Add permission check to light service (#19259)

This commit is contained in:
Paulus Schoutsen 2018-12-14 10:18:36 +01:00 committed by GitHub
parent 4a23d4c7d3
commit 0eb0faff03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 0 deletions

View File

@ -12,11 +12,13 @@ import os
import voluptuous as vol import voluptuous as vol
from homeassistant.auth.permissions.const import POLICY_CONTROL
from homeassistant.components.group import \ from homeassistant.components.group import \
ENTITY_ID_FORMAT as GROUP_ENTITY_ID_FORMAT ENTITY_ID_FORMAT as GROUP_ENTITY_ID_FORMAT
from homeassistant.const import ( from homeassistant.const import (
ATTR_ENTITY_ID, SERVICE_TOGGLE, SERVICE_TURN_OFF, SERVICE_TURN_ON, ATTR_ENTITY_ID, SERVICE_TOGGLE, SERVICE_TURN_OFF, SERVICE_TURN_ON,
STATE_ON) STATE_ON)
from homeassistant.exceptions import UnknownUser, Unauthorized
import homeassistant.helpers.config_validation as cv import homeassistant.helpers.config_validation as cv
from homeassistant.helpers.config_validation import PLATFORM_SCHEMA # noqa from homeassistant.helpers.config_validation import PLATFORM_SCHEMA # noqa
from homeassistant.helpers.entity import ToggleEntity from homeassistant.helpers.entity import ToggleEntity
@ -256,6 +258,21 @@ async def async_setup(hass, config):
target_lights = component.async_extract_from_service(service) target_lights = component.async_extract_from_service(service)
params.pop(ATTR_ENTITY_ID, None) params.pop(ATTR_ENTITY_ID, None)
if service.context.user_id:
user = await hass.auth.async_get_user(service.context.user_id)
if user is None:
raise UnknownUser(context=service.context)
entity_perms = user.permissions.check_entity
for light in target_lights:
if not entity_perms(light, POLICY_CONTROL):
raise Unauthorized(
context=service.context,
entity_id=light,
permission=POLICY_CONTROL
)
preprocess_turn_on_alternatives(params) preprocess_turn_on_alternatives(params)
update_tasks = [] update_tasks = []

View File

@ -5,7 +5,10 @@ import unittest.mock as mock
import os import os
from io import StringIO from io import StringIO
import pytest
from homeassistant import core, loader from homeassistant import core, loader
from homeassistant.exceptions import Unauthorized
from homeassistant.setup import setup_component, async_setup_component from homeassistant.setup import setup_component, async_setup_component
from homeassistant.const import ( from homeassistant.const import (
ATTR_ENTITY_ID, STATE_ON, STATE_OFF, CONF_PLATFORM, ATTR_ENTITY_ID, STATE_ON, STATE_OFF, CONF_PLATFORM,
@ -495,3 +498,22 @@ async def test_light_context(hass, hass_admin_user):
assert state2 is not None assert state2 is not None
assert state.state != state2.state assert state.state != state2.state
assert state2.context.user_id == hass_admin_user.id assert state2.context.user_id == hass_admin_user.id
async def test_light_turn_on_auth(hass, hass_admin_user):
"""Test that light context works."""
assert await async_setup_component(hass, 'light', {
'light': {
'platform': 'test'
}
})
state = hass.states.get('light.ceiling')
assert state is not None
hass_admin_user.mock_policy({})
with pytest.raises(Unauthorized):
await hass.services.async_call('light', 'turn_on', {
'entity_id': state.entity_id,
}, True, core.Context(user_id=hass_admin_user.id))