prevent unauthorized entity to gain none-affiliation for given entity
SVN Revision: 1801
This commit is contained in:
parent
da893f4293
commit
be99c4b0eb
|
@ -4,6 +4,9 @@
|
|||
permissions (thanks to Andy Skelton)(EJAB-840)
|
||||
* src/mod_pubsub/node_default.erl: Likewise
|
||||
|
||||
* src/mod_pubsub/node_default.erl: prevent unauthorized entity to gain
|
||||
none-affiliation for given entity (EJAB-840)
|
||||
|
||||
2009-01-10 Christophe Romain <christophe.romain@process-one.net>
|
||||
|
||||
* src/mod_pubsub/node_default.erl: fix unsubscription of full jid
|
||||
|
|
|
@ -364,6 +364,9 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) ->
|
|||
SenderState#pubsub_state.affiliation == owner
|
||||
end,
|
||||
if
|
||||
%% Requesting entity is prohibited from unsubscribing entity
|
||||
not Authorized ->
|
||||
{error, ?ERR_FORBIDDEN};
|
||||
%% Entity did not specify SubID
|
||||
%%SubID == "", ?? ->
|
||||
%% {error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "subid-required")};
|
||||
|
@ -373,9 +376,6 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) ->
|
|||
%% Requesting entity is not a subscriber
|
||||
SubState#pubsub_state.subscription == none ->
|
||||
{error, ?ERR_EXTENDED(?ERR_UNEXPECTED_REQUEST, "not-subscribed")};
|
||||
%% Requesting entity is prohibited from unsubscribing entity
|
||||
not Authorized ->
|
||||
{error, ?ERR_FORBIDDEN};
|
||||
%% Was just subscriber, remove the record
|
||||
SubState#pubsub_state.affiliation == none ->
|
||||
del_state(SubState#pubsub_state.stateid),
|
||||
|
|
Loading…
Reference in New Issue