25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-24 17:29:28 +01:00

Add shorter version of some common access rules definitions

This add conversion of

- allow
to
- allow: all

and

- allow: acl_name
to
- allow:
  - acl: acl_name

(this works also for deny, and number in shapers)
This commit is contained in:
Paweł Chmielowski 2016-06-15 19:20:27 +02:00
parent 9004608181
commit 7b308e0d41
2 changed files with 34 additions and 4 deletions

View File

@ -518,11 +518,16 @@ parse_ip_netmask(S) ->
transform_access_rules_config(Config) ->
lists:map(fun transform_access_rules_config2/1, lists:flatten(Config)).
transform_access_rules_config2(Type) when is_integer(Type); Type == allow; Type == deny ->
{Type, [all]};
transform_access_rules_config2({Type, ACL}) when is_atom(ACL) ->
{Type, [{acl, ACL}]};
transform_access_rules_config2({Res, Rules}) when is_list(Rules) ->
{Res, lists:map(fun({Type, Args}) when is_list(Args) ->
normalize_spec({Type, hd(lists:flatten(Args))});
(V) -> normalize_spec(V)
end, lists:flatten(Rules))};
T = lists:map(fun({Type, Args}) when is_list(Args) ->
normalize_spec({Type, hd(lists:flatten(Args))});
(V) -> normalize_spec(V)
end, lists:flatten(Rules)),
{Res, T};
transform_access_rules_config2({Res, Rule}) ->
{Res, [Rule]}.

View File

@ -302,6 +302,31 @@ defmodule ACLTest do
assert :acl.access_matches(rules, %{usr: {"user1", "server11", "res1"}}, :global) == :deny
assert :acl.access_matches(rules, %{usr: {"user11", "server11", "res1"}}, :global) == :deny
end
test "transform_access_rules_config expands allow rule" do
assert :acl.transform_access_rules_config([:allow]) == [{:allow, [:all]}]
end
test "transform_access_rules_config expands deny rule" do
assert :acl.transform_access_rules_config([:deny]) == [{:deny, [:all]}]
end
test "transform_access_rules_config expands <integer> rule" do
assert :acl.transform_access_rules_config([100]) == [{100, [:all]}]
end
test "transform_access_rules_config expands allow: <acl_name> rule" do
assert :acl.transform_access_rules_config([{:allow, :test1}]) == [{:allow, [{:acl, :test1}]}]
end
test "transform_access_rules_config expands deny: <acl_name> rule" do
assert :acl.transform_access_rules_config([{:deny, :test1}]) == [{:deny, [{:acl, :test1}]}]
end
test "transform_access_rules_config expands integer: <acl_name> rule" do
assert :acl.transform_access_rules_config([{100, :test1}]) == [{100, [{:acl, :test1}]}]
end
## Checking ACL on both user pattern and IP
## ========================================