#include "amaclresource.h"
#include "credresource.h"
-#define TAG "SRM-PE"
+#define TAG "OIC_SRM_PE"
uint16_t GetPermissionFromCAMethod_t(const CAMethod_t method)
{
case CA_GET:
perm = (uint16_t)PERMISSION_READ;
break;
- case CA_POST: // For now we treat all PUT & POST as Write
- case CA_PUT: // because we don't know if resource exists yet.
+ case CA_POST: // Treat all POST as Write (Update) because
+ // we don't know if resource exists yet.
+ // This will be addressed in IoTivity impl of OCF 1.0
perm = (uint16_t)PERMISSION_WRITE;
break;
+ case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
+ // never for Update.
+ perm = (uint16_t)PERMISSION_CREATE;
+ break;
case CA_DELETE:
perm = (uint16_t)PERMISSION_DELETE;
break;
memset(&context->subject, 0, sizeof(context->subject));
memset(&context->resource, 0, sizeof(context->resource));
context->permission = 0x0;
- context->matchingAclFound = false;
context->amsProcessing = false;
context->retVal = ACCESS_DENIED_POLICY_ENGINE_ERROR;
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
/**
* Compare the request's subject to SubOwner.
*
return isValidRequest;
}
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
// TODO - remove these function placeholders as they are implemented
*/
static void ProcessAccessRequest(PEContext_t *context)
{
- OIC_LOG(DEBUG, TAG, "Entering ProcessAccessRequest()");
if (NULL != context)
{
const OicSecAce_t *currentAce = NULL;
OicSecAce_t *savePtr = NULL;
+ OIC_LOG_V(DEBUG, TAG, "Entering ProcessAccessRequest(%s)", context->resource);
+
// Start out assuming subject not found.
context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND;
if (IsResourceInAce(context->resource, currentAce))
{
OIC_LOG_V(INFO, TAG, "%s:found matching resource in ACE" ,__func__);
- context->matchingAclFound = true;
// Found the resource, so it's down to valid period & permission.
context->retVal = ACCESS_DENIED_INVALID_PERIOD;
{
OIC_LOG_V(INFO, TAG, "%s:no ACL found matching subject for resource %s",__func__, context->resource);
}
- } while ((NULL != currentAce) && (false == context->matchingAclFound));
+ } while ((NULL != currentAce) && (ACCESS_GRANTED != context->retVal));
if (IsAccessGranted(context->retVal))
{
{
context->retVal = ACCESS_GRANTED;
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+ // If not granted via DevOwner status and not a subowner,
+ // then check if request is for a SVR and coming from rowner
+ else if (IsRequestFromResourceOwner(context))
+ {
+ context->retVal = ACCESS_GRANTED;
+ }
+#ifdef MULTIPLE_OWNER
//Then check if request from SubOwner
else if(IsRequestFromSubOwner(context))
{
context->retVal = ACCESS_GRANTED;
}
}
-#endif //_ENABLE_MULTIPLE_OWNER_
- // If not granted via DevOwner status and not a subowner,
- // then check if request is for a SVR and coming from rowner
- else if (IsRequestFromResourceOwner(context))
- {
- context->retVal = ACCESS_GRANTED;
- }
+#endif //MULTIPLE_OWNER
// Else request is a "normal" request that must be tested against ACL
else
{
ProcessAccessRequest(context);
- // If matching ACL not found, and subject != wildcard, try wildcard.
- if ((false == context->matchingAclFound) && \
+ // If access not already granted, and requested subject != wildcard,
+ // try looking for a wildcard ACE that grants access.
+ if ((ACCESS_GRANTED != context->retVal) && \
(false == IsWildCardSubject(&context->subject)))
{
//Saving subject for Amacl check