25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00

mod_privilege: Don't fail to edit roster (#3942)

This commit is contained in:
Holger Weiss 2022-10-04 15:41:44 +02:00 committed by Badlop
parent 9f08b4aa15
commit 2dc843cddd
2 changed files with 21 additions and 10 deletions

View File

@ -217,19 +217,24 @@ process_message(#message{from = #jid{luser = <<"">>, lresource = <<"">>} = From,
process_message(_Stanza) ->
ok.
-spec roster_access(boolean(), iq()) -> boolean().
roster_access(true, _) ->
true;
roster_access(false, #iq{from = From, to = To, type = Type}) ->
-spec roster_access({true, iq()} | false, iq()) -> {true, iq()} | false.
roster_access({true, _IQ} = Acc, _) ->
Acc;
roster_access(false, #iq{from = From, to = To, type = Type} = IQ) ->
Host = From#jid.lserver,
ServerHost = To#jid.lserver,
Permissions = get_permissions(ServerHost),
case maps:find(Host, Permissions) of
{ok, Access} ->
Permission = proplists:get_value(roster, Access, none),
(Permission == both)
orelse (Permission == get andalso Type == get)
orelse (Permission == set andalso Type == set);
case (Permission == both)
orelse (Permission == get andalso Type == get)
orelse (Permission == set andalso Type == set) of
true ->
{true, xmpp:put_meta(IQ, privilege_from, To)};
false ->
false
end;
error ->
%% Component is disconnected
false

View File

@ -128,8 +128,8 @@ process_iq(#iq{lang = Lang, to = To} = IQ) ->
false ->
Txt = ?T("Query to another users is forbidden"),
xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang));
true ->
process_local_iq(IQ)
{true, IQ1} ->
process_local_iq(IQ1)
end.
-spec process_local_iq(iq()) -> iq().
@ -147,7 +147,13 @@ process_local_iq(#iq{type = set, from = From, lang = Lang,
Txt = ?T("Duplicated groups are not allowed by RFC6121"),
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang));
false ->
#jid{lserver = LServer} = From,
From1 = case xmpp:get_meta(IQ, privilege_from, none) of
#jid{} = PrivFrom ->
PrivFrom;
none ->
From
end,
#jid{lserver = LServer} = From1,
Access = mod_roster_opt:access(LServer),
case acl:match_rule(LServer, Access, From) of
deny ->