case CA_GET:
perm = (uint16_t)PERMISSION_READ;
break;
- case CA_POST: // For now we treat all PUT & POST as Write
- case CA_PUT: // because we don't know if resource exists yet.
+ case CA_POST: // Treat all POST as Write (Update) because
+ // we don't know if resource exists yet.
+ // This will be addressed in IoTivity impl of OCF 1.0
perm = (uint16_t)PERMISSION_WRITE;
break;
+ case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
+ // never for Update.
+ perm = (uint16_t)PERMISSION_CREATE;
+ break;
case CA_DELETE:
perm = (uint16_t)PERMISSION_DELETE;
break;
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
/**
* Compare the request's subject to SubOwner.
*
}
break;
case OIC_R_PSTAT_TYPE:
- //SubOwner has full permsion for PSTAT
- isValidRequest = true;
+ //SubOwner has full permsion for PSTAT except RESET
+ isValidRequest = IsValidPstatAccessForSubOwner(context->payload, context->payloadSize);
break;
case OIC_R_CRED_TYPE:
//SubOwner can only access the credential which is registered as the eowner.
return isValidRequest;
}
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
// TODO - remove these function placeholders as they are implemented
return OC_STACK_ERROR;
}
-OCStackResult GetSvcRownerId(OicUuid_t *rowner)
-{
- OC_UNUSED(rowner);
- rowner = NULL;
- return OC_STACK_ERROR;
-}
-
static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = {
GetAclRownerId,
GetAmaclRownerId,
GetPconfRownerId,
GetPstatRownerId,
GetSaclRownerId,
- GetSvcRownerId
};
/**
// Start out assuming subject not found.
context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND;
+ char *strUuid = NULL;
+ if (OC_STACK_OK == ConvertUuidToStr(&context->subject, &strUuid))
+ {
+ OIC_LOG_V(DEBUG, TAG, "%s: subject : %s" ,__func__, strUuid);
+ OICFree(strUuid);
+ }
+ else
+ {
+ OIC_LOG(ERROR, TAG, "Can't convert subject uuid to string");
+ }
+
// Loop through all ACLs with a matching Subject searching for the right
// ACL for this request.
do
{
context->retVal = ACCESS_GRANTED;
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+ // If not granted via DevOwner status and not a subowner,
+ // then check if request is for a SVR and coming from rowner
+ else if (IsRequestFromResourceOwner(context))
+ {
+ context->retVal = ACCESS_GRANTED;
+ }
+#ifdef MULTIPLE_OWNER
//Then check if request from SubOwner
else if(IsRequestFromSubOwner(context))
{
context->retVal = ACCESS_GRANTED;
}
}
-#endif //_ENABLE_MULTIPLE_OWNER_
- // If not granted via DevOwner status and not a subowner,
- // then check if request is for a SVR and coming from rowner
- else if (IsRequestFromResourceOwner(context))
- {
- context->retVal = ACCESS_GRANTED;
- }
+#endif //MULTIPLE_OWNER
// Else request is a "normal" request that must be tested against ACL
else
{
projects / platform / upstream / iotivity.git / blobdiff