From 991529a657a654aac8a10f7ff565877777c3b6d3 Mon Sep 17 00:00:00 2001 From: Mickael Remond Date: Wed, 6 Apr 2016 13:59:06 +0200 Subject: [PATCH 1/2] Export add_access/3 to allow setting ACL outside of yaml config file --- src/acl.erl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/acl.erl b/src/acl.erl index fdf397d88..0c1071d15 100644 --- a/src/acl.erl +++ b/src/acl.erl @@ -34,6 +34,8 @@ match_rule/3, match_acl/3, transform_options/1, opt_type/1]). +-export([add_access/3]). + -include("ejabberd.hrl"). -include("logger.hrl"). -include("jlib.hrl"). From f78b170c24e3638eb9ad911001068955d7953c1f Mon Sep 17 00:00:00 2001 From: Mickael Remond Date: Wed, 6 Apr 2016 13:59:33 +0200 Subject: [PATCH 2/2] Add initial basic ACL test --- test/acl_test.exs | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 test/acl_test.exs diff --git a/test/acl_test.exs b/test/acl_test.exs new file mode 100644 index 000000000..0aca9bce5 --- /dev/null +++ b/test/acl_test.exs @@ -0,0 +1,42 @@ +# ---------------------------------------------------------------------- +# +# ejabberd, Copyright (C) 2002-2016 ProcessOne +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ---------------------------------------------------------------------- + +defmodule ACLTest do + @author "mremond@process-one.net" + + use ExUnit.Case, async: false + + setup_all do + :ok = :mnesia.start + :ok = :jid.start + :ok = :ejabberd_config.start(["domain1", "domain2"], []) + :ok = :acl.start + end + + test "simple user access rule matches" do + :acl.add(:global, :basic_acl_1, {:user, "test1"}) + :acl.add_access(:global, :basic_rule_1, [{:basic_acl_1, :allow}]) + assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain1")) == :allow + assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain2")) == :allow + # We match on user part only for local domain. As an implicit rule remote domain are not matched + assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@otherdomain")) == :deny + assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test11@domain1")) == :deny + end +end