From b86d77bf8d5b675252ad1018e9c90130572822d1 Mon Sep 17 00:00:00 2001 From: Marc Lepage <67919234+mlepage-google@users.noreply.github.com> Date: Mon, 22 Nov 2021 16:07:42 -0500 Subject: [PATCH] Add transitional support to access control (#12110) During development, let access control delegates declare they are transitional, so access is allowed. This is the default for now, but won't be once the rest of the system is in place. In particular, unit tests are not transitional and do test functional access control (allow and deny). --- src/access/AccessControl.cpp | 3 +++ src/access/AccessControl.h | 3 +++ src/access/examples/ExampleAccessControlDelegate.cpp | 2 ++ 3 files changed, 8 insertions(+) diff --git a/src/access/AccessControl.cpp b/src/access/AccessControl.cpp index 9b3278d5b1a2cd..6c98504cb59eee 100644 --- a/src/access/AccessControl.cpp +++ b/src/access/AccessControl.cpp @@ -83,6 +83,9 @@ CHIP_ERROR AccessControl::Finish() CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, const RequestPath & requestPath, Privilege requestPrivilege) { + // During development, allow access if delegate is transitional + ReturnErrorCodeIf(mDelegate.IsTransitional(), CHIP_NO_ERROR); + EntryIterator iterator; ReturnErrorOnFailure(Entries(iterator, &subjectDescriptor.fabricIndex)); diff --git a/src/access/AccessControl.h b/src/access/AccessControl.h index c11bb44c2d09ca..d99dc6d512534e 100644 --- a/src/access/AccessControl.h +++ b/src/access/AccessControl.h @@ -319,6 +319,9 @@ class AccessControl return CHIP_ERROR_NOT_IMPLEMENTED; } + // Transitional (during development, will be removed later) + virtual bool IsTransitional() const { return true; } + // Listening virtual void SetListener(Listener & listener) { mListener = &listener; } virtual void ClearListener() { mListener = nullptr; } diff --git a/src/access/examples/ExampleAccessControlDelegate.cpp b/src/access/examples/ExampleAccessControlDelegate.cpp index 72d1518febc485..f5fe6bcc02f975 100644 --- a/src/access/examples/ExampleAccessControlDelegate.cpp +++ b/src/access/examples/ExampleAccessControlDelegate.cpp @@ -1081,6 +1081,8 @@ class AccessControlDelegate : public AccessControl::Delegate return CHIP_ERROR_BUFFER_TOO_SMALL; } + bool IsTransitional() const override { return false; } + private: CHIP_ERROR LoadFromFlash() { return CHIP_NO_ERROR; }