Overwork Services/Discovery (#725)

* Update homeassistant.py * Update validate.py * Update exceptions.py * Update services.py * Update discovery.py * fix gitignore * Fix handling for discovery * use object in ref * lock down discovery API * fix api * Design * Fix API * fix lint * fix * Fix security layer * add provide layer * fix access * change rating * fix rights * Fix API error handling * raise error * fix rights * api * fix handling * fix * debug * debug json * Fix validator * fix error * new url * fix schema
2025-11-09 10:59:43 +00:00 · 2018-09-29 19:49:08 +02:00
parent 4ef8c9d633
commit e5451973bd
22 changed files with 263 additions and 202 deletions
--- a/hassio/api/services.py
+++ b/hassio/api/services.py
@@ -2,8 +2,10 @@

 from .utils import api_process, api_validate
 from ..const import (
-    ATTR_AVAILABLE, ATTR_PROVIDER, ATTR_SLUG, ATTR_SERVICES, REQUEST_FROM)
+    ATTR_AVAILABLE, ATTR_PROVIDERS, ATTR_SLUG, ATTR_SERVICES, REQUEST_FROM,
+    PROVIDE_SERVICE)
 from ..coresys import CoreSysAttributes
+from ..exceptions import APIError, APIForbidden


 class APIServices(CoreSysAttributes):
@@ -13,7 +15,7 @@ class APIServices(CoreSysAttributes):
        """Return service, throw an exception if it doesn't exist."""
        service = self.sys_services.get(request.match_info.get('service'))
        if not service:
-            raise RuntimeError("Service does not exist")
+            raise APIError("Service does not exist")

        return service

@@ -25,7 +27,7 @@ class APIServices(CoreSysAttributes):
            services.append({
                ATTR_SLUG: service.slug,
                ATTR_AVAILABLE: service.enabled,
-                ATTR_PROVIDER: service.provider,
+                ATTR_PROVIDERS: service.providers,
            })

        return {ATTR_SERVICES: services}
@@ -35,21 +37,39 @@ class APIServices(CoreSysAttributes):
        """Write data into a service."""
        service = self._extract_service(request)
        body = await api_validate(service.schema, request)
+        addon = request[REQUEST_FROM]

-        return service.set_service_data(request[REQUEST_FROM], body)
+        _check_access(request, service.slug)
+        service.set_service_data(addon, body)

    @api_process
    async def get_service(self, request):
        """Read data into a service."""
        service = self._extract_service(request)

-        return {
-            ATTR_AVAILABLE: service.enabled,
-            service.slug: service.get_service_data(),
-        }
+        # Access
+        _check_access(request, service.slug)
+
+        if not service.enabled:
+            raise APIError("Service not enabled")
+        return service.get_service_data()

    @api_process
    async def del_service(self, request):
        """Delete data into a service."""
        service = self._extract_service(request)
-        return service.del_service_data(request[REQUEST_FROM])
+        addon = request[REQUEST_FROM]
+
+        # Access
+        _check_access(request, service.slug, True)
+        service.del_service_data(addon)
+
+
+def _check_access(request, service, provide=False):
+    """Raise error if the rights are wrong."""
+    addon = request[REQUEST_FROM]
+    if not addon.services_role.get(service):
+        raise APIForbidden(f"No access to {service} service!")
+
+    if provide and addon.services_role.get(service) != PROVIDE_SERVICE:
+        raise APIForbidden(f"No access to write {service} service!")