prevent unauthorized entity to gain none-affiliation for given entity

SVN Revision: 1802
2024-11-20 16:15:59 +01:00 · 2009-01-11 04:08:10 +00:00 · 2009-01-11 04:08:10 +00:00 · 1ac9246a49
commit 1ac9246a49
parent 8090011126
2 changed files with 6 additions and 3 deletions
--- a/3
+++ b/3
@ -4,6 +4,9 @@
 	permissions (thanks to Andy Skelton)(EJAB-840)
 	* src/mod_pubsub/node_default.erl: Likewise

+	* src/mod_pubsub/node_default.erl: prevent unauthorized entity to gain
+	none-affiliation for given entity (EJAB-840)
+
 2009-01-10  Christophe Romain <christophe.romain@process-one.net>

 	* src/mod_pubsub/node_default.erl: fix unsubscription of full jid
--- a/src/mod_pubsub/node_default.erl
+++ b/src/mod_pubsub/node_default.erl
@ -356,6 +356,9 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) ->
 	_ -> get_state(Host, Node, SubKey)
 	end,
    if
+	%% Requesting entity is prohibited from unsubscribing entity
+	not Authorized ->
+	    {error, ?ERR_FORBIDDEN};
 	%% Entity did not specify SubID
 	%%SubID == "", ?? ->
 	%%	{error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "subid-required")};
@ -365,9 +368,6 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) ->
 	%% Requesting entity is not a subscriber
 	SubState#pubsub_state.subscription == none ->
 	    {error, ?ERR_EXTENDED(?ERR_UNEXPECTED_REQUEST, "not-subscribed")};
-	%% Requesting entity is prohibited from unsubscribing entity
-	not Authorized ->
-	    {error, ?ERR_FORBIDDEN};
 	%% Was just subscriber, remove the record
 	SubState#pubsub_state.affiliation == none ->
 	    del_state(SubState#pubsub_state.stateid),