mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-26 17:38:45 +01:00
* src/mod_pubsub/node_default.erl: Fix that non-subscriber could
fetch items from Authorize node (thanks to Brian Cully)(EJAB-873) SVN Revision: 1930
This commit is contained in:
parent
58e4b98d61
commit
19d27258d9
@ -1,3 +1,8 @@
|
||||
2009-02-28 Badlop <badlop@process-one.net>
|
||||
|
||||
* src/mod_pubsub/node_default.erl: Fix that non-subscriber could
|
||||
fetch items from Authorize node (thanks to Brian Cully)(EJAB-873)
|
||||
|
||||
2009-02-27 Badlop <badlop@process-one.net>
|
||||
|
||||
* src/web/ejabberd_http.erl: Added a workaround for inet:peername
|
||||
|
@ -307,7 +307,7 @@ subscribe_node(Host, Node, Sender, Subscriber, AccessModel,
|
||||
(AccessModel == whitelist) and (not Whitelisted) ->
|
||||
%% Node has whitelist access model and entity lacks required affiliation
|
||||
{error, ?ERR_EXTENDED('not-allowed', "closed-node")};
|
||||
(AccessModel == authorize) -> % TODO: to be done
|
||||
(AccessModel == authorize) and (not Whitelisted) ->
|
||||
%% Node has authorize access model
|
||||
{error, 'forbidden'};
|
||||
%%MustPay ->
|
||||
@ -698,7 +698,8 @@ get_items(Host, Node, JID, AccessModel, PresenceSubscription, RosterGroup, _SubI
|
||||
GenKey = jlib:short_prepd_bare_jid(JID),
|
||||
GenState = get_state(Host, Node, GenKey),
|
||||
Affiliation = GenState#pubsub_state.affiliation,
|
||||
Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
|
||||
Subscription = GenState#pubsub_state.subscription,
|
||||
Whitelisted = can_fetch_item(Affiliation, Subscription),
|
||||
if
|
||||
%%SubID == "", ?? ->
|
||||
%% Entity has multiple subscriptions to the node but does not specify a subscription ID
|
||||
@ -745,7 +746,8 @@ get_item(Host, Node, ItemId, JID, AccessModel, PresenceSubscription, RosterGroup
|
||||
GenKey = jlib:short_prepd_bare_jid(JID),
|
||||
GenState = get_state(Host, Node, GenKey),
|
||||
Affiliation = GenState#pubsub_state.affiliation,
|
||||
Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
|
||||
Subscription = GenState#pubsub_state.subscription,
|
||||
Whitelisted = can_fetch_item(Affiliation, Subscription),
|
||||
if
|
||||
%%SubID == "", ?? ->
|
||||
%% Entity has multiple subscriptions to the node but does not specify a subscription ID
|
||||
@ -799,3 +801,16 @@ del_items(Host, Node, ItemIds) ->
|
||||
%% node id.</p>
|
||||
get_item_name(_Host, _Node, Id) ->
|
||||
Id.
|
||||
|
||||
%% @spec (Affiliation, Subscription) -> true | false
|
||||
%% Affiliation = owner | member | publisher | outcast | none
|
||||
%% Subscription = subscribed | none
|
||||
%% @doc Determines if the combination of Affiliation and Subscribed
|
||||
%% are allowed to get items from a node.
|
||||
can_fetch_item(owner, _) -> true;
|
||||
can_fetch_item(member, _) -> true;
|
||||
can_fetch_item(publisher, _) -> true;
|
||||
can_fetch_item(outcast, _) -> false;
|
||||
can_fetch_item(none, subscribed) -> true;
|
||||
can_fetch_item(none, none) -> false;
|
||||
can_fetch_item(_Affiliation, _Subscription) -> false.
|
||||
|
Loading…
Reference in New Issue
Block a user