From 08ce89a394e1b2bef7500221e6d1d06c57c46596 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta Date: Thu, 23 May 2024 18:07:00 +0530 Subject: [PATCH] sulu: Use static roles and UserInterface --- sulu/sulu-builder/Makefile | 7 +- sulu/sulu-builder/files/etc/config/sulu | 4 +- sulu/sulu-builder/files/etc/init.d/sulu | 12 +- sulu/sulu-builder/files/etc/sulu/sulu.sh | 115 ++-- .../etc/uci-defaults/40-add-sulu-nginx-config | 49 -- .../40-add-sulu-userinterface-config | 32 ++ .../files/etc/uci-defaults/99-fix-sulu-config | 8 +- .../files/etc/users/roles/admin.json | 538 ++++++++++++++++++ .../files/etc/users/roles/user.json | 101 ++++ 9 files changed, 747 insertions(+), 119 deletions(-) delete mode 100755 sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config create mode 100755 sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-userinterface-config create mode 100644 sulu/sulu-builder/files/etc/users/roles/admin.json create mode 100644 sulu/sulu-builder/files/etc/users/roles/user.json diff --git a/sulu/sulu-builder/Makefile b/sulu/sulu-builder/Makefile index 4f83c0b5e..86093855a 100644 --- a/sulu/sulu-builder/Makefile +++ b/sulu/sulu-builder/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sulu-builder -PKG_VERSION:=3.1.59 +PKG_VERSION:=3.1.60 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git @@ -145,9 +145,12 @@ define Package/sulu/install/Default $(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/ $(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/ + $(INSTALL_DIR) $(1)/etc/users/roles + $(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/ + $(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/ - $(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/ + $(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-userinterface-config $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/ ifeq ($(CONFIG_SULU_PWA_APP),y) diff --git a/sulu/sulu-builder/files/etc/config/sulu b/sulu/sulu-builder/files/etc/config/sulu index 91c9ee5e4..191d7a5d7 100644 --- a/sulu/sulu-builder/files/etc/config/sulu +++ b/sulu/sulu-builder/files/etc/config/sulu @@ -1,4 +1,2 @@ config global 'global' - option SessionMode 'Allow' - list user 'admin' - list user 'user' + option enabled '1' diff --git a/sulu/sulu-builder/files/etc/init.d/sulu b/sulu/sulu-builder/files/etc/init.d/sulu index 942bbb934..afa9e75d1 100755 --- a/sulu/sulu-builder/files/etc/init.d/sulu +++ b/sulu/sulu-builder/files/etc/init.d/sulu @@ -6,7 +6,6 @@ START=60 STOP=01 . /lib/functions.sh -. /etc/sulu/sulu.sh log() { echo "${@}"|logger -t sulu.init -p debug @@ -15,12 +14,11 @@ log() { validate_sulu_global_section() { uci_validate_section sulu global global \ - 'enabled:bool:1' \ - 'enable_system_credentials:bool:1' + 'enabled:bool:1' } start_service() { - local enabled enable_system_credentials + local enabled config_load sulu procd_open_instance sulu @@ -33,8 +31,8 @@ start_service() { fi update_nginx_template - configure_sulu "${enable_system_credentials}" 1 - generate_sulu_conn_config + + /etc/sulu/sulu.sh -r procd_close_instance } @@ -45,5 +43,5 @@ reload_service() { service_triggers() { - procd_add_reload_trigger "sulu" "nginx" + procd_add_reload_trigger "sulu" "userinterface" } diff --git a/sulu/sulu-builder/files/etc/sulu/sulu.sh b/sulu/sulu-builder/files/etc/sulu/sulu.sh index d9b33d978..301f61b4f 100644 --- a/sulu/sulu-builder/files/etc/sulu/sulu.sh +++ b/sulu/sulu-builder/files/etc/sulu/sulu.sh @@ -3,7 +3,9 @@ # format using "shfmt" . /lib/functions.sh +. /usr/share/libubox/jshn.sh +RESTART_REQ=0 _RESTART_SERVICES="0" mkdir -p /tmp/sulu/ @@ -39,8 +41,20 @@ function _get_endpoint_id() { fi } -function _get_sulu_users() { - echo "$(uci -q get sulu.global.user)" +function _get_sulu_user_roles() { + roles=$(uci -q get userinterface._sulu_s.role) + + for role in ${roles}; do + if [ -f "/etc/users/roles/$role.json" ]; then + sulu_user_roles="${sulu_user_roles} ${role}" + fi + done + + if [ -n "${sulu_user_roles}" ]; then + sulu_user_roles=$(echo -e "${sulu_user_roles// /\\n}" | sort | uniq) + fi + + echo ${sulu_user_roles} } function _get_sulu_root() { @@ -91,7 +105,7 @@ function update_nginx_template() { port="$(_get_usp_upstream_port)" if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE} - log "Restarting nginx" + slog "Restarting nginx" ubus call uci commit '{"config":"nginx"}' fi } @@ -99,7 +113,7 @@ function update_nginx_template() { function generate_sulu_conn_config() { local users SCONFIG session - users="$(_get_sulu_users)" + users="$(_get_sulu_user_roles)" session="$(_get_sulu_session_mode)" SCONFIG="$(_get_sulu_connection_config)" @@ -139,32 +153,34 @@ function generate_sulu_conn_config() { json_dump >${SCONFIG} } -function _remove_obuspa_config() { - local restart session +cleanup_sulu_usp_config() { + local users sec stype tmp - restart=0 - if [ "$(uci_get obuspa localmqtt)" == "mqtt" ]; then - uci_remove obuspa localmqtt - restart=1 + sec="${1}" + stype="${2}" + users="${3}" + + if [[ "${sec}" == "${stype}_sulu_"* ]]; then + tmp="${sec//${stype}_sulu_/}" + + val="$(echo ${users}|grep -w -o $tmp)" + if [ -z "$val" ]; then + _remove_sulu_section "${sec}" + RESTART_REQ=1 + fi fi - if [ "$(uci_get obuspa agent_mtp)" == "mtp" ]; then - uci_remove obuspa agent_mtp - restart=1 - fi - if [ "$(uci_get obuspa localcontroller)" == "controller" ]; then - uci_remove obuspa localcontroller - restart=1 - fi - return "${restart}" } function _update_obuspa_config_rbac() { - local agent users restart session + local agent users session agent="$(_get_agent_id)" - users="$(_get_sulu_users)" + users="$(_get_sulu_user_roles)" session="$(_get_sulu_session_mode)" - restart=0 + + config_foreach cleanup_sulu_usp_config controller controller "${users}" + config_foreach cleanup_sulu_usp_config mtp mtp "${users}" + config_foreach cleanup_sulu_usp_config mqtt mqtt "${users}" for user in ${users}; do local section @@ -176,7 +192,7 @@ function _update_obuspa_config_rbac() { uci_set obuspa ${section} BrokerAddress "127.0.0.1" uci_set obuspa ${section} BrokerPort "1883" uci_set obuspa ${section} TransportProtocol "TCP/IP" - restart=1 + RESTART_REQ=1 fi # Add mtp @@ -186,7 +202,7 @@ function _update_obuspa_config_rbac() { uci_set obuspa ${section} Protocol "MQTT" uci_set obuspa ${section} ResponseTopicConfigured "/usp/${agent}/${user}/endpoint" uci_set obuspa ${section} mqtt "mqtt_sulu_$user" - restart=1 + RESTART_REQ=1 fi # Add controller @@ -198,16 +214,15 @@ function _update_obuspa_config_rbac() { uci_set obuspa ${section} Topic "/usp/${agent}/${user}/controller" uci_set obuspa ${section} mqtt "mqtt_sulu_$user" uci_set obuspa ${section} assigned_role_name "$user" - restart=1 + RESTART_REQ=1 fi obMode="$(uci_get obuspa ${section} SessionMode)" if [ "${session}" != "${obMode}" ]; then uci_set obuspa ${section} SessionMode "${session}" - restart=1 + RESTART_REQ=1 fi done - return "${restart}" } function _remove_sulu_section() { @@ -221,10 +236,10 @@ function _remove_sulu_section() { } function _create_acl() { - local agentid users restart + local agentid users local ACL_FILE - restart="0" + RESTART_REQ="0" ACL_FILE="$(_get_sulu_acl_file)" if [ -z "${ACL_FILE}" ]; then @@ -236,7 +251,7 @@ function _create_acl() { fi touch "${ACL_FILE}" - users="$(_get_sulu_users)" + users="$(_get_sulu_user_roles)" agentid="$(_get_agent_id)" for user in ${users}; do if ! grep -q "user $user" ${ACL_FILE}; then @@ -245,47 +260,45 @@ function _create_acl() { echo "topic write /usp/${agentid}/${user}/endpoint/#" >>${ACL_FILE} echo "topic read /usp/${agentid}/${user}/controller/#" >>${ACL_FILE} echo "" >>${ACL_FILE} - restart="1" + RESTART_REQ="1" fi done - if [ "${restart}" -gt "0" ]; then + if [ "${RESTART_REQ}" -gt "0" ]; then slog "Restarting mosquitto..." ubus call uci commit '{"config":"mosquitto"}' fi } function update_obuspa_config() { - local restart - - restart=0 + RESTART_REQ=0 uci_load obuspa - _remove_obuspa_config - restart="$((restart + $?))" _update_obuspa_config_rbac - restart="$((restart + $?))" uci_commit obuspa - if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then + if [ "${_RESTART_SERVICES}" -eq "1" -a "${RESTART_REQ}" -gt "0" ]; then slog "Restarting obuspa..." ubus call uci commit '{"config":"obuspa"}' fi } function configure_sulu() { - local sys_cred restart - - sys_cred="${1}" - restart="${2:-0}" - - if [ -z "${sys_cred}" ]; then - slog "Invalid inputs" - return 0 - fi - - _RESTART_SERVICES="${restart}" - update_obuspa_config _create_acl + generate_sulu_conn_config } + +while getopts ":r" opt; do + case ${opt} in + r) + _RESTART_SERVICES="1" + ;; + *) + slog "Invalid option: ${OPTARG}" + exit 1 + ;; + esac +done + +configure_sulu diff --git a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config deleted file mode 100755 index e01dda81f..000000000 --- a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -. /lib/functions.sh - -add_sulu_nginx_uci() -{ - uci_load nginx - - if ! uci_get nginx _sulu_s >/dev/null 2>&1; then - uci_add nginx server _sulu_s - uci_set nginx _sulu_s root '/sulu' - uci_add_list nginx _sulu_s listen "8443 ssl default_server" - uci_add_list nginx _sulu_s listen "[::]:8443 ssl default_server" - uci_set nginx _sulu_s server_name '_sulu_s' - uci_add_list nginx _sulu_s include '/etc/sulu/nginx.locations' - uci_set nginx _sulu_s uci_manage_ssl 'self-signed' - uci_set nginx _sulu_s ssl_certificate '/etc/nginx/conf.d/_lan.crt' - uci_set nginx _sulu_s ssl_certificate_key '/etc/nginx/conf.d/_lan.key' - uci_set nginx _sulu_s ssl_session_cache 'none' - uci_set nginx _sulu_s access_log 'off; # logd openwrt' - uci_set nginx _sulu_s error_log '/dev/null' - fi - - # To host on http, disable _suluredirect and enable _sulu_http - if ! uci_get nginx _suluredirect >/dev/null 2>&1; then - uci_add nginx server _suluredirect - uci_add_list nginx _suluredirect listen "8080" - uci_add_list nginx _suluredirect listen "[::]:8080" - uci_set nginx _suluredirect server_name '_suluredirect' - uci_set nginx _suluredirect return '302 https://$host:8443$request_uri' - fi - - if uci_get nginx _sulu_http >/dev/null 2>&1; then - uci_remove nginx _sulu_http - fi -# if ! uci_get nginx _sulu_http >/dev/null 2>&1; then -# uci_add nginx server _sulu_http -# uci_set nginx _sulu_http root '/sulu' -# uci_add_list nginx _sulu_http listen "8080" -# uci_add_list nginx _sulu_http listen "[::]:8080" -# uci_set nginx _sulu_http server_name '_sulu_http' -# uci_add_list nginx _sulu_http include '/etc/sulu/nginx.locations' -# uci_set nginx _sulu_http ssl_session_cache 'none' -# uci_set nginx _sulu_http access_log 'off; # logd openwrt' -# fi -} - - -add_sulu_nginx_uci diff --git a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-userinterface-config b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-userinterface-config new file mode 100755 index 000000000..f82583312 --- /dev/null +++ b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-userinterface-config @@ -0,0 +1,32 @@ +#!/bin/sh + +. /lib/functions.sh + +add_sulu_userinterface_uci() +{ + uci_load userinterface + + if ! uci_get userinterface _sulu_s >/dev/null 2>&1; then + uci_add userinterface http_access _sulu_s + uci_set userinterface _sulu_s path_prefix '/sulu' + uci_set userinterface _sulu_s port '8443' + uci_add_list userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations' + uci_set userinterface _sulu_s _nginx_uci_manage_ssl 'self-signed' + uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt' + uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key' + uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none' + uci_set userinterface _sulu_s protocol 'HTTPS' + uci_add_list userinterface _sulu_s role 'admin' + uci_add_list userinterface _sulu_s role 'user' + fi + + if ! uci_get userinterface _suluredirect >/dev/null 2>&1; then + uci_add userinterface http_access _suluredirect + uci_set userinterface _suluredirect redirect '_sulu_s' + uci_set userinterface _suluredirect protocol 'HTTP' + uci_set userinterface _suluredirect port "8080" + fi +} + + +add_sulu_userinterface_uci diff --git a/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config b/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config index 2855dbf78..c82d067de 100644 --- a/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config +++ b/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config @@ -1,9 +1,3 @@ #!/bin/sh -. /etc/sulu/sulu.sh - -config_load sulu -config_get enable_system_credentials global enable_system_credentials 1 - -configure_sulu "${enable_system_credentials}" 0 -generate_sulu_conn_config +/etc/sulu/sulu.sh diff --git a/sulu/sulu-builder/files/etc/users/roles/admin.json b/sulu/sulu-builder/files/etc/users/roles/admin.json new file mode 100644 index 000000000..19ad1f924 --- /dev/null +++ b/sulu/sulu-builder/files/etc/users/roles/admin.json @@ -0,0 +1,538 @@ +{ + "tr181": { + "permission": [ + { + "object": "Device.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.Reboot()", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_OPER", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.SelfTestDiagnostics()", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_OPER", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.FactoryReset()", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_OPER", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.DeviceInfo.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Time.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.UPnP.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Bridging.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Ethernet.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.DHCPv4.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.DHCPv4.Server.Pool.{i}.StaticAddress.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.DHCPv6.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Hosts.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.{BBF_VENDOR_PREFIX}URLFilter.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.{BBF_VENDOR_PREFIX}OpenVPN.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.NAT.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.PPP.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Routing.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.IEEE1905.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.InterfaceStack.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.DynamicDNS.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.LANConfigSecurity.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Security.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.RouterAdvertisement.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Services.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.UserInterface.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.PeriodicStatistics.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.SoftwareModules.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Users.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.LocalAgent.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.LocalAgent.Subscription.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.WiFi.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.DNS.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.IP.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.SSH.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SET", + "PERMIT_ADD", + "PERMIT_DEL", + "PERMIT_OPER", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + } + ] + } +} diff --git a/sulu/sulu-builder/files/etc/users/roles/user.json b/sulu/sulu-builder/files/etc/users/roles/user.json new file mode 100644 index 000000000..deafc418b --- /dev/null +++ b/sulu/sulu-builder/files/etc/users/roles/user.json @@ -0,0 +1,101 @@ +{ + "tr181": { + "permission": [ + { + "object": "Device.", + "perm": [ + "PERMIT_NONE" + ] + }, + { + "object": "Device.DeviceInfo.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.Hosts.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.IEEE1905.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.DynamicDNS.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object":"Device.PeriodicStatistics.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.LocalAgent.Subscription.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_ADD", + "PERMIT_SET", + "PERMIT_DEL", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.WiFi.", + "perm": [ + "PERMIT_GET", + "PERMIT_GET_INST", + "PERMIT_OBJ_INFO", + "PERMIT_CMD_INFO", + "PERMIT_SUBS_VAL_CHANGE", + "PERMIT_SUBS_OBJ_ADD", + "PERMIT_SUBS_OBJ_DEL" + ] + }, + { + "object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()", + "perm": [ + "PERMIT_OPER", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + }, + { + "object": "Device.WiFi.DataElements.Network.SetSSID()", + "perm": [ + "PERMIT_OPER", + "PERMIT_SUBS_EVT_OPER_COMP" + ] + } + ] + } +}