Skip to content

fix: Validate permissions in device access requests#2445

Open
dirkwa wants to merge 1 commit intoSignalK:masterfrom
dirkwa:fix-validate-access-permissions
Open

fix: Validate permissions in device access requests#2445
dirkwa wants to merge 1 commit intoSignalK:masterfrom
dirkwa:fix-validate-access-permissions

Conversation

@dirkwa
Copy link
Contributor

@dirkwa dirkwa commented Mar 14, 2026

Summary

  • Reject invalid permission values in device access requests — only readonly, readwrite, and admin are accepted
  • Fix server crash (500) when posting access requests with security disabled

Fixes #2224

Test plan

  • POST /signalk/v1/access/requests with permissions: "badvalue" → 400
  • POST /signalk/v1/access/requests with permissions: "readwrite" → 202 PENDING
  • POST /signalk/v1/access/requests with security disabled → 404 (no crash)
  • PUT approval with permissions: "badvalue" → rejected
  • Automated test suite passes (382 tests)

@dirkwa
fix(security): validate permissions in access requests
78a0ff4 
Reject invalid permission values in device access requests.
Only 'readonly', 'readwrite', and 'admin' are accepted.
Also fix crash when posting access requests with security
disabled by using isDummy() guard.

Fixes SignalK#2224
@dirkwa dirkwa changed the title Validate permissions in device access requests fix: Validate permissions in device access requests Mar 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Minor Bug: Missing text in security/devices type column when read only and request approved

1 participant

@dirkwa