feat: device Acl

AquaSecure · May 30, 2022 · dd6845a · dd6845a
1 parent 48406b9
commit dd6845a
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 6 deletions.
diff --git a/apps/dgiot_device/src/dgiot_device.erl b/apps/dgiot_device/src/dgiot_device.erl
@@ -22,7 +22,7 @@
 -define(TIMEOUT, 60000).
 
 -export([create_device/1, create_device/2, get_sub_device/1, get_sub_device/2, save_subdevice/2, get_subdevice/2]).
--export([parse_cache_Device/1, sync_parse/1, get/2, post/1, put/1, save/1, save/2, lookup/1, lookup/2, delete/1, delete/2]).
+-export([parse_cache_Device/1, sync_parse/1, get/2, post/1, post/2, put/1, save/1, save/2, lookup/1, lookup/2, delete/1, delete/2]).
 -export([save_profile/1, get_profile/1, get_profile/2, get_online/1, online/1, offline/1, offline_child/1, enable/1, disable/1]).
 -export([put_location/3, get_location/1, get_address/1]).
 -export([get_acl/1, save_log/3, get_url/1, get_appname/1]).
@@ -36,6 +36,9 @@ sync_parse(OffLine) ->
 post(Device) ->
     dgiot_device_cache:post(Device).
 
+post(Device, Token) ->
+    dgiot_device_cache:post(Device, Token).
+
 put(Device) ->
     dgiot_device_cache:put(Device).
 

diff --git a/apps/dgiot_device/src/dgiot_device_channel.erl b/apps/dgiot_device/src/dgiot_device_channel.erl
@@ -158,9 +158,8 @@ handle_message({sync_parse, Pid, 'after', get, _Token, <<"Device">>, #{<<"result
     dgiot_parse_hook:publish(Pid, ResBody#{<<"results">> => NewResults}),
     {ok, State};
 
-handle_message({sync_parse, _Pid, 'after', post, _Token, <<"Device">>, QueryData}, State) ->
-%%    io:format("~s ~p ~p  ~p ~n", [?FILE, ?LINE, Pid, QueryData]),
-    dgiot_device:post(QueryData),
+handle_message({sync_parse, _Pid, 'after', post, Token, <<"Device">>, QueryData}, State) ->
+    dgiot_device:post(QueryData,Token),
     {ok, State};
 
 handle_message({sync_parse, _Pid, 'after', put, _Token, <<"Device">>, QueryData}, State) ->

diff --git a/apps/dgiot_device/src/utils/dgiot_device_cache.erl b/apps/dgiot_device/src/utils/dgiot_device_cache.erl
@@ -20,7 +20,7 @@
 -include_lib("dgiot/include/logger.hrl").
 -include_lib("dgiot_tdengine/include/dgiot_tdengine.hrl").
 
--export([parse_cache_Device/1, sync_parse/1, post/1, put/1, save/1, save/2, save_subdevice/2, get_subdevice/2, lookup/1, lookup/2, delete/1, delete/2]).
+-export([parse_cache_Device/1, sync_parse/1, post/1, post/2, put/1, save/1, save/2, save_subdevice/2, get_subdevice/2, lookup/1, lookup/2, delete/1, delete/2]).
 -export([get_profile/1, get_profile/2, get_online/1, online/1, offline/1, offline_child/1, enable/1, disable/1, save_profile/1]).
 -export([location/3, get_location/1, get_address/1]).
 
@@ -82,7 +82,7 @@ post(Device) ->
     Devaddr = maps:get(<<"devaddr">>, Device),
     Product = maps:get(<<"product">>, Device),
     ProductId = maps:get(<<"objectId">>, Product),
-    DeviceSecret = maps:get(<<"deviceSecret">>, Device, <<"DeviceSecretdefault">>),
+    DeviceSecret = maps:get(<<"deviceSecret">>, Device, <<"oioojn">>),
     DeviceId = maps:get(<<"objectId">>, Device, dgiot_parse_id:get_deviceid(ProductId, Devaddr)),
     case dgiot_product:lookup_prod(ProductId) of
         {ok, ProductInfo} ->
@@ -101,6 +101,30 @@ post(Device) ->
     IsEnable = maps:get(<<"isEnable">>, Device, false),
     insert_mnesia(DeviceId, dgiot_role:get_acls(Device), Status, dgiot_datetime:now_secs(), IsEnable, ProductId, Devaddr, DeviceSecret, node(), Longitude, Latitude).
 
+post(Device, SessionToken) ->
+    Devaddr = maps:get(<<"devaddr">>, Device),
+    Product = maps:get(<<"product">>, Device),
+    ProductId = maps:get(<<"objectId">>, Product),
+    DeviceId = maps:get(<<"objectId">>, Device, dgiot_parse_id:get_deviceid(ProductId, Devaddr)),
+    ACL = maps:get(<<"ACL">>, Product, #{}),
+    DefaultAcl = #{<<"*">> => #{<<"read">> => true}, <<"role:admin">> => #{<<"read">> => true, <<"write">> => true}},
+    SetAcl = case dgiot_auth:get_session(dgiot_utils:to_binary(SessionToken)) of
+                 #{<<"roles">> := Roles} = _User ->
+                     [#{<<"name">> := Role} | _] = maps:values(Roles),
+                     GetAcl = ACL#{
+                         <<"role:", Role/binary>> => #{
+                             <<"read">> => true,
+                             <<"write">> => true
+                         }
+                     },
+                     GetAcl;
+                 Err ->
+                     io:format("~s ~p R = ~p.~n", [?FILE, ?LINE, Err]),
+                     DefaultAcl
+             end,
+    dgiot_parse:update_object(<<"Device">>, DeviceId, #{<<"ACL">> => SetAcl}),
+    dgiot_device_cache:post(Device).
+
 put(Device) ->
     DeviceId = maps:get(<<"objectId">>, Device),
     case lookup(DeviceId) of