Make handling of oauth clauses be more consistent with other rules
This commit is contained in:
Paweł Chmielowski
parent
8accb8ee0c
commit
438dbc8bda
|
|
@ -267,15 +267,18 @@ matches_definition({_Name, {From, Who, What}}, Cmd, Module, Host, CallerInfo) ->
|
||||||
acl:access_matches(Access, CallerInfo, Host) == allow;
|
acl:access_matches(Access, CallerInfo, Host) == allow;
|
||||||
({acl, _} = Acl) when Scope == none ->
|
({acl, _} = Acl) when Scope == none ->
|
||||||
acl:acl_rule_matches(Acl, CallerInfo, Host);
|
acl:acl_rule_matches(Acl, CallerInfo, Host);
|
||||||
({oauth, List}) when Scope /= none ->
|
({oauth, Scopes, List}) when Scope /= none ->
|
||||||
lists:all(
|
case ejabberd_oauth:scope_in_scope_list(Scope, Scopes) of
|
||||||
fun({access, Access}) ->
|
true ->
|
||||||
acl:access_matches(Access, CallerInfo, Host) == allow;
|
lists:any(
|
||||||
({acl, _} = Acl) ->
|
fun({access, Access}) ->
|
||||||
acl:acl_rule_matches(Acl, CallerInfo, Host);
|
acl:access_matches(Access, CallerInfo, Host) == allow;
|
||||||
({scope, Scopes}) ->
|
({acl, _} = Acl) ->
|
||||||
ejabberd_oauth:scope_in_scope_list(Scope, Scopes)
|
acl:acl_rule_matches(Acl, CallerInfo, Host)
|
||||||
end, List);
|
end, List);
|
||||||
|
_ ->
|
||||||
|
false
|
||||||
|
end;
|
||||||
(_) ->
|
(_) ->
|
||||||
false
|
false
|
||||||
end, Who);
|
end, Who);
|
||||||
|
|
@ -370,7 +373,18 @@ parse_who(Name, Defs, ParseOauth) when is_list(Defs) ->
|
||||||
([{oauth, OauthList}]) when is_list(OauthList) ->
|
([{oauth, OauthList}]) when is_list(OauthList) ->
|
||||||
case ParseOauth of
|
case ParseOauth of
|
||||||
oauth ->
|
oauth ->
|
||||||
{oauth, parse_who(Name, lists:flatten(OauthList), scope)};
|
Nested = parse_who(Name, lists:flatten(OauthList), scope),
|
||||||
|
{Scopes, Rest} = lists:partition(
|
||||||
|
fun({scope, _}) -> true;
|
||||||
|
(_) -> false
|
||||||
|
end, Nested),
|
||||||
|
case Scopes of
|
||||||
|
[] ->
|
||||||
|
report_error(<<"Oauth rule must contain at least one scope rule in 'who' section for api_permission '~s'">>,
|
||||||
|
[Name]);
|
||||||
|
_ ->
|
||||||
|
{oauth, lists:foldl(fun({scope, S}, A) -> S ++ A end, [], Scopes), Rest}
|
||||||
|
end;
|
||||||
scope ->
|
scope ->
|
||||||
report_error(<<"Oauth rule can't be embeded inside other oauth rule in 'who' section for api_permission '~s'">>,
|
report_error(<<"Oauth rule can't be embeded inside other oauth rule in 'who' section for api_permission '~s'">>,
|
||||||
[Name])
|
[Name])
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue