Do proper ACL checks on event reads/subscriptions. (#26761)
* Do proper ACL checks on event reads/subscriptions.
This adds the following functionality:
1. We now correctly detect subsciptions that don't have any access to anything,
even if they have an event path in the subscribe request. For paths with a
wildcard event id, this check assumes read privileges are needed when event
lists are disabled, and uses the actual event-specific privileges when event
lists are enabled.
2. When doing reads of an unsupported event, correctly return an
errors instead of an empty event list.
3. Fix various unit test mocks to provide the information needed for the new
checks.
4. Update expectation in existing YAML test that was checking an "unimplemented
event" case.
* Address review comments.
* Fix darwin build.
* Fix Darwin tests, now that we get errors for unsupported events.
* Move function declarations to a non-codegen-dependent header.
* Handle ACL checks for event wildcards even if we have no EventList.
* Update to spec change for unsupported event errors.
* Address review comments.
diff --git a/src/app/tests/suites/TestEvents.yaml b/src/app/tests/suites/TestEvents.yaml
index 03f314f..637268e 100644
--- a/src/app/tests/suites/TestEvents.yaml
+++ b/src/app/tests/suites/TestEvents.yaml
@@ -37,7 +37,8 @@
command: "readEvent"
event: "TestEvent"
endpoint: 0
- response: []
+ response:
+ error: UNSUPPORTED_CLUSTER
- label: "Generate an event on the accessory"
command: "TestEmitTestEventRequest"
