      } else {
        if (!currentPermission.getDeviceGuidsAsSet().contains(deviceGuid)) {
          toRemove.add(currentPermission);
        } else {
          allowedDevices.addAll(currentPermission.getDeviceGuidsAsSet());
        }
      }
      if (currentPermission.getNetworkIdsAsSet() == null) {
        allowedNetworks.add(null);
      } else {
        if (device.getNetwork() != null) {
          if (!currentPermission.getNetworkIdsAsSet().contains(device.getNetwork().getId())) {
            toRemove.add(currentPermission);
          } else {
            allowedNetworks.addAll(currentPermission.getNetworkIdsAsSet());
          }
        }
      }
    }
    permissions.removeAll(toRemove);
    boolean hasAccess;
    hasAccess =
        allowedDevices.contains(null)
            ? userService.hasAccessToDevice(accessKeyUser, device.getGuid())
            : allowedDevices.contains(device.getGuid())
                && userService.hasAccessToDevice(accessKeyUser, device.getGuid());

    hasAccess =
        hasAccess && allowedNetworks.contains(null)
            ? accessKeyUser.isAdmin() || accessKeyUser.getNetworks().contains(device.getNetwork())
            : (accessKeyUser.isAdmin() || accessKeyUser.getNetworks().contains(device.getNetwork()))
                && allowedNetworks.contains(device.getNetwork().getId());

    return hasAccess;
  }
 @Transactional(propagation = Propagation.SUPPORTS)
 public boolean hasAccessToNetwork(AccessKey accessKey, Network targetNetwork) {
   Set<AccessKeyPermission> permissions = accessKey.getPermissions();
   User user = accessKey.getUser();
   boolean hasNullPermission =
       permissions.stream().anyMatch(perm -> perm.getNetworkIdsAsSet() == null);
   if (hasNullPermission) {
     return userService.hasAccessToNetwork(user, targetNetwork);
   } else {
     Set<Long> allowedNetworks =
         permissions
             .stream()
             .map(AccessKeyPermission::getNetworkIdsAsSet)
             .flatMap(Collection::stream)
             .collect(Collectors.toSet());
     user = userService.findUserWithNetworks(user.getId());
     return allowedNetworks.contains(targetNetwork.getId())
         && (user.isAdmin() || user.getNetworks().contains(targetNetwork));
   }
 }
 @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
 public Network getWithDevicesAndDeviceClasses(
     @NotNull Long networkId, @NotNull HivePrincipal principal) {
   if (principal.getUser() != null) {
     List<Network> found =
         networkDAO.getNetworkList(principal.getUser(), null, Arrays.asList(networkId));
     if (found.isEmpty()) {
       return null;
     }
     List<Device> devices = deviceService.getList(networkId, principal);
     Network result = found.get(0);
     result.setDevices(new HashSet<>(devices));
     return result;
   } else {
     AccessKey key = principal.getKey();
     User user = userService.findUserWithNetworks(key.getUser().getId());
     List<Network> found =
         networkDAO.getNetworkList(user, key.getPermissions(), Arrays.asList(networkId));
     Network result = found.isEmpty() ? null : found.get(0);
     if (result == null) {
       return result;
     }
     // to get proper devices 1) get access key with all permissions 2) get devices for required
     // network
     key = accessKeyService.find(key.getId(), principal.getKey().getUser().getId());
     List<AllowedKeyAction.Action> actions = new ArrayList<>();
     actions.add(AllowedKeyAction.Action.GET_DEVICE);
     if (!CheckPermissionsHelper.checkAllPermissions(key, actions)) {
       result.setDevices(null);
       return result;
     }
     Set<Device> devices = new HashSet<>(deviceService.getList(result.getId(), principal));
     result.setDevices(devices);
     return result;
   }
 }