From babb484cfc7c1d89e84f5b821a2e3e873f74177e Mon Sep 17 00:00:00 2001 From: Evgeniy Khramtsov Date: Thu, 24 Dec 2015 15:01:33 +0300 Subject: [PATCH] Restrict access to MAM archives for members-only rooms --- src/mod_mam.erl | 22 +++++++++++++++++++--- src/mod_muc_room.erl | 2 ++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/mod_mam.erl b/src/mod_mam.erl index e989fba99..7124e2c6d 100644 --- a/src/mod_mam.erl +++ b/src/mod_mam.erl @@ -251,7 +251,7 @@ process_iq_v0_3(#jid{lserver = LServer} = From, process_iq_v0_3(From, To, IQ) -> process_iq(From, To, IQ). -muc_process_iq(#iq{type = set, +muc_process_iq(#iq{type = set, lang = Lang, sub_el = #xmlel{name = <<"query">>, attrs = Attrs} = SubEl} = IQ, MUCState, From, To) -> @@ -259,8 +259,24 @@ muc_process_iq(#iq{type = set, ?NS_MAM_0 -> LServer = MUCState#state.server_host, Role = mod_muc_room:get_role(From, MUCState), - process_iq(LServer, From, To, IQ, SubEl, - get_xdata_fields(SubEl), {groupchat, Role, MUCState}); + Config = MUCState#state.config, + if Config#config.members_only -> + case mod_muc_room:is_occupant_or_admin(From, MUCState) of + true -> + process_iq(LServer, From, To, IQ, SubEl, + get_xdata_fields(SubEl), + {groupchat, Role, MUCState}); + false -> + Text = <<"Only members are allowed to query " + "archives of this room">>, + Error = ?ERRT_FORBIDDEN(Lang, Text), + IQ#iq{type = error, sub_el = [SubEl, Error]} + end; + true -> + process_iq(LServer, From, To, IQ, SubEl, + get_xdata_fields(SubEl), + {groupchat, Role, MUCState}) + end; _ -> IQ end; diff --git a/src/mod_muc_room.erl b/src/mod_muc_room.erl index df7b7d3e3..760bd7292 100644 --- a/src/mod_muc_room.erl +++ b/src/mod_muc_room.erl @@ -35,6 +35,8 @@ start/9, start/7, get_role/2, + get_affiliation/2, + is_occupant_or_admin/2, route/4]). %% gen_fsm callbacks