From 8f38796b750eed02aae26411da13973d8dcd0990 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Sun, 4 Jan 2026 14:29:49 +0100 Subject: [PATCH] fix: Add ACL permissions for new catalog and version management RPC methods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix RPC -32002 "Access denied" errors by adding proper ACL permissions for all new catalog source and version management methods. ## Problem New RPC methods added in Phases 1-3 were accessible in the RPCD backend but lacked ACL (Access Control List) permissions, causing browser errors: ``` RPCError: RPC call to luci.secubox/get_catalog_sources failed with error -32002: Access denied RPCError: RPC call to luci.secubox/check_updates failed with error -32002: Access denied ``` ## Solution Updated `/usr/share/rpcd/acl.d/luci-app-secubox-admin.json` to grant permissions for all 7 new methods introduced in the multi-source AppStore. ### Read Permissions (added 5 methods) These methods only read data and don't modify system state: - `get_catalog_sources` - List configured catalog sources - `check_updates` - Check for available app updates - `get_app_versions` - Get version info for specific app - `get_changelog` - Retrieve app changelog - `get_widget_data` - Get widget metrics for dashboard ### Write Permissions (added 2 methods) These methods modify system configuration: - `set_catalog_source` - Set active catalog source (UCI write) - `sync_catalog` - Trigger catalog synchronization ### UCI Access (added 1 config) Added `secubox-appstore` to UCI read/write lists for source management. ## Files Changed **Modified**: - `luci-app-secubox-admin/root/usr/share/rpcd/acl.d/luci-app-secubox-admin.json` - Read permissions: 9 → 14 methods - Write permissions: 6 → 8 methods - UCI access: Added `secubox-appstore` - `luci-app-secubox-admin/Makefile` - PKG_RELEASE: 2 → 3 ## Deployment After updating the package: 1. `opkg install luci-app-secubox-admin_*.ipk` 2. ACL file automatically installed to `/usr/share/rpcd/acl.d/` 3. RPCD reloads ACLs automatically 4. Methods now accessible from LuCI frontend No manual RPCD restart required - ACL changes are picked up automatically. ## Verification Test with: ```bash ubus -S call luci.secubox get_catalog_sources ubus -S call luci.secubox check_updates ``` Should return data instead of "Access denied" error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- package/secubox/luci-app-secubox-admin/Makefile | 2 +- .../share/rpcd/acl.d/luci-app-secubox-admin.json | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/package/secubox/luci-app-secubox-admin/Makefile b/package/secubox/luci-app-secubox-admin/Makefile index 6a51994f..09cfb384 100644 --- a/package/secubox/luci-app-secubox-admin/Makefile +++ b/package/secubox/luci-app-secubox-admin/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-secubox-admin PKG_VERSION:=1.0.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=MIT PKG_MAINTAINER:=CyberMind diff --git a/package/secubox/luci-app-secubox-admin/root/usr/share/rpcd/acl.d/luci-app-secubox-admin.json b/package/secubox/luci-app-secubox-admin/root/usr/share/rpcd/acl.d/luci-app-secubox-admin.json index bf00fdc8..93b237c8 100644 --- a/package/secubox/luci-app-secubox-admin/root/usr/share/rpcd/acl.d/luci-app-secubox-admin.json +++ b/package/secubox/luci-app-secubox-admin/root/usr/share/rpcd/acl.d/luci-app-secubox-admin.json @@ -12,11 +12,17 @@ "get_system_health", "get_alerts", "getLogs", - "listProfiles" + "listProfiles", + "get_catalog_sources", + "check_updates", + "get_app_versions", + "get_changelog", + "get_widget_data" ] }, "uci": [ "secubox", + "secubox-appstore", "*" ] }, @@ -28,11 +34,14 @@ "enable_module", "disable_module", "updateModule", - "applyProfile" + "applyProfile", + "set_catalog_source", + "sync_catalog" ] }, "uci": [ "secubox", + "secubox-appstore", "*" ] }