From 6171a1615712479e353f88e235489ad04bf499bc Mon Sep 17 00:00:00 2001 From: Michael Zanetti Date: Mon, 7 Nov 2022 22:48:12 +0100 Subject: [PATCH 1/2] Fix permissions for rules api --- libnymea-core/jsonrpc/ruleshandler.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libnymea-core/jsonrpc/ruleshandler.cpp b/libnymea-core/jsonrpc/ruleshandler.cpp index bcdcdff0..4fb12fd2 100644 --- a/libnymea-core/jsonrpc/ruleshandler.cpp +++ b/libnymea-core/jsonrpc/ruleshandler.cpp @@ -107,14 +107,14 @@ RulesHandler::RulesHandler(QObject *parent) : description = "Get the descriptions of all configured rules. If you need more information about a specific rule use the " "method Rules.GetRuleDetails."; returns.insert("ruleDescriptions", QVariantList() << objectRef("RuleDescription")); - registerMethod("GetRules", description, params, returns, Types::PermissionScopeConfigureRules); + registerMethod("GetRules", description, params, returns, Types::PermissionScopeExecuteRules); params.clear(); returns.clear(); description = "Get details for the rule identified by ruleId"; params.insert("ruleId", enumValueName(Uuid)); returns.insert("o:rule", objectRef("Rule")); returns.insert("ruleError", enumRef()); - registerMethod("GetRuleDetails", description, params, returns); + registerMethod("GetRuleDetails", description, params, returns, Types::PermissionScopeExecuteRules); params.clear(); returns.clear(); description = "Add a rule. You can describe rules by one or many EventDesciptors and a StateEvaluator. " @@ -138,7 +138,7 @@ RulesHandler::RulesHandler(QObject *parent) : params.insert("o:executable", enumValueName(Bool)); returns.insert("ruleError", enumRef()); returns.insert("o:ruleId", enumValueName(Uuid)); - registerMethod("AddRule", description, params, returns); + registerMethod("AddRule", description, params, returns, Types::PermissionScopeConfigureRules); params.clear(); returns.clear(); description = "Edit the parameters of a rule. The configuration of the rule with the given ruleId " @@ -156,45 +156,45 @@ RulesHandler::RulesHandler(QObject *parent) : params.insert("o:executable", enumValueName(Bool)); returns.insert("ruleError", enumRef()); returns.insert("o:rule", objectRef("Rule")); - registerMethod("EditRule", description, params, returns); + registerMethod("EditRule", description, params, returns, Types::PermissionScopeConfigureRules); params.clear(); returns.clear(); description = "Remove a rule"; params.insert("ruleId", enumValueName(Uuid)); returns.insert("ruleError", enumRef()); - registerMethod("RemoveRule", description, params, returns); + registerMethod("RemoveRule", description, params, returns, Types::PermissionScopeConfigureRules); params.clear(); returns.clear(); description = "Find a list of rules containing any of the given parameters."; params.insert("thingId", enumValueName(Uuid)); returns.insert("ruleIds", QVariantList() << enumValueName(Uuid)); - registerMethod("FindRules", description, params, returns); + registerMethod("FindRules", description, params, returns, Types::PermissionScopeExecuteRules); params.clear(); returns.clear(); description = "Enabled a rule that has previously been disabled." "If successful, the notification \"Rule.RuleConfigurationChanged\" will be emitted."; params.insert("ruleId", enumValueName(Uuid)); returns.insert("ruleError", enumRef()); - registerMethod("EnableRule", description, params, returns); + registerMethod("EnableRule", description, params, returns, Types::PermissionScopeConfigureRules); params.clear(); returns.clear(); description = "Disable a rule. The rule won't be triggered by it's events or state changes while it is disabled. " "If successful, the notification \"Rule.RuleConfigurationChanged\" will be emitted."; params.insert("ruleId", enumValueName(Uuid)); returns.insert("ruleError", enumRef()); - registerMethod("DisableRule", description, params, returns); + registerMethod("DisableRule", description, params, returns, Types::PermissionScopeConfigureRules); params.clear(); returns.clear(); description = "Execute the action list of the rule with the given ruleId."; params.insert("ruleId", enumValueName(Uuid)); returns.insert("ruleError", enumRef()); - registerMethod("ExecuteActions", description, params, returns); + registerMethod("ExecuteActions", description, params, returns, Types::PermissionScopeExecuteRules); params.clear(); returns.clear(); description = "Execute the exit action list of the rule with the given ruleId."; params.insert("ruleId", enumValueName(Uuid)); returns.insert("ruleError", enumRef()); - registerMethod("ExecuteExitActions", description, params, returns); + registerMethod("ExecuteExitActions", description, params, returns, Types::PermissionScopeExecuteRules); // Notifications params.clear(); returns.clear(); From 9296c1183c6950164c90e388772f66d62223d9d3 Mon Sep 17 00:00:00 2001 From: Michael Zanetti Date: Mon, 7 Nov 2022 23:58:00 +0100 Subject: [PATCH 2/2] Fix permissions for tags and appdata This ties those namespaces to the things permissions but won't allow having different tags/appdata per user, which arguably would be desirable. However, that's currently not that straight forward to do, as at the moment there is no way to direct jsonrpc notifications to a single user. --- libnymea-core/jsonrpc/appdatahandler.cpp | 4 ++-- libnymea-core/jsonrpc/tagshandler.cpp | 6 ++--- tests/auto/api.json | 30 ++++++++++++------------ 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/libnymea-core/jsonrpc/appdatahandler.cpp b/libnymea-core/jsonrpc/appdatahandler.cpp index f8a2acfb..a0c665df 100644 --- a/libnymea-core/jsonrpc/appdatahandler.cpp +++ b/libnymea-core/jsonrpc/appdatahandler.cpp @@ -26,7 +26,7 @@ AppDataHandler::AppDataHandler(QObject *parent) : JsonHandler(parent) params.insert("o:group", enumValueName(String)); params.insert("key", enumValueName(String)); params.insert("value", enumValueName(String)); - registerMethod("Store", description, params, returns); + registerMethod("Store", description, params, returns, Types::PermissionScopeConfigureThings); description.clear(); params.clear(); returns.clear(); description = "Retrieve an app data storage value that has previously been set with Store(). If no value " @@ -35,7 +35,7 @@ AppDataHandler::AppDataHandler(QObject *parent) : JsonHandler(parent) params.insert("o:group", enumValueName(String)); params.insert("key", enumValueName(String)); returns.insert("value", enumValueName(String)); - registerMethod("Load", description, params, returns); + registerMethod("Load", description, params, returns, Types::PermissionScopeControlThings); // Notifications description.clear(); params.clear(); diff --git a/libnymea-core/jsonrpc/tagshandler.cpp b/libnymea-core/jsonrpc/tagshandler.cpp index eff2024d..f1845d90 100644 --- a/libnymea-core/jsonrpc/tagshandler.cpp +++ b/libnymea-core/jsonrpc/tagshandler.cpp @@ -54,7 +54,7 @@ TagsHandler::TagsHandler(QObject *parent) : JsonHandler(parent) params.insert("o:tagId", enumValueName(String)); returns.insert("tagError", enumRef()); returns.insert("o:tags", objectRef("Tags")); - registerMethod("GetTags", description, params, returns); + registerMethod("GetTags", description, params, returns, Types::PermissionScopeControlThings); params.clear(); returns.clear(); description = "Add a Tag. " @@ -65,7 +65,7 @@ TagsHandler::TagsHandler(QObject *parent) : JsonHandler(parent) "the TagValueChanged notification will be emitted."; params.insert("tag", objectRef("Tag")); returns.insert("tagError", enumRef()); - registerMethod("AddTag", description, params, returns); + registerMethod("AddTag", description, params, returns, Types::PermissionScopeControlThings); params.clear(); returns.clear(); description = "Remove a Tag. " @@ -73,7 +73,7 @@ TagsHandler::TagsHandler(QObject *parent) : JsonHandler(parent) "TagRemoved notification will be emitted."; params.insert("tag", objectRef("Tag")); returns.insert("tagError", enumRef()); - registerMethod("RemoveTag", description, params, returns); + registerMethod("RemoveTag", description, params, returns, Types::PermissionScopeControlThings); // Notifications params.clear(); diff --git a/tests/auto/api.json b/tests/auto/api.json index dbc94d4f..a7a57d85 100644 --- a/tests/auto/api.json +++ b/tests/auto/api.json @@ -566,7 +566,7 @@ "key": "String", "o:group": "String" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeControlThings", "returns": { "value": "String" } @@ -579,7 +579,7 @@ "o:group": "String", "value": "String" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeConfigureThings", "returns": { } }, @@ -1595,7 +1595,7 @@ "o:stateEvaluator": "$ref:StateEvaluator", "o:timeDescriptor": "$ref:TimeDescriptor" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeConfigureRules", "returns": { "o:ruleId": "Uuid", "ruleError": "$ref:RuleError" @@ -1606,7 +1606,7 @@ "params": { "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeConfigureRules", "returns": { "ruleError": "$ref:RuleError" } @@ -1630,7 +1630,7 @@ "o:timeDescriptor": "$ref:TimeDescriptor", "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeConfigureRules", "returns": { "o:rule": "$ref:Rule", "ruleError": "$ref:RuleError" @@ -1641,7 +1641,7 @@ "params": { "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeConfigureRules", "returns": { "ruleError": "$ref:RuleError" } @@ -1651,7 +1651,7 @@ "params": { "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeExecuteRules", "returns": { "ruleError": "$ref:RuleError" } @@ -1661,7 +1661,7 @@ "params": { "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeExecuteRules", "returns": { "ruleError": "$ref:RuleError" } @@ -1671,7 +1671,7 @@ "params": { "thingId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeExecuteRules", "returns": { "ruleIds": [ "Uuid" @@ -1683,7 +1683,7 @@ "params": { "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeExecuteRules", "returns": { "o:rule": "$ref:Rule", "ruleError": "$ref:RuleError" @@ -1693,7 +1693,7 @@ "description": "Get the descriptions of all configured rules. If you need more information about a specific rule use the method Rules.GetRuleDetails.", "params": { }, - "permissionScope": "PermissionScopeConfigureRules", + "permissionScope": "PermissionScopeExecuteRules", "returns": { "ruleDescriptions": [ "$ref:RuleDescription" @@ -1705,7 +1705,7 @@ "params": { "ruleId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeConfigureRules", "returns": { "ruleError": "$ref:RuleError" } @@ -1935,7 +1935,7 @@ "params": { "tag": "$ref:Tag" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeControlThings", "returns": { "tagError": "$ref:TagError" } @@ -1948,7 +1948,7 @@ "o:tagId": "String", "o:thingId": "Uuid" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeControlThings", "returns": { "o:tags": "$ref:Tags", "tagError": "$ref:TagError" @@ -1959,7 +1959,7 @@ "params": { "tag": "$ref:Tag" }, - "permissionScope": "PermissionScopeAdmin", + "permissionScope": "PermissionScopeControlThings", "returns": { "tagError": "$ref:TagError" }