3 * Copyright (c) 2021 Project CHIP Authors
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 #include <app/util/basic-types.h>
21 #include <transport/AdminPairingTable.h>
27 * @brief Defines a class that encapsulates ACL target information (cluster and endpoint ID).
28 * The class can be extended to add other parameters to the ACL target.
30 class DLL_EXPORT ACLTarget
33 ACLTarget(ClusterId clusterId, EndpointId endpoint) : mClusterId(clusterId), mEndpoint(endpoint) {}
34 virtual ~ACLTarget() {}
36 ClusterId GetClusterId() { return mClusterId; }
37 EndpointId GetEndpointId() { return mEndpoint; }
45 * @brief Defines a class that encapsulates ACL subject information (e.g. NodeId for CASE session).
46 * The class can be extended to add parameters to the ACL Subject.
48 class DLL_EXPORT ACLSubject
51 virtual ~ACLSubject() {}
57 * @brief Defines the common interface for PASE/CASE/GroupID based ACL permissions check.
59 class DLL_EXPORT ExchangeACL
62 enum class PermissionLevel
71 virtual ~ExchangeACL() {}
75 * Check access permissions for the message received from subject (sender) that
76 * are trying to access the target (e.g. cluster and endpoint).
78 * @param subject The subject of the access check (e.g. source node ID)
79 * @param target The target of the message (i.e. cluster and endpoint)
81 * @return Permissions granted by the configured ACLs
83 virtual PermissionLevel GetPermissionLevel(const ACLSubject & subject, const ACLTarget & target) = 0;
86 class DLL_EXPORT CASEACLSubject
89 CASEACLSubject(NodeId id) : mNodeId(id) {}
90 virtual ~CASEACLSubject() {}
92 NodeId GetNodeId() { return mNodeId; }
99 * @brief Specialized class that can perform ACL permissions check on messages that are
100 * exchanged on a CASE session.
102 class DLL_EXPORT CASEExchangeACL : public ExchangeACL
105 CASEExchangeACL(Transport::AdminPairingInfo * info) : mAdminInfo(info) {}
106 virtual ~CASEExchangeACL() {}
108 PermissionLevel GetPermissionLevel(const ACLSubject & subject, const ACLTarget & target) override
110 // TODO: Lookup the ACL corresponding to the subject, and the target,
113 ReturnErrorCodeIf(mAdminInfo == nullptr, PermissionLevel::kNone);
115 return PermissionLevel::kOperate;
119 Transport::AdminPairingInfo * mAdminInfo;
122 } // namespace Messaging