25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00

add acl for mam in mod_muc

This commit is contained in:
Christoph Scholz 2019-01-02 17:35:01 +01:00
parent 9631baaa63
commit 7e4287ff83
4 changed files with 29 additions and 8 deletions

View File

@ -195,6 +195,8 @@ modules:
- allow: admin - allow: admin
access_create: muc_create access_create: muc_create
access_persistent: muc_create access_persistent: muc_create
access_mam:
- allow
default_room_options: default_room_options:
mam: true mam: true
mod_muc_admin: {} mod_muc_admin: {}

View File

@ -354,6 +354,7 @@ init_state(Host, Opts) ->
AccessCreate = gen_mod:get_opt(access_create, Opts), AccessCreate = gen_mod:get_opt(access_create, Opts),
AccessAdmin = gen_mod:get_opt(access_admin, Opts), AccessAdmin = gen_mod:get_opt(access_admin, Opts),
AccessPersistent = gen_mod:get_opt(access_persistent, Opts), AccessPersistent = gen_mod:get_opt(access_persistent, Opts),
AccessMam = gen_mod:get_opt(access_mam, Opts),
HistorySize = gen_mod:get_opt(history_size, Opts), HistorySize = gen_mod:get_opt(history_size, Opts),
MaxRoomsDiscoItems = gen_mod:get_opt(max_rooms_discoitems, Opts), MaxRoomsDiscoItems = gen_mod:get_opt(max_rooms_discoitems, Opts),
DefRoomOpts = gen_mod:get_opt(default_room_options, Opts), DefRoomOpts = gen_mod:get_opt(default_room_options, Opts),
@ -361,7 +362,7 @@ init_state(Host, Opts) ->
RoomShaper = gen_mod:get_opt(room_shaper, Opts), RoomShaper = gen_mod:get_opt(room_shaper, Opts),
#state{hosts = MyHosts, #state{hosts = MyHosts,
server_host = Host, server_host = Host,
access = {Access, AccessCreate, AccessAdmin, AccessPersistent}, access = {Access, AccessCreate, AccessAdmin, AccessPersistent, AccessMam},
default_room_opts = DefRoomOpts, default_room_opts = DefRoomOpts,
queue_type = QueueType, queue_type = QueueType,
history_size = HistorySize, history_size = HistorySize,
@ -392,7 +393,7 @@ unregister_iq_handlers(Host) ->
do_route(Host, ServerHost, Access, HistorySize, RoomShaper, do_route(Host, ServerHost, Access, HistorySize, RoomShaper,
From, To, Packet, DefRoomOpts, _MaxRoomsDiscoItems, QueueType) -> From, To, Packet, DefRoomOpts, _MaxRoomsDiscoItems, QueueType) ->
{AccessRoute, _AccessCreate, _AccessAdmin, _AccessPersistent} = Access, {AccessRoute, _AccessCreate, _AccessAdmin, _AccessPersistent, _AccessMam} = Access,
case acl:match_rule(ServerHost, AccessRoute, From) of case acl:match_rule(ServerHost, AccessRoute, From) of
allow -> allow ->
do_route1(Host, ServerHost, Access, HistorySize, RoomShaper, do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
@ -411,7 +412,7 @@ do_route1(_Host, _ServerHost, _Access, _HistorySize, _RoomShaper,
do_route1(Host, ServerHost, Access, _HistorySize, _RoomShaper, do_route1(Host, ServerHost, Access, _HistorySize, _RoomShaper,
From, #jid{luser = <<"">>, lresource = <<"">>} = _To, From, #jid{luser = <<"">>, lresource = <<"">>} = _To,
#message{lang = Lang, body = Body, type = Type} = Packet, _, _) -> #message{lang = Lang, body = Body, type = Type} = Packet, _, _) ->
{_AccessRoute, _AccessCreate, AccessAdmin, _AccessPersistent} = Access, {_AccessRoute, _AccessCreate, AccessAdmin, _AccessPersistent, _AccessMam} = Access,
if Type == error -> if Type == error ->
ok; ok;
true -> true ->
@ -432,7 +433,7 @@ do_route1(_Host, _ServerHost, _Access, _HistorySize, _RoomShaper,
ejabberd_router:route_error(Packet, Err); ejabberd_router:route_error(Packet, Err);
do_route1(Host, ServerHost, Access, HistorySize, RoomShaper, do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
From, To, Packet, DefRoomOpts, QueueType) -> From, To, Packet, DefRoomOpts, QueueType) ->
{_AccessRoute, AccessCreate, _AccessAdmin, _AccessPersistent} = Access, {_AccessRoute, AccessCreate, _AccessAdmin, _AccessPersistent, _AccessMam} = Access,
{Room, _, Nick} = jid:tolower(To), {Room, _, Nick} = jid:tolower(To),
RMod = gen_mod:ram_db_mod(ServerHost, ?MODULE), RMod = gen_mod:ram_db_mod(ServerHost, ?MODULE),
case RMod:find_online_room(ServerHost, Room, Host) of case RMod:find_online_room(ServerHost, Room, Host) of
@ -884,6 +885,8 @@ mod_opt_type(access_create) ->
fun acl:access_rules_validator/1; fun acl:access_rules_validator/1;
mod_opt_type(access_persistent) -> mod_opt_type(access_persistent) ->
fun acl:access_rules_validator/1; fun acl:access_rules_validator/1;
mod_opt_type(access_mam) ->
fun acl:access_rules_validator/1;
mod_opt_type(access_register) -> mod_opt_type(access_register) ->
fun acl:access_rules_validator/1; fun acl:access_rules_validator/1;
mod_opt_type(db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end; mod_opt_type(db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
@ -992,6 +995,7 @@ mod_options(Host) ->
{access_admin, none}, {access_admin, none},
{access_create, all}, {access_create, all},
{access_persistent, all}, {access_persistent, all},
{access_mam, all},
{access_register, all}, {access_register, all},
{db_type, ejabberd_config:default_db(Host, ?MODULE)}, {db_type, ejabberd_config:default_db(Host, ?MODULE)},
{ram_db_type, ejabberd_config:default_ram_db(Host, ?MODULE)}, {ram_db_type, ejabberd_config:default_ram_db(Host, ?MODULE)},

View File

@ -604,6 +604,7 @@ create_room_with_opts(Name1, Host1, ServerHost, CustomRoomOpts) ->
AcCreate = gen_mod:get_module_opt(ServerHost, mod_muc, access_create), AcCreate = gen_mod:get_module_opt(ServerHost, mod_muc, access_create),
AcAdmin = gen_mod:get_module_opt(ServerHost, mod_muc, access_admin), AcAdmin = gen_mod:get_module_opt(ServerHost, mod_muc, access_admin),
AcPer = gen_mod:get_module_opt(ServerHost, mod_muc, access_persistent), AcPer = gen_mod:get_module_opt(ServerHost, mod_muc, access_persistent),
AcMam = gen_mod:get_module_opt(ServerHost, mod_muc, access_mam),
HistorySize = gen_mod:get_module_opt(ServerHost, mod_muc, history_size), HistorySize = gen_mod:get_module_opt(ServerHost, mod_muc, history_size),
RoomShaper = gen_mod:get_module_opt(ServerHost, mod_muc, room_shaper), RoomShaper = gen_mod:get_module_opt(ServerHost, mod_muc, room_shaper),
QueueType = gen_mod:get_module_opt(ServerHost, mod_muc, queue_type), QueueType = gen_mod:get_module_opt(ServerHost, mod_muc, queue_type),
@ -615,7 +616,7 @@ create_room_with_opts(Name1, Host1, ServerHost, CustomRoomOpts) ->
{ok, Pid} = mod_muc_room:start( {ok, Pid} = mod_muc_room:start(
Host, Host,
ServerHost, ServerHost,
{Access, AcCreate, AcAdmin, AcPer}, {Access, AcCreate, AcAdmin, AcPer, AcMam},
Name, Name,
HistorySize, HistorySize,
RoomShaper, RoomShaper,

View File

@ -1409,7 +1409,7 @@ get_affiliations_callback(StateData) ->
-spec get_service_affiliation(jid(), state()) -> owner | none. -spec get_service_affiliation(jid(), state()) -> owner | none.
get_service_affiliation(JID, StateData) -> get_service_affiliation(JID, StateData) ->
{_AccessRoute, _AccessCreate, AccessAdmin, {_AccessRoute, _AccessCreate, AccessAdmin,
_AccessPersistent} = _AccessPersistent, _AccessMam} =
StateData#state.access, StateData#state.access,
case acl:match_rule(StateData#state.server_host, case acl:match_rule(StateData#state.server_host,
AccessAdmin, JID) AccessAdmin, JID)
@ -3170,6 +3170,7 @@ process_iq_owner(From, #iq{type = set, lang = Lang,
Options -> Options ->
case is_allowed_log_change(Options, StateData, From) andalso case is_allowed_log_change(Options, StateData, From) andalso
is_allowed_persistent_change(Options, StateData, From) andalso is_allowed_persistent_change(Options, StateData, From) andalso
is_allowed_mam_change(Options, StateData, From) andalso
is_allowed_room_name_desc_limits(Options, StateData) andalso is_allowed_room_name_desc_limits(Options, StateData) andalso
is_password_settings_correct(Options, StateData) of is_password_settings_correct(Options, StateData) of
true -> true ->
@ -3234,13 +3235,26 @@ is_allowed_persistent_change(Options, StateData, From) ->
false -> true; false -> true;
true -> true ->
{_AccessRoute, _AccessCreate, _AccessAdmin, {_AccessRoute, _AccessCreate, _AccessAdmin,
AccessPersistent} = AccessPersistent, _AccessMam} =
StateData#state.access, StateData#state.access,
allow == allow ==
acl:match_rule(StateData#state.server_host, acl:match_rule(StateData#state.server_host,
AccessPersistent, From) AccessPersistent, From)
end. end.
-spec is_allowed_mam_change(muc_roomconfig:result(), state(), jid()) -> boolean().
is_allowed_mam_change(Options, StateData, From) ->
case proplists:is_defined(mam, Options) of
false -> true;
true ->
{_AccessRoute, _AccessCreate, _AccessAdmin,
_AccessPersistent, AccessMam} =
StateData#state.access,
allow ==
acl:match_rule(StateData#state.server_host,
AccessMam, From)
end.
%% Check if the Room Name and Room Description defined in the Data Form %% Check if the Room Name and Room Description defined in the Data Form
%% are conformant to the configured limits %% are conformant to the configured limits
-spec is_allowed_room_name_desc_limits(muc_roomconfig:result(), state()) -> boolean(). -spec is_allowed_room_name_desc_limits(muc_roomconfig:result(), state()) -> boolean().
@ -3283,7 +3297,7 @@ get_default_room_maxusers(RoomState) ->
-spec get_config(binary(), state(), jid()) -> xdata(). -spec get_config(binary(), state(), jid()) -> xdata().
get_config(Lang, StateData, From) -> get_config(Lang, StateData, From) ->
{_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent} = {_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent, _AccessMam} =
StateData#state.access, StateData#state.access,
ServiceMaxUsers = get_service_max_users(StateData), ServiceMaxUsers = get_service_max_users(StateData),
DefaultRoomMaxUsers = get_default_room_maxusers(StateData), DefaultRoomMaxUsers = get_default_room_maxusers(StateData),