usermngr: json schema to validate the role acl

2025-12-09 23:34:51 +01:00 · 2025-10-29 10:23:04 +00:00 · 2025-10-29 10:23:04 +00:00 · fb236949fc
commit fb236949fc
parent 5631c28df4
2 changed files with 70 additions and 0 deletions
--- a/usermngr/Makefile
+++ b/usermngr/Makefile
@ -75,6 +75,7 @@ define Package/usermngr/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/etc/users/roles
+	$(INSTALL_DIR) $(1)/etc/users/schema
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-shells $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-roles $(1)/etc/uci-defaults/
@ -88,6 +89,7 @@ endif
 	$(INSTALL_BIN) ./files/etc/init.d/users $(1)/etc/init.d/users
 	$(INSTALL_BIN) ./files/etc/config/users $(1)/etc/config/users
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/usermngr $(1)/usr/sbin/usermngr
+	$(CP) ./acl.schema.json $(1)/etc/users/schema/acl.schema.json
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 endef

--- a/usermngr/acl.schema.json
+++ b/usermngr/acl.schema.json
@ -0,0 +1,68 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "title": "TR-181 Permissions Schema",
+  "type": "object",
+  "properties": {
+    "tr181": {
+      "type": "object",
+      "required": ["name", "instance", "secure_role", "permission"],
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "Name of the TR-181 profile or configuration"
+        },
+        "instance": {
+          "type": "integer",
+          "description": "Instance identifier"
+        },
+        "secure_role": {
+          "type": "boolean",
+          "description": "Whether this role is secure"
+        },
+        "permission": {
+          "type": "array",
+          "description": "List of TR-181 permissions by object path",
+          "items": {
+            "type": "object",
+            "required": ["object", "perm"],
+            "properties": {
+              "object": {
+                "type": "string",
+                "description": "TR-181 object path or parameter name"
+              },
+              "perm": {
+                "type": "array",
+                "description": "List of permissions for the given object",
+                "items": {
+                  "type": "string",
+                  "enum": [
+                    "PERMIT_NONE",
+                    "PERMIT_ALL",
+                    "PERMIT_GET",
+                    "PERMIT_GET_INST",
+                    "PERMIT_OBJ_INFO",
+                    "PERMIT_CMD_INFO",
+                    "PERMIT_SET",
+                    "PERMIT_ADD",
+                    "PERMIT_DEL",
+                    "PERMIT_OPER",
+                    "PERMIT_SUBS_VAL_CHANGE",
+                    "PERMIT_SUBS_OBJ_ADD",
+                    "PERMIT_SUBS_OBJ_DEL",
+                    "PERMIT_SUBS_EVT_OPER_COMP"
+                  ]
+                },
+                "uniqueItems": true
+              }
+            },
+            "additionalProperties": false
+          },
+          "minItems": 1
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  "required": ["tr181"],
+  "additionalProperties": false
+}