diff --git a/build b/build index dc7b54a..dce6588 100644 --- a/build +++ b/build @@ -1 +1 @@ -33 \ No newline at end of file +36 \ No newline at end of file diff --git a/src/ACLProcessor.h b/src/ACLProcessor.h index 1673fd3..534200a 100644 --- a/src/ACLProcessor.h +++ b/src/ACLProcessor.h @@ -32,53 +32,102 @@ namespace OpenWifi { */ static inline bool Can( const SecurityObjects::UserInfo & User, const SecurityObjects::UserInfo & Target, ACL_OPS Op) { - // rule 0 - if(User.id == Target.id && User.userRole == SecurityObjects::SUBSCRIBER && Op == DELETE) - return true; + switch(Op) { + case DELETE: { + // can a user delete themselves - yes - only if not root. We do not want a system to end up rootless + if(User.id==Target.id) { + return User.userRole != SecurityObjects::ROOT; + } + // Root can delete anyone + switch (User.userRole) { + case SecurityObjects::ROOT: + return true; + case SecurityObjects::ADMIN: + return Target.userRole!=SecurityObjects::ROOT && Target.userRole!=SecurityObjects::PARTNER; + case SecurityObjects::SUBSCRIBER: + return User.id==Target.id; + case SecurityObjects::CSR: + return false; + case SecurityObjects::SYSTEM: + return Target.userRole!=SecurityObjects::ROOT && Target.userRole!=SecurityObjects::PARTNER; + case SecurityObjects::INSTALLER: + return User.id==Target.id; + case SecurityObjects::NOC: + return Target.userRole==SecurityObjects::NOC; + case SecurityObjects::ACCOUNTING: + return Target.userRole==SecurityObjects::ACCOUNTING; + case SecurityObjects::PARTNER: + return Target.userRole!=SecurityObjects::ROOT; + default: + return false; + } + } + break; - // rule 1 - if(User.id == Target.id && Op==DELETE) - return false; + case READ: { + return User.userRole == SecurityObjects::ROOT || + User.userRole == SecurityObjects::ADMIN || + User.userRole == SecurityObjects::PARTNER; + } + break; - // rule 2 - if(User.userRole==SecurityObjects::ROOT) - return true; + case CREATE: { + switch(User.userRole) { + case SecurityObjects::ROOT: + return true; + case SecurityObjects::ADMIN: + return Target.userRole!=SecurityObjects::ROOT && + Target.userRole!=SecurityObjects::PARTNER; + case SecurityObjects::SUBSCRIBER: + return false; + case SecurityObjects::CSR: + return Target.userRole==SecurityObjects::CSR; + case SecurityObjects::SYSTEM: + return Target.userRole!=SecurityObjects::ROOT && Target.userRole!=SecurityObjects::PARTNER; + case SecurityObjects::INSTALLER: + return Target.userRole==SecurityObjects::INSTALLER; + case SecurityObjects::NOC: + return Target.userRole==SecurityObjects::NOC; + case SecurityObjects::ACCOUNTING: + return Target.userRole==SecurityObjects::ACCOUNTING; + case SecurityObjects::PARTNER: + return Target.userRole!=SecurityObjects::ROOT; + default: + return false; + } + } + break; - // rule 3 - if(User.id == Target.id) - return true; - - // rule 4 - if(Target.userRole==SecurityObjects::ROOT && Op!=READ) - return false; - - if(Op==CREATE) { - if(User.userRole==SecurityObjects::ROOT) - return true; - if(User.userRole==SecurityObjects::PARTNER && (Target.userRole==SecurityObjects::ADMIN || - Target.userRole==SecurityObjects::SUBSCRIBER || - Target.userRole==SecurityObjects::CSR || - Target.userRole==SecurityObjects::INSTALLER || - Target.userRole==SecurityObjects::NOC || - Target.userRole==SecurityObjects::ACCOUNTING)) - return true; - if(User.userRole==SecurityObjects::ADMIN && - (Target.userRole==SecurityObjects::ADMIN || - Target.userRole==SecurityObjects::SUBSCRIBER || - Target.userRole==SecurityObjects::CSR || - Target.userRole==SecurityObjects::INSTALLER || - Target.userRole==SecurityObjects::NOC || - Target.userRole==SecurityObjects::ACCOUNTING)) - return true; - if(User.userRole==SecurityObjects::ACCOUNTING && - (Target.userRole==SecurityObjects::SUBSCRIBER || - Target.userRole==SecurityObjects::INSTALLER || - Target.userRole==SecurityObjects::CSR)) - return true; - return false; + case MODIFY: { + switch(User.userRole) { + case SecurityObjects::ROOT: + return true; + case SecurityObjects::ADMIN: + return Target.userRole!=SecurityObjects::ROOT && + Target.userRole!=SecurityObjects::PARTNER; + case SecurityObjects::SUBSCRIBER: + return User.id==Target.id; + case SecurityObjects::CSR: + return Target.userRole==SecurityObjects::CSR; + case SecurityObjects::SYSTEM: + return Target.userRole!=SecurityObjects::ROOT && + Target.userRole!=SecurityObjects::PARTNER; + case SecurityObjects::INSTALLER: + return Target.userRole==SecurityObjects::INSTALLER; + case SecurityObjects::NOC: + return Target.userRole==SecurityObjects::NOC; + case SecurityObjects::ACCOUNTING: + return Target.userRole==SecurityObjects::ACCOUNTING; + case SecurityObjects::PARTNER: + return Target.userRole!=SecurityObjects::ROOT; + default: + return false; + } + } + break; + default: + return false; } - - return true; } private: diff --git a/src/framework/MicroServiceErrorHandler.h b/src/framework/MicroServiceErrorHandler.h index 3a78aba..03de471 100644 --- a/src/framework/MicroServiceErrorHandler.h +++ b/src/framework/MicroServiceErrorHandler.h @@ -102,6 +102,48 @@ namespace OpenWifi { E.displayText(), E.message(), E.what())); + } catch (const Poco::TimeoutException &E) { + poco_error(App_.logger(), fmt::format("Poco::TimeoutException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); + } catch (const Poco::NoThreadAvailableException &E) { + poco_error(App_.logger(), fmt::format("Poco::NoThreadAvailableException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); + } catch (const Poco::OutOfMemoryException &E) { + poco_error(App_.logger(), fmt::format("Poco::OutOfMemoryException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); + } catch (const Poco::BadCastException &E) { + poco_error(App_.logger(), fmt::format("Poco::BadCastException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); + } catch (const Poco::DataException &E) { + poco_error(App_.logger(), fmt::format("Poco::DataException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); + } catch (const Poco::PoolOverflowException &E) { + poco_error(App_.logger(), fmt::format("Poco::PoolOverflowException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); + } catch (const Poco::SystemException &E) { + poco_error(App_.logger(), fmt::format("Poco::SystemException thr_name={} thr_id={} code={} text={} msg={} what={}", + t_name, t_id, E.code(), + E.displayText(), + E.message(), + E.what())); } catch (const Poco::RuntimeException &E) { poco_error(App_.logger(), fmt::format("Poco::RuntimeException thr_name={} thr_id={} code={} text={} msg={} what={}", t_name, t_id, E.code(), diff --git a/src/framework/ow_constants.h b/src/framework/ow_constants.h index 803c330..ceaf163 100644 --- a/src/framework/ow_constants.h +++ b/src/framework/ow_constants.h @@ -231,7 +231,9 @@ namespace OpenWifi::RESTAPI::Errors { static const struct msg DeviceIsRestricted{1151,"Device is protected by regulation. This function is not allowed."}; static const struct msg InvalidURI{1152,"Invalid URI."}; static const struct msg InvalidScriptSelection{1153,"Only script or scriptId must be specified. Not both."}; -} + + static const struct msg NoDeviceStatisticsYet{1154,"Device statistics not available yet."}; + } @@ -526,6 +528,63 @@ namespace OpenWifi::uCentralProtocol::Events { }; } +namespace OpenWifi::APCommands { + enum class Commands:uint8_t { + capabilities, + logs, + healthchecks, + statistics, + status, + rtty, + configure, + upgrade, + reboot, + factory, + leds, + trace, + request, + wifiscan, + eventqueue, + telemetry, + ping, + script, + unknown + }; + + inline static const std::vector uCentralAPCommands { + RESTAPI::Protocol::CAPABILITIES, + RESTAPI::Protocol::LOGS, + RESTAPI::Protocol::HEALTHCHECKS, + RESTAPI::Protocol::STATISTICS, + RESTAPI::Protocol::STATUS, + RESTAPI::Protocol::RTTY, + RESTAPI::Protocol::CONFIGURE, + RESTAPI::Protocol::UPGRADE, + RESTAPI::Protocol::REBOOT, + RESTAPI::Protocol::FACTORY, + RESTAPI::Protocol::LEDS, + RESTAPI::Protocol::TRACE, + RESTAPI::Protocol::REQUEST, + RESTAPI::Protocol::WIFISCAN, + RESTAPI::Protocol::EVENTQUEUE, + RESTAPI::Protocol::TELEMETRY, + RESTAPI::Protocol::PING, + RESTAPI::Protocol::SCRIPT}; + + inline const char * to_string(Commands Cmd) { + return uCentralAPCommands[(uint8_t)Cmd]; + } + + inline Commands to_apcommand(const char *cmd) { + for(auto i=(uint8_t)Commands::capabilities;i!=(uint8_t)Commands::unknown;++i) { + if(strcmp(uCentralAPCommands[i],cmd)==0) + return (Commands)i; + } + return Commands::unknown; + } + +} + namespace OpenWifi::Provisioning::DeviceClass { static const char * ANY = "any";