@matter/protocol 0.16.0-alpha.0-20250902-38a7cc156 → 0.16.0-alpha.0-20250909-aecad94f3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/action/Interactable.d.ts +2 -2
- package/dist/cjs/action/Interactable.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.d.ts +43 -15
- package/dist/cjs/action/server/AccessControl.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.js +47 -36
- package/dist/cjs/action/server/AccessControl.js.map +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.js +24 -22
- package/dist/cjs/action/server/AttributeReadResponse.js.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.js +38 -26
- package/dist/cjs/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.js +28 -19
- package/dist/cjs/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/cjs/action/server/EventReadResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/EventReadResponse.js +22 -20
- package/dist/cjs/action/server/EventReadResponse.js.map +1 -1
- package/dist/cjs/fabric/Fabric.d.ts +1 -1
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +4 -4
- package/dist/cjs/fabric/Fabric.js.map +1 -1
- package/dist/cjs/interaction/FabricAccessControl.d.ts +2 -2
- package/dist/cjs/interaction/FabricAccessControl.d.ts.map +1 -1
- package/dist/cjs/interaction/FabricAccessControl.js +0 -6
- package/dist/cjs/interaction/FabricAccessControl.js.map +1 -1
- package/dist/esm/action/Interactable.d.ts +2 -2
- package/dist/esm/action/Interactable.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.d.ts +43 -15
- package/dist/esm/action/server/AccessControl.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.js +48 -37
- package/dist/esm/action/server/AccessControl.js.map +1 -1
- package/dist/esm/action/server/AttributeReadResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeReadResponse.js +25 -23
- package/dist/esm/action/server/AttributeReadResponse.js.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.js +39 -27
- package/dist/esm/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.js +29 -20
- package/dist/esm/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/esm/action/server/EventReadResponse.d.ts.map +1 -1
- package/dist/esm/action/server/EventReadResponse.js +23 -21
- package/dist/esm/action/server/EventReadResponse.js.map +1 -1
- package/dist/esm/fabric/Fabric.d.ts +1 -1
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +4 -4
- package/dist/esm/fabric/Fabric.js.map +1 -1
- package/dist/esm/interaction/FabricAccessControl.d.ts +2 -2
- package/dist/esm/interaction/FabricAccessControl.d.ts.map +1 -1
- package/dist/esm/interaction/FabricAccessControl.js +0 -6
- package/dist/esm/interaction/FabricAccessControl.js.map +1 -1
- package/package.json +6 -6
- package/src/action/Interactable.ts +2 -2
- package/src/action/server/AccessControl.ts +90 -53
- package/src/action/server/AttributeReadResponse.ts +35 -29
- package/src/action/server/AttributeWriteResponse.ts +50 -38
- package/src/action/server/CommandInvokeResponse.ts +33 -24
- package/src/action/server/EventReadResponse.ts +25 -21
- package/src/fabric/Fabric.ts +4 -4
- package/src/interaction/FabricAccessControl.ts +2 -8
|
@@ -3,10 +3,22 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
+
import { ImplementationError } from "#general";
|
|
6
7
|
import { Access, AccessLevel, ElementTag, ValueModel } from "#model";
|
|
7
|
-
import {
|
|
8
|
+
import { Status } from "#types";
|
|
8
9
|
import { InvokeError, ReadError, SchemaImplementationError, WriteError } from "../errors.js";
|
|
9
10
|
const cache = /* @__PURE__ */ new WeakMap();
|
|
11
|
+
function hasRemoteActor(session) {
|
|
12
|
+
return session?.subject !== void 0;
|
|
13
|
+
}
|
|
14
|
+
function assertRemoteActor(session) {
|
|
15
|
+
if (!hasRemoteActor(session)) {
|
|
16
|
+
throw new ImplementationError("This operation requires an authenticated remote session");
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
function hasLocalActor(session) {
|
|
20
|
+
return session?.subject === void 0;
|
|
21
|
+
}
|
|
10
22
|
function AccessControl(schema) {
|
|
11
23
|
let enforcer = cache.get(schema);
|
|
12
24
|
if (enforcer === void 0) {
|
|
@@ -33,50 +45,50 @@ function enforcerFor(schema) {
|
|
|
33
45
|
function dataEnforcerFor(schema) {
|
|
34
46
|
const limits = limitsFor(schema);
|
|
35
47
|
let mayRead = (session, location) => {
|
|
36
|
-
if (session
|
|
48
|
+
if (hasLocalActor(session) || session.command) {
|
|
37
49
|
return true;
|
|
38
50
|
}
|
|
39
51
|
return session.authorityAt(limits.readLevel, location) === 1 /* Granted */;
|
|
40
52
|
};
|
|
41
53
|
let mayWrite = (session, location) => {
|
|
42
|
-
if (session
|
|
54
|
+
if (hasLocalActor(session) || session.command) {
|
|
43
55
|
return true;
|
|
44
56
|
}
|
|
45
57
|
return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
|
|
46
58
|
};
|
|
47
59
|
let authorizeRead = (session, location) => {
|
|
48
|
-
if (session
|
|
60
|
+
if (hasLocalActor(session) || session.command) {
|
|
49
61
|
return;
|
|
50
62
|
}
|
|
51
63
|
if (session.authorityAt(limits.readLevel, location) === 1 /* Granted */) {
|
|
52
64
|
return;
|
|
53
65
|
}
|
|
54
|
-
throw new ReadError(location, "Permission denied",
|
|
66
|
+
throw new ReadError(location, "Permission denied", Status.UnsupportedAccess);
|
|
55
67
|
};
|
|
56
68
|
let authorizeWrite = (session, location) => {
|
|
57
|
-
if (session
|
|
69
|
+
if (hasLocalActor(session) || session.command) {
|
|
58
70
|
return;
|
|
59
71
|
}
|
|
60
72
|
if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
|
|
61
73
|
return;
|
|
62
74
|
}
|
|
63
|
-
throw new WriteError(location, "Permission denied",
|
|
75
|
+
throw new WriteError(location, "Permission denied", Status.UnsupportedAccess);
|
|
64
76
|
};
|
|
65
77
|
if (limits.timed) {
|
|
66
78
|
const wrappedAuthorizeWrite = authorizeWrite;
|
|
67
79
|
const wrappedMayWrite = mayWrite;
|
|
68
80
|
authorizeWrite = (session, location) => {
|
|
69
|
-
if (
|
|
81
|
+
if (hasRemoteActor(session) && !session.timed) {
|
|
70
82
|
throw new WriteError(
|
|
71
83
|
location,
|
|
72
84
|
"Permission denied because interaction is not timed",
|
|
73
|
-
|
|
85
|
+
Status.NeedsTimedInteraction
|
|
74
86
|
);
|
|
75
87
|
}
|
|
76
88
|
wrappedAuthorizeWrite?.(session, location);
|
|
77
89
|
};
|
|
78
90
|
mayWrite = (session, location) => {
|
|
79
|
-
if (
|
|
91
|
+
if (hasRemoteActor(session) && !session.timed) {
|
|
80
92
|
return false;
|
|
81
93
|
}
|
|
82
94
|
return wrappedMayWrite(session, location);
|
|
@@ -88,32 +100,28 @@ function dataEnforcerFor(schema) {
|
|
|
88
100
|
const wrappedAuthorizeWrite = authorizeWrite;
|
|
89
101
|
const wrappedMayWrite = mayWrite;
|
|
90
102
|
authorizeRead = (session, location) => {
|
|
91
|
-
if (session
|
|
103
|
+
if (hasLocalActor(session) || session.command) {
|
|
92
104
|
return;
|
|
93
105
|
}
|
|
94
106
|
if (session.fabricFiltered) {
|
|
95
|
-
if (session.fabric
|
|
96
|
-
throw new ReadError(
|
|
97
|
-
location,
|
|
98
|
-
"Permission denied: No accessing fabric",
|
|
99
|
-
StatusCode.UnsupportedAccess
|
|
100
|
-
);
|
|
107
|
+
if (!session.fabric) {
|
|
108
|
+
throw new ReadError(location, "Permission denied: No accessing fabric", Status.UnsupportedAccess);
|
|
101
109
|
}
|
|
102
110
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
103
111
|
throw new ReadError(
|
|
104
112
|
location,
|
|
105
113
|
"Permission denied: Owning/accessing fabric mismatch",
|
|
106
|
-
|
|
114
|
+
Status.UnsupportedAccess
|
|
107
115
|
);
|
|
108
116
|
}
|
|
109
117
|
}
|
|
110
118
|
wrappedAuthorizeRead(session, location);
|
|
111
119
|
};
|
|
112
120
|
mayRead = (session, location) => {
|
|
113
|
-
if (session
|
|
121
|
+
if (hasLocalActor(session) || session.command) {
|
|
114
122
|
return true;
|
|
115
123
|
}
|
|
116
|
-
if (session.fabric
|
|
124
|
+
if (!session.fabric) {
|
|
117
125
|
return false;
|
|
118
126
|
}
|
|
119
127
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
@@ -122,11 +130,11 @@ function dataEnforcerFor(schema) {
|
|
|
122
130
|
return wrappedMayRead(session, location);
|
|
123
131
|
};
|
|
124
132
|
authorizeWrite = (session, location) => {
|
|
125
|
-
if (session
|
|
133
|
+
if (hasLocalActor(session) || session.command) {
|
|
126
134
|
return;
|
|
127
135
|
}
|
|
128
|
-
if (session.fabric
|
|
129
|
-
throw new WriteError(location, "Permission denied: No accessing fabric",
|
|
136
|
+
if (!session.fabric) {
|
|
137
|
+
throw new WriteError(location, "Permission denied: No accessing fabric", Status.UnsupportedAccess);
|
|
130
138
|
}
|
|
131
139
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
132
140
|
throw new WriteError(location, "Permission denied: Owning/accessing fabric mismatch");
|
|
@@ -134,10 +142,10 @@ function dataEnforcerFor(schema) {
|
|
|
134
142
|
wrappedAuthorizeWrite(session, location);
|
|
135
143
|
};
|
|
136
144
|
mayWrite = (session, location) => {
|
|
137
|
-
if (session
|
|
145
|
+
if (hasLocalActor(session) || session.command) {
|
|
138
146
|
return true;
|
|
139
147
|
}
|
|
140
|
-
if (session.fabric
|
|
148
|
+
if (!session.fabric) {
|
|
141
149
|
return false;
|
|
142
150
|
}
|
|
143
151
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
@@ -148,24 +156,24 @@ function dataEnforcerFor(schema) {
|
|
|
148
156
|
}
|
|
149
157
|
if (!limits.readable) {
|
|
150
158
|
authorizeRead = (session, location) => {
|
|
151
|
-
if (session
|
|
159
|
+
if (hasLocalActor(session) || session.command) {
|
|
152
160
|
return;
|
|
153
161
|
}
|
|
154
162
|
throw new ReadError(location, "Permission defined: Value is write-only");
|
|
155
163
|
};
|
|
156
164
|
mayRead = (session) => {
|
|
157
|
-
return
|
|
165
|
+
return hasLocalActor(session) || !!session.command;
|
|
158
166
|
};
|
|
159
167
|
}
|
|
160
168
|
if (!limits.writable) {
|
|
161
169
|
authorizeWrite = (session, location) => {
|
|
162
|
-
if (session
|
|
170
|
+
if (hasLocalActor(session) || session.command) {
|
|
163
171
|
return;
|
|
164
172
|
}
|
|
165
173
|
throw new WriteError(location, "Permission denied: Value is read-only");
|
|
166
174
|
};
|
|
167
175
|
mayWrite = (session) => {
|
|
168
|
-
return
|
|
176
|
+
return hasLocalActor(session) || !!session.command;
|
|
169
177
|
};
|
|
170
178
|
}
|
|
171
179
|
return Object.freeze({
|
|
@@ -201,7 +209,7 @@ function commandEnforcerFor(schema) {
|
|
|
201
209
|
return false;
|
|
202
210
|
},
|
|
203
211
|
authorizeInvoke(session, location) {
|
|
204
|
-
if (session
|
|
212
|
+
if (hasLocalActor(session)) {
|
|
205
213
|
return;
|
|
206
214
|
}
|
|
207
215
|
if (!session.command) {
|
|
@@ -211,19 +219,19 @@ function commandEnforcerFor(schema) {
|
|
|
211
219
|
throw new InvokeError(
|
|
212
220
|
location,
|
|
213
221
|
"Invoke attempt without required timed context",
|
|
214
|
-
|
|
222
|
+
Status.TimedRequestMismatch
|
|
215
223
|
);
|
|
216
224
|
}
|
|
217
|
-
if (fabric && session.fabric
|
|
218
|
-
throw new WriteError(location, "Permission denied: No accessing fabric",
|
|
225
|
+
if (fabric && !session.fabric) {
|
|
226
|
+
throw new WriteError(location, "Permission denied: No accessing fabric", Status.UnsupportedAccess);
|
|
219
227
|
}
|
|
220
228
|
if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
|
|
221
229
|
return;
|
|
222
230
|
}
|
|
223
|
-
throw new InvokeError(location, "Permission denied",
|
|
231
|
+
throw new InvokeError(location, "Permission denied", Status.UnsupportedAccess);
|
|
224
232
|
},
|
|
225
233
|
mayInvoke(session, location) {
|
|
226
|
-
if (session
|
|
234
|
+
if (hasLocalActor(session)) {
|
|
227
235
|
return true;
|
|
228
236
|
}
|
|
229
237
|
if (!session.command) {
|
|
@@ -232,7 +240,7 @@ function commandEnforcerFor(schema) {
|
|
|
232
240
|
if (timed && !session.timed) {
|
|
233
241
|
return false;
|
|
234
242
|
}
|
|
235
|
-
if (fabric && session.fabric
|
|
243
|
+
if (fabric && !session.fabric) {
|
|
236
244
|
return false;
|
|
237
245
|
}
|
|
238
246
|
return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
|
|
@@ -262,6 +270,9 @@ function limitsFor(schema) {
|
|
|
262
270
|
return limits;
|
|
263
271
|
}
|
|
264
272
|
export {
|
|
265
|
-
AccessControl
|
|
273
|
+
AccessControl,
|
|
274
|
+
assertRemoteActor,
|
|
275
|
+
hasLocalActor,
|
|
276
|
+
hasRemoteActor
|
|
266
277
|
};
|
|
267
278
|
//# sourceMappingURL=AccessControl.js.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AccessControl.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,QAAQ,aAA4B,YAAoB,kBAAkB;AACnF,SAAiD,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,2BAA2B;AACpC,SAAS,QAAQ,aAA4B,YAAoB,kBAAkB;AACnF,SAAiD,cAAc;AAC/D,SAAS,aAAa,WAAW,2BAA2B,kBAAkB;AAG9E,MAAM,QAAQ,oBAAI,QAA+B;AAK1C,SAAS,eACZ,SAC0D;AAC1D,SAAO,SAAS,YAAY;AAChC;AAKO,SAAS,kBACZ,SACkE;AAClE,MAAI,CAAC,eAAe,OAAO,GAAG;AAC1B,UAAM,IAAI,oBAAoB,yDAAyD;AAAA,EAC3F;AACJ;AAKO,SAAS,cACZ,SAC2C;AAC3C,SAAO,SAAS,YAAY;AAChC;AAkDO,SAAS,cAAc,QAAgB;AAC1C,MAAI,WAAW,MAAM,IAAI,MAAM;AAC/B,MAAI,aAAa,QAAW;AACxB,eAAW,YAAY,MAAM;AAAA,EACjC;AACA,SAAO;AACX;AAAA,CAEO,CAAUA,mBAAV;AAgHI,MAAK;AAAL,IAAKC,eAAL;AAIH,IAAAA,sBAAA,aAAU,KAAV;AAKA,IAAAA,sBAAA,kBAAe,KAAf;AAKA,IAAAA,sBAAA,gBAAa,KAAb;AAAA,KAdQ,YAAAD,eAAA,cAAAA,eAAA;AAAA,GAhHC;AAkIjB,OAAO,OAAO,aAAa;AAC3B,OAAO,OAAO,cAAc,SAAS;AAErC,SAAS,YAAY,QAA+B;AAChD,MAAI,OAAO,QAAQ,WAAW,SAAS;AACnC,WAAO,mBAAmB,MAAM;AAAA,EACpC;AACA,SAAO,gBAAgB,MAAM;AACjC;AAEA,SAAS,gBAAgB,QAA+B;AACpD,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI,UAAsC,CAAC,SAAS,aAAa;AAC7D,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM;AAAA,EAC/D;AAEA,MAAI,WAAuC,CAAC,SAAS,aAAa;AAC9D,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,EAChE;AAEA,MAAI,gBAAyC,CAAC,SAAS,aAAa;AAChE,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM,iBAAiC;AACrF;AAAA,IACJ;AAEA,UAAM,IAAI,UAAU,UAAU,qBAAqB,OAAO,iBAAiB;AAAA,EAC/E;AAEA,MAAI,iBAA0C,CAAC,SAAS,aAAa;AACjE,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,IACJ;AAEA,UAAM,IAAI,WAAW,UAAU,qBAAqB,OAAO,iBAAiB;AAAA,EAChF;AAEA,MAAI,OAAO,OAAO;AACd,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,eAAe,OAAO,KAAK,CAAC,QAAQ,OAAO;AAC3C,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,OAAO;AAAA,QACX;AAAA,MACJ;AACA,8BAAwB,SAAS,QAAQ;AAAA,IAC7C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,eAAe,OAAO,KAAK,CAAC,QAAQ,OAAO;AAC3C,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,OAAO,iBAAiB;AACxB,UAAM,uBAAuB;AAC7B,UAAM,iBAAiB;AACvB,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,UAAI,QAAQ,gBAAgB;AACxB,YAAI,CAAC,QAAQ,QAAQ;AACjB,gBAAM,IAAI,UAAU,UAAU,0CAA0C,OAAO,iBAAiB;AAAA,QACpG;AAEA,YAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,gBAAM,IAAI;AAAA,YACN;AAAA,YACA;AAAA,YACA,OAAO;AAAA,UACX;AAAA,QACJ;AAAA,MACJ;AAEA,2BAAqB,SAAS,QAAQ;AAAA,IAC1C;AAEA,cAAU,CAAC,SAAS,aAAa;AAC7B,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,eAAO;AAAA,MACX;AAEA,aAAO,eAAe,SAAS,QAAQ;AAAA,IAC3C;AAEA,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,cAAM,IAAI,WAAW,UAAU,0CAA0C,OAAO,iBAAiB;AAAA,MACrG;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,cAAM,IAAI,WAAW,UAAU,qDAAqD;AAAA,MACxF;AAEA,4BAAsB,SAAS,QAAQ;AAAA,IAC3C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,YAAM,IAAI,UAAU,UAAU,yCAAyC;AAAA,IAC3E;AAEA,cAAU,aAAW;AACjB,aAAO,cAAc,OAAO,KAAK,CAAC,CAAC,QAAQ;AAAA,IAC/C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AACA,YAAM,IAAI,WAAW,UAAU,uCAAuC;AAAA,IAC1E;AAEA,eAAW,aAAW;AAClB,aAAO,cAAc,OAAO,KAAK,CAAC,CAAC,QAAQ;AAAA,IAC/C;AAAA,EACJ;AAEA,SAAO,OAAO,OAAO;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA,gBAAgB,UAA6C,UAAkC;AAC3F,YAAM,IAAI,0BAA0B,UAAU,0DAA0D;AAAA,IAC5G;AAAA,IAEA,YAAY;AACR,aAAO;AAAA,IACX;AAAA,EACJ,CAAyB;AAC7B;AAEA,SAAS,mBAAmB,QAA+B;AACvD,QAAM,SAAS,UAAU,MAAM;AAC/B,QAAM,QAAQ,OAAO,gBAAgB;AACrC,QAAM,SAAS,OAAO,gBAAgB;AAEtC,SAAO;AAAA,IACH;AAAA,IAEA,cAAc,UAAU,UAAU;AAC9B,YAAM,IAAI,0BAA0B,UAAU,oDAAoD;AAAA,IACtG;AAAA,IAEA,UAAU;AACN,aAAO;AAAA,IACX;AAAA,IAEA,eAAe,UAAU,UAAU;AAC/B,YAAM,IAAI,0BAA0B,UAAU,qDAAqD;AAAA,IACvG;AAAA,IAEA,WAAW;AACP,aAAO;AAAA,IACX;AAAA,IAEA,gBAAgB,SAAS,UAAU;AAC/B,UAAI,cAAc,OAAO,GAAG;AACxB;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,cAAM,IAAI,YAAY,UAAU,wCAAwC;AAAA,MAC5E;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,OAAO;AAAA,QACX;AAAA,MACJ;AAEA,UAAI,UAAU,CAAC,QAAQ,QAAQ;AAC3B,cAAM,IAAI,WAAW,UAAU,0CAA0C,OAAO,iBAAiB;AAAA,MACrG;AAEA,UAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,MACJ;AAEA,YAAM,IAAI,YAAY,UAAU,qBAAqB,OAAO,iBAAiB;AAAA,IACjF;AAAA,IAEA,UAAU,SAAS,UAAU;AACzB,UAAI,cAAc,OAAO,GAAG;AACxB,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,eAAO;AAAA,MACX;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,CAAC,QAAQ,QAAQ;AAC3B,eAAO;AAAA,MACX;AAEA,aAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,IAChE;AAAA,EACJ;AACJ;AAEA,SAAS,UAAU,QAAgB;AAC/B,QAAM,SAAS,OAAO;AACtB,QAAM,UAAU,kBAAkB,aAAa,OAAO,mBAAmB;AAGzE,MAAI,QAAQ,SAAS;AACrB,WAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,aAAa,YAAY,IAAI,EAAE,QAAQ;AACzE,QAAI,EAAE,iBAAiB,OAAO;AAC1B,cAAQ;AAAA,IACZ;AAAA,EACJ;AAEA,QAAM,SAA+B,OAAO,OAAO;AAAA,IAC/C,UAAU,OAAO;AAAA,IACjB,UAAU,OAAO,YAAY,CAAC;AAAA,IAC9B,cAAc,OAAO,WAAW,OAAO,OAAO,UAAU,OAAO,WAAW,OAAO,OAAO;AAAA,IACxF,iBAAiB,OAAO,WAAW,OAAO,OAAO;AAAA,IACjD,OAAO,OAAO,UAAU;AAAA;AAAA;AAAA,IAIxB,WAAW,OAAO,aAAa,SAAY,YAAY,OAAO,OAAO,eAAe,OAAO,QAAQ;AAAA,IACnG,YAAY,OAAO,cAAc,SAAY,YAAY,UAAU,OAAO,eAAe,OAAO,SAAS;AAAA,EAC7G,CAAC;AAED,SAAO;AACX;",
|
|
5
5
|
"names": ["AccessControl", "Authority"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttributeReadResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeReadResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D,OAAO,EAAE,YAAY,EAA0C,MAAM,gCAAgC,CAAC;AAItG,OAAO,EACH,aAAa,EAKb,MAAM,EAIT,MAAM,QAAQ,CAAC;AAIhB,eAAO,MAAM,aAAa,mCAAoE,CAAC;AAE/F;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAIhD,OAAO,CAAC,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;IA2D7G,IAAI,MAAM;;;;MAMT;IAED;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa;IAmCzC;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB;
|
|
1
|
+
{"version":3,"file":"AttributeReadResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeReadResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D,OAAO,EAAE,YAAY,EAA0C,MAAM,gCAAgC,CAAC;AAItG,OAAO,EACH,aAAa,EAKb,MAAM,EAIT,MAAM,QAAQ,CAAC;AAIhB,eAAO,MAAM,aAAa,mCAAoE,CAAC;AAE/F;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAIhD,OAAO,CAAC,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;IA2D7G,IAAI,MAAM;;;;MAMT;IAED;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa;IAmCzC;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB;IAoH5D;;;;;;;;;OASG;IACH,SAAS,CAAE,uBAAuB,CAAC,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAa;IA2BlF;;;;;;OAMG;IACH,SAAS,CAAC,sBAAsB,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa;IAsC9E;;;;OAIG;IACH,SAAS,CAAC,wBAAwB,CAAC,SAAS,EAAE,qBAAqB,EAAE,IAAI,EAAE,aAAa;IA4DxF;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB,EAAE,MAAM,EAAE,MAAM;CA8B7E"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { AccessControl } from "#action/server/AccessControl.js";
|
|
6
|
+
import { AccessControl, hasLocalActor, hasRemoteActor } from "#action/server/AccessControl.js";
|
|
7
7
|
import { DataResponse, FallbackLimits, WildcardPathFlagsCodec } from "#action/server/DataResponse.js";
|
|
8
8
|
import { Diagnostic, InternalError, Logger } from "#general";
|
|
9
9
|
import { DataModelPath, ElementTag } from "#model";
|
|
@@ -38,7 +38,7 @@ class AttributeReadResponse extends DataResponse {
|
|
|
38
38
|
super(node, session);
|
|
39
39
|
}
|
|
40
40
|
*process({ dataVersionFilters, attributeRequests }) {
|
|
41
|
-
const nodeId = this.session
|
|
41
|
+
const nodeId = hasLocalActor(this.session) ? NodeId.UNSPECIFIED_NODE_ID : this.nodeId;
|
|
42
42
|
if (dataVersionFilters?.length) {
|
|
43
43
|
this.#versions = {};
|
|
44
44
|
for (const {
|
|
@@ -146,26 +146,28 @@ class AttributeReadResponse extends DataResponse {
|
|
|
146
146
|
} else {
|
|
147
147
|
limits = attribute.limits;
|
|
148
148
|
}
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
149
|
+
if (hasRemoteActor(this.session)) {
|
|
150
|
+
const location = {
|
|
151
|
+
...cluster?.location ?? {
|
|
152
|
+
path: DataModelPath.none,
|
|
153
|
+
endpoint: endpointId,
|
|
154
|
+
cluster: clusterId
|
|
155
|
+
},
|
|
156
|
+
owningFabric: this.session.fabric
|
|
157
|
+
};
|
|
158
|
+
const permission = this.session.authorityAt(limits.readLevel, location);
|
|
159
|
+
switch (permission) {
|
|
160
|
+
case AccessControl.Authority.Granted:
|
|
161
|
+
break;
|
|
162
|
+
case AccessControl.Authority.Unauthorized:
|
|
163
|
+
this.addStatus(path, Status.UnsupportedAccess);
|
|
164
|
+
return;
|
|
165
|
+
case AccessControl.Authority.Restricted:
|
|
166
|
+
this.addStatus(path, Status.AccessRestricted);
|
|
167
|
+
return;
|
|
168
|
+
default:
|
|
169
|
+
throw new InternalError(`Unsupported authorization state ${permission}`);
|
|
170
|
+
}
|
|
169
171
|
}
|
|
170
172
|
if (endpoint === void 0) {
|
|
171
173
|
this.addStatus(path, Status.UnsupportedEndpoint);
|
|
@@ -298,7 +300,7 @@ class AttributeReadResponse extends DataResponse {
|
|
|
298
300
|
if (attribute.wildcardPathFlags & this.#wildcardPathFlags) {
|
|
299
301
|
return;
|
|
300
302
|
}
|
|
301
|
-
if (!attribute.limits.readable || this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== AccessControl.Authority.Granted) {
|
|
303
|
+
if (!attribute.limits.readable || hasRemoteActor(this.session) && this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== AccessControl.Authority.Granted) {
|
|
302
304
|
return;
|
|
303
305
|
}
|
|
304
306
|
if (this.#currentState === void 0) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AttributeReadResponse.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,SAAS,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,SAAS,eAAe,eAAe,sBAAsB;AAC7D,SAAS,cAAc,gBAAgB,8BAA8B;AAErE,SAAS,YAAY,eAAe,cAAc;AAClD,SAAyB,eAAe,kBAAkB;AAC1D;AAAA,EAII;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAEG;AAEP,MAAM,SAAS,OAAO,IAAI,uBAAuB;AAE1C,MAAM,gBAAgB,IAAI,IAAI,OAAO,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,IAAI,UAAQ,KAAK,EAAE,CAAC;AAOtF,MAAM,8BAEH,aAAuB;AAAA,EAC7B;AAAA;AAAA;AAAA,EAIA;AAAA;AAAA;AAAA,EAIA;AAAA;AAAA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB;AAAA;AAAA,EAGrB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,iBAAiB;AAAA,EAEjB,YAAY,MAAoB,SAAmB;AAC/C,UAAM,MAAM,OAAO;AAAA,EACvB;AAAA,EAEA,CAAC,QAAQ,EAAE,oBAAoB,kBAAkB,GAA6D;AAC1G,UAAM,SAAS,cAAc,KAAK,OAAO,IAAI,OAAO,sBAAsB,KAAK;AAG/E,QAAI,oBAAoB,QAAQ;AAC5B,WAAK,YAAY,CAAC;AAClB,iBAAW;AAAA,QACP,MAAM,EAAE,QAAQ,cAAc,YAAY,UAAU;AAAA,QACpD;AAAA,MACJ,KAAK,oBAAoB;AACrB,YAAI,iBAAiB,UAAa,iBAAiB,QAAQ;AACvD;AAAA,QACJ;AACA,YAAI,OAAO,eAAe,UAAU;AAEhC;AAAA,QACJ;AACA,SAAC,KAAK,UAAU,UAAU,MAAM,KAAK,UAAU,UAAU,IAAI,CAAC,IAAI,SAAS,IAAI;AAAA,MACnF;AAAA,IACJ;AAGA,eAAW,QAAQ,mBAAmB;AAClC,UAAI,KAAK,eAAe,UAAa,KAAK,cAAc,UAAa,KAAK,gBAAgB,QAAW;AACjG,aAAK,YAAY,IAAI;AAAA,MACzB,OAAO;AACH,aAAK,YAAY,IAAwC;AAAA,MAC7D;AAAA,IACJ;AAEA,QAAI,KAAK,gBAAgB;AACrB,iBAAW,YAAY,KAAK,gBAAgB;AACxC,eAAO,SAAS,MAAM,IAAI;AAAA,MAC9B;AAAA,IACJ;AAIA,QAAI,KAAK,WAAW,QAAW;AAC3B,YAAM,KAAK;AAAA,IACf;AAAA,EACJ;AAAA;AAAA,EAGA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,qBAAqB,QAAW;AACrC,YAAM,IAAI,cAAc,iDAAiD;AAAA,IAC7E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA,EAGA,IAAI,yBAA0C;AAC1C,QAAI,KAAK,oBAAoB,QAAW;AACpC,YAAM,IAAI,cAAc,gDAAgD;AAAA,IAC5E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,SAAS;AACT,WAAO;AAAA,MACH,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,UAAU,KAAK,cAAc,KAAK;AAAA,IACtC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,YAAY,MAAqB;AACvC,UAAM,EAAE,QAAQ,YAAY,WAAW,aAAa,kBAAkB,IAAI;AAE1E,QAAI,cAAc,UAAa,gBAAgB,UAAa,CAAC,cAAc,IAAI,WAAW,GAAG;AACzF,YAAM,IAAI;AAAA,QACN,+DAA+D,WAAW;AAAA,QAC1E,OAAO;AAAA,MACX;AAAA,IACJ;AAEA,QAAI,WAAW,UAAa,WAAW,KAAK,QAAQ;AAChD;AAAA,IACJ;AAEA,UAAM,MAAM,oBAAoB,uBAAuB,OAAO,iBAAiB,IAAI;AAEnF,QAAI,eAAe,QAAW;AAC1B,WAAK,aAAa,aAAwC;AACtD,aAAK,qBAAqB;AAC1B,mBAAWA,aAAY,KAAK,MAAM;AAC9B,iBAAO,KAAK,wBAAwBA,WAAU,IAAI;AAAA,QACtD;AAAA,MACJ,CAAC;AACD;AAAA,IACJ;AAEA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,QAAI,UAAU;AACV,WAAK,aAAa,WAAuC;AACrD,aAAK,qBAAqB;AAC1B,eAAO,KAAK,wBAAwB,UAAU,IAAI;AAAA,MACtD,CAAC;AAAA,IACL;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,YAAY,MAAwC;AAC1D,UAAM,EAAE,QAAQ,YAAY,WAAW,YAAY,IAAI;AAEvD,QAAI,WAAW,UAAa,KAAK,WAAW,QAAQ;AAChD,WAAK,UAAU,MAAM,OAAO,eAAe;AAC3C;AAAA,IACJ;AAGA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,UAAM,UAAU,WAAW,SAAS;AACpC,UAAM,YAAY,SAAS,KAAK,WAAW,WAAW;AACtD,QAAI;AACJ,QAAI,cAAc,QAAW;AAIzB,YAAM,YAAY,KAAK,KAAK,OACvB,OAAO,KAAK,WAAW,CAAC,WAAW,OAAO,CAAC,GAC1C,OAAO,KAAK,aAAa,CAAC,WAAW,SAAS,CAAC;AAErD,UAAI,WAAW;AAGX,iBAAS,cAAc,SAA2B,EAAE;AAAA,MACxD,OAAO;AAEH,iBAAS;AAAA,MACb;AAAA,IACJ,OAAO;AACH,eAAS,UAAU;AAAA,IACvB;AAEA,QAAI,eAAe,KAAK,OAAO,GAAG;AAG9B,YAAM,WAAmC;AAAA,QACrC,GAAI,SAAS,YAAY;AAAA,UACrB,MAAM,cAAc;AAAA,UACpB,UAAU;AAAA,UACV,SAAS;AAAA,QACb;AAAA,QACA,cAAc,KAAK,QAAQ;AAAA,MAC/B;AAEA,YAAM,aAAa,KAAK,QAAQ,YAAY,OAAO,WAAW,QAAQ;AAEtE,cAAQ,YAAY;AAAA,QAChB,KAAK,cAAc,UAAU;AACzB;AAAA,QAEJ,KAAK,cAAc,UAAU;AACzB,eAAK,UAAU,MAAM,OAAO,iBAAiB;AAC7C;AAAA,QAEJ,KAAK,cAAc,UAAU;AACzB,eAAK,UAAU,MAAM,OAAO,gBAAgB;AAC5C;AAAA,QAEJ;AACI,gBAAM,IAAI,cAAc,mCAAmC,UAAU,EAAE;AAAA,MAC/E;AAAA,IACJ;AAEA,QAAI,aAAa,QAAW;AACxB,WAAK,UAAU,MAAM,OAAO,mBAAmB;AAC/C;AAAA,IACJ;AACA,QAAI,YAAY,QAAW;AACvB,WAAK,UAAU,MAAM,OAAO,kBAAkB;AAC9C;AAAA,IACJ;AACA,QAAI,cAAc,UAAa,CAAC,QAAQ,KAAK,WAAW,UAAU,EAAE,GAAG;AACnE,WAAK,UAAU,MAAM,OAAO,oBAAoB;AAChD;AAAA,IACJ;AACA,QAAI,CAAC,OAAO,UAAU;AAClB,WAAK,UAAU,MAAM,OAAO,eAAe;AAC3C;AAAA,IACJ;AAGA,UAAM,cAAc,KAAK,YAAY,KAAK,UAAU,IAAI,KAAK,SAAS;AACtE,QAAI,gBAAgB,UAAa,gBAAgB,QAAQ,SAAS;AAC9D,WAAK;AACL;AAAA,IACJ;AAGA,SAAK,aAAa,aAAa;AAE3B,UAAI,KAAK,qBAAqB,UAAU;AACpC,YAAI,KAAK,QAAQ;AACb,gBAAM,KAAK;AACX,eAAK,SAAS;AAAA,QAClB;AACA,aAAK,mBAAmB;AACxB,aAAK,kBAAkB;AACvB,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD,WAAW,KAAK,oBAAoB,SAAS;AACzC,aAAK,kBAAkB;AACvB,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD,WAAW,KAAK,kBAAkB,QAAW;AACzC,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD;AAEA,YAAM,QAAQ,KAAK,cAAc,WAAW;AAC5C,YAAM,UAAU,QAAQ;AACxB,aAAO;AAAA,QACH,MAAM,qBAAqB,KAAK,KAAK,YAAY,IAAI,CAAC,IAAI,WAAW,KAAK,KAAK,CAAC,aAAa,OAAO;AAAA,MACxG;AAEA,WAAK,UAAU,MAAM,OAAO,SAAS,KAAK,gBAAgB,KAAK,WAAW,WAAW,EAAG,GAAG;AAAA,IAC/F,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,CAAW,wBAAwB,UAA4B,MAAqB;AAChF,QAAI,SAAS,oBAAoB,KAAK,oBAAoB;AACtD;AAAA,IACJ;AAEA,QAAI,KAAK,qBAAqB,UAAU;AACpC,UAAI,KAAK,QAAQ;AACb,cAAM,KAAK;AACX,aAAK,SAAS;AAAA,MAClB;AACA,WAAK,mBAAmB;AACxB,WAAK,kBAAkB;AAAA,IAC3B;AAEA,UAAM,EAAE,UAAU,IAAI;AACtB,QAAI,cAAc,QAAW;AACzB,iBAAW,WAAW,UAAU;AAC5B,aAAK,uBAAuB,SAAS,IAAI;AAAA,MAC7C;AAAA,IACJ,OAAO;AACH,YAAM,UAAU,SAAS,SAAS;AAClC,UAAI,YAAY,QAAW;AACvB,aAAK,uBAAuB,SAAS,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASU,uBAAuB,SAA0B,MAAqB;AAC5E,QAAI,QAAQ,KAAK,oBAAoB,KAAK,oBAAoB;AAC1D;AAAA,IACJ;AAEA,QAAI,KAAK,oBAAoB,SAAS;AAClC,WAAK,kBAAkB;AACvB,WAAK,gBAAgB;AAAA,IACzB;AAEA,UAAM,EAAE,YAAY,IAAI;AACxB,UAAM,cAAc,KAAK,YAAY,KAAK,wBAAwB,EAAE,IAAI,QAAQ,KAAK,EAAE;AACvF,UAAM,oBAAoB,gBAAgB,UAAa,gBAAgB,QAAQ;AAE/E,QAAI,gBAAgB,QAAW;AAC3B,UAAI,mBAAmB;AACnB,mBAAW,aAAa,QAAQ,KAAK,YAAY;AAC7C,cAAI,UAAU,OAAO,UAAU;AAC3B,iBAAK;AAAA,UACT;AAAA,QACJ;AACA;AAAA,MACJ;AACA,iBAAW,aAAa,QAAQ,KAAK,YAAY;AAC7C,aAAK,yBAAyB,WAAW,IAAI;AAAA,MACjD;AAAA,IACJ,OAAO;AACH,UAAI,mBAAmB;AACnB,aAAK;AACL;AAAA,MACJ;AACA,YAAM,YAAY,QAAQ,KAAK,WAAW,WAAW;AACrD,UAAI,cAAc,QAAW;AACzB,aAAK,yBAAyB,WAAW,IAAI;AAAA,MACjD;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOU,yBAAyB,WAAkC,MAAqB;AACtF,QAAI,CAAC,KAAK,uBAAuB,KAAK,WAAW,UAAU,EAAE,GAAG;AAC5D;AAAA,IACJ;AAEA,QAAI,UAAU,oBAAoB,KAAK,oBAAoB;AACvD;AAAA,IACJ;AAEA,QACI,CAAC,UAAU,OAAO,YACjB,eAAe,KAAK,OAAO,KACxB,KAAK,QAAQ,YAAY,UAAU,OAAO,WAAW,KAAK,uBAAuB,QAAQ,MACrF,cAAc,UAAU,SAClC;AACE;AAAA,IACJ;AAEA,QAAI,KAAK,kBAAkB,QAAW;AAClC,WAAK,gBAAgB,KAAK,uBAAuB,UAAU,KAAK,OAAO;AAAA,IAC3E;AACA,UAAM,QAAQ,KAAK,cAAc,UAAU,EAAE;AAC7C,QAAI,UAAU,QAAW;AAErB,aAAO,KAAK,aAAa,KAAK,KAAK,YAAY,IAAI,CAAC,wCAAwC;AAC5F;AAAA,IACJ;AAEA,SAAK;AAAA,MACD;AAAA,QACI,GAAG;AAAA,QACH,YAAY,KAAK,wBAAwB;AAAA,QACzC,WAAW,KAAK,uBAAuB,KAAK;AAAA,QAC5C,aAAa,UAAU;AAAA,MAC3B;AAAA,MACA,KAAK,cAAc,UAAU,EAAE;AAAA,MAC/B,KAAK,uBAAuB;AAAA,MAC5B,UAAU;AAAA,IACd;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,UAAuE;AAChF,QAAI,KAAK,gBAAgB;AACrB,WAAK,eAAe,KAAK,QAAQ;AAAA,IACrC,OAAO;AACH,WAAK,iBAAiB,CAAC,QAAQ;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,eAAe,QAA2B;AACtC,QAAI,KAAK,QAAQ;AACb,WAAK,OAAO,KAAK,MAAM;AAAA,IAC3B,OAAO;AACH,WAAK,SAAS,CAAC,MAAM;AAAA,IACzB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,UAAU,MAAwC,QAAgB;AACxE,WAAO;AAAA,MACH,MAAM,2BAA2B,KAAK,KAAK,YAAY,IAAI,CAAC,YAAY,WAAW,MAAM,CAAC,IAAI,MAAM;AAAA,IACxG;AAEA,UAAM,SAAqC;AAAA,MACvC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACJ;AAEA,SAAK,eAAe,MAAM;AAC1B,SAAK;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,MAAwC,OAAgB,SAAiB,KAAyB;AACxG,UAAM,SAAoC;AAAA,MACtC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAEA,SAAK,eAAe,MAAM;AAC1B,SAAK;AAAA,EACT;AACJ;",
|
|
5
5
|
"names": ["endpoint"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttributeWriteResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeWriteResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAqC,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EASH,SAAS,EACZ,MAAM,QAAQ,CAAC;AAKhB;;;;GAIG;AACH,qBAAa,sBAAsB,CAC/B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAahB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK3C,OAAO,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;IA0CtF,IAAI,MAAM;;;;MAMT;
|
|
1
|
+
{"version":3,"file":"AttributeWriteResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeWriteResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAqC,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EASH,SAAS,EACZ,MAAM,QAAQ,CAAC;AAKhB;;;;GAIG;AACH,qBAAa,sBAAsB,CAC/B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAahB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK3C,OAAO,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;IA0CtF,IAAI,MAAM;;;;MAMT;cAsRe,UAAU,CACtB,SAAS,EAAE,qBAAqB,EAChC,IAAI,EAAE,WAAW,CAAC,qBAAqB,EACvC,KAAK,EAAE,SAAS;CAqEvB"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { AccessControl } from "#action/server/AccessControl.js";
|
|
6
|
+
import { AccessControl, hasRemoteActor } from "#action/server/AccessControl.js";
|
|
7
7
|
import { DataResponse, FallbackLimits } from "#action/server/DataResponse.js";
|
|
8
8
|
import { Diagnostic, InternalError, Logger } from "#general";
|
|
9
9
|
import { DataModelPath, ElementTag, FabricIndex as FabricIndexField } from "#model";
|
|
@@ -141,24 +141,26 @@ class AttributeWriteResponse extends DataResponse {
|
|
|
141
141
|
} else {
|
|
142
142
|
limits = attribute.limits;
|
|
143
143
|
}
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
144
|
+
if (hasRemoteActor(this.session)) {
|
|
145
|
+
const location = {
|
|
146
|
+
...cluster?.location ?? {
|
|
147
|
+
path: DataModelPath.none,
|
|
148
|
+
endpoint: endpointId,
|
|
149
|
+
cluster: clusterId
|
|
150
|
+
},
|
|
151
|
+
owningFabric: this.session.fabric
|
|
152
|
+
};
|
|
153
|
+
const permission = this.session.authorityAt(limits.writeLevel, location);
|
|
154
|
+
switch (permission) {
|
|
155
|
+
case AccessControl.Authority.Granted:
|
|
156
|
+
break;
|
|
157
|
+
case AccessControl.Authority.Unauthorized:
|
|
158
|
+
return this.#asStatus(path, Status.UnsupportedAccess);
|
|
159
|
+
case AccessControl.Authority.Restricted:
|
|
160
|
+
return this.#asStatus(path, Status.AccessRestricted);
|
|
161
|
+
default:
|
|
162
|
+
throw new InternalError(`Unsupported authorization state ${permission}`);
|
|
163
|
+
}
|
|
162
164
|
}
|
|
163
165
|
if (endpoint === void 0) {
|
|
164
166
|
return this.#asStatus(path, Status.UnsupportedEndpoint);
|
|
@@ -173,13 +175,15 @@ class AttributeWriteResponse extends DataResponse {
|
|
|
173
175
|
this.#errorCount++;
|
|
174
176
|
return this.#asStatus(path, Status.UnsupportedWrite);
|
|
175
177
|
}
|
|
176
|
-
if (
|
|
177
|
-
this
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
this
|
|
182
|
-
|
|
178
|
+
if (hasRemoteActor(this.session)) {
|
|
179
|
+
if (limits.timed && !this.session.timed) {
|
|
180
|
+
this.#errorCount++;
|
|
181
|
+
return this.#asStatus(path, Status.NeedsTimedInteraction);
|
|
182
|
+
}
|
|
183
|
+
if (limits.fabricScoped && !this.session.fabric) {
|
|
184
|
+
this.#errorCount++;
|
|
185
|
+
return this.#asStatus(path, Status.UnsupportedAccess);
|
|
186
|
+
}
|
|
183
187
|
}
|
|
184
188
|
if (version !== void 0 && version !== cluster.version) {
|
|
185
189
|
this.#errorCount++;
|
|
@@ -248,9 +252,17 @@ class AttributeWriteResponse extends DataResponse {
|
|
|
248
252
|
if (!this.#guardedCurrentCluster.type.attributes[attribute.id]) {
|
|
249
253
|
return;
|
|
250
254
|
}
|
|
251
|
-
if (!attribute.limits.writable
|
|
255
|
+
if (!attribute.limits.writable) {
|
|
252
256
|
return;
|
|
253
257
|
}
|
|
258
|
+
if (hasRemoteActor(this.session)) {
|
|
259
|
+
if (this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== AccessControl.Authority.Granted) {
|
|
260
|
+
return;
|
|
261
|
+
}
|
|
262
|
+
if (attribute.limits.timed && !this.session.timed) {
|
|
263
|
+
return;
|
|
264
|
+
}
|
|
265
|
+
}
|
|
254
266
|
return this.writeValue(
|
|
255
267
|
attribute,
|
|
256
268
|
{
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AttributeWriteResponse.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,SAAS,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,SAAS,eAAe,sBAAsB;AAC9C,SAAS,cAAc,sBAAsB;AAC7C,SAAS,YAAY,eAAe,cAAc;AAClD,SAAyB,eAAe,YAAY,eAAe,wBAAwB;AAC3F;AAAA,EACI;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAGG;AACP,SAAS,eAAe;AAExB,MAAM,SAAS,OAAO,IAAI,wBAAwB;AAO3C,MAAM,+BAEH,aAAuB;AAAA,EAC7B;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,cAAc;AAAA,EAEd,YAAY,MAAoB,SAAmB;AAC/C,UAAM,MAAM,OAAO;AACnB,SAAK,eAAe,QAAQ,UAAU,YAAY;AAAA,EACtD;AAAA,EAEA,MAAM,QAAyB,EAAE,eAAe,iBAAiB,GAAsB;AACnF,UAAM,iBAAiB,IAAI,MAAmC;AAC9D,eAAW,EAAE,MAAM,MAAM,YAAY,KAAK,eAAe;AACrD,UAAI,KAAK,eAAe,UAAa,KAAK,cAAc,UAAa,KAAK,gBAAgB,QAAW;AAEjG,cAAM,YAAY,MAAM,KAAK,iBAAiB,MAAM,IAAI;AACxD,YAAI,cAAc,QAAW;AACzB,yBAAe,KAAK,GAAG,SAAS;AAAA,QACpC;AAAA,MACJ,OAAO;AACH,YAAI,QAAQ,QAAQ,KAAK,QAAQ,OAAO,GAAG;AAEvC,gBAAM,IAAI,oBAAoB,0CAA0C,WAAW,aAAa;AAAA,QACpG;AACA,uBAAe;AAAA,UACX,MAAM,KAAK,eAAe,MAA2C,MAAM,WAAW;AAAA,QAC1F;AAAA,MACJ;AAAA,IACJ;AAEA,QAAI,CAAC,kBAAkB;AACnB,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA,EAGA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,qBAAqB,QAAW;AACrC,YAAM,IAAI,cAAc,iDAAiD;AAAA,IAC7E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA,EAGA,IAAI,yBAA0C;AAC1C,QAAI,KAAK,oBAAoB,QAAW;AACpC,YAAM,IAAI,cAAc,gDAAgD;AAAA,IAC5E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,SAAS;AACT,WAAO;AAAA,MACH,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,UAAU,KAAK,gBAAgB,KAAK;AAAA,IACxC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,MAAqB,OAAkB;AAC1D,UAAM,EAAE,QAAQ,WAAW,IAAI;AAE/B,QAAI,WAAW,UAAa,WAAW,KAAK,QAAQ;AAChD;AAAA,IACJ;AAEA,UAAM,cAAc,QAAQ,QAAQ,KAAK,QAAQ,OAAO;AACxD,QAAI,eAAe,QAAW;AAC1B,UAAI;AACJ,UAAI,aAAa;AACb,YAAI,KAAK,QAAQ,QAAQ,WAAW,QAAQ;AACxC,2BAAiB,KAAK,QAAQ,QAAQ;AAAA,QAC1C,OAAO;AAEH,iBAAO,MAAM,gCAAgC,KAAK,QAAQ,QAAQ,EAAE,4BAA4B;AAChG;AAAA,QACJ;AAAA,MACJ;AAEA,YAAM,YAAY,IAAI,MAAmC;AACzD,iBAAWA,aAAY,KAAK,MAAM;AAC9B,YAAI,mBAAmB,UAAa,CAAC,eAAe,SAASA,UAAS,EAAE,GAAG;AAEvE;AAAA,QACJ;AACA,cAAM,WAAW,MAAM,KAAK,0BAA0BA,WAAU,MAAM,KAAK;AAC3E,YAAI,aAAa,QAAW;AACxB,oBAAU,KAAK,QAAQ;AAAA,QAC3B;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAEA,QAAI,aAAa;AACb,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,QAAI,UAAU;AACV,YAAM,WAAW,MAAM,KAAK,0BAA0B,UAAU,MAAM,KAAK;AAC3E,UAAI,aAAa,QAAW;AACxB,eAAO,CAAC,QAAQ;AAAA,MACpB;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,MAAyC,OAAkB,SAAkB;AAC9F,UAAM,EAAE,QAAQ,YAAY,WAAW,YAAY,IAAI;AAEvD,QAAI,WAAW,UAAa,KAAK,WAAW,QAAQ;AAChD,aAAO,KAAK,UAAU,MAAM,OAAO,eAAe;AAAA,IACtD;AAGA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,UAAM,UAAU,WAAW,SAAS;AACpC,UAAM,YAAY,SAAS,KAAK,WAAW,WAAW;AACtD,QAAI;AACJ,QAAI,cAAc,QAAW;AAIzB,YAAM,YAAY,KAAK,KAAK,OACvB,OAAO,KAAK,WAAW,CAAC,WAAW,OAAO,CAAC,GAC1C,OAAO,KAAK,aAAa,CAAC,WAAW,SAAS,CAAC;AAErD,UAAI,WAAW;AAGX,iBAAS,cAAc,SAA2B,EAAE;AAAA,MACxD,OAAO;AAEH,iBAAS;AAAA,MACb;AAAA,IACJ,OAAO;AACH,eAAS,UAAU;AAAA,IACvB;AAEA,QAAI,eAAe,KAAK,OAAO,GAAG;AAG9B,YAAM,WAAW;AAAA,QACb,GAAI,SAAS,YAAY;AAAA,UACrB,MAAM,cAAc;AAAA,UACpB,UAAU;AAAA,UACV,SAAS;AAAA,QACb;AAAA,QACA,cAAc,KAAK,QAAQ;AAAA,MAC/B;AAEA,YAAM,aAAa,KAAK,QAAQ,YAAY,OAAO,YAAY,QAAQ;AACvE,cAAQ,YAAY;AAAA,QAChB,KAAK,cAAc,UAAU;AACzB;AAAA,QAEJ,KAAK,cAAc,UAAU;AACzB,iBAAO,KAAK,UAAU,MAAM,OAAO,iBAAiB;AAAA,QAExD,KAAK,cAAc,UAAU;AACzB,iBAAO,KAAK,UAAU,MAAM,OAAO,gBAAgB;AAAA,QAEvD;AACI,gBAAM,IAAI,cAAc,mCAAmC,UAAU,EAAE;AAAA,MAC/E;AAAA,IACJ;AAEA,QAAI,aAAa,QAAW;AACxB,aAAO,KAAK,UAAU,MAAM,OAAO,mBAAmB;AAAA,IAC1D;AACA,QAAI,YAAY,QAAW;AACvB,aAAO,KAAK,UAAU,MAAM,OAAO,kBAAkB;AAAA,IACzD;AACA,QAAI,cAAc,UAAa,CAAC,QAAQ,KAAK,WAAW,UAAU,EAAE,GAAG;AACnE,aAAO,KAAK,UAAU,MAAM,OAAO,oBAAoB;AAAA,IAC3D;AAEA,QAAI,CAAC,OAAO,UAAU;AAClB,WAAK;AACL,aAAO,KAAK,UAAU,MAAM,OAAO,gBAAgB;AAAA,IACvD;AAMA,QAAI,eAAe,KAAK,OAAO,GAAG;AAC9B,UAAI,OAAO,SAAS,CAAC,KAAK,QAAQ,OAAO;AACrC,aAAK;AACL,eAAO,KAAK,UAAU,MAAM,OAAO,qBAAqB;AAAA,MAC5D;AACA,UAAI,OAAO,gBAAgB,CAAC,KAAK,QAAQ,QAAQ;AAC7C,aAAK;AACL,eAAO,KAAK,UAAU,MAAM,OAAO,iBAAiB;AAAA,MACxD;AAAA,IACJ;AAEA,QAAI,YAAY,UAAa,YAAY,QAAQ,SAAS;AACtD,WAAK;AACL,aAAO,KAAK,UAAU,MAAM,OAAO,mBAAmB;AAAA,IAC1D;AAGA,QAAI,KAAK,qBAAqB,UAAU;AACpC,WAAK,mBAAmB;AACxB,WAAK,kBAAkB;AAAA,IAC3B,WAAW,KAAK,oBAAoB,SAAS;AACzC,WAAK,kBAAkB;AAAA,IAC3B;AAEA,WAAO,MAAM,KAAK,WAAW,WAAW,MAAM,KAAK;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,0BAA0B,UAA4B,MAAqB,OAAkB;AACzF,UAAM,EAAE,WAAW,YAAY,IAAI;AACnC,QAAI,cAAc,UAAa,gBAAgB,QAAW;AACtD,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,KAAK,qBAAqB,UAAU;AACpC,WAAK,mBAAmB;AACxB,WAAK,kBAAkB;AAAA,IAC3B;AAEA,UAAM,UAAU,SAAS,SAAS;AAClC,QAAI,YAAY,QAAW;AACvB,aAAO,KAAK,yBAAyB,SAAS,MAAM,KAAK;AAAA,IAC7D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,yBAAyB,SAA0B,MAAqB,OAAkB;AACtF,QAAI,KAAK,oBAAoB,SAAS;AAClC,WAAK,kBAAkB;AAAA,IAC3B;AACA,UAAM,EAAE,YAAY,IAAI;AAExB,QAAI,gBAAgB,QAAW;AAC3B,YAAM,IAAI,oBAAoB,mDAAmD,WAAW,aAAa;AAAA,IAC7G,OAAO;AACH,YAAM,YAAY,QAAQ,KAAK,WAAW,WAAW;AACrD,UAAI,cAAc,QAAW;AACzB,eAAO,KAAK,2BAA2B,WAAW,MAAM,KAAK;AAAA,MACjE;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,2BAA2B,WAAkC,MAAqB,OAAkB;AAChG,QAAI,CAAC,KAAK,uBAAuB,KAAK,WAAW,UAAU,EAAE,GAAG;AAC5D;AAAA,IACJ;AAEA,QAAI,CAAC,UAAU,OAAO,UAAU;AAC5B;AAAA,IACJ;AAEA,QAAI,eAAe,KAAK,OAAO,GAAG;AAC9B,UACI,KAAK,QAAQ,YAAY,UAAU,OAAO,WAAW,KAAK,uBAAuB,QAAQ,MACzF,cAAc,UAAU,SAC1B;AACE;AAAA,MACJ;AAEA,UAAI,UAAU,OAAO,SAAS,CAAC,KAAK,QAAQ,OAAO;AAC/C;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,KAAK;AAAA,MACR;AAAA,MACA;AAAA,QACI,GAAG;AAAA,QACH,YAAY,KAAK,wBAAwB;AAAA,QACzC,WAAW,KAAK,uBAAuB,KAAK;AAAA,QAC5C,aAAa,UAAU;AAAA,MAC3B;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,MAAyC,QAAgB,eAAwB;AACvF,QAAI,WAAW,OAAO,SAAS;AAC3B,aAAO;AAAA,QACH,MACI,2BAA2B,KAAK,KAAK,YAAY,IAAI,CAAC,YAAY,WAAW,MAAM,CAAC,IAAI,MAAM,oBAAoB,aAAa;AAAA,MACvI;AAAA,IACJ;AAEA,UAAM,SAAsC;AAAA,MACxC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAEA,QAAI,WAAW,OAAO,SAAS;AAC3B,WAAK;AAAA,IACT;AACA,WAAO;AAAA,EACX;AAAA,EAEA,MAAgB,WACZ,WACA,MACA,OACF;AACE,UAAM,EAAE,aAAa,UAAU,IAAI;AAEnC,QAAI,cAAc,UAAa,cAAc,MAAM;AAC/C,YAAM,IAAI;AAAA,QACN,kDAAkD,SAAS;AAAA,QAC3D,OAAO;AAAA,MACX;AAAA,IACJ;AAEA,UAAM,eAAe,KAAK;AAC1B,SAAK,kCAAkC;AAEvC,QAAI;AACA,YAAM,EAAE,IAAI,IAAI;AAChB,UAAI,cAAc,QAAW;AACzB,cAAM,UAAU,KAAK,kBAAkB,KAAK,KAAK;AAGjD,eAAO,MAAM,MAAM,qBAAqB,KAAK,KAAK,YAAY,IAAI,CAAC,IAAI,WAAW,KAAK,OAAO,CAAC,EAAE;AACjG,cAAM,aAAa,MAAM,KAAK,uBAAuB,aAAa,KAAK,OAAO;AAC9E,mBAAW,WAAW,IAAI;AAC1B,cAAM,KAAK,QAAQ,aAAa,OAAO;AAAA,MAC3C,WAAW,cAAc,MAAM;AAC3B,YACI,cAAc,eAAe,KAAK,cAClC,cAAc,cAAc,KAAK,aACjC,cAAc,gBAAgB,KAAK,aACrC;AAEE,gBAAM,IAAI,oBAAoB,uDAAuD,OAAO,IAAI;AAAA,QACpG;AAEA,YAAI,EAAE,eAAe,cAAc;AAC/B,gBAAM,IAAI;AAAA,YACN,kDAAkD,SAAS;AAAA,YAC3D,OAAO;AAAA,UACX;AAAA,QACJ;AACA,cAAM,aAAa,MAAM,KAAK,uBAAuB,aAAa,KAAK,OAAO;AAC9E,cAAM,UAAU,KAAK,kBAAkB,IAAI,eAAe,KAAK;AAC/D,eAAO;AAAA,UACH,MAAM,2BAA2B,KAAK,KAAK,YAAY,IAAI,CAAC,WAAW,WAAW,KAAK,OAAO,CAAC;AAAA,QACnG;AACA,QAAC,WAAW,WAAW,EAAY,KAAK,OAAO;AAC/C,cAAM,KAAK,QAAQ,aAAa,OAAO;AAAA,MAC3C;AAAA,IACJ,SAAS,OAAO;AACZ,YAAM,KAAK,QAAQ,aAAa,SAAS;AACzC,UAAI,oBAAoB,GAAG,KAAK,GAAG;AAC/B,aAAK;AACL,eAAO,KAAK,UAAU,MAAM,MAAM,MAAM,MAAM,WAAW;AAAA,MAC7D;AACA,YAAM;AAAA,IACV;AAEA,SAAK;AACL,WAAO,KAAK,UAAU,MAAM,OAAO,OAAO;AAAA,EAC9C;AAAA,EAEA,kBAAkB,KAAqB,OAAkB;AACrD,WAAO,IAAI;AAAA,MACP,IAAI,UAAU,KAAK;AAAA,MACX,iBAAiB;AAAA,MACzB,KAAK;AAAA,MACL,MAAM;AAAA;AAAA,IACV;AAAA,EACJ;AACJ;",
|
|
5
5
|
"names": ["endpoint"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CommandInvokeResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/CommandInvokeResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAA+D,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACjH,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAkB9E;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK1C,OAAO,CAAC,CAAC,SAAS,MAAM,EAAE,EAAE,cAAc,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,YAAY;IA8CvF,IAAI,MAAM;;;;MAMT;
|
|
1
|
+
{"version":3,"file":"CommandInvokeResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/CommandInvokeResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAA+D,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACjH,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAkB9E;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK1C,OAAO,CAAC,CAAC,SAAS,MAAM,EAAE,EAAE,cAAc,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,YAAY;IA8CvF,IAAI,MAAM;;;;MAMT;CAsVJ"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { AccessControl } from "#action/server/AccessControl.js";
|
|
6
|
+
import { AccessControl, hasRemoteActor } from "#action/server/AccessControl.js";
|
|
7
7
|
import { DataResponse, FallbackLimits } from "#action/server/DataResponse.js";
|
|
8
8
|
import { Diagnostic, InternalError, Logger } from "#general";
|
|
9
9
|
import { DataModelPath, ElementTag, FabricIndex as FabricIndexField } from "#model";
|
|
@@ -162,16 +162,18 @@ class CommandInvokeResponse extends DataResponse {
|
|
|
162
162
|
},
|
|
163
163
|
owningFabric: this.session.fabric
|
|
164
164
|
};
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
165
|
+
if (hasRemoteActor(this.session)) {
|
|
166
|
+
const permission = this.session.authorityAt(limits.writeLevel, location);
|
|
167
|
+
switch (permission) {
|
|
168
|
+
case AccessControl.Authority.Granted:
|
|
169
|
+
break;
|
|
170
|
+
case AccessControl.Authority.Unauthorized:
|
|
171
|
+
return this.#addStatus(path, commandRef, Status.UnsupportedAccess);
|
|
172
|
+
case AccessControl.Authority.Restricted:
|
|
173
|
+
return this.#addStatus(path, commandRef, Status.AccessRestricted);
|
|
174
|
+
default:
|
|
175
|
+
throw new InternalError(`Unsupported authorization state ${permission}`);
|
|
176
|
+
}
|
|
175
177
|
}
|
|
176
178
|
if (endpoint === void 0) {
|
|
177
179
|
return this.#addStatus(path, commandRef, Status.UnsupportedEndpoint);
|
|
@@ -182,13 +184,15 @@ class CommandInvokeResponse extends DataResponse {
|
|
|
182
184
|
if (command === void 0 || !cluster.type.commands[command.id]) {
|
|
183
185
|
return this.#addStatus(path, commandRef, Status.UnsupportedCommand);
|
|
184
186
|
}
|
|
185
|
-
if (
|
|
186
|
-
this
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
this
|
|
191
|
-
|
|
187
|
+
if (hasRemoteActor(this.session)) {
|
|
188
|
+
if (limits.fabricScoped && !this.session.fabric) {
|
|
189
|
+
this.#errorCount++;
|
|
190
|
+
return this.#addStatus(path, commandRef, Status.UnsupportedAccess);
|
|
191
|
+
}
|
|
192
|
+
if (limits.timed && !this.session.timed) {
|
|
193
|
+
this.#errorCount++;
|
|
194
|
+
return this.#addStatus(path, commandRef, Status.NeedsTimedInteraction);
|
|
195
|
+
}
|
|
192
196
|
}
|
|
193
197
|
this.#addInvoker(async function* invokeConcretePath() {
|
|
194
198
|
if (this.#currentEndpoint !== endpoint) {
|
|
@@ -223,8 +227,13 @@ class CommandInvokeResponse extends DataResponse {
|
|
|
223
227
|
const { commandId } = path;
|
|
224
228
|
const command = cluster.type.commands[commandId];
|
|
225
229
|
if (command !== void 0) {
|
|
226
|
-
if (
|
|
227
|
-
|
|
230
|
+
if (hasRemoteActor(this.session)) {
|
|
231
|
+
if (this.session.authorityAt(command.limits.writeLevel, cluster.location) !== AccessControl.Authority.Granted) {
|
|
232
|
+
return;
|
|
233
|
+
}
|
|
234
|
+
if (command.limits.timed && !this.session.timed) {
|
|
235
|
+
return;
|
|
236
|
+
}
|
|
228
237
|
}
|
|
229
238
|
await this.#invokeCommand(
|
|
230
239
|
command,
|