mirror of
https://github.com/home-assistant/core.git
synced 2025-07-23 21:27:38 +00:00
Add permission check to light service (#19259)
This commit is contained in:
parent
4a23d4c7d3
commit
0eb0faff03
@ -12,11 +12,13 @@ import os
|
|||||||
|
|
||||||
import voluptuous as vol
|
import voluptuous as vol
|
||||||
|
|
||||||
|
from homeassistant.auth.permissions.const import POLICY_CONTROL
|
||||||
from homeassistant.components.group import \
|
from homeassistant.components.group import \
|
||||||
ENTITY_ID_FORMAT as GROUP_ENTITY_ID_FORMAT
|
ENTITY_ID_FORMAT as GROUP_ENTITY_ID_FORMAT
|
||||||
from homeassistant.const import (
|
from homeassistant.const import (
|
||||||
ATTR_ENTITY_ID, SERVICE_TOGGLE, SERVICE_TURN_OFF, SERVICE_TURN_ON,
|
ATTR_ENTITY_ID, SERVICE_TOGGLE, SERVICE_TURN_OFF, SERVICE_TURN_ON,
|
||||||
STATE_ON)
|
STATE_ON)
|
||||||
|
from homeassistant.exceptions import UnknownUser, Unauthorized
|
||||||
import homeassistant.helpers.config_validation as cv
|
import homeassistant.helpers.config_validation as cv
|
||||||
from homeassistant.helpers.config_validation import PLATFORM_SCHEMA # noqa
|
from homeassistant.helpers.config_validation import PLATFORM_SCHEMA # noqa
|
||||||
from homeassistant.helpers.entity import ToggleEntity
|
from homeassistant.helpers.entity import ToggleEntity
|
||||||
@ -256,6 +258,21 @@ async def async_setup(hass, config):
|
|||||||
target_lights = component.async_extract_from_service(service)
|
target_lights = component.async_extract_from_service(service)
|
||||||
params.pop(ATTR_ENTITY_ID, None)
|
params.pop(ATTR_ENTITY_ID, None)
|
||||||
|
|
||||||
|
if service.context.user_id:
|
||||||
|
user = await hass.auth.async_get_user(service.context.user_id)
|
||||||
|
if user is None:
|
||||||
|
raise UnknownUser(context=service.context)
|
||||||
|
|
||||||
|
entity_perms = user.permissions.check_entity
|
||||||
|
|
||||||
|
for light in target_lights:
|
||||||
|
if not entity_perms(light, POLICY_CONTROL):
|
||||||
|
raise Unauthorized(
|
||||||
|
context=service.context,
|
||||||
|
entity_id=light,
|
||||||
|
permission=POLICY_CONTROL
|
||||||
|
)
|
||||||
|
|
||||||
preprocess_turn_on_alternatives(params)
|
preprocess_turn_on_alternatives(params)
|
||||||
|
|
||||||
update_tasks = []
|
update_tasks = []
|
||||||
|
@ -5,7 +5,10 @@ import unittest.mock as mock
|
|||||||
import os
|
import os
|
||||||
from io import StringIO
|
from io import StringIO
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
|
||||||
from homeassistant import core, loader
|
from homeassistant import core, loader
|
||||||
|
from homeassistant.exceptions import Unauthorized
|
||||||
from homeassistant.setup import setup_component, async_setup_component
|
from homeassistant.setup import setup_component, async_setup_component
|
||||||
from homeassistant.const import (
|
from homeassistant.const import (
|
||||||
ATTR_ENTITY_ID, STATE_ON, STATE_OFF, CONF_PLATFORM,
|
ATTR_ENTITY_ID, STATE_ON, STATE_OFF, CONF_PLATFORM,
|
||||||
@ -495,3 +498,22 @@ async def test_light_context(hass, hass_admin_user):
|
|||||||
assert state2 is not None
|
assert state2 is not None
|
||||||
assert state.state != state2.state
|
assert state.state != state2.state
|
||||||
assert state2.context.user_id == hass_admin_user.id
|
assert state2.context.user_id == hass_admin_user.id
|
||||||
|
|
||||||
|
|
||||||
|
async def test_light_turn_on_auth(hass, hass_admin_user):
|
||||||
|
"""Test that light context works."""
|
||||||
|
assert await async_setup_component(hass, 'light', {
|
||||||
|
'light': {
|
||||||
|
'platform': 'test'
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
state = hass.states.get('light.ceiling')
|
||||||
|
assert state is not None
|
||||||
|
|
||||||
|
hass_admin_user.mock_policy({})
|
||||||
|
|
||||||
|
with pytest.raises(Unauthorized):
|
||||||
|
await hass.services.async_call('light', 'turn_on', {
|
||||||
|
'entity_id': state.entity_id,
|
||||||
|
}, True, core.Context(user_id=hass_admin_user.id))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user