25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

PubSub: Added access-whitelist and member-affiliation features (EJAB-780)

SVN Revision: 1769
This commit is contained in:
Christophe Romain 2009-01-03 00:58:18 +00:00
parent e032a8c54f
commit 1a44fe29b4
3 changed files with 16 additions and 8 deletions

View File

@ -16,6 +16,9 @@
delete-nodes for delete item use case (fix from erroneous definition delete-nodes for delete item use case (fix from erroneous definition
in XEP-0060) in XEP-0060)
* src/mod_pubsub/mod_pubsub.erl: Added "access-whitelist" and
"member-affiliation" features (thanks to Andy Skelton)(EJAB-780)
2008-12-23 Christophe Romain <christophe.romain@process-one.net> 2008-12-23 Christophe Romain <christophe.romain@process-one.net>
* src/mod_pubsub/mod_pubsub.erl: Improve handling of PEP sent to * src/mod_pubsub/mod_pubsub.erl: Improve handling of PEP sent to

View File

@ -2063,6 +2063,7 @@ get_roster_info(OwnerUser, OwnerServer, {SubscriberUser, SubscriberServer, _}, A
%% @doc <p>Convert an affiliation type from string to atom.</p> %% @doc <p>Convert an affiliation type from string to atom.</p>
string_to_affiliation("owner") -> owner; string_to_affiliation("owner") -> owner;
string_to_affiliation("publisher") -> publisher; string_to_affiliation("publisher") -> publisher;
string_to_affiliation("member") -> member;
string_to_affiliation("outcast") -> outcast; string_to_affiliation("outcast") -> outcast;
string_to_affiliation("none") -> none; string_to_affiliation("none") -> none;
string_to_affiliation(_) -> false. string_to_affiliation(_) -> false.
@ -2083,6 +2084,7 @@ string_to_subscription(_) -> false.
%% @doc <p>Convert an affiliation type from atom to string.</p> %% @doc <p>Convert an affiliation type from atom to string.</p>
affiliation_to_string(owner) -> "owner"; affiliation_to_string(owner) -> "owner";
affiliation_to_string(publisher) -> "publisher"; affiliation_to_string(publisher) -> "publisher";
affiliation_to_string(member) -> "member";
affiliation_to_string(outcast) -> "outcast"; affiliation_to_string(outcast) -> "outcast";
affiliation_to_string(_) -> "none". affiliation_to_string(_) -> "none".
@ -2662,7 +2664,7 @@ features() ->
"access-open", % OPTIONAL this relates to access_model option in node_default "access-open", % OPTIONAL this relates to access_model option in node_default
"access-presence", % OPTIONAL this relates to access_model option in node_pep "access-presence", % OPTIONAL this relates to access_model option in node_pep
%TODO "access-roster", % OPTIONAL %TODO "access-roster", % OPTIONAL
%TODO "access-whitelist", % OPTIONAL "access-whitelist", % OPTIONAL
% see plugin "auto-create", % OPTIONAL % see plugin "auto-create", % OPTIONAL
% see plugin "auto-subscribe", % RECOMMENDED % see plugin "auto-subscribe", % RECOMMENDED
"collections", % RECOMMENDED "collections", % RECOMMENDED
@ -2679,7 +2681,7 @@ features() ->
%TODO "cache-last-item", %TODO "cache-last-item",
%TODO "leased-subscription", % OPTIONAL %TODO "leased-subscription", % OPTIONAL
% see plugin "manage-subscriptions", % OPTIONAL % see plugin "manage-subscriptions", % OPTIONAL
%TODO "member-affiliation", % RECOMMENDED "member-affiliation", % RECOMMENDED
%TODO "meta-data", % RECOMMENDED %TODO "meta-data", % RECOMMENDED
% see plugin "modify-affiliations", % OPTIONAL % see plugin "modify-affiliations", % OPTIONAL
%TODO "multi-collection", % OPTIONAL %TODO "multi-collection", % OPTIONAL

View File

@ -284,6 +284,7 @@ subscribe_node(Host, Node, Sender, Subscriber, AccessModel,
State = get_state(Host, Node, SubscriberKey), State = get_state(Host, Node, SubscriberKey),
#pubsub_state{affiliation = Affiliation, #pubsub_state{affiliation = Affiliation,
subscription = Subscription} = State, subscription = Subscription} = State,
Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
if if
not Authorized -> not Authorized ->
%% JIDs do not match %% JIDs do not match
@ -300,8 +301,8 @@ subscribe_node(Host, Node, Sender, Subscriber, AccessModel,
(AccessModel == roster) and (not RosterGroup) -> (AccessModel == roster) and (not RosterGroup) ->
%% Entity is not authorized to create a subscription (not in roster group) %% Entity is not authorized to create a subscription (not in roster group)
{error, ?ERR_EXTENDED('not-authorized', "not-in-roster-group")}; {error, ?ERR_EXTENDED('not-authorized', "not-in-roster-group")};
(AccessModel == whitelist) -> % TODO: to be done (AccessModel == whitelist) and (not Whitelisted) ->
%% Node has whitelist access model %% Node has whitelist access model and entity lacks required affiliation
{error, ?ERR_EXTENDED('not-allowed', "closed-node")}; {error, ?ERR_EXTENDED('not-allowed', "closed-node")};
(AccessModel == authorize) -> % TODO: to be done (AccessModel == authorize) -> % TODO: to be done
%% Node has authorize access model %% Node has authorize access model
@ -671,6 +672,7 @@ get_items(Host, Node, JID, AccessModel, PresenceSubscription, RosterGroup, _SubI
#pubsub_state{affiliation = Affiliation, #pubsub_state{affiliation = Affiliation,
subscription = Subscription} = State, subscription = Subscription} = State,
Subscribed = not ((Subscription == none) or (Subscription == pending)), Subscribed = not ((Subscription == none) or (Subscription == pending)),
Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
if if
%%SubID == "", ?? -> %%SubID == "", ?? ->
%% Entity has multiple subscriptions to the node but does not specify a subscription ID %% Entity has multiple subscriptions to the node but does not specify a subscription ID
@ -690,8 +692,8 @@ get_items(Host, Node, JID, AccessModel, PresenceSubscription, RosterGroup, _SubI
(AccessModel == roster) and (not RosterGroup) -> (AccessModel == roster) and (not RosterGroup) ->
%% Entity is not authorized to create a subscription (not in roster group) %% Entity is not authorized to create a subscription (not in roster group)
{error, ?ERR_EXTENDED('not-authorized', "not-in-roster-group")}; {error, ?ERR_EXTENDED('not-authorized', "not-in-roster-group")};
(AccessModel == whitelist) -> % TODO: to be done (AccessModel == whitelist) and (not Whitelisted) ->
%% Node has whitelist access model %% Node has whitelist access model and entity lacks required affiliation
{error, ?ERR_EXTENDED('not-allowed', "closed-node")}; {error, ?ERR_EXTENDED('not-allowed', "closed-node")};
(AccessModel == authorize) -> % TODO: to be done (AccessModel == authorize) -> % TODO: to be done
%% Node has authorize access model %% Node has authorize access model
@ -721,6 +723,7 @@ get_item(Host, Node, ItemId, JID, AccessModel, PresenceSubscription, RosterGroup
#pubsub_state{affiliation = Affiliation, #pubsub_state{affiliation = Affiliation,
subscription = Subscription} = State, subscription = Subscription} = State,
Subscribed = not ((Subscription == none) or (Subscription == pending)), Subscribed = not ((Subscription == none) or (Subscription == pending)),
Whitelisted = lists:member(Affiliation, [member, publisher, owner]),
if if
%%SubID == "", ?? -> %%SubID == "", ?? ->
%% Entity has multiple subscriptions to the node but does not specify a subscription ID %% Entity has multiple subscriptions to the node but does not specify a subscription ID
@ -740,8 +743,8 @@ get_item(Host, Node, ItemId, JID, AccessModel, PresenceSubscription, RosterGroup
(AccessModel == roster) and (not RosterGroup) -> (AccessModel == roster) and (not RosterGroup) ->
%% Entity is not authorized to create a subscription (not in roster group) %% Entity is not authorized to create a subscription (not in roster group)
{error, ?ERR_EXTENDED('not-authorized', "not-in-roster-group")}; {error, ?ERR_EXTENDED('not-authorized', "not-in-roster-group")};
(AccessModel == whitelist) -> % TODO: to be done (AccessModel == whitelist) and (not Whitelisted) ->
%% Node has whitelist access model %% Node has whitelist access model and entity lacks required affiliation
{error, ?ERR_EXTENDED('not-allowed', "closed-node")}; {error, ?ERR_EXTENDED('not-allowed', "closed-node")};
(AccessModel == authorize) -> % TODO: to be done (AccessModel == authorize) -> % TODO: to be done
%% Node has authorize access model %% Node has authorize access model