From 3c8308bb8d42eec6456e54ce536ec01c033542ff Mon Sep 17 00:00:00 2001 From: Christophe Romain Date: Wed, 27 Sep 2017 17:37:38 +0200 Subject: [PATCH] PubSub: enforce controls on publish and delete --- src/node_flat.erl | 35 +++++++++++++++-------------- src/node_flat_sql.erl | 51 ++++++++++++++++++++++++++++++++----------- 2 files changed, 57 insertions(+), 29 deletions(-) diff --git a/src/node_flat.erl b/src/node_flat.erl index 160f6d27c..7347747e8 100644 --- a/src/node_flat.erl +++ b/src/node_flat.erl @@ -376,23 +376,26 @@ publish_item(Nidx, Publisher, PublishModel, MaxItems, ItemId, Payload, true -> if MaxItems > 0 -> Now = p1_time_compat:timestamp(), - PubId = {Now, SubKey}, - Item = case get_item(Nidx, ItemId) of - {result, OldItem} -> - OldItem#pubsub_item{modification = PubId, - payload = Payload}; + case get_item(Nidx, ItemId) of + {result, #pubsub_item{creation = {_, GenKey}} = OldItem} -> + set_item(OldItem#pubsub_item{ + modification = {Now, SubKey}, + payload = Payload}), + {result, {default, broadcast, []}}; + {result, _} -> + {error, xmpp:err_forbidden()}; _ -> - #pubsub_item{itemid = {ItemId, Nidx}, - nodeidx = Nidx, - creation = {Now, GenKey}, - modification = PubId, - payload = Payload} - end, - Items = [ItemId | GenState#pubsub_state.items -- [ItemId]], - {result, {NI, OI}} = remove_extra_items(Nidx, MaxItems, Items), - set_item(Item), - set_state(GenState#pubsub_state{items = NI}), - {result, {default, broadcast, OI}}; + Items = [ItemId | GenState#pubsub_state.items], + {result, {NI, OI}} = remove_extra_items(Nidx, MaxItems, Items), + set_state(GenState#pubsub_state{items = NI}), + set_item(#pubsub_item{ + itemid = {ItemId, Nidx}, + nodeidx = Nidx, + creation = {Now, GenKey}, + modification = {Now, SubKey}, + payload = Payload}), + {result, {default, broadcast, OI}} + end; true -> {result, {default, broadcast, []}} end diff --git a/src/node_flat_sql.erl b/src/node_flat_sql.erl index 97f49c92c..2ea5b0bab 100644 --- a/src/node_flat_sql.erl +++ b/src/node_flat_sql.erl @@ -243,20 +243,31 @@ publish_item(Nidx, Publisher, PublishModel, MaxItems, ItemId, Payload, if not ((PublishModel == open) or (PublishModel == publishers) and ((Affiliation == owner) - or (Affiliation == publisher) - or (Affiliation == publish_only)) + or (Affiliation == publisher) + or (Affiliation == publish_only)) or (Subscribed == true)) -> {error, xmpp:err_forbidden()}; true -> if MaxItems > 0 -> - PubId = {p1_time_compat:timestamp(), SubKey}, - set_item(#pubsub_item{itemid = {ItemId, Nidx}, - creation = {p1_time_compat:timestamp(), GenKey}, - modification = PubId, - payload = Payload}), - Items = [ItemId | itemids(Nidx, GenKey) -- [ItemId]], - {result, {_, OI}} = remove_extra_items(Nidx, MaxItems, Items), - {result, {default, broadcast, OI}}; + Now = p1_time_compat:timestamp(), + case get_item(Nidx, ItemId) of + {result, #pubsub_item{creation = {_, GenKey}} = OldItem} -> + set_item(OldItem#pubsub_item{ + modification = {Now, SubKey}, + payload = Payload}), + {result, {default, broadcast, []}}; + {result, _} -> + {error, xmpp:err_forbidden()}; + _ -> + Items = [ItemId | itemids(Nidx, GenKey)], + {result, {_NI, OI}} = remove_extra_items(Nidx, MaxItems, Items), + set_item(#pubsub_item{ + itemid = {ItemId, Nidx}, + creation = {Now, GenKey}, + modification = {Now, SubKey}, + payload = Payload}), + {result, {default, broadcast, OI}} + end; true -> {result, {default, broadcast, []}} end @@ -284,9 +295,23 @@ delete_item(Nidx, Publisher, PublishModel, ItemId) -> if not Allowed -> {error, xmpp:err_forbidden()}; true -> - case del_item(Nidx, ItemId) of - {updated, 1} -> {result, {default, broadcast}}; - _ -> {error, xmpp:err_item_not_found()} + Items = itemids(Nidx, GenKey), + case lists:member(ItemId, Items) of + true -> + case del_item(Nidx, ItemId) of + {updated, 1} -> {result, {default, broadcast}}; + _ -> {error, xmpp:err_item_not_found()} + end; + false -> + case Affiliation of + owner -> + case del_item(Nidx, ItemId) of + {updated, 1} -> {result, {default, broadcast}}; + _ -> {error, xmpp:err_item_not_found()} + end; + _ -> + {error, xmpp:err_forbidden()} + end end end.