add acl for mam in mod_muc

This commit is contained in:
Christoph Scholz 2019-01-02 17:35:01 +01:00
parent 9631baaa63
commit 7e4287ff83
4 changed files with 29 additions and 8 deletions

View File

@ -195,6 +195,8 @@ modules:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
mam: true
mod_muc_admin: {}

View File

@ -354,6 +354,7 @@ init_state(Host, Opts) ->
AccessCreate = gen_mod:get_opt(access_create, Opts),
AccessAdmin = gen_mod:get_opt(access_admin, Opts),
AccessPersistent = gen_mod:get_opt(access_persistent, Opts),
AccessMam = gen_mod:get_opt(access_mam, Opts),
HistorySize = gen_mod:get_opt(history_size, Opts),
MaxRoomsDiscoItems = gen_mod:get_opt(max_rooms_discoitems, Opts),
DefRoomOpts = gen_mod:get_opt(default_room_options, Opts),
@ -361,7 +362,7 @@ init_state(Host, Opts) ->
RoomShaper = gen_mod:get_opt(room_shaper, Opts),
#state{hosts = MyHosts,
server_host = Host,
access = {Access, AccessCreate, AccessAdmin, AccessPersistent},
access = {Access, AccessCreate, AccessAdmin, AccessPersistent, AccessMam},
default_room_opts = DefRoomOpts,
queue_type = QueueType,
history_size = HistorySize,
@ -392,7 +393,7 @@ unregister_iq_handlers(Host) ->
do_route(Host, ServerHost, Access, HistorySize, RoomShaper,
From, To, Packet, DefRoomOpts, _MaxRoomsDiscoItems, QueueType) ->
{AccessRoute, _AccessCreate, _AccessAdmin, _AccessPersistent} = Access,
{AccessRoute, _AccessCreate, _AccessAdmin, _AccessPersistent, _AccessMam} = Access,
case acl:match_rule(ServerHost, AccessRoute, From) of
allow ->
do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
@ -411,7 +412,7 @@ do_route1(_Host, _ServerHost, _Access, _HistorySize, _RoomShaper,
do_route1(Host, ServerHost, Access, _HistorySize, _RoomShaper,
From, #jid{luser = <<"">>, lresource = <<"">>} = _To,
#message{lang = Lang, body = Body, type = Type} = Packet, _, _) ->
{_AccessRoute, _AccessCreate, AccessAdmin, _AccessPersistent} = Access,
{_AccessRoute, _AccessCreate, AccessAdmin, _AccessPersistent, _AccessMam} = Access,
if Type == error ->
ok;
true ->
@ -432,7 +433,7 @@ do_route1(_Host, _ServerHost, _Access, _HistorySize, _RoomShaper,
ejabberd_router:route_error(Packet, Err);
do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
From, To, Packet, DefRoomOpts, QueueType) ->
{_AccessRoute, AccessCreate, _AccessAdmin, _AccessPersistent} = Access,
{_AccessRoute, AccessCreate, _AccessAdmin, _AccessPersistent, _AccessMam} = Access,
{Room, _, Nick} = jid:tolower(To),
RMod = gen_mod:ram_db_mod(ServerHost, ?MODULE),
case RMod:find_online_room(ServerHost, Room, Host) of
@ -884,6 +885,8 @@ mod_opt_type(access_create) ->
fun acl:access_rules_validator/1;
mod_opt_type(access_persistent) ->
fun acl:access_rules_validator/1;
mod_opt_type(access_mam) ->
fun acl:access_rules_validator/1;
mod_opt_type(access_register) ->
fun acl:access_rules_validator/1;
mod_opt_type(db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
@ -992,6 +995,7 @@ mod_options(Host) ->
{access_admin, none},
{access_create, all},
{access_persistent, all},
{access_mam, all},
{access_register, all},
{db_type, ejabberd_config:default_db(Host, ?MODULE)},
{ram_db_type, ejabberd_config:default_ram_db(Host, ?MODULE)},

View File

@ -604,6 +604,7 @@ create_room_with_opts(Name1, Host1, ServerHost, CustomRoomOpts) ->
AcCreate = gen_mod:get_module_opt(ServerHost, mod_muc, access_create),
AcAdmin = gen_mod:get_module_opt(ServerHost, mod_muc, access_admin),
AcPer = gen_mod:get_module_opt(ServerHost, mod_muc, access_persistent),
AcMam = gen_mod:get_module_opt(ServerHost, mod_muc, access_mam),
HistorySize = gen_mod:get_module_opt(ServerHost, mod_muc, history_size),
RoomShaper = gen_mod:get_module_opt(ServerHost, mod_muc, room_shaper),
QueueType = gen_mod:get_module_opt(ServerHost, mod_muc, queue_type),
@ -615,7 +616,7 @@ create_room_with_opts(Name1, Host1, ServerHost, CustomRoomOpts) ->
{ok, Pid} = mod_muc_room:start(
Host,
ServerHost,
{Access, AcCreate, AcAdmin, AcPer},
{Access, AcCreate, AcAdmin, AcPer, AcMam},
Name,
HistorySize,
RoomShaper,

View File

@ -1409,7 +1409,7 @@ get_affiliations_callback(StateData) ->
-spec get_service_affiliation(jid(), state()) -> owner | none.
get_service_affiliation(JID, StateData) ->
{_AccessRoute, _AccessCreate, AccessAdmin,
_AccessPersistent} =
_AccessPersistent, _AccessMam} =
StateData#state.access,
case acl:match_rule(StateData#state.server_host,
AccessAdmin, JID)
@ -3170,6 +3170,7 @@ process_iq_owner(From, #iq{type = set, lang = Lang,
Options ->
case is_allowed_log_change(Options, StateData, From) andalso
is_allowed_persistent_change(Options, StateData, From) andalso
is_allowed_mam_change(Options, StateData, From) andalso
is_allowed_room_name_desc_limits(Options, StateData) andalso
is_password_settings_correct(Options, StateData) of
true ->
@ -3234,13 +3235,26 @@ is_allowed_persistent_change(Options, StateData, From) ->
false -> true;
true ->
{_AccessRoute, _AccessCreate, _AccessAdmin,
AccessPersistent} =
AccessPersistent, _AccessMam} =
StateData#state.access,
allow ==
acl:match_rule(StateData#state.server_host,
AccessPersistent, From)
end.
-spec is_allowed_mam_change(muc_roomconfig:result(), state(), jid()) -> boolean().
is_allowed_mam_change(Options, StateData, From) ->
case proplists:is_defined(mam, Options) of
false -> true;
true ->
{_AccessRoute, _AccessCreate, _AccessAdmin,
_AccessPersistent, AccessMam} =
StateData#state.access,
allow ==
acl:match_rule(StateData#state.server_host,
AccessMam, From)
end.
%% Check if the Room Name and Room Description defined in the Data Form
%% are conformant to the configured limits
-spec is_allowed_room_name_desc_limits(muc_roomconfig:result(), state()) -> boolean().
@ -3283,7 +3297,7 @@ get_default_room_maxusers(RoomState) ->
-spec get_config(binary(), state(), jid()) -> xdata().
get_config(Lang, StateData, From) ->
{_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent} =
{_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent, _AccessMam} =
StateData#state.access,
ServiceMaxUsers = get_service_max_users(StateData),
DefaultRoomMaxUsers = get_default_room_maxusers(StateData),