@matter/protocol 0.16.0-alpha.0-20250902-38a7cc156 → 0.16.0-alpha.0-20250909-aecad94f3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/action/Interactable.d.ts +2 -2
- package/dist/cjs/action/Interactable.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.d.ts +43 -15
- package/dist/cjs/action/server/AccessControl.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.js +47 -36
- package/dist/cjs/action/server/AccessControl.js.map +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.js +24 -22
- package/dist/cjs/action/server/AttributeReadResponse.js.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.js +38 -26
- package/dist/cjs/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.js +28 -19
- package/dist/cjs/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/cjs/action/server/EventReadResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/EventReadResponse.js +22 -20
- package/dist/cjs/action/server/EventReadResponse.js.map +1 -1
- package/dist/cjs/fabric/Fabric.d.ts +1 -1
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +4 -4
- package/dist/cjs/fabric/Fabric.js.map +1 -1
- package/dist/cjs/interaction/FabricAccessControl.d.ts +2 -2
- package/dist/cjs/interaction/FabricAccessControl.d.ts.map +1 -1
- package/dist/cjs/interaction/FabricAccessControl.js +0 -6
- package/dist/cjs/interaction/FabricAccessControl.js.map +1 -1
- package/dist/esm/action/Interactable.d.ts +2 -2
- package/dist/esm/action/Interactable.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.d.ts +43 -15
- package/dist/esm/action/server/AccessControl.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.js +48 -37
- package/dist/esm/action/server/AccessControl.js.map +1 -1
- package/dist/esm/action/server/AttributeReadResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeReadResponse.js +25 -23
- package/dist/esm/action/server/AttributeReadResponse.js.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.js +39 -27
- package/dist/esm/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.js +29 -20
- package/dist/esm/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/esm/action/server/EventReadResponse.d.ts.map +1 -1
- package/dist/esm/action/server/EventReadResponse.js +23 -21
- package/dist/esm/action/server/EventReadResponse.js.map +1 -1
- package/dist/esm/fabric/Fabric.d.ts +1 -1
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +4 -4
- package/dist/esm/fabric/Fabric.js.map +1 -1
- package/dist/esm/interaction/FabricAccessControl.d.ts +2 -2
- package/dist/esm/interaction/FabricAccessControl.d.ts.map +1 -1
- package/dist/esm/interaction/FabricAccessControl.js +0 -6
- package/dist/esm/interaction/FabricAccessControl.js.map +1 -1
- package/package.json +6 -6
- package/src/action/Interactable.ts +2 -2
- package/src/action/server/AccessControl.ts +90 -53
- package/src/action/server/AttributeReadResponse.ts +35 -29
- package/src/action/server/AttributeWriteResponse.ts +50 -38
- package/src/action/server/CommandInvokeResponse.ts +33 -24
- package/src/action/server/EventReadResponse.ts +25 -21
- package/src/fabric/Fabric.ts +4 -4
- package/src/interaction/FabricAccessControl.ts +2 -8
|
@@ -13,9 +13,9 @@ import { ReadResult } from "./response/ReadResult.js";
|
|
|
13
13
|
import { SubscribeResult } from "./response/SubscribeResult.js";
|
|
14
14
|
import { WriteResult } from "./response/WriteResult.js";
|
|
15
15
|
import { AccessControl } from "./server/AccessControl.js";
|
|
16
|
-
export
|
|
16
|
+
export type InteractionSession = AccessControl.Session & {
|
|
17
17
|
transaction?: Transaction;
|
|
18
|
-
}
|
|
18
|
+
};
|
|
19
19
|
/**
|
|
20
20
|
* Objects implementing this interface can participate in Matter interactions.
|
|
21
21
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Interactable.d.ts","sourceRoot":"","sources":["../../../src/action/Interactable.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,MAAM,
|
|
1
|
+
{"version":3,"file":"Interactable.d.ts","sourceRoot":"","sources":["../../../src/action/Interactable.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,MAAM,MAAM,kBAAkB,GAAG,aAAa,CAAC,OAAO,GAAG;IACrD,WAAW,CAAC,EAAE,WAAW,CAAC;CAC7B,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,QAAQ,GAAG,kBAAkB;IACvD;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IAEpD;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,QAAQ,GAAG,eAAe,CAAC;IAEnE;;OAEG;IACH,KAAK,CAAC,CAAC,SAAS,KAAK,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAEvE;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,GAAG,YAAY,CAAC;CAC7D"}
|
|
@@ -6,6 +6,24 @@
|
|
|
6
6
|
import { AccessLevel, DataModelPath, Schema } from "#model";
|
|
7
7
|
import { ClusterId, EndpointNumber, FabricIndex } from "#types";
|
|
8
8
|
import { Subject } from "./Subject.js";
|
|
9
|
+
/**
|
|
10
|
+
* Confirm that an access control session (or some variante thereof) is a {@link AccessControl.RemoteActorSession}.
|
|
11
|
+
*/
|
|
12
|
+
export declare function hasRemoteActor<T extends undefined | AccessControl.Session>(session: T): session is Exclude<T, undefined | {
|
|
13
|
+
subject?: undefined;
|
|
14
|
+
}>;
|
|
15
|
+
/**
|
|
16
|
+
* Throws if a session is not a {@link AccessControl.RemoteActorSession}.
|
|
17
|
+
*/
|
|
18
|
+
export declare function assertRemoteActor<T extends undefined | AccessControl.Session>(session: T): asserts session is Exclude<T, undefined | {
|
|
19
|
+
subject?: undefined;
|
|
20
|
+
}>;
|
|
21
|
+
/**
|
|
22
|
+
* Confirm that an access control session (or some variante thereof) is a {@link AccessControl.LocalActorSession}.
|
|
23
|
+
*/
|
|
24
|
+
export declare function hasLocalActor<T extends undefined | AccessControl.Session>(session: T): session is Exclude<T, {
|
|
25
|
+
subject: Subject;
|
|
26
|
+
}>;
|
|
9
27
|
/**
|
|
10
28
|
* Enforces access control for a specific schema.
|
|
11
29
|
*/
|
|
@@ -63,12 +81,16 @@ export declare namespace AccessControl {
|
|
|
63
81
|
}
|
|
64
82
|
/**
|
|
65
83
|
* A function that asserts access control requirements are met.
|
|
84
|
+
*
|
|
85
|
+
* If {@link session} is undefined the function does not enforce access controls.
|
|
66
86
|
*/
|
|
67
|
-
type Assertion = (session: Session, location: Location) => void;
|
|
87
|
+
type Assertion = (session: Session | undefined, location: Location) => void;
|
|
68
88
|
/**
|
|
69
89
|
* A function that returns true if access control requirements are met.
|
|
90
|
+
*
|
|
91
|
+
* If {@link session} is undefined the function does not enforce access controls.
|
|
70
92
|
*/
|
|
71
|
-
type Verification = (session: Session, location: Location) => boolean;
|
|
93
|
+
type Verification = (session: Session | undefined, location: Location) => boolean;
|
|
72
94
|
/**
|
|
73
95
|
* Metadata that varies with position in the data model.
|
|
74
96
|
*/
|
|
@@ -92,22 +114,24 @@ export declare namespace AccessControl {
|
|
|
92
114
|
owningFabric?: FabricIndex;
|
|
93
115
|
}
|
|
94
116
|
/**
|
|
95
|
-
* Authorization metadata that varies
|
|
117
|
+
* Authorization metadata that varies by remote actor.
|
|
96
118
|
*/
|
|
97
|
-
interface
|
|
119
|
+
interface RemoteActorSession {
|
|
98
120
|
/**
|
|
99
121
|
* Determine whether authorized client has authority at a specific location.
|
|
100
122
|
*/
|
|
101
123
|
authorityAt(desiredAccessLevel: AccessLevel, location?: Location): Authority;
|
|
102
124
|
/**
|
|
103
125
|
* The fabric of the authorized client.
|
|
126
|
+
*
|
|
127
|
+
* For PASE sessions this will be {@link FabricIndex.NO_FABRIC}.
|
|
104
128
|
*/
|
|
105
|
-
readonly fabric
|
|
129
|
+
readonly fabric: FabricIndex;
|
|
106
130
|
/**
|
|
107
|
-
* The authenticated
|
|
108
|
-
*
|
|
131
|
+
* The authenticated remote actor. This includes the relevant Node Id, Group ID and also potential relevant Case
|
|
132
|
+
* Authenticated Tags.
|
|
109
133
|
*/
|
|
110
|
-
readonly subject
|
|
134
|
+
readonly subject: Subject;
|
|
111
135
|
/**
|
|
112
136
|
* If this is true, fabric-scoped lists are filtered to the accessing fabric.
|
|
113
137
|
*/
|
|
@@ -121,14 +145,18 @@ export declare namespace AccessControl {
|
|
|
121
145
|
* active.
|
|
122
146
|
*/
|
|
123
147
|
readonly command?: boolean;
|
|
124
|
-
/**
|
|
125
|
-
* If this is true then access levels are not enforced and all values are read/write. Datatypes are still
|
|
126
|
-
* enforced.
|
|
127
|
-
*
|
|
128
|
-
* Tracks "offline" rather than "online" because this makes the safer mode (full enforcement) the default.
|
|
129
|
-
*/
|
|
130
|
-
offline?: boolean;
|
|
131
148
|
}
|
|
149
|
+
/**
|
|
150
|
+
* A local actor session has no authenticated subject and access controls are bypassed.
|
|
151
|
+
*/
|
|
152
|
+
type LocalActorSession = {
|
|
153
|
+
fabric?: undefined;
|
|
154
|
+
subject?: undefined;
|
|
155
|
+
};
|
|
156
|
+
/**
|
|
157
|
+
* The accessing session.
|
|
158
|
+
*/
|
|
159
|
+
type Session = LocalActorSession | RemoteActorSession;
|
|
132
160
|
/**
|
|
133
161
|
* Authority status.
|
|
134
162
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessControl.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AccessControl.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"AccessControl.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AccessControl.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAU,WAAW,EAAE,aAAa,EAAc,MAAM,EAAc,MAAM,QAAQ,CAAC;AAC5F,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,EAAU,MAAM,QAAQ,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAIvC;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,SAAS,GAAG,aAAa,CAAC,OAAO,EACtE,OAAO,EAAE,CAAC,GACX,OAAO,IAAI,OAAO,CAAC,CAAC,EAAE,SAAS,GAAG;IAAE,OAAO,CAAC,EAAE,SAAS,CAAA;CAAE,CAAC,CAE5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,SAAS,GAAG,aAAa,CAAC,OAAO,EACzE,OAAO,EAAE,CAAC,GACX,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,EAAE,SAAS,GAAG;IAAE,OAAO,CAAC,EAAE,SAAS,CAAA;CAAE,CAAC,CAIpE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,CAAC,SAAS,SAAS,GAAG,aAAa,CAAC,OAAO,EACrE,OAAO,EAAE,CAAC,GACX,OAAO,IAAI,OAAO,CAAC,CAAC,EAAE;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAE7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC;IAE7B;;OAEG;IACH,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC;IAEvC;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC;IAEpC;;OAEG;IACH,cAAc,EAAE,aAAa,CAAC,SAAS,CAAC;IAExC;;OAEG;IACH,QAAQ,EAAE,aAAa,CAAC,YAAY,CAAC;IAErC;;OAEG;IACH,eAAe,EAAE,aAAa,CAAC,SAAS,CAAC;IAEzC;;OAEG;IACH,SAAS,EAAE,aAAa,CAAC,YAAY,CAAC;CACzC;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,iBAM3C;AAED,yBAAiB,aAAa,CAAC;IAC3B;;OAEG;IACH,UAAiB,MAAM;QACnB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;QAEhC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC;QAEjC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;QAC/B,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;QAElC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;KAC3B;IAED;;;;OAIG;IACH,KAAY,SAAS,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAAC;IAEnF;;;;OAIG;IACH,KAAY,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC;IAEzF;;OAEG;IACH,UAAiB,QAAQ;QACrB;;WAEG;QACH,IAAI,EAAE,aAAa,CAAC;QAEpB;;WAEG;QACH,QAAQ,CAAC,EAAE,cAAc,CAAC;QAE1B;;WAEG;QACH,OAAO,CAAC,EAAE,SAAS,CAAC;QAEpB;;;WAGG;QACH,YAAY,CAAC,EAAE,WAAW,CAAC;KAC9B;IAED;;OAEG;IACH,UAAiB,kBAAkB;QAC/B;;WAEG;QACH,WAAW,CAAC,kBAAkB,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;QAE7E;;;;WAIG;QACH,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;QAE7B;;;WAGG;QACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;QAE1B;;WAEG;QACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;QAElC;;WAEG;QACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;QAEzB;;;WAGG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC9B;IAED;;OAEG;IACH,KAAY,iBAAiB,GAAG;QAC5B,MAAM,CAAC,EAAE,SAAS,CAAC;QACnB,OAAO,CAAC,EAAE,SAAS,CAAC;KACvB,CAAC;IAEF;;OAEG;IACH,KAAY,OAAO,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;IAE7D;;OAEG;IACH,KAAY,SAAS;QACjB;;WAEG;QACH,OAAO,IAAI;QAEX;;WAEG;QACH,YAAY,IAAI;QAEhB;;WAEG;QACH,UAAU,IAAI;KACjB;CACJ"}
|
|
@@ -18,9 +18,13 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var AccessControl_exports = {};
|
|
20
20
|
__export(AccessControl_exports, {
|
|
21
|
-
AccessControl: () => AccessControl
|
|
21
|
+
AccessControl: () => AccessControl,
|
|
22
|
+
assertRemoteActor: () => assertRemoteActor,
|
|
23
|
+
hasLocalActor: () => hasLocalActor,
|
|
24
|
+
hasRemoteActor: () => hasRemoteActor
|
|
22
25
|
});
|
|
23
26
|
module.exports = __toCommonJS(AccessControl_exports);
|
|
27
|
+
var import_general = require("#general");
|
|
24
28
|
var import_model = require("#model");
|
|
25
29
|
var import_types = require("#types");
|
|
26
30
|
var import_errors = require("../errors.js");
|
|
@@ -30,6 +34,17 @@ var import_errors = require("../errors.js");
|
|
|
30
34
|
* SPDX-License-Identifier: Apache-2.0
|
|
31
35
|
*/
|
|
32
36
|
const cache = /* @__PURE__ */ new WeakMap();
|
|
37
|
+
function hasRemoteActor(session) {
|
|
38
|
+
return session?.subject !== void 0;
|
|
39
|
+
}
|
|
40
|
+
function assertRemoteActor(session) {
|
|
41
|
+
if (!hasRemoteActor(session)) {
|
|
42
|
+
throw new import_general.ImplementationError("This operation requires an authenticated remote session");
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
function hasLocalActor(session) {
|
|
46
|
+
return session?.subject === void 0;
|
|
47
|
+
}
|
|
33
48
|
function AccessControl(schema) {
|
|
34
49
|
let enforcer = cache.get(schema);
|
|
35
50
|
if (enforcer === void 0) {
|
|
@@ -56,50 +71,50 @@ function enforcerFor(schema) {
|
|
|
56
71
|
function dataEnforcerFor(schema) {
|
|
57
72
|
const limits = limitsFor(schema);
|
|
58
73
|
let mayRead = (session, location) => {
|
|
59
|
-
if (session
|
|
74
|
+
if (hasLocalActor(session) || session.command) {
|
|
60
75
|
return true;
|
|
61
76
|
}
|
|
62
77
|
return session.authorityAt(limits.readLevel, location) === 1 /* Granted */;
|
|
63
78
|
};
|
|
64
79
|
let mayWrite = (session, location) => {
|
|
65
|
-
if (session
|
|
80
|
+
if (hasLocalActor(session) || session.command) {
|
|
66
81
|
return true;
|
|
67
82
|
}
|
|
68
83
|
return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
|
|
69
84
|
};
|
|
70
85
|
let authorizeRead = (session, location) => {
|
|
71
|
-
if (session
|
|
86
|
+
if (hasLocalActor(session) || session.command) {
|
|
72
87
|
return;
|
|
73
88
|
}
|
|
74
89
|
if (session.authorityAt(limits.readLevel, location) === 1 /* Granted */) {
|
|
75
90
|
return;
|
|
76
91
|
}
|
|
77
|
-
throw new import_errors.ReadError(location, "Permission denied", import_types.
|
|
92
|
+
throw new import_errors.ReadError(location, "Permission denied", import_types.Status.UnsupportedAccess);
|
|
78
93
|
};
|
|
79
94
|
let authorizeWrite = (session, location) => {
|
|
80
|
-
if (session
|
|
95
|
+
if (hasLocalActor(session) || session.command) {
|
|
81
96
|
return;
|
|
82
97
|
}
|
|
83
98
|
if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
|
|
84
99
|
return;
|
|
85
100
|
}
|
|
86
|
-
throw new import_errors.WriteError(location, "Permission denied", import_types.
|
|
101
|
+
throw new import_errors.WriteError(location, "Permission denied", import_types.Status.UnsupportedAccess);
|
|
87
102
|
};
|
|
88
103
|
if (limits.timed) {
|
|
89
104
|
const wrappedAuthorizeWrite = authorizeWrite;
|
|
90
105
|
const wrappedMayWrite = mayWrite;
|
|
91
106
|
authorizeWrite = (session, location) => {
|
|
92
|
-
if (
|
|
107
|
+
if (hasRemoteActor(session) && !session.timed) {
|
|
93
108
|
throw new import_errors.WriteError(
|
|
94
109
|
location,
|
|
95
110
|
"Permission denied because interaction is not timed",
|
|
96
|
-
import_types.
|
|
111
|
+
import_types.Status.NeedsTimedInteraction
|
|
97
112
|
);
|
|
98
113
|
}
|
|
99
114
|
wrappedAuthorizeWrite?.(session, location);
|
|
100
115
|
};
|
|
101
116
|
mayWrite = (session, location) => {
|
|
102
|
-
if (
|
|
117
|
+
if (hasRemoteActor(session) && !session.timed) {
|
|
103
118
|
return false;
|
|
104
119
|
}
|
|
105
120
|
return wrappedMayWrite(session, location);
|
|
@@ -111,32 +126,28 @@ function dataEnforcerFor(schema) {
|
|
|
111
126
|
const wrappedAuthorizeWrite = authorizeWrite;
|
|
112
127
|
const wrappedMayWrite = mayWrite;
|
|
113
128
|
authorizeRead = (session, location) => {
|
|
114
|
-
if (session
|
|
129
|
+
if (hasLocalActor(session) || session.command) {
|
|
115
130
|
return;
|
|
116
131
|
}
|
|
117
132
|
if (session.fabricFiltered) {
|
|
118
|
-
if (session.fabric
|
|
119
|
-
throw new import_errors.ReadError(
|
|
120
|
-
location,
|
|
121
|
-
"Permission denied: No accessing fabric",
|
|
122
|
-
import_types.StatusCode.UnsupportedAccess
|
|
123
|
-
);
|
|
133
|
+
if (!session.fabric) {
|
|
134
|
+
throw new import_errors.ReadError(location, "Permission denied: No accessing fabric", import_types.Status.UnsupportedAccess);
|
|
124
135
|
}
|
|
125
136
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
126
137
|
throw new import_errors.ReadError(
|
|
127
138
|
location,
|
|
128
139
|
"Permission denied: Owning/accessing fabric mismatch",
|
|
129
|
-
import_types.
|
|
140
|
+
import_types.Status.UnsupportedAccess
|
|
130
141
|
);
|
|
131
142
|
}
|
|
132
143
|
}
|
|
133
144
|
wrappedAuthorizeRead(session, location);
|
|
134
145
|
};
|
|
135
146
|
mayRead = (session, location) => {
|
|
136
|
-
if (session
|
|
147
|
+
if (hasLocalActor(session) || session.command) {
|
|
137
148
|
return true;
|
|
138
149
|
}
|
|
139
|
-
if (session.fabric
|
|
150
|
+
if (!session.fabric) {
|
|
140
151
|
return false;
|
|
141
152
|
}
|
|
142
153
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
@@ -145,11 +156,11 @@ function dataEnforcerFor(schema) {
|
|
|
145
156
|
return wrappedMayRead(session, location);
|
|
146
157
|
};
|
|
147
158
|
authorizeWrite = (session, location) => {
|
|
148
|
-
if (session
|
|
159
|
+
if (hasLocalActor(session) || session.command) {
|
|
149
160
|
return;
|
|
150
161
|
}
|
|
151
|
-
if (session.fabric
|
|
152
|
-
throw new import_errors.WriteError(location, "Permission denied: No accessing fabric", import_types.
|
|
162
|
+
if (!session.fabric) {
|
|
163
|
+
throw new import_errors.WriteError(location, "Permission denied: No accessing fabric", import_types.Status.UnsupportedAccess);
|
|
153
164
|
}
|
|
154
165
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
155
166
|
throw new import_errors.WriteError(location, "Permission denied: Owning/accessing fabric mismatch");
|
|
@@ -157,10 +168,10 @@ function dataEnforcerFor(schema) {
|
|
|
157
168
|
wrappedAuthorizeWrite(session, location);
|
|
158
169
|
};
|
|
159
170
|
mayWrite = (session, location) => {
|
|
160
|
-
if (session
|
|
171
|
+
if (hasLocalActor(session) || session.command) {
|
|
161
172
|
return true;
|
|
162
173
|
}
|
|
163
|
-
if (session.fabric
|
|
174
|
+
if (!session.fabric) {
|
|
164
175
|
return false;
|
|
165
176
|
}
|
|
166
177
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
@@ -171,24 +182,24 @@ function dataEnforcerFor(schema) {
|
|
|
171
182
|
}
|
|
172
183
|
if (!limits.readable) {
|
|
173
184
|
authorizeRead = (session, location) => {
|
|
174
|
-
if (session
|
|
185
|
+
if (hasLocalActor(session) || session.command) {
|
|
175
186
|
return;
|
|
176
187
|
}
|
|
177
188
|
throw new import_errors.ReadError(location, "Permission defined: Value is write-only");
|
|
178
189
|
};
|
|
179
190
|
mayRead = (session) => {
|
|
180
|
-
return
|
|
191
|
+
return hasLocalActor(session) || !!session.command;
|
|
181
192
|
};
|
|
182
193
|
}
|
|
183
194
|
if (!limits.writable) {
|
|
184
195
|
authorizeWrite = (session, location) => {
|
|
185
|
-
if (session
|
|
196
|
+
if (hasLocalActor(session) || session.command) {
|
|
186
197
|
return;
|
|
187
198
|
}
|
|
188
199
|
throw new import_errors.WriteError(location, "Permission denied: Value is read-only");
|
|
189
200
|
};
|
|
190
201
|
mayWrite = (session) => {
|
|
191
|
-
return
|
|
202
|
+
return hasLocalActor(session) || !!session.command;
|
|
192
203
|
};
|
|
193
204
|
}
|
|
194
205
|
return Object.freeze({
|
|
@@ -224,7 +235,7 @@ function commandEnforcerFor(schema) {
|
|
|
224
235
|
return false;
|
|
225
236
|
},
|
|
226
237
|
authorizeInvoke(session, location) {
|
|
227
|
-
if (session
|
|
238
|
+
if (hasLocalActor(session)) {
|
|
228
239
|
return;
|
|
229
240
|
}
|
|
230
241
|
if (!session.command) {
|
|
@@ -234,19 +245,19 @@ function commandEnforcerFor(schema) {
|
|
|
234
245
|
throw new import_errors.InvokeError(
|
|
235
246
|
location,
|
|
236
247
|
"Invoke attempt without required timed context",
|
|
237
|
-
import_types.
|
|
248
|
+
import_types.Status.TimedRequestMismatch
|
|
238
249
|
);
|
|
239
250
|
}
|
|
240
|
-
if (fabric && session.fabric
|
|
241
|
-
throw new import_errors.WriteError(location, "Permission denied: No accessing fabric", import_types.
|
|
251
|
+
if (fabric && !session.fabric) {
|
|
252
|
+
throw new import_errors.WriteError(location, "Permission denied: No accessing fabric", import_types.Status.UnsupportedAccess);
|
|
242
253
|
}
|
|
243
254
|
if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
|
|
244
255
|
return;
|
|
245
256
|
}
|
|
246
|
-
throw new import_errors.InvokeError(location, "Permission denied", import_types.
|
|
257
|
+
throw new import_errors.InvokeError(location, "Permission denied", import_types.Status.UnsupportedAccess);
|
|
247
258
|
},
|
|
248
259
|
mayInvoke(session, location) {
|
|
249
|
-
if (session
|
|
260
|
+
if (hasLocalActor(session)) {
|
|
250
261
|
return true;
|
|
251
262
|
}
|
|
252
263
|
if (!session.command) {
|
|
@@ -255,7 +266,7 @@ function commandEnforcerFor(schema) {
|
|
|
255
266
|
if (timed && !session.timed) {
|
|
256
267
|
return false;
|
|
257
268
|
}
|
|
258
|
-
if (fabric && session.fabric
|
|
269
|
+
if (fabric && !session.fabric) {
|
|
259
270
|
return false;
|
|
260
271
|
}
|
|
261
272
|
return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AccessControl.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,mBAAmF;AACnF,
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAoC;AACpC,mBAAmF;AACnF,mBAA+D;AAC/D,oBAA8E;AAT9E;AAAA;AAAA;AAAA;AAAA;AAYA,MAAM,QAAQ,oBAAI,QAA+B;AAK1C,SAAS,eACZ,SAC0D;AAC1D,SAAO,SAAS,YAAY;AAChC;AAKO,SAAS,kBACZ,SACkE;AAClE,MAAI,CAAC,eAAe,OAAO,GAAG;AAC1B,UAAM,IAAI,mCAAoB,yDAAyD;AAAA,EAC3F;AACJ;AAKO,SAAS,cACZ,SAC2C;AAC3C,SAAO,SAAS,YAAY;AAChC;AAkDO,SAAS,cAAc,QAAgB;AAC1C,MAAI,WAAW,MAAM,IAAI,MAAM;AAC/B,MAAI,aAAa,QAAW;AACxB,eAAW,YAAY,MAAM;AAAA,EACjC;AACA,SAAO;AACX;AAAA,CAEO,CAAUA,mBAAV;AAgHI,MAAK;AAAL,IAAKC,eAAL;AAIH,IAAAA,sBAAA,aAAU,KAAV;AAKA,IAAAA,sBAAA,kBAAe,KAAf;AAKA,IAAAA,sBAAA,gBAAa,KAAb;AAAA,KAdQ,YAAAD,eAAA,cAAAA,eAAA;AAAA,GAhHC;AAkIjB,OAAO,OAAO,aAAa;AAC3B,OAAO,OAAO,cAAc,SAAS;AAErC,SAAS,YAAY,QAA+B;AAChD,MAAI,OAAO,QAAQ,wBAAW,SAAS;AACnC,WAAO,mBAAmB,MAAM;AAAA,EACpC;AACA,SAAO,gBAAgB,MAAM;AACjC;AAEA,SAAS,gBAAgB,QAA+B;AACpD,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI,UAAsC,CAAC,SAAS,aAAa;AAC7D,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM;AAAA,EAC/D;AAEA,MAAI,WAAuC,CAAC,SAAS,aAAa;AAC9D,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,EAChE;AAEA,MAAI,gBAAyC,CAAC,SAAS,aAAa;AAChE,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM,iBAAiC;AACrF;AAAA,IACJ;AAEA,UAAM,IAAI,wBAAU,UAAU,qBAAqB,oBAAO,iBAAiB;AAAA,EAC/E;AAEA,MAAI,iBAA0C,CAAC,SAAS,aAAa;AACjE,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,IACJ;AAEA,UAAM,IAAI,yBAAW,UAAU,qBAAqB,oBAAO,iBAAiB;AAAA,EAChF;AAEA,MAAI,OAAO,OAAO;AACd,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,eAAe,OAAO,KAAK,CAAC,QAAQ,OAAO;AAC3C,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,oBAAO;AAAA,QACX;AAAA,MACJ;AACA,8BAAwB,SAAS,QAAQ;AAAA,IAC7C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,eAAe,OAAO,KAAK,CAAC,QAAQ,OAAO;AAC3C,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,OAAO,iBAAiB;AACxB,UAAM,uBAAuB;AAC7B,UAAM,iBAAiB;AACvB,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,UAAI,QAAQ,gBAAgB;AACxB,YAAI,CAAC,QAAQ,QAAQ;AACjB,gBAAM,IAAI,wBAAU,UAAU,0CAA0C,oBAAO,iBAAiB;AAAA,QACpG;AAEA,YAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,gBAAM,IAAI;AAAA,YACN;AAAA,YACA;AAAA,YACA,oBAAO;AAAA,UACX;AAAA,QACJ;AAAA,MACJ;AAEA,2BAAqB,SAAS,QAAQ;AAAA,IAC1C;AAEA,cAAU,CAAC,SAAS,aAAa;AAC7B,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,eAAO;AAAA,MACX;AAEA,aAAO,eAAe,SAAS,QAAQ;AAAA,IAC3C;AAEA,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,cAAM,IAAI,yBAAW,UAAU,0CAA0C,oBAAO,iBAAiB;AAAA,MACrG;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,cAAM,IAAI,yBAAW,UAAU,qDAAqD;AAAA,MACxF;AAEA,4BAAsB,SAAS,QAAQ;AAAA,IAC3C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,YAAM,IAAI,wBAAU,UAAU,yCAAyC;AAAA,IAC3E;AAEA,cAAU,aAAW;AACjB,aAAO,cAAc,OAAO,KAAK,CAAC,CAAC,QAAQ;AAAA,IAC/C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AACA,YAAM,IAAI,yBAAW,UAAU,uCAAuC;AAAA,IAC1E;AAEA,eAAW,aAAW;AAClB,aAAO,cAAc,OAAO,KAAK,CAAC,CAAC,QAAQ;AAAA,IAC/C;AAAA,EACJ;AAEA,SAAO,OAAO,OAAO;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA,gBAAgB,UAA6C,UAAkC;AAC3F,YAAM,IAAI,wCAA0B,UAAU,0DAA0D;AAAA,IAC5G;AAAA,IAEA,YAAY;AACR,aAAO;AAAA,IACX;AAAA,EACJ,CAAyB;AAC7B;AAEA,SAAS,mBAAmB,QAA+B;AACvD,QAAM,SAAS,UAAU,MAAM;AAC/B,QAAM,QAAQ,OAAO,gBAAgB;AACrC,QAAM,SAAS,OAAO,gBAAgB;AAEtC,SAAO;AAAA,IACH;AAAA,IAEA,cAAc,UAAU,UAAU;AAC9B,YAAM,IAAI,wCAA0B,UAAU,oDAAoD;AAAA,IACtG;AAAA,IAEA,UAAU;AACN,aAAO;AAAA,IACX;AAAA,IAEA,eAAe,UAAU,UAAU;AAC/B,YAAM,IAAI,wCAA0B,UAAU,qDAAqD;AAAA,IACvG;AAAA,IAEA,WAAW;AACP,aAAO;AAAA,IACX;AAAA,IAEA,gBAAgB,SAAS,UAAU;AAC/B,UAAI,cAAc,OAAO,GAAG;AACxB;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,cAAM,IAAI,0BAAY,UAAU,wCAAwC;AAAA,MAC5E;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,oBAAO;AAAA,QACX;AAAA,MACJ;AAEA,UAAI,UAAU,CAAC,QAAQ,QAAQ;AAC3B,cAAM,IAAI,yBAAW,UAAU,0CAA0C,oBAAO,iBAAiB;AAAA,MACrG;AAEA,UAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,MACJ;AAEA,YAAM,IAAI,0BAAY,UAAU,qBAAqB,oBAAO,iBAAiB;AAAA,IACjF;AAAA,IAEA,UAAU,SAAS,UAAU;AACzB,UAAI,cAAc,OAAO,GAAG;AACxB,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,eAAO;AAAA,MACX;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,CAAC,QAAQ,QAAQ;AAC3B,eAAO;AAAA,MACX;AAEA,aAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,IAChE;AAAA,EACJ;AACJ;AAEA,SAAS,UAAU,QAAgB;AAC/B,QAAM,SAAS,OAAO;AACtB,QAAM,UAAU,kBAAkB,0BAAa,OAAO,mBAAmB;AAGzE,MAAI,QAAQ,SAAS;AACrB,WAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,aAAa,yBAAY,IAAI,EAAE,QAAQ;AACzE,QAAI,EAAE,iBAAiB,OAAO;AAC1B,cAAQ;AAAA,IACZ;AAAA,EACJ;AAEA,QAAM,SAA+B,OAAO,OAAO;AAAA,IAC/C,UAAU,OAAO;AAAA,IACjB,UAAU,OAAO,YAAY,CAAC;AAAA,IAC9B,cAAc,OAAO,WAAW,oBAAO,OAAO,UAAU,OAAO,WAAW,oBAAO,OAAO;AAAA,IACxF,iBAAiB,OAAO,WAAW,oBAAO,OAAO;AAAA,IACjD,OAAO,OAAO,UAAU;AAAA;AAAA;AAAA,IAIxB,WAAW,OAAO,aAAa,SAAY,yBAAY,OAAO,oBAAO,eAAe,OAAO,QAAQ;AAAA,IACnG,YAAY,OAAO,cAAc,SAAY,yBAAY,UAAU,oBAAO,eAAe,OAAO,SAAS;AAAA,EAC7G,CAAC;AAED,SAAO;AACX;",
|
|
5
5
|
"names": ["AccessControl", "Authority"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttributeReadResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeReadResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D,OAAO,EAAE,YAAY,EAA0C,MAAM,gCAAgC,CAAC;AAItG,OAAO,EACH,aAAa,EAKb,MAAM,EAIT,MAAM,QAAQ,CAAC;AAIhB,eAAO,MAAM,aAAa,mCAAoE,CAAC;AAE/F;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAIhD,OAAO,CAAC,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;IA2D7G,IAAI,MAAM;;;;MAMT;IAED;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa;IAmCzC;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB;
|
|
1
|
+
{"version":3,"file":"AttributeReadResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeReadResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D,OAAO,EAAE,YAAY,EAA0C,MAAM,gCAAgC,CAAC;AAItG,OAAO,EACH,aAAa,EAKb,MAAM,EAIT,MAAM,QAAQ,CAAC;AAIhB,eAAO,MAAM,aAAa,mCAAoE,CAAC;AAE/F;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAIhD,OAAO,CAAC,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;IA2D7G,IAAI,MAAM;;;;MAMT;IAED;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa;IAmCzC;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB;IAoH5D;;;;;;;;;OASG;IACH,SAAS,CAAE,uBAAuB,CAAC,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAa;IA2BlF;;;;;;OAMG;IACH,SAAS,CAAC,sBAAsB,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa;IAsC9E;;;;OAIG;IACH,SAAS,CAAC,wBAAwB,CAAC,SAAS,EAAE,qBAAqB,EAAE,IAAI,EAAE,aAAa;IA4DxF;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB,EAAE,MAAM,EAAE,MAAM;CA8B7E"}
|
|
@@ -56,7 +56,7 @@ class AttributeReadResponse extends import_DataResponse.DataResponse {
|
|
|
56
56
|
super(node, session);
|
|
57
57
|
}
|
|
58
58
|
*process({ dataVersionFilters, attributeRequests }) {
|
|
59
|
-
const nodeId = this.session
|
|
59
|
+
const nodeId = (0, import_AccessControl.hasLocalActor)(this.session) ? import_types.NodeId.UNSPECIFIED_NODE_ID : this.nodeId;
|
|
60
60
|
if (dataVersionFilters?.length) {
|
|
61
61
|
this.#versions = {};
|
|
62
62
|
for (const {
|
|
@@ -164,26 +164,28 @@ class AttributeReadResponse extends import_DataResponse.DataResponse {
|
|
|
164
164
|
} else {
|
|
165
165
|
limits = attribute.limits;
|
|
166
166
|
}
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
167
|
+
if ((0, import_AccessControl.hasRemoteActor)(this.session)) {
|
|
168
|
+
const location = {
|
|
169
|
+
...cluster?.location ?? {
|
|
170
|
+
path: import_model.DataModelPath.none,
|
|
171
|
+
endpoint: endpointId,
|
|
172
|
+
cluster: clusterId
|
|
173
|
+
},
|
|
174
|
+
owningFabric: this.session.fabric
|
|
175
|
+
};
|
|
176
|
+
const permission = this.session.authorityAt(limits.readLevel, location);
|
|
177
|
+
switch (permission) {
|
|
178
|
+
case import_AccessControl.AccessControl.Authority.Granted:
|
|
179
|
+
break;
|
|
180
|
+
case import_AccessControl.AccessControl.Authority.Unauthorized:
|
|
181
|
+
this.addStatus(path, import_types.Status.UnsupportedAccess);
|
|
182
|
+
return;
|
|
183
|
+
case import_AccessControl.AccessControl.Authority.Restricted:
|
|
184
|
+
this.addStatus(path, import_types.Status.AccessRestricted);
|
|
185
|
+
return;
|
|
186
|
+
default:
|
|
187
|
+
throw new import_general.InternalError(`Unsupported authorization state ${permission}`);
|
|
188
|
+
}
|
|
187
189
|
}
|
|
188
190
|
if (endpoint === void 0) {
|
|
189
191
|
this.addStatus(path, import_types.Status.UnsupportedEndpoint);
|
|
@@ -316,7 +318,7 @@ class AttributeReadResponse extends import_DataResponse.DataResponse {
|
|
|
316
318
|
if (attribute.wildcardPathFlags & this.#wildcardPathFlags) {
|
|
317
319
|
return;
|
|
318
320
|
}
|
|
319
|
-
if (!attribute.limits.readable || this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== import_AccessControl.AccessControl.Authority.Granted) {
|
|
321
|
+
if (!attribute.limits.readable || (0, import_AccessControl.hasRemoteActor)(this.session) && this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== import_AccessControl.AccessControl.Authority.Granted) {
|
|
320
322
|
return;
|
|
321
323
|
}
|
|
322
324
|
if (this.#currentState === void 0) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AttributeReadResponse.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,2BAA6D;AAC7D,0BAAqE;AAErE,qBAAkD;AAClD,mBAA0D;AAC1D,mBAUO;AAzBP;AAAA;AAAA;AAAA;AAAA;AA2BA,MAAM,SAAS,sBAAO,IAAI,uBAAuB;AAE1C,MAAM,gBAAgB,IAAI,IAAI,OAAO,WAAO,+BAAiB,CAAC,CAAC,CAAC,EAAE,IAAI,UAAQ,KAAK,EAAE,CAAC;AAOtF,MAAM,8BAEH,iCAAuB;AAAA,EAC7B;AAAA;AAAA;AAAA,EAIA;AAAA;AAAA;AAAA,EAIA;AAAA;AAAA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB;AAAA;AAAA,EAGrB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,iBAAiB;AAAA,EAEjB,YAAY,MAAoB,SAAmB;AAC/C,UAAM,MAAM,OAAO;AAAA,EACvB;AAAA,EAEA,CAAC,QAAQ,EAAE,oBAAoB,kBAAkB,GAA6D;AAC1G,UAAM,aAAS,oCAAc,KAAK,OAAO,IAAI,oBAAO,sBAAsB,KAAK;AAG/E,QAAI,oBAAoB,QAAQ;AAC5B,WAAK,YAAY,CAAC;AAClB,iBAAW;AAAA,QACP,MAAM,EAAE,QAAQ,cAAc,YAAY,UAAU;AAAA,QACpD;AAAA,MACJ,KAAK,oBAAoB;AACrB,YAAI,iBAAiB,UAAa,iBAAiB,QAAQ;AACvD;AAAA,QACJ;AACA,YAAI,OAAO,eAAe,UAAU;AAEhC;AAAA,QACJ;AACA,SAAC,KAAK,UAAU,UAAU,MAAM,KAAK,UAAU,UAAU,IAAI,CAAC,IAAI,SAAS,IAAI;AAAA,MACnF;AAAA,IACJ;AAGA,eAAW,QAAQ,mBAAmB;AAClC,UAAI,KAAK,eAAe,UAAa,KAAK,cAAc,UAAa,KAAK,gBAAgB,QAAW;AACjG,aAAK,YAAY,IAAI;AAAA,MACzB,OAAO;AACH,aAAK,YAAY,IAAwC;AAAA,MAC7D;AAAA,IACJ;AAEA,QAAI,KAAK,gBAAgB;AACrB,iBAAW,YAAY,KAAK,gBAAgB;AACxC,eAAO,SAAS,MAAM,IAAI;AAAA,MAC9B;AAAA,IACJ;AAIA,QAAI,KAAK,WAAW,QAAW;AAC3B,YAAM,KAAK;AAAA,IACf;AAAA,EACJ;AAAA;AAAA,EAGA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,qBAAqB,QAAW;AACrC,YAAM,IAAI,6BAAc,iDAAiD;AAAA,IAC7E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA,EAGA,IAAI,yBAA0C;AAC1C,QAAI,KAAK,oBAAoB,QAAW;AACpC,YAAM,IAAI,6BAAc,gDAAgD;AAAA,IAC5E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,SAAS;AACT,WAAO;AAAA,MACH,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,UAAU,KAAK,cAAc,KAAK;AAAA,IACtC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,YAAY,MAAqB;AACvC,UAAM,EAAE,QAAQ,YAAY,WAAW,aAAa,kBAAkB,IAAI;AAE1E,QAAI,cAAc,UAAa,gBAAgB,UAAa,CAAC,cAAc,IAAI,WAAW,GAAG;AACzF,YAAM,IAAI;AAAA,QACN,+DAA+D,WAAW;AAAA,QAC1E,oBAAO;AAAA,MACX;AAAA,IACJ;AAEA,QAAI,WAAW,UAAa,WAAW,KAAK,QAAQ;AAChD;AAAA,IACJ;AAEA,UAAM,MAAM,oBAAoB,2CAAuB,OAAO,iBAAiB,IAAI;AAEnF,QAAI,eAAe,QAAW;AAC1B,WAAK,aAAa,aAAwC;AACtD,aAAK,qBAAqB;AAC1B,mBAAWA,aAAY,KAAK,MAAM;AAC9B,iBAAO,KAAK,wBAAwBA,WAAU,IAAI;AAAA,QACtD;AAAA,MACJ,CAAC;AACD;AAAA,IACJ;AAEA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,QAAI,UAAU;AACV,WAAK,aAAa,WAAuC;AACrD,aAAK,qBAAqB;AAC1B,eAAO,KAAK,wBAAwB,UAAU,IAAI;AAAA,MACtD,CAAC;AAAA,IACL;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,YAAY,MAAwC;AAC1D,UAAM,EAAE,QAAQ,YAAY,WAAW,YAAY,IAAI;AAEvD,QAAI,WAAW,UAAa,KAAK,WAAW,QAAQ;AAChD,WAAK,UAAU,MAAM,oBAAO,eAAe;AAC3C;AAAA,IACJ;AAGA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,UAAM,UAAU,WAAW,SAAS;AACpC,UAAM,YAAY,SAAS,KAAK,WAAW,WAAW;AACtD,QAAI;AACJ,QAAI,cAAc,QAAW;AAIzB,YAAM,YAAY,KAAK,KAAK,OACvB,OAAO,KAAK,WAAW,CAAC,wBAAW,OAAO,CAAC,GAC1C,OAAO,KAAK,aAAa,CAAC,wBAAW,SAAS,CAAC;AAErD,UAAI,WAAW;AAGX,qBAAS,oCAAc,SAA2B,EAAE;AAAA,MACxD,OAAO;AAEH,iBAAS;AAAA,MACb;AAAA,IACJ,OAAO;AACH,eAAS,UAAU;AAAA,IACvB;AAEA,YAAI,qCAAe,KAAK,OAAO,GAAG;AAG9B,YAAM,WAAmC;AAAA,QACrC,GAAI,SAAS,YAAY;AAAA,UACrB,MAAM,2BAAc;AAAA,UACpB,UAAU;AAAA,UACV,SAAS;AAAA,QACb;AAAA,QACA,cAAc,KAAK,QAAQ;AAAA,MAC/B;AAEA,YAAM,aAAa,KAAK,QAAQ,YAAY,OAAO,WAAW,QAAQ;AAEtE,cAAQ,YAAY;AAAA,QAChB,KAAK,mCAAc,UAAU;AACzB;AAAA,QAEJ,KAAK,mCAAc,UAAU;AACzB,eAAK,UAAU,MAAM,oBAAO,iBAAiB;AAC7C;AAAA,QAEJ,KAAK,mCAAc,UAAU;AACzB,eAAK,UAAU,MAAM,oBAAO,gBAAgB;AAC5C;AAAA,QAEJ;AACI,gBAAM,IAAI,6BAAc,mCAAmC,UAAU,EAAE;AAAA,MAC/E;AAAA,IACJ;AAEA,QAAI,aAAa,QAAW;AACxB,WAAK,UAAU,MAAM,oBAAO,mBAAmB;AAC/C;AAAA,IACJ;AACA,QAAI,YAAY,QAAW;AACvB,WAAK,UAAU,MAAM,oBAAO,kBAAkB;AAC9C;AAAA,IACJ;AACA,QAAI,cAAc,UAAa,CAAC,QAAQ,KAAK,WAAW,UAAU,EAAE,GAAG;AACnE,WAAK,UAAU,MAAM,oBAAO,oBAAoB;AAChD;AAAA,IACJ;AACA,QAAI,CAAC,OAAO,UAAU;AAClB,WAAK,UAAU,MAAM,oBAAO,eAAe;AAC3C;AAAA,IACJ;AAGA,UAAM,cAAc,KAAK,YAAY,KAAK,UAAU,IAAI,KAAK,SAAS;AACtE,QAAI,gBAAgB,UAAa,gBAAgB,QAAQ,SAAS;AAC9D,WAAK;AACL;AAAA,IACJ;AAGA,SAAK,aAAa,aAAa;AAE3B,UAAI,KAAK,qBAAqB,UAAU;AACpC,YAAI,KAAK,QAAQ;AACb,gBAAM,KAAK;AACX,eAAK,SAAS;AAAA,QAClB;AACA,aAAK,mBAAmB;AACxB,aAAK,kBAAkB;AACvB,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD,WAAW,KAAK,oBAAoB,SAAS;AACzC,aAAK,kBAAkB;AACvB,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD,WAAW,KAAK,kBAAkB,QAAW;AACzC,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD;AAEA,YAAM,QAAQ,KAAK,cAAc,WAAW;AAC5C,YAAM,UAAU,QAAQ;AACxB,aAAO;AAAA,QACH,MAAM,qBAAqB,KAAK,KAAK,YAAY,IAAI,CAAC,IAAI,0BAAW,KAAK,KAAK,CAAC,aAAa,OAAO;AAAA,MACxG;AAEA,WAAK,UAAU,MAAM,OAAO,SAAS,KAAK,gBAAgB,KAAK,WAAW,WAAW,EAAG,GAAG;AAAA,IAC/F,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,CAAW,wBAAwB,UAA4B,MAAqB;AAChF,QAAI,SAAS,oBAAoB,KAAK,oBAAoB;AACtD;AAAA,IACJ;AAEA,QAAI,KAAK,qBAAqB,UAAU;AACpC,UAAI,KAAK,QAAQ;AACb,cAAM,KAAK;AACX,aAAK,SAAS;AAAA,MAClB;AACA,WAAK,mBAAmB;AACxB,WAAK,kBAAkB;AAAA,IAC3B;AAEA,UAAM,EAAE,UAAU,IAAI;AACtB,QAAI,cAAc,QAAW;AACzB,iBAAW,WAAW,UAAU;AAC5B,aAAK,uBAAuB,SAAS,IAAI;AAAA,MAC7C;AAAA,IACJ,OAAO;AACH,YAAM,UAAU,SAAS,SAAS;AAClC,UAAI,YAAY,QAAW;AACvB,aAAK,uBAAuB,SAAS,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASU,uBAAuB,SAA0B,MAAqB;AAC5E,QAAI,QAAQ,KAAK,oBAAoB,KAAK,oBAAoB;AAC1D;AAAA,IACJ;AAEA,QAAI,KAAK,oBAAoB,SAAS;AAClC,WAAK,kBAAkB;AACvB,WAAK,gBAAgB;AAAA,IACzB;AAEA,UAAM,EAAE,YAAY,IAAI;AACxB,UAAM,cAAc,KAAK,YAAY,KAAK,wBAAwB,EAAE,IAAI,QAAQ,KAAK,EAAE;AACvF,UAAM,oBAAoB,gBAAgB,UAAa,gBAAgB,QAAQ;AAE/E,QAAI,gBAAgB,QAAW;AAC3B,UAAI,mBAAmB;AACnB,mBAAW,aAAa,QAAQ,KAAK,YAAY;AAC7C,cAAI,UAAU,OAAO,UAAU;AAC3B,iBAAK;AAAA,UACT;AAAA,QACJ;AACA;AAAA,MACJ;AACA,iBAAW,aAAa,QAAQ,KAAK,YAAY;AAC7C,aAAK,yBAAyB,WAAW,IAAI;AAAA,MACjD;AAAA,IACJ,OAAO;AACH,UAAI,mBAAmB;AACnB,aAAK;AACL;AAAA,MACJ;AACA,YAAM,YAAY,QAAQ,KAAK,WAAW,WAAW;AACrD,UAAI,cAAc,QAAW;AACzB,aAAK,yBAAyB,WAAW,IAAI;AAAA,MACjD;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOU,yBAAyB,WAAkC,MAAqB;AACtF,QAAI,CAAC,KAAK,uBAAuB,KAAK,WAAW,UAAU,EAAE,GAAG;AAC5D;AAAA,IACJ;AAEA,QAAI,UAAU,oBAAoB,KAAK,oBAAoB;AACvD;AAAA,IACJ;AAEA,QACI,CAAC,UAAU,OAAO,gBACjB,qCAAe,KAAK,OAAO,KACxB,KAAK,QAAQ,YAAY,UAAU,OAAO,WAAW,KAAK,uBAAuB,QAAQ,MACrF,mCAAc,UAAU,SAClC;AACE;AAAA,IACJ;AAEA,QAAI,KAAK,kBAAkB,QAAW;AAClC,WAAK,gBAAgB,KAAK,uBAAuB,UAAU,KAAK,OAAO;AAAA,IAC3E;AACA,UAAM,QAAQ,KAAK,cAAc,UAAU,EAAE;AAC7C,QAAI,UAAU,QAAW;AAErB,aAAO,KAAK,aAAa,KAAK,KAAK,YAAY,IAAI,CAAC,wCAAwC;AAC5F;AAAA,IACJ;AAEA,SAAK;AAAA,MACD;AAAA,QACI,GAAG;AAAA,QACH,YAAY,KAAK,wBAAwB;AAAA,QACzC,WAAW,KAAK,uBAAuB,KAAK;AAAA,QAC5C,aAAa,UAAU;AAAA,MAC3B;AAAA,MACA,KAAK,cAAc,UAAU,EAAE;AAAA,MAC/B,KAAK,uBAAuB;AAAA,MAC5B,UAAU;AAAA,IACd;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,UAAuE;AAChF,QAAI,KAAK,gBAAgB;AACrB,WAAK,eAAe,KAAK,QAAQ;AAAA,IACrC,OAAO;AACH,WAAK,iBAAiB,CAAC,QAAQ;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,eAAe,QAA2B;AACtC,QAAI,KAAK,QAAQ;AACb,WAAK,OAAO,KAAK,MAAM;AAAA,IAC3B,OAAO;AACH,WAAK,SAAS,CAAC,MAAM;AAAA,IACzB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,UAAU,MAAwC,QAAgB;AACxE,WAAO;AAAA,MACH,MAAM,2BAA2B,KAAK,KAAK,YAAY,IAAI,CAAC,YAAY,wBAAW,MAAM,CAAC,IAAI,MAAM;AAAA,IACxG;AAEA,UAAM,SAAqC;AAAA,MACvC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACJ;AAEA,SAAK,eAAe,MAAM;AAC1B,SAAK;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,MAAwC,OAAgB,SAAiB,KAAyB;AACxG,UAAM,SAAoC;AAAA,MACtC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAEA,SAAK,eAAe,MAAM;AAC1B,SAAK;AAAA,EACT;AACJ;",
|
|
5
5
|
"names": ["endpoint"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttributeWriteResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeWriteResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAqC,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EASH,SAAS,EACZ,MAAM,QAAQ,CAAC;AAKhB;;;;GAIG;AACH,qBAAa,sBAAsB,CAC/B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAahB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK3C,OAAO,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;IA0CtF,IAAI,MAAM;;;;MAMT;
|
|
1
|
+
{"version":3,"file":"AttributeWriteResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeWriteResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAqC,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EASH,SAAS,EACZ,MAAM,QAAQ,CAAC;AAKhB;;;;GAIG;AACH,qBAAa,sBAAsB,CAC/B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAahB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK3C,OAAO,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;IA0CtF,IAAI,MAAM;;;;MAMT;cAsRe,UAAU,CACtB,SAAS,EAAE,qBAAqB,EAChC,IAAI,EAAE,WAAW,CAAC,qBAAqB,EACvC,KAAK,EAAE,SAAS;CAqEvB"}
|
|
@@ -158,24 +158,26 @@ class AttributeWriteResponse extends import_DataResponse.DataResponse {
|
|
|
158
158
|
} else {
|
|
159
159
|
limits = attribute.limits;
|
|
160
160
|
}
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
161
|
+
if ((0, import_AccessControl.hasRemoteActor)(this.session)) {
|
|
162
|
+
const location = {
|
|
163
|
+
...cluster?.location ?? {
|
|
164
|
+
path: import_model.DataModelPath.none,
|
|
165
|
+
endpoint: endpointId,
|
|
166
|
+
cluster: clusterId
|
|
167
|
+
},
|
|
168
|
+
owningFabric: this.session.fabric
|
|
169
|
+
};
|
|
170
|
+
const permission = this.session.authorityAt(limits.writeLevel, location);
|
|
171
|
+
switch (permission) {
|
|
172
|
+
case import_AccessControl.AccessControl.Authority.Granted:
|
|
173
|
+
break;
|
|
174
|
+
case import_AccessControl.AccessControl.Authority.Unauthorized:
|
|
175
|
+
return this.#asStatus(path, import_types.Status.UnsupportedAccess);
|
|
176
|
+
case import_AccessControl.AccessControl.Authority.Restricted:
|
|
177
|
+
return this.#asStatus(path, import_types.Status.AccessRestricted);
|
|
178
|
+
default:
|
|
179
|
+
throw new import_general.InternalError(`Unsupported authorization state ${permission}`);
|
|
180
|
+
}
|
|
179
181
|
}
|
|
180
182
|
if (endpoint === void 0) {
|
|
181
183
|
return this.#asStatus(path, import_types.Status.UnsupportedEndpoint);
|
|
@@ -190,13 +192,15 @@ class AttributeWriteResponse extends import_DataResponse.DataResponse {
|
|
|
190
192
|
this.#errorCount++;
|
|
191
193
|
return this.#asStatus(path, import_types.Status.UnsupportedWrite);
|
|
192
194
|
}
|
|
193
|
-
if (
|
|
194
|
-
this
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
this
|
|
199
|
-
|
|
195
|
+
if ((0, import_AccessControl.hasRemoteActor)(this.session)) {
|
|
196
|
+
if (limits.timed && !this.session.timed) {
|
|
197
|
+
this.#errorCount++;
|
|
198
|
+
return this.#asStatus(path, import_types.Status.NeedsTimedInteraction);
|
|
199
|
+
}
|
|
200
|
+
if (limits.fabricScoped && !this.session.fabric) {
|
|
201
|
+
this.#errorCount++;
|
|
202
|
+
return this.#asStatus(path, import_types.Status.UnsupportedAccess);
|
|
203
|
+
}
|
|
200
204
|
}
|
|
201
205
|
if (version !== void 0 && version !== cluster.version) {
|
|
202
206
|
this.#errorCount++;
|
|
@@ -265,9 +269,17 @@ class AttributeWriteResponse extends import_DataResponse.DataResponse {
|
|
|
265
269
|
if (!this.#guardedCurrentCluster.type.attributes[attribute.id]) {
|
|
266
270
|
return;
|
|
267
271
|
}
|
|
268
|
-
if (!attribute.limits.writable
|
|
272
|
+
if (!attribute.limits.writable) {
|
|
269
273
|
return;
|
|
270
274
|
}
|
|
275
|
+
if ((0, import_AccessControl.hasRemoteActor)(this.session)) {
|
|
276
|
+
if (this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== import_AccessControl.AccessControl.Authority.Granted) {
|
|
277
|
+
return;
|
|
278
|
+
}
|
|
279
|
+
if (attribute.limits.timed && !this.session.timed) {
|
|
280
|
+
return;
|
|
281
|
+
}
|
|
282
|
+
}
|
|
271
283
|
return this.writeValue(
|
|
272
284
|
attribute,
|
|
273
285
|
{
|