mod_privilege: Don't fail to edit roster (#3942)

2024-11-20 16:15:59 +01:00 · 2022-10-04 15:41:44 +02:00 · 2022-10-04 15:41:44 +02:00 · 2dc843cddd
commit 2dc843cddd
parent 9f08b4aa15
2 changed files with 21 additions and 10 deletions
--- a/src/mod_privilege.erl
+++ b/src/mod_privilege.erl
@ -217,19 +217,24 @@ process_message(#message{from = #jid{luser = <<"">>, lresource = <<"">>} = From,
 process_message(_Stanza) ->
    ok.

-spec roster_access(boolean(), iq()) -> boolean().
-roster_access(true, _) ->
-    true;
-roster_access(false, #iq{from = From, to = To, type = Type}) ->
+-spec roster_access({true, iq()} | false, iq()) -> {true, iq()} | false.
+roster_access({true, _IQ} = Acc, _) ->
+    Acc;
+roster_access(false, #iq{from = From, to = To, type = Type} = IQ) ->
    Host = From#jid.lserver,
    ServerHost = To#jid.lserver,
    Permissions = get_permissions(ServerHost),
    case maps:find(Host, Permissions) of
 	{ok, Access} ->
 	    Permission = proplists:get_value(roster, Access, none),
-	    (Permission == both)
-		orelse (Permission == get andalso Type == get)
-		orelse (Permission == set andalso Type == set);
+	    case (Permission == both)
+		     orelse (Permission == get andalso Type == get)
+		     orelse (Permission == set andalso Type == set) of
+		true ->
+		    {true, xmpp:put_meta(IQ, privilege_from, To)};
+		false ->
+		    false
+	    end;
 	error ->
 	    %% Component is disconnected
 	    false
--- a/src/mod_roster.erl
+++ b/src/mod_roster.erl
@ -128,8 +128,8 @@ process_iq(#iq{lang = Lang, to = To} = IQ) ->
 	false ->
 	    Txt = ?T("Query to another users is forbidden"),
 	    xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang));
-	true ->
-	    process_local_iq(IQ)
+	{true, IQ1} ->
+	    process_local_iq(IQ1)
    end.

 -spec process_local_iq(iq()) -> iq().
@ -147,7 +147,13 @@ process_local_iq(#iq{type = set, from = From, lang = Lang,
 	    Txt = ?T("Duplicated groups are not allowed by RFC6121"),
 	    xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang));
 	false ->
-	    #jid{lserver = LServer} = From,
+	    From1 = case xmpp:get_meta(IQ, privilege_from, none) of
+			#jid{} = PrivFrom ->
+			    PrivFrom;
+			none ->
+			    From
+		    end,
+	    #jid{lserver = LServer} = From1,
 	    Access = mod_roster_opt:access(LServer),
 	    case acl:match_rule(LServer, Access, From) of
 		deny ->