Open mirusu400 opened 8 months ago
I'm not so sure it is in error, or at least, that it deviates from the spec:
Table 63 ("Actions undertaken by the operations of the bulitin AccessControl plugin") lists for "check_create_topic":
This operation shall use the permissions_handle to retrieve the cached Permissions and Governance information.
If the Governance specifies a topic or topic-expression on the DomainParticipant domain_id matching the Topic name
It does (domain id = 0, so in range of both governance and permissions documents).
with enable_read_access_control set to FALSE or with enable_write_access_control set to FALSE, then the operation shall succeed and return TRUE.
Both are set to TRUE, therefore, continue.
If the Permissions document contains a Grant for the DomainParticipant allowing it to publish the Topic with specified topic_name, then the operation shall succeed and return TRUE.
The permissions document contains a DENY rule for publishing, therefore continue.
If the Permissions document contains a Grant for the DomainParticipant allowing it to subscribe the Topic with specified topic_name, then the operation shall succeed and return TRUE.
The permissions document contains a DENY rule for subscribing, therefore continue ...
Otherwise the operation shall return FALSE.
... and thus deny the creation of the topic.
Hello. While using cyclonedds I got an unexpected behavior with permission.
Expected behavior
When I create a topic rule in
governance.xml
and add a deny_rule inpermissions.xml
, Error should be arisen when we calldds_create_writer
function.Current behavior
When having
governance.xml
andpermissions.xml
with deny_rule, Errors are arised whendds_create_topic
called. (notdds_create_writer
function!)Steps to reproduce
governance.xml
main.cpp
PoC
eclipse_dds_permission.zip
We can simply test by given poc
Here are output: