https://telecominfraproject.atlassian.net/browse/WIFI-10877

Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
2026-01-27 10:23:15 +00:00 · 2022-11-29 21:37:04 -08:00
parent 6a1fa01235
commit 6527b45f2f
4 changed files with 195 additions and 45 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-33
+36
--- a/src/ACLProcessor.h
+++ b/src/ACLProcessor.h
@@ -32,53 +32,102 @@ namespace OpenWifi {
 */
        static inline bool Can( const SecurityObjects::UserInfo & User, const SecurityObjects::UserInfo & Target, ACL_OPS Op) {

-            // rule 0
-            if(User.id == Target.id && User.userRole == SecurityObjects::SUBSCRIBER && Op == DELETE)
-                return true;
+            switch(Op) {
+                case DELETE: {
+                    //  can a user delete themselves - yes - only if not root. We do not want a system to end up rootless
+                    if(User.id==Target.id) {
+                        return User.userRole != SecurityObjects::ROOT;
+                    }
+                    //  Root can delete anyone
+                    switch (User.userRole) {
+                        case SecurityObjects::ROOT:
+                            return true;
+                        case SecurityObjects::ADMIN:
+                            return Target.userRole!=SecurityObjects::ROOT && Target.userRole!=SecurityObjects::PARTNER;
+                        case SecurityObjects::SUBSCRIBER:
+                            return User.id==Target.id;
+                        case SecurityObjects::CSR:
+                            return false;
+                        case SecurityObjects::SYSTEM:
+                            return Target.userRole!=SecurityObjects::ROOT && Target.userRole!=SecurityObjects::PARTNER;
+                        case SecurityObjects::INSTALLER:
+                            return User.id==Target.id;
+                        case SecurityObjects::NOC:
+                            return Target.userRole==SecurityObjects::NOC;
+                        case SecurityObjects::ACCOUNTING:
+                            return Target.userRole==SecurityObjects::ACCOUNTING;
+                        case SecurityObjects::PARTNER:
+                            return Target.userRole!=SecurityObjects::ROOT;
+                        default:
+                            return false;
+                    }
+                }
+                break;

-            //  rule 1
-            if(User.id == Target.id && Op==DELETE)
-                return false;
+                case READ: {
+                    return  User.userRole == SecurityObjects::ROOT ||
+                            User.userRole == SecurityObjects::ADMIN ||
+                            User.userRole == SecurityObjects::PARTNER;
+                }
+                break;

-            //  rule 2
-            if(User.userRole==SecurityObjects::ROOT)
-                return true;
+                case CREATE: {
+                    switch(User.userRole) {
+                        case SecurityObjects::ROOT:
+                            return true;
+                        case SecurityObjects::ADMIN:
+                            return  Target.userRole!=SecurityObjects::ROOT &&
+                                    Target.userRole!=SecurityObjects::PARTNER;
+                        case SecurityObjects::SUBSCRIBER:
+                            return false;
+                        case SecurityObjects::CSR:
+                            return Target.userRole==SecurityObjects::CSR;
+                        case SecurityObjects::SYSTEM:
+                            return Target.userRole!=SecurityObjects::ROOT && Target.userRole!=SecurityObjects::PARTNER;
+                        case SecurityObjects::INSTALLER:
+                            return Target.userRole==SecurityObjects::INSTALLER;
+                        case SecurityObjects::NOC:
+                            return Target.userRole==SecurityObjects::NOC;
+                        case SecurityObjects::ACCOUNTING:
+                            return Target.userRole==SecurityObjects::ACCOUNTING;
+                        case SecurityObjects::PARTNER:
+                            return Target.userRole!=SecurityObjects::ROOT;
+                        default:
+                            return false;
+                    }
+                }
+                break;

-            //  rule 3
-            if(User.id == Target.id)
-                return true;
-
-            //  rule 4
-            if(Target.userRole==SecurityObjects::ROOT && Op!=READ)
-                return false;
-
-            if(Op==CREATE) {
-                if(User.userRole==SecurityObjects::ROOT)
-                    return true;
-                if(User.userRole==SecurityObjects::PARTNER && (Target.userRole==SecurityObjects::ADMIN ||
-                    Target.userRole==SecurityObjects::SUBSCRIBER ||
-                    Target.userRole==SecurityObjects::CSR ||
-                    Target.userRole==SecurityObjects::INSTALLER ||
-                    Target.userRole==SecurityObjects::NOC ||
-                    Target.userRole==SecurityObjects::ACCOUNTING))
-                    return true;
-                if(User.userRole==SecurityObjects::ADMIN &&
-                    (Target.userRole==SecurityObjects::ADMIN ||
-                    Target.userRole==SecurityObjects::SUBSCRIBER ||
-                    Target.userRole==SecurityObjects::CSR ||
-                    Target.userRole==SecurityObjects::INSTALLER ||
-                    Target.userRole==SecurityObjects::NOC ||
-                    Target.userRole==SecurityObjects::ACCOUNTING))
-                    return true;
-                if(User.userRole==SecurityObjects::ACCOUNTING &&
-                    (Target.userRole==SecurityObjects::SUBSCRIBER ||
-                    Target.userRole==SecurityObjects::INSTALLER ||
-                    Target.userRole==SecurityObjects::CSR))
-                    return true;
-                return false;
+                case MODIFY: {
+                    switch(User.userRole) {
+                        case SecurityObjects::ROOT:
+                            return true;
+                        case SecurityObjects::ADMIN:
+                            return  Target.userRole!=SecurityObjects::ROOT &&
+                                    Target.userRole!=SecurityObjects::PARTNER;
+                        case SecurityObjects::SUBSCRIBER:
+                            return  User.id==Target.id;
+                        case SecurityObjects::CSR:
+                            return  Target.userRole==SecurityObjects::CSR;
+                        case SecurityObjects::SYSTEM:
+                            return  Target.userRole!=SecurityObjects::ROOT &&
+                                    Target.userRole!=SecurityObjects::PARTNER;
+                        case SecurityObjects::INSTALLER:
+                            return  Target.userRole==SecurityObjects::INSTALLER;
+                        case SecurityObjects::NOC:
+                            return  Target.userRole==SecurityObjects::NOC;
+                        case SecurityObjects::ACCOUNTING:
+                            return  Target.userRole==SecurityObjects::ACCOUNTING;
+                        case SecurityObjects::PARTNER:
+                            return  Target.userRole!=SecurityObjects::ROOT;
+                        default:
+                            return false;
+                    }
+                }
+                    break;
+                default:
+                    return false;
            }
-
-            return true;
        }
    private:

--- a/src/framework/MicroServiceErrorHandler.h
+++ b/src/framework/MicroServiceErrorHandler.h
@@ -102,6 +102,48 @@ namespace OpenWifi {
 													  E.displayText(),
 													  E.message(),
 													  E.what()));
+			} catch (const Poco::TimeoutException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::TimeoutException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::NoThreadAvailableException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::NoThreadAvailableException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::OutOfMemoryException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::OutOfMemoryException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::BadCastException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::BadCastException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::DataException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::DataException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::PoolOverflowException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::PoolOverflowException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::SystemException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::SystemException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
 			} catch (const Poco::RuntimeException &E) {
 				poco_error(App_.logger(), fmt::format("Poco::RuntimeException thr_name={} thr_id={} code={} text={} msg={} what={}",
 													  t_name, t_id, E.code(),
--- a/src/framework/ow_constants.h
+++ b/src/framework/ow_constants.h
@@ -231,7 +231,9 @@ namespace OpenWifi::RESTAPI::Errors {
 	static const struct msg DeviceIsRestricted{1151,"Device is protected by regulation. This function is not allowed."};
 	static const struct msg InvalidURI{1152,"Invalid URI."};
 	static const struct msg InvalidScriptSelection{1153,"Only script or scriptId must be specified. Not both."};
-}
+
+	static const struct msg NoDeviceStatisticsYet{1154,"Device statistics not available yet."};
+	}



@@ -526,6 +528,63 @@ namespace OpenWifi::uCentralProtocol::Events {
 	};
 }

+namespace OpenWifi::APCommands {
+	enum class Commands:uint8_t {
+		capabilities,
+		logs,
+		healthchecks,
+		statistics,
+		status,
+		rtty,
+		configure,
+		upgrade,
+		reboot,
+		factory,
+		leds,
+		trace,
+		request,
+		wifiscan,
+		eventqueue,
+		telemetry,
+		ping,
+		script,
+		unknown
+	};
+
+	inline static const std::vector<const char *> uCentralAPCommands {
+		RESTAPI::Protocol::CAPABILITIES,
+		RESTAPI::Protocol::LOGS,
+		RESTAPI::Protocol::HEALTHCHECKS,
+		RESTAPI::Protocol::STATISTICS,
+		RESTAPI::Protocol::STATUS,
+		RESTAPI::Protocol::RTTY,
+		RESTAPI::Protocol::CONFIGURE,
+		RESTAPI::Protocol::UPGRADE,
+		RESTAPI::Protocol::REBOOT,
+		RESTAPI::Protocol::FACTORY,
+		RESTAPI::Protocol::LEDS,
+		RESTAPI::Protocol::TRACE,
+		RESTAPI::Protocol::REQUEST,
+		RESTAPI::Protocol::WIFISCAN,
+		RESTAPI::Protocol::EVENTQUEUE,
+		RESTAPI::Protocol::TELEMETRY,
+		RESTAPI::Protocol::PING,
+		RESTAPI::Protocol::SCRIPT};
+
+	inline const char * to_string(Commands Cmd) {
+		return uCentralAPCommands[(uint8_t)Cmd];
+	}
+
+	inline Commands to_apcommand(const char *cmd) {
+		for(auto i=(uint8_t)Commands::capabilities;i!=(uint8_t)Commands::unknown;++i) {
+			if(strcmp(uCentralAPCommands[i],cmd)==0)
+				return (Commands)i;
+		}
+		return Commands::unknown;
+	}
+
+}
+
 namespace OpenWifi::Provisioning::DeviceClass {

    static const char * ANY = "any";