nm_iam_check_access()

DESCRIPTION

Check if the given connection has access to do the given action. Configured IAM polices are evaluated in context of the connection and optional specified attributes.

In addition to the specified attributes, the IAM module adds the Connection:IsLocal as true or false based on nabto_device_connection_is_local() as well as the Connection:Username if the connection is authorized as a specific IAM user. Some CoAP requests and TCP Tunnels may call this function. In those cases, the action and any additional attributes are documented there.

Notice, the Connection:Username is not the same as Iam:Username. The connection username is the user assosiated with the connection where as th IAM username attribute is added by IAM CoAP endpoints to show which user the CoAP endpoint wants access to.

DECLARATION

bool nm_iam_check_access(struct nm_iam* iam, NabtoDeviceConnectionRef ref, const char* action, const struct nn_string_map* attributes)

PARAMETERS

iam:
[in] IAM module to query
ref:
[in] the connection to check
action:
[in] the action to check if it is allowed
attributes:
[in] optional attributes to reference from policies (can be NULL)

RETURNS

true if the requested action is allowed, false if not