26
1
mirror of https://github.com/processone/ejabberd.git synced 2025-01-03 18:02:28 +01:00

* src/mod_pubsub/node_default.erl: Fix that non-subscriber could

fetch items from Authorize node (thanks to Brian Cully)(EJAB-873)

SVN Revision: 1930
This commit is contained in:
Badlop 2009-02-27 23:56:46 +00:00
parent 3a5fb440cc
commit 64f2945892
2 changed files with 23 additions and 3 deletions

View File

@ -1,3 +1,8 @@
2009-02-28 Badlop <badlop@process-one.net>
* src/mod_pubsub/node_default.erl: Fix that non-subscriber could
fetch items from Authorize node (thanks to Brian Cully)(EJAB-873)
2009-02-27 Badlop <badlop@process-one.net> 2009-02-27 Badlop <badlop@process-one.net>
* src/tls/tls_drv.c: S2S connection with STARTTLS fails to Gtalk * src/tls/tls_drv.c: S2S connection with STARTTLS fails to Gtalk

View File

@ -305,7 +305,7 @@ subscribe_node(Host, Node, Sender, Subscriber, AccessModel,
(AccessModel == whitelist) and (not Whitelisted) -> (AccessModel == whitelist) and (not Whitelisted) ->
%% Node has whitelist access model and entity lacks required affiliation %% Node has whitelist access model and entity lacks required affiliation
{error, ?ERR_EXTENDED(?ERR_NOT_ALLOWED, "closed-node")}; {error, ?ERR_EXTENDED(?ERR_NOT_ALLOWED, "closed-node")};
(AccessModel == authorize) -> % TODO: to be done (AccessModel == authorize) and (not Whitelisted) ->
%% Node has authorize access model %% Node has authorize access model
{error, ?ERR_FORBIDDEN}; {error, ?ERR_FORBIDDEN};
%%MustPay -> %%MustPay ->
@ -702,7 +702,8 @@ get_items(Host, Node, JID, AccessModel, PresenceSubscription, RosterGroup, _SubI
GenKey = jlib:jid_remove_resource(SubKey), GenKey = jlib:jid_remove_resource(SubKey),
GenState = get_state(Host, Node, GenKey), GenState = get_state(Host, Node, GenKey),
Affiliation = GenState#pubsub_state.affiliation, Affiliation = GenState#pubsub_state.affiliation,
Whitelisted = lists:member(Affiliation, [member, publisher, owner]), Subscription = GenState#pubsub_state.subscription,
Whitelisted = can_fetch_item(Affiliation, Subscription),
if if
%%SubID == "", ?? -> %%SubID == "", ?? ->
%% Entity has multiple subscriptions to the node but does not specify a subscription ID %% Entity has multiple subscriptions to the node but does not specify a subscription ID
@ -750,7 +751,8 @@ get_item(Host, Node, ItemId, JID, AccessModel, PresenceSubscription, RosterGroup
GenKey = jlib:jid_remove_resource(SubKey), GenKey = jlib:jid_remove_resource(SubKey),
GenState = get_state(Host, Node, GenKey), GenState = get_state(Host, Node, GenKey),
Affiliation = GenState#pubsub_state.affiliation, Affiliation = GenState#pubsub_state.affiliation,
Whitelisted = lists:member(Affiliation, [member, publisher, owner]), Subscription = GenState#pubsub_state.subscription,
Whitelisted = can_fetch_item(Affiliation, Subscription),
if if
%%SubID == "", ?? -> %%SubID == "", ?? ->
%% Entity has multiple subscriptions to the node but does not specify a subscription ID %% Entity has multiple subscriptions to the node but does not specify a subscription ID
@ -804,3 +806,16 @@ del_items(Host, Node, ItemIds) ->
%% node id.</p> %% node id.</p>
get_item_name(_Host, _Node, Id) -> get_item_name(_Host, _Node, Id) ->
Id. Id.
%% @spec (Affiliation, Subscription) -> true | false
%% Affiliation = owner | member | publisher | outcast | none
%% Subscription = subscribed | none
%% @doc Determines if the combination of Affiliation and Subscribed
%% are allowed to get items from a node.
can_fetch_item(owner, _) -> true;
can_fetch_item(member, _) -> true;
can_fetch_item(publisher, _) -> true;
can_fetch_item(outcast, _) -> false;
can_fetch_item(none, subscribed) -> true;
can_fetch_item(none, none) -> false;
can_fetch_item(_Affiliation, _Subscription) -> false.