* src/mod_pubsub/node_default.erl: Fix that non-subscriber could

fetch items from Authorize node (thanks to Brian Cully)(EJAB-873) SVN Revision: 1930
2024-06-24 22:25:47 +02:00 · 2009-02-27 23:56:46 +00:00 · 2009-02-27 23:56:46 +00:00 · 19d27258d9
commit 19d27258d9
parent 58e4b98d61
2 changed files with 23 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2009-02-28  Badlop  <badlop@process-one.net>
+
+	* src/mod_pubsub/node_default.erl: Fix that non-subscriber could
+	fetch items from Authorize node (thanks to Brian Cully)(EJAB-873)
+
 2009-02-27  Badlop  <badlop@process-one.net>

 	* src/web/ejabberd_http.erl: Added a workaround for inet:peername
--- a/src/mod_pubsub/node_default.erl
+++ b/src/mod_pubsub/node_default.erl
@ -307,7 +307,7 @@ subscribe_node(Host, Node, Sender, Subscriber, AccessModel,
 	(AccessModel == whitelist) and (not Whitelisted) ->
 	    %% Node has whitelist access model and entity lacks required affiliation
 	    {error, ?ERR_EXTENDED('not-allowed', "closed-node")};
-	(AccessModel == authorize) -> % TODO: to be done
+	(AccessModel == authorize) and (not Whitelisted) ->
 	    %% Node has authorize access model
 	    {error, 'forbidden'};
 	%%MustPay ->
@ -698,7 +698,8 @@ get_items(Host, Node, JID, AccessModel, PresenceSubscription, RosterGroup, _SubI
    GenKey = jlib:short_prepd_bare_jid(JID),
    GenState = get_state(Host, Node, GenKey),
    Affiliation = GenState#pubsub_state.affiliation,
-    Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
+    Subscription = GenState#pubsub_state.subscription,
+    Whitelisted = can_fetch_item(Affiliation, Subscription),
    if
 	%%SubID == "", ?? ->
 	    %% Entity has multiple subscriptions to the node but does not specify a subscription ID
@ -745,7 +746,8 @@ get_item(Host, Node, ItemId, JID, AccessModel, PresenceSubscription, RosterGroup
    GenKey = jlib:short_prepd_bare_jid(JID),
    GenState = get_state(Host, Node, GenKey),
    Affiliation = GenState#pubsub_state.affiliation,
-    Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
+    Subscription = GenState#pubsub_state.subscription,
+    Whitelisted = can_fetch_item(Affiliation, Subscription),
    if
 	%%SubID == "", ?? ->
 	    %% Entity has multiple subscriptions to the node but does not specify a subscription ID
@ -799,3 +801,16 @@ del_items(Host, Node, ItemIds) ->
 %% node id.</p>
 get_item_name(_Host, _Node, Id) ->
    Id.
+
+%% @spec (Affiliation, Subscription) -> true | false
+%%       Affiliation = owner | member | publisher | outcast | none
+%%       Subscription = subscribed | none
+%% @doc Determines if the combination of Affiliation and Subscribed
+%% are allowed to get items from a node.
+can_fetch_item(owner,        _)             -> true;
+can_fetch_item(member,       _)             -> true;
+can_fetch_item(publisher,    _)             -> true;
+can_fetch_item(outcast,      _)             -> false;
+can_fetch_item(none,         subscribed)    -> true;
+can_fetch_item(none,         none)          -> false;
+can_fetch_item(_Affiliation, _Subscription) -> false.