@matter/protocol 0.16.0-alpha.0-20250906-463912bd0 → 0.16.0-alpha.0-20250912-0d12bf718
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/action/Interactable.d.ts +2 -2
- package/dist/cjs/action/Interactable.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.d.ts +43 -15
- package/dist/cjs/action/server/AccessControl.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.js +47 -36
- package/dist/cjs/action/server/AccessControl.js.map +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.js +24 -22
- package/dist/cjs/action/server/AttributeReadResponse.js.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.js +38 -26
- package/dist/cjs/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.js +28 -19
- package/dist/cjs/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/cjs/action/server/EventReadResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/EventReadResponse.js +22 -20
- package/dist/cjs/action/server/EventReadResponse.js.map +1 -1
- package/dist/cjs/fabric/Fabric.d.ts +1 -1
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +4 -4
- package/dist/cjs/fabric/Fabric.js.map +1 -1
- package/dist/cjs/interaction/FabricAccessControl.d.ts +2 -2
- package/dist/cjs/interaction/FabricAccessControl.d.ts.map +1 -1
- package/dist/cjs/interaction/FabricAccessControl.js +0 -6
- package/dist/cjs/interaction/FabricAccessControl.js.map +1 -1
- package/dist/cjs/interaction/InteractionClient.d.ts +3 -4
- package/dist/cjs/interaction/InteractionClient.d.ts.map +1 -1
- package/dist/cjs/interaction/InteractionClient.js +3 -4
- package/dist/cjs/interaction/InteractionClient.js.map +1 -1
- package/dist/cjs/peer/PeerSet.d.ts +10 -3
- package/dist/cjs/peer/PeerSet.d.ts.map +1 -1
- package/dist/cjs/peer/PeerSet.js +32 -28
- package/dist/cjs/peer/PeerSet.js.map +1 -1
- package/dist/cjs/session/case/CaseClient.d.ts +8 -2
- package/dist/cjs/session/case/CaseClient.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseClient.js +9 -8
- package/dist/cjs/session/case/CaseClient.js.map +2 -2
- package/dist/esm/action/Interactable.d.ts +2 -2
- package/dist/esm/action/Interactable.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.d.ts +43 -15
- package/dist/esm/action/server/AccessControl.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.js +48 -37
- package/dist/esm/action/server/AccessControl.js.map +1 -1
- package/dist/esm/action/server/AttributeReadResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeReadResponse.js +25 -23
- package/dist/esm/action/server/AttributeReadResponse.js.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.js +39 -27
- package/dist/esm/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.js +29 -20
- package/dist/esm/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/esm/action/server/EventReadResponse.d.ts.map +1 -1
- package/dist/esm/action/server/EventReadResponse.js +23 -21
- package/dist/esm/action/server/EventReadResponse.js.map +1 -1
- package/dist/esm/fabric/Fabric.d.ts +1 -1
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +4 -4
- package/dist/esm/fabric/Fabric.js.map +1 -1
- package/dist/esm/interaction/FabricAccessControl.d.ts +2 -2
- package/dist/esm/interaction/FabricAccessControl.d.ts.map +1 -1
- package/dist/esm/interaction/FabricAccessControl.js +0 -6
- package/dist/esm/interaction/FabricAccessControl.js.map +1 -1
- package/dist/esm/interaction/InteractionClient.d.ts +3 -4
- package/dist/esm/interaction/InteractionClient.d.ts.map +1 -1
- package/dist/esm/interaction/InteractionClient.js +3 -4
- package/dist/esm/interaction/InteractionClient.js.map +1 -1
- package/dist/esm/peer/PeerSet.d.ts +10 -3
- package/dist/esm/peer/PeerSet.d.ts.map +1 -1
- package/dist/esm/peer/PeerSet.js +32 -28
- package/dist/esm/peer/PeerSet.js.map +1 -1
- package/dist/esm/session/case/CaseClient.d.ts +8 -2
- package/dist/esm/session/case/CaseClient.d.ts.map +1 -1
- package/dist/esm/session/case/CaseClient.js +9 -8
- package/dist/esm/session/case/CaseClient.js.map +2 -2
- package/package.json +6 -6
- package/src/action/Interactable.ts +2 -2
- package/src/action/server/AccessControl.ts +90 -53
- package/src/action/server/AttributeReadResponse.ts +35 -29
- package/src/action/server/AttributeWriteResponse.ts +50 -38
- package/src/action/server/CommandInvokeResponse.ts +33 -24
- package/src/action/server/EventReadResponse.ts +25 -21
- package/src/fabric/Fabric.ts +4 -4
- package/src/interaction/FabricAccessControl.ts +2 -8
- package/src/interaction/InteractionClient.ts +5 -7
- package/src/peer/PeerSet.ts +41 -30
- package/src/session/case/CaseClient.ts +22 -7
|
@@ -6,6 +6,24 @@
|
|
|
6
6
|
import { AccessLevel, DataModelPath, Schema } from "#model";
|
|
7
7
|
import { ClusterId, EndpointNumber, FabricIndex } from "#types";
|
|
8
8
|
import { Subject } from "./Subject.js";
|
|
9
|
+
/**
|
|
10
|
+
* Confirm that an access control session (or some variante thereof) is a {@link AccessControl.RemoteActorSession}.
|
|
11
|
+
*/
|
|
12
|
+
export declare function hasRemoteActor<T extends undefined | AccessControl.Session>(session: T): session is Exclude<T, undefined | {
|
|
13
|
+
subject?: undefined;
|
|
14
|
+
}>;
|
|
15
|
+
/**
|
|
16
|
+
* Throws if a session is not a {@link AccessControl.RemoteActorSession}.
|
|
17
|
+
*/
|
|
18
|
+
export declare function assertRemoteActor<T extends undefined | AccessControl.Session>(session: T): asserts session is Exclude<T, undefined | {
|
|
19
|
+
subject?: undefined;
|
|
20
|
+
}>;
|
|
21
|
+
/**
|
|
22
|
+
* Confirm that an access control session (or some variante thereof) is a {@link AccessControl.LocalActorSession}.
|
|
23
|
+
*/
|
|
24
|
+
export declare function hasLocalActor<T extends undefined | AccessControl.Session>(session: T): session is Exclude<T, {
|
|
25
|
+
subject: Subject;
|
|
26
|
+
}>;
|
|
9
27
|
/**
|
|
10
28
|
* Enforces access control for a specific schema.
|
|
11
29
|
*/
|
|
@@ -63,12 +81,16 @@ export declare namespace AccessControl {
|
|
|
63
81
|
}
|
|
64
82
|
/**
|
|
65
83
|
* A function that asserts access control requirements are met.
|
|
84
|
+
*
|
|
85
|
+
* If {@link session} is undefined the function does not enforce access controls.
|
|
66
86
|
*/
|
|
67
|
-
type Assertion = (session: Session, location: Location) => void;
|
|
87
|
+
type Assertion = (session: Session | undefined, location: Location) => void;
|
|
68
88
|
/**
|
|
69
89
|
* A function that returns true if access control requirements are met.
|
|
90
|
+
*
|
|
91
|
+
* If {@link session} is undefined the function does not enforce access controls.
|
|
70
92
|
*/
|
|
71
|
-
type Verification = (session: Session, location: Location) => boolean;
|
|
93
|
+
type Verification = (session: Session | undefined, location: Location) => boolean;
|
|
72
94
|
/**
|
|
73
95
|
* Metadata that varies with position in the data model.
|
|
74
96
|
*/
|
|
@@ -92,22 +114,24 @@ export declare namespace AccessControl {
|
|
|
92
114
|
owningFabric?: FabricIndex;
|
|
93
115
|
}
|
|
94
116
|
/**
|
|
95
|
-
* Authorization metadata that varies
|
|
117
|
+
* Authorization metadata that varies by remote actor.
|
|
96
118
|
*/
|
|
97
|
-
interface
|
|
119
|
+
interface RemoteActorSession {
|
|
98
120
|
/**
|
|
99
121
|
* Determine whether authorized client has authority at a specific location.
|
|
100
122
|
*/
|
|
101
123
|
authorityAt(desiredAccessLevel: AccessLevel, location?: Location): Authority;
|
|
102
124
|
/**
|
|
103
125
|
* The fabric of the authorized client.
|
|
126
|
+
*
|
|
127
|
+
* For PASE sessions this will be {@link FabricIndex.NO_FABRIC}.
|
|
104
128
|
*/
|
|
105
|
-
readonly fabric
|
|
129
|
+
readonly fabric: FabricIndex;
|
|
106
130
|
/**
|
|
107
|
-
* The authenticated
|
|
108
|
-
*
|
|
131
|
+
* The authenticated remote actor. This includes the relevant Node Id, Group ID and also potential relevant Case
|
|
132
|
+
* Authenticated Tags.
|
|
109
133
|
*/
|
|
110
|
-
readonly subject
|
|
134
|
+
readonly subject: Subject;
|
|
111
135
|
/**
|
|
112
136
|
* If this is true, fabric-scoped lists are filtered to the accessing fabric.
|
|
113
137
|
*/
|
|
@@ -121,14 +145,18 @@ export declare namespace AccessControl {
|
|
|
121
145
|
* active.
|
|
122
146
|
*/
|
|
123
147
|
readonly command?: boolean;
|
|
124
|
-
/**
|
|
125
|
-
* If this is true then access levels are not enforced and all values are read/write. Datatypes are still
|
|
126
|
-
* enforced.
|
|
127
|
-
*
|
|
128
|
-
* Tracks "offline" rather than "online" because this makes the safer mode (full enforcement) the default.
|
|
129
|
-
*/
|
|
130
|
-
offline?: boolean;
|
|
131
148
|
}
|
|
149
|
+
/**
|
|
150
|
+
* A local actor session has no authenticated subject and access controls are bypassed.
|
|
151
|
+
*/
|
|
152
|
+
type LocalActorSession = {
|
|
153
|
+
fabric?: undefined;
|
|
154
|
+
subject?: undefined;
|
|
155
|
+
};
|
|
156
|
+
/**
|
|
157
|
+
* The accessing session.
|
|
158
|
+
*/
|
|
159
|
+
type Session = LocalActorSession | RemoteActorSession;
|
|
132
160
|
/**
|
|
133
161
|
* Authority status.
|
|
134
162
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessControl.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AccessControl.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"AccessControl.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AccessControl.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAU,WAAW,EAAE,aAAa,EAAc,MAAM,EAAc,MAAM,QAAQ,CAAC;AAC5F,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,EAAU,MAAM,QAAQ,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAIvC;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,SAAS,GAAG,aAAa,CAAC,OAAO,EACtE,OAAO,EAAE,CAAC,GACX,OAAO,IAAI,OAAO,CAAC,CAAC,EAAE,SAAS,GAAG;IAAE,OAAO,CAAC,EAAE,SAAS,CAAA;CAAE,CAAC,CAE5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,SAAS,GAAG,aAAa,CAAC,OAAO,EACzE,OAAO,EAAE,CAAC,GACX,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,EAAE,SAAS,GAAG;IAAE,OAAO,CAAC,EAAE,SAAS,CAAA;CAAE,CAAC,CAIpE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,CAAC,SAAS,SAAS,GAAG,aAAa,CAAC,OAAO,EACrE,OAAO,EAAE,CAAC,GACX,OAAO,IAAI,OAAO,CAAC,CAAC,EAAE;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAE7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC;IAE7B;;OAEG;IACH,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC;IAEvC;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC;IAEpC;;OAEG;IACH,cAAc,EAAE,aAAa,CAAC,SAAS,CAAC;IAExC;;OAEG;IACH,QAAQ,EAAE,aAAa,CAAC,YAAY,CAAC;IAErC;;OAEG;IACH,eAAe,EAAE,aAAa,CAAC,SAAS,CAAC;IAEzC;;OAEG;IACH,SAAS,EAAE,aAAa,CAAC,YAAY,CAAC;CACzC;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,iBAM3C;AAED,yBAAiB,aAAa,CAAC;IAC3B;;OAEG;IACH,UAAiB,MAAM;QACnB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;QAEhC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC;QAEjC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;QAC/B,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;QAElC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;KAC3B;IAED;;;;OAIG;IACH,KAAY,SAAS,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAAC;IAEnF;;;;OAIG;IACH,KAAY,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC;IAEzF;;OAEG;IACH,UAAiB,QAAQ;QACrB;;WAEG;QACH,IAAI,EAAE,aAAa,CAAC;QAEpB;;WAEG;QACH,QAAQ,CAAC,EAAE,cAAc,CAAC;QAE1B;;WAEG;QACH,OAAO,CAAC,EAAE,SAAS,CAAC;QAEpB;;;WAGG;QACH,YAAY,CAAC,EAAE,WAAW,CAAC;KAC9B;IAED;;OAEG;IACH,UAAiB,kBAAkB;QAC/B;;WAEG;QACH,WAAW,CAAC,kBAAkB,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;QAE7E;;;;WAIG;QACH,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;QAE7B;;;WAGG;QACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;QAE1B;;WAEG;QACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;QAElC;;WAEG;QACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;QAEzB;;;WAGG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC9B;IAED;;OAEG;IACH,KAAY,iBAAiB,GAAG;QAC5B,MAAM,CAAC,EAAE,SAAS,CAAC;QACnB,OAAO,CAAC,EAAE,SAAS,CAAC;KACvB,CAAC;IAEF;;OAEG;IACH,KAAY,OAAO,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;IAE7D;;OAEG;IACH,KAAY,SAAS;QACjB;;WAEG;QACH,OAAO,IAAI;QAEX;;WAEG;QACH,YAAY,IAAI;QAEhB;;WAEG;QACH,UAAU,IAAI;KACjB;CACJ"}
|
|
@@ -3,10 +3,22 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
+
import { ImplementationError } from "#general";
|
|
6
7
|
import { Access, AccessLevel, ElementTag, ValueModel } from "#model";
|
|
7
|
-
import {
|
|
8
|
+
import { Status } from "#types";
|
|
8
9
|
import { InvokeError, ReadError, SchemaImplementationError, WriteError } from "../errors.js";
|
|
9
10
|
const cache = /* @__PURE__ */ new WeakMap();
|
|
11
|
+
function hasRemoteActor(session) {
|
|
12
|
+
return session?.subject !== void 0;
|
|
13
|
+
}
|
|
14
|
+
function assertRemoteActor(session) {
|
|
15
|
+
if (!hasRemoteActor(session)) {
|
|
16
|
+
throw new ImplementationError("This operation requires an authenticated remote session");
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
function hasLocalActor(session) {
|
|
20
|
+
return session?.subject === void 0;
|
|
21
|
+
}
|
|
10
22
|
function AccessControl(schema) {
|
|
11
23
|
let enforcer = cache.get(schema);
|
|
12
24
|
if (enforcer === void 0) {
|
|
@@ -33,50 +45,50 @@ function enforcerFor(schema) {
|
|
|
33
45
|
function dataEnforcerFor(schema) {
|
|
34
46
|
const limits = limitsFor(schema);
|
|
35
47
|
let mayRead = (session, location) => {
|
|
36
|
-
if (session
|
|
48
|
+
if (hasLocalActor(session) || session.command) {
|
|
37
49
|
return true;
|
|
38
50
|
}
|
|
39
51
|
return session.authorityAt(limits.readLevel, location) === 1 /* Granted */;
|
|
40
52
|
};
|
|
41
53
|
let mayWrite = (session, location) => {
|
|
42
|
-
if (session
|
|
54
|
+
if (hasLocalActor(session) || session.command) {
|
|
43
55
|
return true;
|
|
44
56
|
}
|
|
45
57
|
return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
|
|
46
58
|
};
|
|
47
59
|
let authorizeRead = (session, location) => {
|
|
48
|
-
if (session
|
|
60
|
+
if (hasLocalActor(session) || session.command) {
|
|
49
61
|
return;
|
|
50
62
|
}
|
|
51
63
|
if (session.authorityAt(limits.readLevel, location) === 1 /* Granted */) {
|
|
52
64
|
return;
|
|
53
65
|
}
|
|
54
|
-
throw new ReadError(location, "Permission denied",
|
|
66
|
+
throw new ReadError(location, "Permission denied", Status.UnsupportedAccess);
|
|
55
67
|
};
|
|
56
68
|
let authorizeWrite = (session, location) => {
|
|
57
|
-
if (session
|
|
69
|
+
if (hasLocalActor(session) || session.command) {
|
|
58
70
|
return;
|
|
59
71
|
}
|
|
60
72
|
if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
|
|
61
73
|
return;
|
|
62
74
|
}
|
|
63
|
-
throw new WriteError(location, "Permission denied",
|
|
75
|
+
throw new WriteError(location, "Permission denied", Status.UnsupportedAccess);
|
|
64
76
|
};
|
|
65
77
|
if (limits.timed) {
|
|
66
78
|
const wrappedAuthorizeWrite = authorizeWrite;
|
|
67
79
|
const wrappedMayWrite = mayWrite;
|
|
68
80
|
authorizeWrite = (session, location) => {
|
|
69
|
-
if (
|
|
81
|
+
if (hasRemoteActor(session) && !session.timed) {
|
|
70
82
|
throw new WriteError(
|
|
71
83
|
location,
|
|
72
84
|
"Permission denied because interaction is not timed",
|
|
73
|
-
|
|
85
|
+
Status.NeedsTimedInteraction
|
|
74
86
|
);
|
|
75
87
|
}
|
|
76
88
|
wrappedAuthorizeWrite?.(session, location);
|
|
77
89
|
};
|
|
78
90
|
mayWrite = (session, location) => {
|
|
79
|
-
if (
|
|
91
|
+
if (hasRemoteActor(session) && !session.timed) {
|
|
80
92
|
return false;
|
|
81
93
|
}
|
|
82
94
|
return wrappedMayWrite(session, location);
|
|
@@ -88,32 +100,28 @@ function dataEnforcerFor(schema) {
|
|
|
88
100
|
const wrappedAuthorizeWrite = authorizeWrite;
|
|
89
101
|
const wrappedMayWrite = mayWrite;
|
|
90
102
|
authorizeRead = (session, location) => {
|
|
91
|
-
if (session
|
|
103
|
+
if (hasLocalActor(session) || session.command) {
|
|
92
104
|
return;
|
|
93
105
|
}
|
|
94
106
|
if (session.fabricFiltered) {
|
|
95
|
-
if (session.fabric
|
|
96
|
-
throw new ReadError(
|
|
97
|
-
location,
|
|
98
|
-
"Permission denied: No accessing fabric",
|
|
99
|
-
StatusCode.UnsupportedAccess
|
|
100
|
-
);
|
|
107
|
+
if (!session.fabric) {
|
|
108
|
+
throw new ReadError(location, "Permission denied: No accessing fabric", Status.UnsupportedAccess);
|
|
101
109
|
}
|
|
102
110
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
103
111
|
throw new ReadError(
|
|
104
112
|
location,
|
|
105
113
|
"Permission denied: Owning/accessing fabric mismatch",
|
|
106
|
-
|
|
114
|
+
Status.UnsupportedAccess
|
|
107
115
|
);
|
|
108
116
|
}
|
|
109
117
|
}
|
|
110
118
|
wrappedAuthorizeRead(session, location);
|
|
111
119
|
};
|
|
112
120
|
mayRead = (session, location) => {
|
|
113
|
-
if (session
|
|
121
|
+
if (hasLocalActor(session) || session.command) {
|
|
114
122
|
return true;
|
|
115
123
|
}
|
|
116
|
-
if (session.fabric
|
|
124
|
+
if (!session.fabric) {
|
|
117
125
|
return false;
|
|
118
126
|
}
|
|
119
127
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
@@ -122,11 +130,11 @@ function dataEnforcerFor(schema) {
|
|
|
122
130
|
return wrappedMayRead(session, location);
|
|
123
131
|
};
|
|
124
132
|
authorizeWrite = (session, location) => {
|
|
125
|
-
if (session
|
|
133
|
+
if (hasLocalActor(session) || session.command) {
|
|
126
134
|
return;
|
|
127
135
|
}
|
|
128
|
-
if (session.fabric
|
|
129
|
-
throw new WriteError(location, "Permission denied: No accessing fabric",
|
|
136
|
+
if (!session.fabric) {
|
|
137
|
+
throw new WriteError(location, "Permission denied: No accessing fabric", Status.UnsupportedAccess);
|
|
130
138
|
}
|
|
131
139
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
132
140
|
throw new WriteError(location, "Permission denied: Owning/accessing fabric mismatch");
|
|
@@ -134,10 +142,10 @@ function dataEnforcerFor(schema) {
|
|
|
134
142
|
wrappedAuthorizeWrite(session, location);
|
|
135
143
|
};
|
|
136
144
|
mayWrite = (session, location) => {
|
|
137
|
-
if (session
|
|
145
|
+
if (hasLocalActor(session) || session.command) {
|
|
138
146
|
return true;
|
|
139
147
|
}
|
|
140
|
-
if (session.fabric
|
|
148
|
+
if (!session.fabric) {
|
|
141
149
|
return false;
|
|
142
150
|
}
|
|
143
151
|
if (location?.owningFabric !== void 0 && location.owningFabric !== session.fabric) {
|
|
@@ -148,24 +156,24 @@ function dataEnforcerFor(schema) {
|
|
|
148
156
|
}
|
|
149
157
|
if (!limits.readable) {
|
|
150
158
|
authorizeRead = (session, location) => {
|
|
151
|
-
if (session
|
|
159
|
+
if (hasLocalActor(session) || session.command) {
|
|
152
160
|
return;
|
|
153
161
|
}
|
|
154
162
|
throw new ReadError(location, "Permission defined: Value is write-only");
|
|
155
163
|
};
|
|
156
164
|
mayRead = (session) => {
|
|
157
|
-
return
|
|
165
|
+
return hasLocalActor(session) || !!session.command;
|
|
158
166
|
};
|
|
159
167
|
}
|
|
160
168
|
if (!limits.writable) {
|
|
161
169
|
authorizeWrite = (session, location) => {
|
|
162
|
-
if (session
|
|
170
|
+
if (hasLocalActor(session) || session.command) {
|
|
163
171
|
return;
|
|
164
172
|
}
|
|
165
173
|
throw new WriteError(location, "Permission denied: Value is read-only");
|
|
166
174
|
};
|
|
167
175
|
mayWrite = (session) => {
|
|
168
|
-
return
|
|
176
|
+
return hasLocalActor(session) || !!session.command;
|
|
169
177
|
};
|
|
170
178
|
}
|
|
171
179
|
return Object.freeze({
|
|
@@ -201,7 +209,7 @@ function commandEnforcerFor(schema) {
|
|
|
201
209
|
return false;
|
|
202
210
|
},
|
|
203
211
|
authorizeInvoke(session, location) {
|
|
204
|
-
if (session
|
|
212
|
+
if (hasLocalActor(session)) {
|
|
205
213
|
return;
|
|
206
214
|
}
|
|
207
215
|
if (!session.command) {
|
|
@@ -211,19 +219,19 @@ function commandEnforcerFor(schema) {
|
|
|
211
219
|
throw new InvokeError(
|
|
212
220
|
location,
|
|
213
221
|
"Invoke attempt without required timed context",
|
|
214
|
-
|
|
222
|
+
Status.TimedRequestMismatch
|
|
215
223
|
);
|
|
216
224
|
}
|
|
217
|
-
if (fabric && session.fabric
|
|
218
|
-
throw new WriteError(location, "Permission denied: No accessing fabric",
|
|
225
|
+
if (fabric && !session.fabric) {
|
|
226
|
+
throw new WriteError(location, "Permission denied: No accessing fabric", Status.UnsupportedAccess);
|
|
219
227
|
}
|
|
220
228
|
if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
|
|
221
229
|
return;
|
|
222
230
|
}
|
|
223
|
-
throw new InvokeError(location, "Permission denied",
|
|
231
|
+
throw new InvokeError(location, "Permission denied", Status.UnsupportedAccess);
|
|
224
232
|
},
|
|
225
233
|
mayInvoke(session, location) {
|
|
226
|
-
if (session
|
|
234
|
+
if (hasLocalActor(session)) {
|
|
227
235
|
return true;
|
|
228
236
|
}
|
|
229
237
|
if (!session.command) {
|
|
@@ -232,7 +240,7 @@ function commandEnforcerFor(schema) {
|
|
|
232
240
|
if (timed && !session.timed) {
|
|
233
241
|
return false;
|
|
234
242
|
}
|
|
235
|
-
if (fabric && session.fabric
|
|
243
|
+
if (fabric && !session.fabric) {
|
|
236
244
|
return false;
|
|
237
245
|
}
|
|
238
246
|
return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
|
|
@@ -262,6 +270,9 @@ function limitsFor(schema) {
|
|
|
262
270
|
return limits;
|
|
263
271
|
}
|
|
264
272
|
export {
|
|
265
|
-
AccessControl
|
|
273
|
+
AccessControl,
|
|
274
|
+
assertRemoteActor,
|
|
275
|
+
hasLocalActor,
|
|
276
|
+
hasRemoteActor
|
|
266
277
|
};
|
|
267
278
|
//# sourceMappingURL=AccessControl.js.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AccessControl.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,QAAQ,aAA4B,YAAoB,kBAAkB;AACnF,SAAiD,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,2BAA2B;AACpC,SAAS,QAAQ,aAA4B,YAAoB,kBAAkB;AACnF,SAAiD,cAAc;AAC/D,SAAS,aAAa,WAAW,2BAA2B,kBAAkB;AAG9E,MAAM,QAAQ,oBAAI,QAA+B;AAK1C,SAAS,eACZ,SAC0D;AAC1D,SAAO,SAAS,YAAY;AAChC;AAKO,SAAS,kBACZ,SACkE;AAClE,MAAI,CAAC,eAAe,OAAO,GAAG;AAC1B,UAAM,IAAI,oBAAoB,yDAAyD;AAAA,EAC3F;AACJ;AAKO,SAAS,cACZ,SAC2C;AAC3C,SAAO,SAAS,YAAY;AAChC;AAkDO,SAAS,cAAc,QAAgB;AAC1C,MAAI,WAAW,MAAM,IAAI,MAAM;AAC/B,MAAI,aAAa,QAAW;AACxB,eAAW,YAAY,MAAM;AAAA,EACjC;AACA,SAAO;AACX;AAAA,CAEO,CAAUA,mBAAV;AAgHI,MAAK;AAAL,IAAKC,eAAL;AAIH,IAAAA,sBAAA,aAAU,KAAV;AAKA,IAAAA,sBAAA,kBAAe,KAAf;AAKA,IAAAA,sBAAA,gBAAa,KAAb;AAAA,KAdQ,YAAAD,eAAA,cAAAA,eAAA;AAAA,GAhHC;AAkIjB,OAAO,OAAO,aAAa;AAC3B,OAAO,OAAO,cAAc,SAAS;AAErC,SAAS,YAAY,QAA+B;AAChD,MAAI,OAAO,QAAQ,WAAW,SAAS;AACnC,WAAO,mBAAmB,MAAM;AAAA,EACpC;AACA,SAAO,gBAAgB,MAAM;AACjC;AAEA,SAAS,gBAAgB,QAA+B;AACpD,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI,UAAsC,CAAC,SAAS,aAAa;AAC7D,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM;AAAA,EAC/D;AAEA,MAAI,WAAuC,CAAC,SAAS,aAAa;AAC9D,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,EAChE;AAEA,MAAI,gBAAyC,CAAC,SAAS,aAAa;AAChE,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM,iBAAiC;AACrF;AAAA,IACJ;AAEA,UAAM,IAAI,UAAU,UAAU,qBAAqB,OAAO,iBAAiB;AAAA,EAC/E;AAEA,MAAI,iBAA0C,CAAC,SAAS,aAAa;AACjE,QAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,IACJ;AAEA,UAAM,IAAI,WAAW,UAAU,qBAAqB,OAAO,iBAAiB;AAAA,EAChF;AAEA,MAAI,OAAO,OAAO;AACd,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,eAAe,OAAO,KAAK,CAAC,QAAQ,OAAO;AAC3C,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,OAAO;AAAA,QACX;AAAA,MACJ;AACA,8BAAwB,SAAS,QAAQ;AAAA,IAC7C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,eAAe,OAAO,KAAK,CAAC,QAAQ,OAAO;AAC3C,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,OAAO,iBAAiB;AACxB,UAAM,uBAAuB;AAC7B,UAAM,iBAAiB;AACvB,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,UAAI,QAAQ,gBAAgB;AACxB,YAAI,CAAC,QAAQ,QAAQ;AACjB,gBAAM,IAAI,UAAU,UAAU,0CAA0C,OAAO,iBAAiB;AAAA,QACpG;AAEA,YAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,gBAAM,IAAI;AAAA,YACN;AAAA,YACA;AAAA,YACA,OAAO;AAAA,UACX;AAAA,QACJ;AAAA,MACJ;AAEA,2BAAqB,SAAS,QAAQ;AAAA,IAC1C;AAEA,cAAU,CAAC,SAAS,aAAa;AAC7B,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,eAAO;AAAA,MACX;AAEA,aAAO,eAAe,SAAS,QAAQ;AAAA,IAC3C;AAEA,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,cAAM,IAAI,WAAW,UAAU,0CAA0C,OAAO,iBAAiB;AAAA,MACrG;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,cAAM,IAAI,WAAW,UAAU,qDAAqD;AAAA,MACxF;AAEA,4BAAsB,SAAS,QAAQ;AAAA,IAC3C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,QAAQ;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,iBAAiB,UAAa,SAAS,iBAAiB,QAAQ,QAAQ;AAClF,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AAEA,YAAM,IAAI,UAAU,UAAU,yCAAyC;AAAA,IAC3E;AAEA,cAAU,aAAW;AACjB,aAAO,cAAc,OAAO,KAAK,CAAC,CAAC,QAAQ;AAAA,IAC/C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,cAAc,OAAO,KAAK,QAAQ,SAAS;AAC3C;AAAA,MACJ;AACA,YAAM,IAAI,WAAW,UAAU,uCAAuC;AAAA,IAC1E;AAEA,eAAW,aAAW;AAClB,aAAO,cAAc,OAAO,KAAK,CAAC,CAAC,QAAQ;AAAA,IAC/C;AAAA,EACJ;AAEA,SAAO,OAAO,OAAO;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA,gBAAgB,UAA6C,UAAkC;AAC3F,YAAM,IAAI,0BAA0B,UAAU,0DAA0D;AAAA,IAC5G;AAAA,IAEA,YAAY;AACR,aAAO;AAAA,IACX;AAAA,EACJ,CAAyB;AAC7B;AAEA,SAAS,mBAAmB,QAA+B;AACvD,QAAM,SAAS,UAAU,MAAM;AAC/B,QAAM,QAAQ,OAAO,gBAAgB;AACrC,QAAM,SAAS,OAAO,gBAAgB;AAEtC,SAAO;AAAA,IACH;AAAA,IAEA,cAAc,UAAU,UAAU;AAC9B,YAAM,IAAI,0BAA0B,UAAU,oDAAoD;AAAA,IACtG;AAAA,IAEA,UAAU;AACN,aAAO;AAAA,IACX;AAAA,IAEA,eAAe,UAAU,UAAU;AAC/B,YAAM,IAAI,0BAA0B,UAAU,qDAAqD;AAAA,IACvG;AAAA,IAEA,WAAW;AACP,aAAO;AAAA,IACX;AAAA,IAEA,gBAAgB,SAAS,UAAU;AAC/B,UAAI,cAAc,OAAO,GAAG;AACxB;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,cAAM,IAAI,YAAY,UAAU,wCAAwC;AAAA,MAC5E;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,OAAO;AAAA,QACX;AAAA,MACJ;AAEA,UAAI,UAAU,CAAC,QAAQ,QAAQ;AAC3B,cAAM,IAAI,WAAW,UAAU,0CAA0C,OAAO,iBAAiB;AAAA,MACrG;AAEA,UAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,MACJ;AAEA,YAAM,IAAI,YAAY,UAAU,qBAAqB,OAAO,iBAAiB;AAAA,IACjF;AAAA,IAEA,UAAU,SAAS,UAAU;AACzB,UAAI,cAAc,OAAO,GAAG;AACxB,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,eAAO;AAAA,MACX;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,CAAC,QAAQ,QAAQ;AAC3B,eAAO;AAAA,MACX;AAEA,aAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,IAChE;AAAA,EACJ;AACJ;AAEA,SAAS,UAAU,QAAgB;AAC/B,QAAM,SAAS,OAAO;AACtB,QAAM,UAAU,kBAAkB,aAAa,OAAO,mBAAmB;AAGzE,MAAI,QAAQ,SAAS;AACrB,WAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,aAAa,YAAY,IAAI,EAAE,QAAQ;AACzE,QAAI,EAAE,iBAAiB,OAAO;AAC1B,cAAQ;AAAA,IACZ;AAAA,EACJ;AAEA,QAAM,SAA+B,OAAO,OAAO;AAAA,IAC/C,UAAU,OAAO;AAAA,IACjB,UAAU,OAAO,YAAY,CAAC;AAAA,IAC9B,cAAc,OAAO,WAAW,OAAO,OAAO,UAAU,OAAO,WAAW,OAAO,OAAO;AAAA,IACxF,iBAAiB,OAAO,WAAW,OAAO,OAAO;AAAA,IACjD,OAAO,OAAO,UAAU;AAAA;AAAA;AAAA,IAIxB,WAAW,OAAO,aAAa,SAAY,YAAY,OAAO,OAAO,eAAe,OAAO,QAAQ;AAAA,IACnG,YAAY,OAAO,cAAc,SAAY,YAAY,UAAU,OAAO,eAAe,OAAO,SAAS;AAAA,EAC7G,CAAC;AAED,SAAO;AACX;",
|
|
5
5
|
"names": ["AccessControl", "Authority"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttributeReadResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeReadResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D,OAAO,EAAE,YAAY,EAA0C,MAAM,gCAAgC,CAAC;AAItG,OAAO,EACH,aAAa,EAKb,MAAM,EAIT,MAAM,QAAQ,CAAC;AAIhB,eAAO,MAAM,aAAa,mCAAoE,CAAC;AAE/F;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAIhD,OAAO,CAAC,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;IA2D7G,IAAI,MAAM;;;;MAMT;IAED;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa;IAmCzC;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB;
|
|
1
|
+
{"version":3,"file":"AttributeReadResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeReadResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D,OAAO,EAAE,YAAY,EAA0C,MAAM,gCAAgC,CAAC;AAItG,OAAO,EACH,aAAa,EAKb,MAAM,EAIT,MAAM,QAAQ,CAAC;AAIhB,eAAO,MAAM,aAAa,mCAAoE,CAAC;AAE/F;;;;GAIG;AACH,qBAAa,qBAAqB,CAC9B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAuBhB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAIhD,OAAO,CAAC,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;IA2D7G,IAAI,MAAM;;;;MAMT;IAED;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa;IAmCzC;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB;IAoH5D;;;;;;;;;OASG;IACH,SAAS,CAAE,uBAAuB,CAAC,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAa;IA2BlF;;;;;;OAMG;IACH,SAAS,CAAC,sBAAsB,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa;IAsC9E;;;;OAIG;IACH,SAAS,CAAC,wBAAwB,CAAC,SAAS,EAAE,qBAAqB,EAAE,IAAI,EAAE,aAAa;IA4DxF;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,qBAAqB,EAAE,MAAM,EAAE,MAAM;CA8B7E"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { AccessControl } from "#action/server/AccessControl.js";
|
|
6
|
+
import { AccessControl, hasLocalActor, hasRemoteActor } from "#action/server/AccessControl.js";
|
|
7
7
|
import { DataResponse, FallbackLimits, WildcardPathFlagsCodec } from "#action/server/DataResponse.js";
|
|
8
8
|
import { Diagnostic, InternalError, Logger } from "#general";
|
|
9
9
|
import { DataModelPath, ElementTag } from "#model";
|
|
@@ -38,7 +38,7 @@ class AttributeReadResponse extends DataResponse {
|
|
|
38
38
|
super(node, session);
|
|
39
39
|
}
|
|
40
40
|
*process({ dataVersionFilters, attributeRequests }) {
|
|
41
|
-
const nodeId = this.session
|
|
41
|
+
const nodeId = hasLocalActor(this.session) ? NodeId.UNSPECIFIED_NODE_ID : this.nodeId;
|
|
42
42
|
if (dataVersionFilters?.length) {
|
|
43
43
|
this.#versions = {};
|
|
44
44
|
for (const {
|
|
@@ -146,26 +146,28 @@ class AttributeReadResponse extends DataResponse {
|
|
|
146
146
|
} else {
|
|
147
147
|
limits = attribute.limits;
|
|
148
148
|
}
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
149
|
+
if (hasRemoteActor(this.session)) {
|
|
150
|
+
const location = {
|
|
151
|
+
...cluster?.location ?? {
|
|
152
|
+
path: DataModelPath.none,
|
|
153
|
+
endpoint: endpointId,
|
|
154
|
+
cluster: clusterId
|
|
155
|
+
},
|
|
156
|
+
owningFabric: this.session.fabric
|
|
157
|
+
};
|
|
158
|
+
const permission = this.session.authorityAt(limits.readLevel, location);
|
|
159
|
+
switch (permission) {
|
|
160
|
+
case AccessControl.Authority.Granted:
|
|
161
|
+
break;
|
|
162
|
+
case AccessControl.Authority.Unauthorized:
|
|
163
|
+
this.addStatus(path, Status.UnsupportedAccess);
|
|
164
|
+
return;
|
|
165
|
+
case AccessControl.Authority.Restricted:
|
|
166
|
+
this.addStatus(path, Status.AccessRestricted);
|
|
167
|
+
return;
|
|
168
|
+
default:
|
|
169
|
+
throw new InternalError(`Unsupported authorization state ${permission}`);
|
|
170
|
+
}
|
|
169
171
|
}
|
|
170
172
|
if (endpoint === void 0) {
|
|
171
173
|
this.addStatus(path, Status.UnsupportedEndpoint);
|
|
@@ -298,7 +300,7 @@ class AttributeReadResponse extends DataResponse {
|
|
|
298
300
|
if (attribute.wildcardPathFlags & this.#wildcardPathFlags) {
|
|
299
301
|
return;
|
|
300
302
|
}
|
|
301
|
-
if (!attribute.limits.readable || this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== AccessControl.Authority.Granted) {
|
|
303
|
+
if (!attribute.limits.readable || hasRemoteActor(this.session) && this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== AccessControl.Authority.Granted) {
|
|
302
304
|
return;
|
|
303
305
|
}
|
|
304
306
|
if (this.#currentState === void 0) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/action/server/AttributeReadResponse.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,SAAS,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,SAAS,eAAe,eAAe,sBAAsB;AAC7D,SAAS,cAAc,gBAAgB,8BAA8B;AAErE,SAAS,YAAY,eAAe,cAAc;AAClD,SAAyB,eAAe,kBAAkB;AAC1D;AAAA,EAII;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAEG;AAEP,MAAM,SAAS,OAAO,IAAI,uBAAuB;AAE1C,MAAM,gBAAgB,IAAI,IAAI,OAAO,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,IAAI,UAAQ,KAAK,EAAE,CAAC;AAOtF,MAAM,8BAEH,aAAuB;AAAA,EAC7B;AAAA;AAAA;AAAA,EAIA;AAAA;AAAA;AAAA,EAIA;AAAA;AAAA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB;AAAA;AAAA,EAGrB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,iBAAiB;AAAA,EAEjB,YAAY,MAAoB,SAAmB;AAC/C,UAAM,MAAM,OAAO;AAAA,EACvB;AAAA,EAEA,CAAC,QAAQ,EAAE,oBAAoB,kBAAkB,GAA6D;AAC1G,UAAM,SAAS,cAAc,KAAK,OAAO,IAAI,OAAO,sBAAsB,KAAK;AAG/E,QAAI,oBAAoB,QAAQ;AAC5B,WAAK,YAAY,CAAC;AAClB,iBAAW;AAAA,QACP,MAAM,EAAE,QAAQ,cAAc,YAAY,UAAU;AAAA,QACpD;AAAA,MACJ,KAAK,oBAAoB;AACrB,YAAI,iBAAiB,UAAa,iBAAiB,QAAQ;AACvD;AAAA,QACJ;AACA,YAAI,OAAO,eAAe,UAAU;AAEhC;AAAA,QACJ;AACA,SAAC,KAAK,UAAU,UAAU,MAAM,KAAK,UAAU,UAAU,IAAI,CAAC,IAAI,SAAS,IAAI;AAAA,MACnF;AAAA,IACJ;AAGA,eAAW,QAAQ,mBAAmB;AAClC,UAAI,KAAK,eAAe,UAAa,KAAK,cAAc,UAAa,KAAK,gBAAgB,QAAW;AACjG,aAAK,YAAY,IAAI;AAAA,MACzB,OAAO;AACH,aAAK,YAAY,IAAwC;AAAA,MAC7D;AAAA,IACJ;AAEA,QAAI,KAAK,gBAAgB;AACrB,iBAAW,YAAY,KAAK,gBAAgB;AACxC,eAAO,SAAS,MAAM,IAAI;AAAA,MAC9B;AAAA,IACJ;AAIA,QAAI,KAAK,WAAW,QAAW;AAC3B,YAAM,KAAK;AAAA,IACf;AAAA,EACJ;AAAA;AAAA,EAGA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,qBAAqB,QAAW;AACrC,YAAM,IAAI,cAAc,iDAAiD;AAAA,IAC7E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA,EAGA,IAAI,yBAA0C;AAC1C,QAAI,KAAK,oBAAoB,QAAW;AACpC,YAAM,IAAI,cAAc,gDAAgD;AAAA,IAC5E;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,SAAS;AACT,WAAO;AAAA,MACH,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,UAAU,KAAK,cAAc,KAAK;AAAA,IACtC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,YAAY,MAAqB;AACvC,UAAM,EAAE,QAAQ,YAAY,WAAW,aAAa,kBAAkB,IAAI;AAE1E,QAAI,cAAc,UAAa,gBAAgB,UAAa,CAAC,cAAc,IAAI,WAAW,GAAG;AACzF,YAAM,IAAI;AAAA,QACN,+DAA+D,WAAW;AAAA,QAC1E,OAAO;AAAA,MACX;AAAA,IACJ;AAEA,QAAI,WAAW,UAAa,WAAW,KAAK,QAAQ;AAChD;AAAA,IACJ;AAEA,UAAM,MAAM,oBAAoB,uBAAuB,OAAO,iBAAiB,IAAI;AAEnF,QAAI,eAAe,QAAW;AAC1B,WAAK,aAAa,aAAwC;AACtD,aAAK,qBAAqB;AAC1B,mBAAWA,aAAY,KAAK,MAAM;AAC9B,iBAAO,KAAK,wBAAwBA,WAAU,IAAI;AAAA,QACtD;AAAA,MACJ,CAAC;AACD;AAAA,IACJ;AAEA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,QAAI,UAAU;AACV,WAAK,aAAa,WAAuC;AACrD,aAAK,qBAAqB;AAC1B,eAAO,KAAK,wBAAwB,UAAU,IAAI;AAAA,MACtD,CAAC;AAAA,IACL;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,YAAY,MAAwC;AAC1D,UAAM,EAAE,QAAQ,YAAY,WAAW,YAAY,IAAI;AAEvD,QAAI,WAAW,UAAa,KAAK,WAAW,QAAQ;AAChD,WAAK,UAAU,MAAM,OAAO,eAAe;AAC3C;AAAA,IACJ;AAGA,UAAM,WAAW,KAAK,KAAK,UAAU;AACrC,UAAM,UAAU,WAAW,SAAS;AACpC,UAAM,YAAY,SAAS,KAAK,WAAW,WAAW;AACtD,QAAI;AACJ,QAAI,cAAc,QAAW;AAIzB,YAAM,YAAY,KAAK,KAAK,OACvB,OAAO,KAAK,WAAW,CAAC,WAAW,OAAO,CAAC,GAC1C,OAAO,KAAK,aAAa,CAAC,WAAW,SAAS,CAAC;AAErD,UAAI,WAAW;AAGX,iBAAS,cAAc,SAA2B,EAAE;AAAA,MACxD,OAAO;AAEH,iBAAS;AAAA,MACb;AAAA,IACJ,OAAO;AACH,eAAS,UAAU;AAAA,IACvB;AAEA,QAAI,eAAe,KAAK,OAAO,GAAG;AAG9B,YAAM,WAAmC;AAAA,QACrC,GAAI,SAAS,YAAY;AAAA,UACrB,MAAM,cAAc;AAAA,UACpB,UAAU;AAAA,UACV,SAAS;AAAA,QACb;AAAA,QACA,cAAc,KAAK,QAAQ;AAAA,MAC/B;AAEA,YAAM,aAAa,KAAK,QAAQ,YAAY,OAAO,WAAW,QAAQ;AAEtE,cAAQ,YAAY;AAAA,QAChB,KAAK,cAAc,UAAU;AACzB;AAAA,QAEJ,KAAK,cAAc,UAAU;AACzB,eAAK,UAAU,MAAM,OAAO,iBAAiB;AAC7C;AAAA,QAEJ,KAAK,cAAc,UAAU;AACzB,eAAK,UAAU,MAAM,OAAO,gBAAgB;AAC5C;AAAA,QAEJ;AACI,gBAAM,IAAI,cAAc,mCAAmC,UAAU,EAAE;AAAA,MAC/E;AAAA,IACJ;AAEA,QAAI,aAAa,QAAW;AACxB,WAAK,UAAU,MAAM,OAAO,mBAAmB;AAC/C;AAAA,IACJ;AACA,QAAI,YAAY,QAAW;AACvB,WAAK,UAAU,MAAM,OAAO,kBAAkB;AAC9C;AAAA,IACJ;AACA,QAAI,cAAc,UAAa,CAAC,QAAQ,KAAK,WAAW,UAAU,EAAE,GAAG;AACnE,WAAK,UAAU,MAAM,OAAO,oBAAoB;AAChD;AAAA,IACJ;AACA,QAAI,CAAC,OAAO,UAAU;AAClB,WAAK,UAAU,MAAM,OAAO,eAAe;AAC3C;AAAA,IACJ;AAGA,UAAM,cAAc,KAAK,YAAY,KAAK,UAAU,IAAI,KAAK,SAAS;AACtE,QAAI,gBAAgB,UAAa,gBAAgB,QAAQ,SAAS;AAC9D,WAAK;AACL;AAAA,IACJ;AAGA,SAAK,aAAa,aAAa;AAE3B,UAAI,KAAK,qBAAqB,UAAU;AACpC,YAAI,KAAK,QAAQ;AACb,gBAAM,KAAK;AACX,eAAK,SAAS;AAAA,QAClB;AACA,aAAK,mBAAmB;AACxB,aAAK,kBAAkB;AACvB,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD,WAAW,KAAK,oBAAoB,SAAS;AACzC,aAAK,kBAAkB;AACvB,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD,WAAW,KAAK,kBAAkB,QAAW;AACzC,aAAK,gBAAgB,QAAQ,UAAU,KAAK,OAAO;AAAA,MACvD;AAEA,YAAM,QAAQ,KAAK,cAAc,WAAW;AAC5C,YAAM,UAAU,QAAQ;AACxB,aAAO;AAAA,QACH,MAAM,qBAAqB,KAAK,KAAK,YAAY,IAAI,CAAC,IAAI,WAAW,KAAK,KAAK,CAAC,aAAa,OAAO;AAAA,MACxG;AAEA,WAAK,UAAU,MAAM,OAAO,SAAS,KAAK,gBAAgB,KAAK,WAAW,WAAW,EAAG,GAAG;AAAA,IAC/F,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,CAAW,wBAAwB,UAA4B,MAAqB;AAChF,QAAI,SAAS,oBAAoB,KAAK,oBAAoB;AACtD;AAAA,IACJ;AAEA,QAAI,KAAK,qBAAqB,UAAU;AACpC,UAAI,KAAK,QAAQ;AACb,cAAM,KAAK;AACX,aAAK,SAAS;AAAA,MAClB;AACA,WAAK,mBAAmB;AACxB,WAAK,kBAAkB;AAAA,IAC3B;AAEA,UAAM,EAAE,UAAU,IAAI;AACtB,QAAI,cAAc,QAAW;AACzB,iBAAW,WAAW,UAAU;AAC5B,aAAK,uBAAuB,SAAS,IAAI;AAAA,MAC7C;AAAA,IACJ,OAAO;AACH,YAAM,UAAU,SAAS,SAAS;AAClC,UAAI,YAAY,QAAW;AACvB,aAAK,uBAAuB,SAAS,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASU,uBAAuB,SAA0B,MAAqB;AAC5E,QAAI,QAAQ,KAAK,oBAAoB,KAAK,oBAAoB;AAC1D;AAAA,IACJ;AAEA,QAAI,KAAK,oBAAoB,SAAS;AAClC,WAAK,kBAAkB;AACvB,WAAK,gBAAgB;AAAA,IACzB;AAEA,UAAM,EAAE,YAAY,IAAI;AACxB,UAAM,cAAc,KAAK,YAAY,KAAK,wBAAwB,EAAE,IAAI,QAAQ,KAAK,EAAE;AACvF,UAAM,oBAAoB,gBAAgB,UAAa,gBAAgB,QAAQ;AAE/E,QAAI,gBAAgB,QAAW;AAC3B,UAAI,mBAAmB;AACnB,mBAAW,aAAa,QAAQ,KAAK,YAAY;AAC7C,cAAI,UAAU,OAAO,UAAU;AAC3B,iBAAK;AAAA,UACT;AAAA,QACJ;AACA;AAAA,MACJ;AACA,iBAAW,aAAa,QAAQ,KAAK,YAAY;AAC7C,aAAK,yBAAyB,WAAW,IAAI;AAAA,MACjD;AAAA,IACJ,OAAO;AACH,UAAI,mBAAmB;AACnB,aAAK;AACL;AAAA,MACJ;AACA,YAAM,YAAY,QAAQ,KAAK,WAAW,WAAW;AACrD,UAAI,cAAc,QAAW;AACzB,aAAK,yBAAyB,WAAW,IAAI;AAAA,MACjD;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOU,yBAAyB,WAAkC,MAAqB;AACtF,QAAI,CAAC,KAAK,uBAAuB,KAAK,WAAW,UAAU,EAAE,GAAG;AAC5D;AAAA,IACJ;AAEA,QAAI,UAAU,oBAAoB,KAAK,oBAAoB;AACvD;AAAA,IACJ;AAEA,QACI,CAAC,UAAU,OAAO,YACjB,eAAe,KAAK,OAAO,KACxB,KAAK,QAAQ,YAAY,UAAU,OAAO,WAAW,KAAK,uBAAuB,QAAQ,MACrF,cAAc,UAAU,SAClC;AACE;AAAA,IACJ;AAEA,QAAI,KAAK,kBAAkB,QAAW;AAClC,WAAK,gBAAgB,KAAK,uBAAuB,UAAU,KAAK,OAAO;AAAA,IAC3E;AACA,UAAM,QAAQ,KAAK,cAAc,UAAU,EAAE;AAC7C,QAAI,UAAU,QAAW;AAErB,aAAO,KAAK,aAAa,KAAK,KAAK,YAAY,IAAI,CAAC,wCAAwC;AAC5F;AAAA,IACJ;AAEA,SAAK;AAAA,MACD;AAAA,QACI,GAAG;AAAA,QACH,YAAY,KAAK,wBAAwB;AAAA,QACzC,WAAW,KAAK,uBAAuB,KAAK;AAAA,QAC5C,aAAa,UAAU;AAAA,MAC3B;AAAA,MACA,KAAK,cAAc,UAAU,EAAE;AAAA,MAC/B,KAAK,uBAAuB;AAAA,MAC5B,UAAU;AAAA,IACd;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,UAAuE;AAChF,QAAI,KAAK,gBAAgB;AACrB,WAAK,eAAe,KAAK,QAAQ;AAAA,IACrC,OAAO;AACH,WAAK,iBAAiB,CAAC,QAAQ;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,eAAe,QAA2B;AACtC,QAAI,KAAK,QAAQ;AACb,WAAK,OAAO,KAAK,MAAM;AAAA,IAC3B,OAAO;AACH,WAAK,SAAS,CAAC,MAAM;AAAA,IACzB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKU,UAAU,MAAwC,QAAgB;AACxE,WAAO;AAAA,MACH,MAAM,2BAA2B,KAAK,KAAK,YAAY,IAAI,CAAC,YAAY,WAAW,MAAM,CAAC,IAAI,MAAM;AAAA,IACxG;AAEA,UAAM,SAAqC;AAAA,MACvC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACJ;AAEA,SAAK,eAAe,MAAM;AAC1B,SAAK;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,MAAwC,OAAgB,SAAiB,KAAyB;AACxG,UAAM,SAAoC;AAAA,MACtC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAEA,SAAK,eAAe,MAAM;AAC1B,SAAK;AAAA,EACT;AACJ;",
|
|
5
5
|
"names": ["endpoint"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttributeWriteResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeWriteResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAqC,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EASH,SAAS,EACZ,MAAM,QAAQ,CAAC;AAKhB;;;;GAIG;AACH,qBAAa,sBAAsB,CAC/B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAahB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK3C,OAAO,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;IA0CtF,IAAI,MAAM;;;;MAMT;
|
|
1
|
+
{"version":3,"file":"AttributeWriteResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeWriteResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAqC,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAkB,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EASH,SAAS,EACZ,MAAM,QAAQ,CAAC;AAKhB;;;;GAIG;AACH,qBAAa,sBAAsB,CAC/B,QAAQ,SAAS,kBAAkB,GAAG,kBAAkB,CAC1D,SAAQ,YAAY,CAAC,QAAQ,CAAC;;gBAahB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ;IAK3C,OAAO,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;IA0CtF,IAAI,MAAM;;;;MAMT;cAsRe,UAAU,CACtB,SAAS,EAAE,qBAAqB,EAChC,IAAI,EAAE,WAAW,CAAC,qBAAqB,EACvC,KAAK,EAAE,SAAS;CAqEvB"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { AccessControl } from "#action/server/AccessControl.js";
|
|
6
|
+
import { AccessControl, hasRemoteActor } from "#action/server/AccessControl.js";
|
|
7
7
|
import { DataResponse, FallbackLimits } from "#action/server/DataResponse.js";
|
|
8
8
|
import { Diagnostic, InternalError, Logger } from "#general";
|
|
9
9
|
import { DataModelPath, ElementTag, FabricIndex as FabricIndexField } from "#model";
|
|
@@ -141,24 +141,26 @@ class AttributeWriteResponse extends DataResponse {
|
|
|
141
141
|
} else {
|
|
142
142
|
limits = attribute.limits;
|
|
143
143
|
}
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
144
|
+
if (hasRemoteActor(this.session)) {
|
|
145
|
+
const location = {
|
|
146
|
+
...cluster?.location ?? {
|
|
147
|
+
path: DataModelPath.none,
|
|
148
|
+
endpoint: endpointId,
|
|
149
|
+
cluster: clusterId
|
|
150
|
+
},
|
|
151
|
+
owningFabric: this.session.fabric
|
|
152
|
+
};
|
|
153
|
+
const permission = this.session.authorityAt(limits.writeLevel, location);
|
|
154
|
+
switch (permission) {
|
|
155
|
+
case AccessControl.Authority.Granted:
|
|
156
|
+
break;
|
|
157
|
+
case AccessControl.Authority.Unauthorized:
|
|
158
|
+
return this.#asStatus(path, Status.UnsupportedAccess);
|
|
159
|
+
case AccessControl.Authority.Restricted:
|
|
160
|
+
return this.#asStatus(path, Status.AccessRestricted);
|
|
161
|
+
default:
|
|
162
|
+
throw new InternalError(`Unsupported authorization state ${permission}`);
|
|
163
|
+
}
|
|
162
164
|
}
|
|
163
165
|
if (endpoint === void 0) {
|
|
164
166
|
return this.#asStatus(path, Status.UnsupportedEndpoint);
|
|
@@ -173,13 +175,15 @@ class AttributeWriteResponse extends DataResponse {
|
|
|
173
175
|
this.#errorCount++;
|
|
174
176
|
return this.#asStatus(path, Status.UnsupportedWrite);
|
|
175
177
|
}
|
|
176
|
-
if (
|
|
177
|
-
this
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
this
|
|
182
|
-
|
|
178
|
+
if (hasRemoteActor(this.session)) {
|
|
179
|
+
if (limits.timed && !this.session.timed) {
|
|
180
|
+
this.#errorCount++;
|
|
181
|
+
return this.#asStatus(path, Status.NeedsTimedInteraction);
|
|
182
|
+
}
|
|
183
|
+
if (limits.fabricScoped && !this.session.fabric) {
|
|
184
|
+
this.#errorCount++;
|
|
185
|
+
return this.#asStatus(path, Status.UnsupportedAccess);
|
|
186
|
+
}
|
|
183
187
|
}
|
|
184
188
|
if (version !== void 0 && version !== cluster.version) {
|
|
185
189
|
this.#errorCount++;
|
|
@@ -248,9 +252,17 @@ class AttributeWriteResponse extends DataResponse {
|
|
|
248
252
|
if (!this.#guardedCurrentCluster.type.attributes[attribute.id]) {
|
|
249
253
|
return;
|
|
250
254
|
}
|
|
251
|
-
if (!attribute.limits.writable
|
|
255
|
+
if (!attribute.limits.writable) {
|
|
252
256
|
return;
|
|
253
257
|
}
|
|
258
|
+
if (hasRemoteActor(this.session)) {
|
|
259
|
+
if (this.session.authorityAt(attribute.limits.readLevel, this.#guardedCurrentCluster.location) !== AccessControl.Authority.Granted) {
|
|
260
|
+
return;
|
|
261
|
+
}
|
|
262
|
+
if (attribute.limits.timed && !this.session.timed) {
|
|
263
|
+
return;
|
|
264
|
+
}
|
|
265
|
+
}
|
|
254
266
|
return this.writeValue(
|
|
255
267
|
attribute,
|
|
256
268
|
{
|