mtan93/SmartThingsPublic
1
0
Fork 0
mirror of https://github.com/mtan93/SmartThingsPublic.git synced 2026-03-08 21:02:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

PENG-158 UBI should not allow undefined commands

Browse Source 
- now validating commands per capability of the device in the smartapp

removed commented out code
This commit is contained in:
Rohan Desai
2016-05-13 14:49:37 -07:00
parent 467c6ff055
commit 32f0385e30
1 changed files with 75 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
smartapps/smartthings/ubi.src/ubi.groovy
View File

@@ -107,8 +107,8 @@ mappings {
path("/locks") { path("/locks") {
action: [ action: [
GET: "listLocks", GET: "listLocks",
PUT: "updateLock", PUT: "updateLocks",
POST: "updateLock" POST: "updateLocks"
] ]
} }
path("/locks/:id") { path("/locks/:id") {
@@ -442,31 +442,87 @@ def executePhrase() {
} }
private void updateAll(devices) { private void updateAll(devices) {
def type = params.param1
def command = request.JSON?.command def command = request.JSON?.command
if (command) if (!devices) {
{ httpError(404, "Devices not found")
command = command.toLowerCase() }
devices."$command"() if (command){
devices.each { device ->
executeCommand(device, type, command)
}
} }
} }
private void update(devices) { private void update(devices) {
log.debug "update, request: ${request.JSON}, params: ${params}, devices: $devices.id" log.debug "update, request: ${request.JSON}, params: ${params}, devices: $devices.id"
//def command = request.JSON?.command def type = params.param1
def command = params.command def command = request.JSON?.command
if (command) def device = devices?.find { it.id == params.id }
{
command = command.toLowerCase() if (!device) {
def device = devices.find { it.id == params.id }
if (!device)
{
httpError(404, "Device not found") httpError(404, "Device not found")
}
else
{
device."$command"()
}
} }
if (command) {
executeCommand(device, type, command)
}
}
/**
* Validating the command passed by the user based on capability.
* @return boolean
*/
def validateCommand(device, deviceType, command) {
def capabilityCommands = getDeviceCapabilityCommands(device.capabilities)
def currentDeviceCapability = getCapabilityName(deviceType)
if (capabilityCommands[currentDeviceCapability]) {
return command in capabilityCommands[currentDeviceCapability] ? true : false
} else {
// Handling other device types here, which don't accept commands
httpError(400, "Bad request.")
}
}
/**
* Need to get the attribute name to do the lookup. Only
* doing it for the device types which accept commands
* @return attribute name of the device type
*/
def getCapabilityName(type) {
switch(type) {
case "switches":
return "Switch"
case "locks":
return "Lock"
default:
return type
}
}
/**
* Constructing the map over here of
* supported commands by device capability
* @return a map of device capability -> supported commands
*/
def getDeviceCapabilityCommands(deviceCapabilities) {
def map = [:]
deviceCapabilities.collect {
map[it.name] = it.commands.collect{ it.name.toString() }
}
return map
}
/**
* Validates and executes the command
* on the device or devices
*/
def executeCommand(device, type, command) {
if (validateCommand(device, type, command)) {
device."$command"()
} else {
httpError(403, "Access denied. This command is not supported by current capability.")
}
} }
private show(devices, type) { private show(devices, type) {