From 2dc843cdddf8efd92e50ff4aafb3c910c7f18618 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Tue, 4 Oct 2022 15:41:44 +0200 Subject: [PATCH] mod_privilege: Don't fail to edit roster (#3942) --- src/mod_privilege.erl | 19 ++++++++++++------- src/mod_roster.erl | 12 +++++++++--- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/mod_privilege.erl b/src/mod_privilege.erl index f59247789..51a82769f 100644 --- a/src/mod_privilege.erl +++ b/src/mod_privilege.erl @@ -217,19 +217,24 @@ process_message(#message{from = #jid{luser = <<"">>, lresource = <<"">>} = From, process_message(_Stanza) -> ok. --spec roster_access(boolean(), iq()) -> boolean(). -roster_access(true, _) -> - true; -roster_access(false, #iq{from = From, to = To, type = Type}) -> +-spec roster_access({true, iq()} | false, iq()) -> {true, iq()} | false. +roster_access({true, _IQ} = Acc, _) -> + Acc; +roster_access(false, #iq{from = From, to = To, type = Type} = IQ) -> Host = From#jid.lserver, ServerHost = To#jid.lserver, Permissions = get_permissions(ServerHost), case maps:find(Host, Permissions) of {ok, Access} -> Permission = proplists:get_value(roster, Access, none), - (Permission == both) - orelse (Permission == get andalso Type == get) - orelse (Permission == set andalso Type == set); + case (Permission == both) + orelse (Permission == get andalso Type == get) + orelse (Permission == set andalso Type == set) of + true -> + {true, xmpp:put_meta(IQ, privilege_from, To)}; + false -> + false + end; error -> %% Component is disconnected false diff --git a/src/mod_roster.erl b/src/mod_roster.erl index ad5fc0f77..273b21380 100644 --- a/src/mod_roster.erl +++ b/src/mod_roster.erl @@ -128,8 +128,8 @@ process_iq(#iq{lang = Lang, to = To} = IQ) -> false -> Txt = ?T("Query to another users is forbidden"), xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang)); - true -> - process_local_iq(IQ) + {true, IQ1} -> + process_local_iq(IQ1) end. -spec process_local_iq(iq()) -> iq(). @@ -147,7 +147,13 @@ process_local_iq(#iq{type = set, from = From, lang = Lang, Txt = ?T("Duplicated groups are not allowed by RFC6121"), xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)); false -> - #jid{lserver = LServer} = From, + From1 = case xmpp:get_meta(IQ, privilege_from, none) of + #jid{} = PrivFrom -> + PrivFrom; + none -> + From + end, + #jid{lserver = LServer} = From1, Access = mod_roster_opt:access(LServer), case acl:match_rule(LServer, Access, From) of deny ->