custom-components
Block calls to installation/update API if user does not have owner or service role
installation/update requires owner or service priviliges (https://docs.zaptec.com/reference/api_installation_id_update_post)
Also add explanation of this requirement to readme and error log/popup.
After trying out a test user that only had the User role, it seems like there isn't all that much to block, rather the question is if it is possible to do anything useful at all without at least owner privileges. The following polling calls were blocked:
- api.zaptec.com/api/installation/<--Inst[fa6acf]-->/hierarchy
- api.zaptec.com/api/chargerFirmware/installation/<--Inst[fa6acf]-->
- api.zaptec.com/api/chargers/<--Charger[2752a9]-->
- api.zaptec.com/api/chargers/<--Charger[2752a9]-->/state
With neither the service bus nor the state api available, there really isn't much useful info left.
@steinmn I have a question — if let's say we had an API with notifications for the installation (not service bus, but something else), what info would you like to see there? I am curious, because most likely you don't need every observation or change on the installation.
@thecoldwine
The complete list of installation data points this integration is tracking is:
- Active
- IsRequiredAuthentication
- AvailableCurrent
- ThreeToOnePhaseSwitchCurrent
- AvailableCurrentPhase1/2/3
- MaxCurrent
- AuthenticationType
- InstallationType
- NetworkType
I think our users would be interested in the data that change over time, especially related to current. AvailableCurrent, AvailableCurrentPhase1/2/3. And this new ThreeToOnePhaseSwitchCurrent. I think its especially relevant to get frequent updates if the current is regulated from other integrations such as Zaptec smart eco mode or Tibber and so on. These data is often be used for other automations and its valuable that they are as real-time as possible.
