Change default settings to allow Ownership Transfer

[platform/upstream/iotivity.git] / resource / csdk / security / src / policyengine.c

diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c
index 5aea971..779688c 100644 (file)
--- a/resource/csdk/security/src/policyengine.c
+++ b/resource/csdk/security/src/policyengine.c
@@ -47,10 +47,15 @@ uint16_t GetPermissionFromCAMethod_t(const CAMethod_t method)
         case CA_GET:
             perm = (uint16_t)PERMISSION_READ;
             break;
-        case CA_POST: // For now we treat all PUT & POST as Write
-        case CA_PUT:  // because we don't know if resource exists yet.
+        case CA_POST: // Treat all POST as Write (Update) because
+                      // we don't know if resource exists yet.
+                      // This will be addressed in IoTivity impl of OCF 1.0
             perm = (uint16_t)PERMISSION_WRITE;
             break;
+        case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
+                     // never for Update.
+            perm = (uint16_t)PERMISSION_CREATE;
+            break;
         case CA_DELETE:
             perm = (uint16_t)PERMISSION_DELETE;
             break;
@@ -147,7 +152,7 @@ static bool IsRequestFromDevOwner(PEContext_t *context)
 }
 
 
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
 /**
  * Compare the request's subject to SubOwner.
  *
@@ -232,7 +237,7 @@ static bool IsValidRequestFromSubOwner(PEContext_t *context)
 
     return isValidRequest;
 }
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
 
 
 // TODO - remove these function placeholders as they are implemented
@@ -480,12 +485,13 @@ static bool IsAccessWithinValidTime(const OicSecAce_t *ace)
  */
 static void ProcessAccessRequest(PEContext_t *context)
 {
-    OIC_LOG(DEBUG, TAG, "Entering ProcessAccessRequest()");
     if (NULL != context)
     {
         const OicSecAce_t *currentAce = NULL;
         OicSecAce_t *savePtr = NULL;
 
+        OIC_LOG_V(DEBUG, TAG, "Entering ProcessAccessRequest(%s)", context->resource);
+
         // Start out assuming subject not found.
         context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND;
 
@@ -582,7 +588,13 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
         {
             context->retVal = ACCESS_GRANTED;
         }
-#ifdef _ENABLE_MULTIPLE_OWNER_
+        // If not granted via DevOwner status and not a subowner,
+        // then check if request is for a SVR and coming from rowner
+        else if (IsRequestFromResourceOwner(context))
+        {
+            context->retVal = ACCESS_GRANTED;
+        }
+#ifdef MULTIPLE_OWNER
         //Then check if request from SubOwner
         else if(IsRequestFromSubOwner(context))
         {
@@ -591,13 +603,7 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
                 context->retVal = ACCESS_GRANTED;
             }
         }
-#endif //_ENABLE_MULTIPLE_OWNER_
-        // If not granted via DevOwner status and not a subowner,
-        // then check if request is for a SVR and coming from rowner
-        else if (IsRequestFromResourceOwner(context))
-        {
-            context->retVal = ACCESS_GRANTED;
-        }
+#endif //MULTIPLE_OWNER
         // Else request is a "normal" request that must be tested against ACL
         else
         {