Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement spec requirement of "ACL check before existence check" #37342

Open
andy31415 opened this issue Jan 31, 2025 · 1 comment
Open

Implement spec requirement of "ACL check before existence check" #37342

andy31415 opened this issue Jan 31, 2025 · 1 comment
Assignees
@HNaftalin

Comments

@andy31415
Copy link
Contributor

This request is to implement https://github.com/CHIP-Specifications/connectedhomeip-spec/pull/9024

This should be done after #37322 merges and we should fix the TODO in WriteHandler::CheckWriteAllowed.

The issue is that we the existing ordering allows someone with insufficient rights on a cluster still determine what attributes it supports by seeing a difference between "access denied" and "unsupported attribute".

#35336 tried to address it a long time ago, however it was failing CI and code was restructured significantly since then. We can pick up some bits/ideas from there ... like we need to fix BOTH attributes and commands. However overall I expect we need very different/new code (we do not need to be inside ember/ember-compatibility anymore).
@khodya
Copy link

khodya commented Feb 7, 2025

  1. Get ACL
  2. throw error if it is not found
  3. only then read attribute

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HNaftalin HNaftalin

Labels
None yet
Projects
Cluster and example long term maintainability
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andy31415 @khodya @HNaftalin