|
@@ -52,8 +52,8 @@ prepare_config() ->
|
|
|
{allow, {user, "testuser"}, subscribe, ["a/b/c", "d/e/f/#"]},
|
|
{allow, {user, "testuser"}, subscribe, ["a/b/c", "d/e/f/#"]},
|
|
|
{allow, {user, "admin"}, pubsub, ["a/b/c", "d/e/f/#"]},
|
|
{allow, {user, "admin"}, pubsub, ["a/b/c", "d/e/f/#"]},
|
|
|
{allow, {client, "testClient"}, subscribe, ["testTopics/testClient"]},
|
|
{allow, {client, "testClient"}, subscribe, ["testTopics/testClient"]},
|
|
|
- {allow, all, subscribe, ["clients/$c"]},
|
|
|
|
|
- {allow, all, pubsub, ["users/$u/#"]},
|
|
|
|
|
|
|
+ {allow, all, subscribe, ["clients/%c"]},
|
|
|
|
|
+ {allow, all, pubsub, ["users/%u/#"]},
|
|
|
{deny, all, subscribe, ["$SYS/#", "#"]},
|
|
{deny, all, subscribe, ["$SYS/#", "#"]},
|
|
|
{deny, all}],
|
|
{deny, all}],
|
|
|
write_config("access_SUITE_acl.conf", Rules),
|
|
write_config("access_SUITE_acl.conf", Rules),
|
|
@@ -151,10 +151,10 @@ compile_rule(_) ->
|
|
|
compile({allow, {user, "admin"}, pubsub, ["d/e/f/#"]}),
|
|
compile({allow, {user, "admin"}, pubsub, ["d/e/f/#"]}),
|
|
|
{allow, {client, <<"testClient">>}, publish, [ [<<"testTopics">>, <<"testClient">>] ]} =
|
|
{allow, {client, <<"testClient">>}, publish, [ [<<"testTopics">>, <<"testClient">>] ]} =
|
|
|
compile({allow, {client, "testClient"}, publish, ["testTopics/testClient"]}),
|
|
compile({allow, {client, "testClient"}, publish, ["testTopics/testClient"]}),
|
|
|
- {allow, all, pubsub, [{pattern, [<<"clients">>, <<"$c">>]}]} =
|
|
|
|
|
- compile({allow, all, pubsub, ["clients/$c"]}),
|
|
|
|
|
- {allow, all, subscribe, [{pattern, [<<"users">>, <<"$u">>, '#']}]} =
|
|
|
|
|
- compile({allow, all, subscribe, ["users/$u/#"]}),
|
|
|
|
|
|
|
+ {allow, all, pubsub, [{pattern, [<<"clients">>, <<"%c">>]}]} =
|
|
|
|
|
+ compile({allow, all, pubsub, ["clients/%c"]}),
|
|
|
|
|
+ {allow, all, subscribe, [{pattern, [<<"users">>, <<"%u">>, '#']}]} =
|
|
|
|
|
+ compile({allow, all, subscribe, ["users/%u/#"]}),
|
|
|
{deny, all, subscribe, [ [<<"$SYS">>, '#'], ['#'] ]} =
|
|
{deny, all, subscribe, [ [<<"$SYS">>, '#'], ['#'] ]} =
|
|
|
compile({deny, all, subscribe, ["$SYS/#", "#"]}),
|
|
compile({deny, all, subscribe, ["$SYS/#", "#"]}),
|
|
|
{allow, all} = compile({allow, all}),
|
|
{allow, all} = compile({allow, all}),
|
|
@@ -171,9 +171,9 @@ match_rule(_) ->
|
|
|
{matched, allow} = match(User, <<"d/e/f/x">>, compile({allow, {user, "TestUser"}, subscribe, ["a/b/c", "d/e/f/#"]})),
|
|
{matched, allow} = match(User, <<"d/e/f/x">>, compile({allow, {user, "TestUser"}, subscribe, ["a/b/c", "d/e/f/#"]})),
|
|
|
nomatch = match(User, <<"d/e/f/x">>, compile({allow, {user, "admin"}, pubsub, ["d/e/f/#"]})),
|
|
nomatch = match(User, <<"d/e/f/x">>, compile({allow, {user, "admin"}, pubsub, ["d/e/f/#"]})),
|
|
|
{matched, allow} = match(User, <<"testTopics/testClient">>, compile({allow, {client, "testClient"}, publish, ["testTopics/testClient"]})),
|
|
{matched, allow} = match(User, <<"testTopics/testClient">>, compile({allow, {client, "testClient"}, publish, ["testTopics/testClient"]})),
|
|
|
- {matched, allow} = match(User, <<"clients/testClient">>, compile({allow, all, pubsub, ["clients/$c"]})),
|
|
|
|
|
|
|
+ {matched, allow} = match(User, <<"clients/testClient">>, compile({allow, all, pubsub, ["clients/%c"]})),
|
|
|
{matched, allow} = match(#mqtt_client{username = <<"user2">>}, <<"users/user2/abc/def">>,
|
|
{matched, allow} = match(#mqtt_client{username = <<"user2">>}, <<"users/user2/abc/def">>,
|
|
|
- compile({allow, all, subscribe, ["users/$u/#"]})),
|
|
|
|
|
|
|
+ compile({allow, all, subscribe, ["users/%u/#"]})),
|
|
|
{matched, deny} = match(User, <<"d/e/f">>, compile({deny, all, subscribe, ["$SYS/#", "#"]})),
|
|
{matched, deny} = match(User, <<"d/e/f">>, compile({deny, all, subscribe, ["$SYS/#", "#"]})),
|
|
|
Rule = compile({allow, {'and', [{ipaddr, "127.0.0.1"}, {user, <<"WrongUser">>}]}, publish, <<"Topic">>}),
|
|
Rule = compile({allow, {'and', [{ipaddr, "127.0.0.1"}, {user, <<"WrongUser">>}]}, publish, <<"Topic">>}),
|
|
|
nomatch = match(User, <<"Topic">>, Rule),
|
|
nomatch = match(User, <<"Topic">>, Rule),
|
Feng