commit c7b49135acc2a4bee7be0358962aaf04e94ead1b
author Marc Lepage <67919234+mlepage-google@users.noreply.github.com> Wed Mar 23 17:28:47 2022 -0400
committer GitHub <noreply@github.com> Wed Mar 23 17:28:47 2022 -0400
tree 9e41e6229921fba710888f8705be271e0391eac7
parent 395bb1fdeb90139cf82b82af6e78430ab21be018

Add zap gen for Matter access privilege definitions (#16327)

New zap template iterates over access definitions for app server
clusters, for attributes/commands/events, to generate parallel arrays of
custom privileges for read/write attribute, invoke command, and read
event.

New privilege storage source files provide an API to access the generated
data, and an implementation using the generated data.

The data is generated and the storage is built per-app.

The library (DM, IM, app common) RequiredPrivilege module now uses the
privilege-storage API to access populated data on a per-app basis. Weak
implementations of the privilege storage API provide a default implementation
lacking generated data, so test artifacts can be built.

Fixes #14419

src/app/RequiredPrivilege.h

diff --git a/src/app/RequiredPrivilege.h b/src/app/RequiredPrivilege.h
index ff2fec0e..9d61dae 100644
--- a/src/app/RequiredPrivilege.h
+++ b/src/app/RequiredPrivilege.h
@@ -22,6 +22,8 @@
 #include "ConcreteCommandPath.h"
 #include "ConcreteEventPath.h"
 
+#include <app/util/privilege-storage.h>
+
 #include <access/Privilege.h>
 
 #include <lib/core/CHIPCore.h>
@@ -30,17 +32,47 @@
 namespace chip {
 namespace app {
 
-// This functionality is intended to come from Ember, but until Ember supports it,
-// this class will provide a workable alternative.
 class RequiredPrivilege
 {
     using Privilege = Access::Privilege;
 
+    static constexpr Privilege kPrivilegeMapper[] = { Privilege::kView, Privilege::kOperate, Privilege::kManage,
+                                                      Privilege::kAdminister };
+
+    static_assert(ArraySize(kPrivilegeMapper) > kMatterAccessPrivilegeView &&
+                      kPrivilegeMapper[kMatterAccessPrivilegeView] == Privilege::kView,
+                  "Must map privilege correctly");
+    static_assert(ArraySize(kPrivilegeMapper) > kMatterAccessPrivilegeOperate &&
+                      kPrivilegeMapper[kMatterAccessPrivilegeOperate] == Privilege::kOperate,
+                  "Must map privilege correctly");
+    static_assert(ArraySize(kPrivilegeMapper) > kMatterAccessPrivilegeManage &&
+                      kPrivilegeMapper[kMatterAccessPrivilegeManage] == Privilege::kManage,
+                  "Must map privilege correctly");
+    static_assert(ArraySize(kPrivilegeMapper) > kMatterAccessPrivilegeAdminister &&
+                      kPrivilegeMapper[kMatterAccessPrivilegeAdminister] == Privilege::kAdminister,
+                  "Must map privilege correctly");
+    static_assert(ArraySize(kPrivilegeMapper) > kMatterAccessPrivilegeMaxValue, "Must map all privileges");
+
 public:
-    static Privilege ForReadAttribute(const ConcreteAttributePath & path);
-    static Privilege ForWriteAttribute(const ConcreteAttributePath & path);
-    static Privilege ForInvokeCommand(const ConcreteCommandPath & path);
-    static Privilege ForReadEvent(const ConcreteEventPath & path);
+    static Privilege ForReadAttribute(const ConcreteAttributePath & path)
+    {
+        return kPrivilegeMapper[MatterGetAccessPrivilegeForReadAttribute(path.mClusterId, path.mAttributeId)];
+    }
+
+    static Privilege ForWriteAttribute(const ConcreteAttributePath & path)
+    {
+        return kPrivilegeMapper[MatterGetAccessPrivilegeForWriteAttribute(path.mClusterId, path.mAttributeId)];
+    }
+
+    static Privilege ForInvokeCommand(const ConcreteCommandPath & path)
+    {
+        return kPrivilegeMapper[MatterGetAccessPrivilegeForInvokeCommand(path.mClusterId, path.mCommandId)];
+    }
+
+    static Privilege ForReadEvent(const ConcreteEventPath & path)
+    {
+        return kPrivilegeMapper[MatterGetAccessPrivilegeForReadEvent(path.mClusterId, path.mEventId)];
+    }
 };
 
 } // namespace app