Allow non-admins to subscribe to the issue registry updated event (#103145)
This commit is contained in:
parent
8eb7766f30
commit
1a6184a9aa
2 changed files with 10 additions and 1 deletions
|
@ -19,6 +19,7 @@ from homeassistant.const import (
|
|||
from homeassistant.helpers.area_registry import EVENT_AREA_REGISTRY_UPDATED
|
||||
from homeassistant.helpers.device_registry import EVENT_DEVICE_REGISTRY_UPDATED
|
||||
from homeassistant.helpers.entity_registry import EVENT_ENTITY_REGISTRY_UPDATED
|
||||
from homeassistant.helpers.issue_registry import EVENT_REPAIRS_ISSUE_REGISTRY_UPDATED
|
||||
|
||||
# These are events that do not contain any sensitive data
|
||||
# Except for state_changed, which is handled accordingly.
|
||||
|
@ -28,6 +29,7 @@ SUBSCRIBE_ALLOWLIST: Final[set[str]] = {
|
|||
EVENT_CORE_CONFIG_UPDATE,
|
||||
EVENT_DEVICE_REGISTRY_UPDATED,
|
||||
EVENT_ENTITY_REGISTRY_UPDATED,
|
||||
EVENT_REPAIRS_ISSUE_REGISTRY_UPDATED,
|
||||
EVENT_LOVELACE_UPDATED,
|
||||
EVENT_PANELS_UPDATED,
|
||||
EVENT_RECORDER_5MIN_STATISTICS_GENERATED,
|
||||
|
|
|
@ -57,6 +57,8 @@ from .messages import construct_result_message
|
|||
|
||||
ALL_SERVICE_DESCRIPTIONS_JSON_CACHE = "websocket_api_all_service_descriptions_json"
|
||||
|
||||
_LOGGER = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@callback
|
||||
def async_register_commands(
|
||||
|
@ -134,7 +136,12 @@ def handle_subscribe_events(
|
|||
event_type = msg["event_type"]
|
||||
|
||||
if event_type not in SUBSCRIBE_ALLOWLIST and not connection.user.is_admin:
|
||||
raise Unauthorized
|
||||
_LOGGER.error(
|
||||
"Refusing to allow %s to subscribe to event %s",
|
||||
connection.user.name,
|
||||
event_type,
|
||||
)
|
||||
raise Unauthorized(user_id=connection.user.id)
|
||||
|
||||
if event_type == EVENT_STATE_CHANGED:
|
||||
forward_events = partial(
|
||||
|
|
Loading…
Add table
Reference in a new issue