Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement remaining access control for IM read #10239

Closed
mlepage-google opened this issue Oct 5, 2021 · 1 comment
Closed

Implement remaining access control for IM read #10239

mlepage-google opened this issue Oct 5, 2021 · 1 comment
Labels
acl Access Control feature V1.0

Comments

@mlepage-google
Copy link
Contributor

mlepage-google commented Oct 5, 2021

  • initial prototype adds access control for IM read in a basic way (Initial ACL prototype implementation #10236)
  • this task is for fleshing it out fully
  • events (like attributes)
  • wildcard reads need to be implemented (dependency in IM)
  • access denials for wildcard paths need to be handled differently (discard vs. error)
  • note fabric filtering is covered in another task
  • individual list item index reading is not going to be supported in 1.0, so no need for now
@mlepage-google mlepage-google added the acl Access Control feature label Oct 5, 2021
mlepage-google added a commit to mlepage-google/connectedhomeip that referenced this issue Jan 11, 2022
PR project-chip#12660 seems to have refactored ReadSingleClusterData in such a way
that the access control check may be skipped. (Possibly due to merge?)

Fix this by refactoring the function to a sensible flow of checks.

Progress towards project-chip#10239
bzbarsky-apple added a commit that referenced this issue Jan 12, 2022
* Fix and refactor ReadSingleClusterData

PR #12660 seems to have refactored ReadSingleClusterData in such a way
that the access control check may be skipped. (Possibly due to merge?)

Fix this by refactoring the function to a sensible flow of checks.

Progress towards #10239

* Apply review comment.

Co-authored-by: Boris Zbarsky <[email protected]>
@mlepage-google
Copy link
Contributor Author

Everything in the list is done now except for read events, which will be tracked in a separate issue.

selissia pushed a commit to selissia/connectedhomeip that referenced this issue Jan 28, 2022
* Fix and refactor ReadSingleClusterData

PR project-chip#12660 seems to have refactored ReadSingleClusterData in such a way
that the access control check may be skipped. (Possibly due to merge?)

Fix this by refactoring the function to a sensible flow of checks.

Progress towards project-chip#10239

* Apply review comment.

Co-authored-by: Boris Zbarsky <[email protected]>
step0035 pushed a commit to hank820/connectedhomeip that referenced this issue Feb 8, 2022
* Fix and refactor ReadSingleClusterData

PR project-chip#12660 seems to have refactored ReadSingleClusterData in such a way
that the access control check may be skipped. (Possibly due to merge?)

Fix this by refactoring the function to a sensible flow of checks.

Progress towards project-chip#10239

* Apply review comment.

Co-authored-by: Boris Zbarsky <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
acl Access Control feature V1.0
Projects
None yet
Development

No branches or pull requests

2 participants