diff --git a/src/mod_pubsub/mod_pubsub.erl b/src/mod_pubsub/mod_pubsub.erl index 0ab6b7053..a5063678e 100644 --- a/src/mod_pubsub/mod_pubsub.erl +++ b/src/mod_pubsub/mod_pubsub.erl @@ -1897,18 +1897,33 @@ set_affiliations(Host, Node, From, EntitiesEls) -> {error, 'bad-request'}; _ -> Action = fun(#pubsub_node{type = Type, owners = Owners}) -> - case lists:member(Owner, Owners) of - true -> - lists:foreach( - fun({JID, Affiliation}) -> - node_call( - Type, set_affiliation, - [Host, Node, JID, Affiliation]) - end, Entities), - {result, []}; - _ -> - {error, 'forbidden'} - end + case lists:member(Owner, Owners) of + true -> + lists:foreach( + fun({JID, Affiliation}) -> + node_call(Type, set_affiliation, [Host, Node, JID, Affiliation]), + case Affiliation of + owner -> + NewOwner = jlib:short_prepd_bare_jid(JID), + NewOwners = [NewOwner|Owners], + tree_call(Host, set_node, [N#pubsub_node{owners = NewOwners}]); + none -> + NewOwner = jlib:short_prepd_bare_jid(JID), + case lists:member(OldOwner, Owners) of + true -> + NewOwners = Owners--[OldOwner], + tree_call(Host, set_node, [N#pubsub_node{owners = NewOwners}]); + _ -> + ok + end; + _ -> + ok + end + end, Entities), + {result, []}; + _ -> + {error, 'forbidden'} + end end, transaction(Host, Node, Action, sync_dirty) end. @@ -2031,33 +2046,18 @@ set_subscriptions(Host, Node, From, EntitiesEls) -> {error, 'bad-request'}; _ -> Action = fun(#pubsub_node{type = Type, owners = Owners}) -> - case lists:member(Owner, Owners) of - true -> - lists:foreach( - fun({JID, Affiliation}) -> - node_call(Type, set_affiliation, [Host, Node, JID, Affiliation]), - case Affiliation of - owner -> - NewOwner = jlib:short_prepd_bare_jid(JID), - NewOwners = [NewOwner|Owners], - tree_call(Host, set_node, [N#pubsub_node{owners = NewOwners}]); - none -> - NewOwner = jlib:short_prepd_bare_jid(JID), - case lists:member(OldOwner, Owners) of - true -> - NewOwners = Owners--[OldOwner], - tree_call(Host, set_node, [N#pubsub_node{owners = NewOwners}]); - _ -> - ok - end; - _ -> - ok - end - end, Entities), - {result, []}; - _ -> - {error, 'forbidden'} - end + case lists:member(Owner, Owners) of + true -> + lists:foreach( + fun({JID, Subscription}) -> + node_call( + Type, set_subscription, + [Host, Node, JID, Subscription]) + end, Entities), + {result, []}; + _ -> + {error, 'forbidden'} + end end, transaction(Host, Node, Action, sync_dirty) end. diff --git a/src/mod_pubsub/node_default.erl b/src/mod_pubsub/node_default.erl index afc305f86..8acf2449d 100644 --- a/src/mod_pubsub/node_default.erl +++ b/src/mod_pubsub/node_default.erl @@ -358,6 +358,9 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) -> _ -> get_state(Host, Node, SubKey) end, if + %% Requesting entity is prohibited from unsubscribing entity + not Authorized -> + {error, 'forbidden'}; %% Entity did not specify SubID %%SubID == "", ?? -> %% {error, ?ERR_EXTENDED('bad-request', "subid-required")}; @@ -367,9 +370,6 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) -> %% Requesting entity is not a subscriber SubState#pubsub_state.subscription == none -> {error, ?ERR_EXTENDED('unexpected-request', "not-subscribed")}; - %% Requesting entity is prohibited from unsubscribing entity - not Authorized -> - {error, 'forbidden'}; %% Was just subscriber, remove the record SubState#pubsub_state.affiliation == none -> del_state(SubState#pubsub_state.stateid),