| /** |
| * Copyright (c) 2024 Project CHIP Authors |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #import <Foundation/Foundation.h> |
| #import <Matter/MTRBaseClusters.h> |
| #import <Matter/MTRDefines.h> |
| |
| NS_ASSUME_NONNULL_BEGIN |
| |
| /** |
| * An access grant, which can be represented as an entry in the Matter Access |
| * Control cluster. |
| */ |
| NS_SWIFT_SENDABLE |
| MTR_NEWLY_AVAILABLE |
| @interface MTRAccessGrant : NSObject <NSCopying> |
| |
| - (instancetype)init NS_UNAVAILABLE; |
| + (instancetype)new NS_UNAVAILABLE; |
| |
| /** |
| * Grant access at the provided level to a specific node on the fabric. The |
| * provided nodeID must be an operational node identifier. |
| */ |
| + (nullable MTRAccessGrant *)accessGrantForNodeID:(NSNumber *)nodeID privilege:(MTRAccessControlEntryPrivilege)privilege; |
| |
| /** |
| * Grant access to any node on the fabric that has a matching CASE Authenticated |
| * Tag in its operational certificate. The provided caseAuthenticatedTag must |
| * be a 32-bit unsigned integer with lower 16 bits not 0, per the Matter |
| * specification. |
| */ |
| + (nullable MTRAccessGrant *)accessGrantForCASEAuthenticatedTag:(NSNumber *)caseAuthenticatedTag privilege:(MTRAccessControlEntryPrivilege)privilege; |
| |
| /** |
| * Grant access to any node on the fabric that is communicating with us via |
| * group messages sent to the given group. The provided groupID must be a valid |
| * group identifier in the range 1-65535. |
| */ |
| + (nullable MTRAccessGrant *)accessGrantForGroupID:(NSNumber *)groupID privilege:(MTRAccessControlEntryPrivilege)privilege; |
| |
| /** |
| * Grant access to any node on the fabric, as long as it's communicating with us |
| * over a unicast authenticated channel. |
| */ |
| + (MTRAccessGrant *)accessGrantForAllNodesWithPrivilege:(MTRAccessControlEntryPrivilege)privilege; |
| |
| /** |
| * The matter access control subject ID that access has been granted for. Nil |
| * when access has been granted for all subjects (e.g. via initForAllNodesWithPrivilege). |
| */ |
| @property (nonatomic, copy, readonly, nullable) NSNumber * subjectID; |
| |
| /** |
| * The privilege that has been granted |
| */ |
| @property (nonatomic, assign, readonly) MTRAccessControlEntryPrivilege grantedPrivilege; |
| |
| /** |
| * The type of authentication mode the access grant is |
| * for. MTRAccessControlEntryAuthModeCASE for unicast messages and |
| * MTRAccessControlEntryAuthModeGroup for groupcast ones. |
| */ |
| @property (nonatomic, assign, readonly) MTRAccessControlEntryAuthMode authenticationMode; |
| |
| @end |
| |
| NS_ASSUME_NONNULL_END |