Merge pull request #2748 from area-42/add_acl_for_mam_in_mod_muc

add acl for mam in mod_muc
2024-10-31 15:21:38 +01:00 · 2019-01-10 14:29:02 +01:00 · 2019-01-10 14:29:02 +01:00 · e4067df85e
commit e4067df85e
parent 67cfdf1d20 7e4287ff83
4 changed files with 29 additions and 8 deletions
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@ -195,6 +195,8 @@ modules:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    access_mam:
      - allow
    default_room_options:
      mam: true
  mod_muc_admin: {}
--- a/src/mod_muc.erl
+++ b/src/mod_muc.erl
@ -354,6 +354,7 @@ init_state(Host, Opts) ->
    AccessCreate = gen_mod:get_opt(access_create, Opts),
    AccessAdmin = gen_mod:get_opt(access_admin, Opts),
    AccessPersistent = gen_mod:get_opt(access_persistent, Opts),
    AccessMam = gen_mod:get_opt(access_mam, Opts),
    HistorySize = gen_mod:get_opt(history_size, Opts),
    MaxRoomsDiscoItems = gen_mod:get_opt(max_rooms_discoitems, Opts),
    DefRoomOpts = gen_mod:get_opt(default_room_options, Opts),
@ -361,7 +362,7 @@ init_state(Host, Opts) ->
    RoomShaper = gen_mod:get_opt(room_shaper, Opts),
    #state{hosts = MyHosts,
 	   server_host = Host,
-	   access = {Access, AccessCreate, AccessAdmin, AccessPersistent},
+	   access = {Access, AccessCreate, AccessAdmin, AccessPersistent, AccessMam},
 	   default_room_opts = DefRoomOpts,
 	   queue_type = QueueType,
 	   history_size = HistorySize,
@ -392,7 +393,7 @@ unregister_iq_handlers(Host) ->
 do_route(Host, ServerHost, Access, HistorySize, RoomShaper,
 	 From, To, Packet, DefRoomOpts, _MaxRoomsDiscoItems, QueueType) ->
-    {AccessRoute, _AccessCreate, _AccessAdmin, _AccessPersistent} = Access,
+    {AccessRoute, _AccessCreate, _AccessAdmin, _AccessPersistent, _AccessMam} = Access,
    case acl:match_rule(ServerHost, AccessRoute, From) of
 	allow ->
 	    do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
@ -411,7 +412,7 @@ do_route1(_Host, _ServerHost, _Access, _HistorySize, _RoomShaper,
 do_route1(Host, ServerHost, Access, _HistorySize, _RoomShaper,
 	  From, #jid{luser = <<"">>, lresource = <<"">>} = _To,
 	  #message{lang = Lang, body = Body, type = Type} = Packet, _, _) ->
-    {_AccessRoute, _AccessCreate, AccessAdmin, _AccessPersistent} = Access,
+    {_AccessRoute, _AccessCreate, AccessAdmin, _AccessPersistent, _AccessMam} = Access,
    if Type == error ->
 	    ok;
       true ->
@ -432,7 +433,7 @@ do_route1(_Host, _ServerHost, _Access, _HistorySize, _RoomShaper,
    ejabberd_router:route_error(Packet, Err);
 do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
 	  From, To, Packet, DefRoomOpts, QueueType) ->
-    {_AccessRoute, AccessCreate, _AccessAdmin, _AccessPersistent} = Access,
+    {_AccessRoute, AccessCreate, _AccessAdmin, _AccessPersistent, _AccessMam} = Access,
    {Room, _, Nick} = jid:tolower(To),
    RMod = gen_mod:ram_db_mod(ServerHost, ?MODULE),
    case RMod:find_online_room(ServerHost, Room, Host) of
@ -884,6 +885,8 @@ mod_opt_type(access_create) ->
    fun acl:access_rules_validator/1;
 mod_opt_type(access_persistent) ->
    fun acl:access_rules_validator/1;
 mod_opt_type(access_mam) ->
    fun acl:access_rules_validator/1;
 mod_opt_type(access_register) ->
    fun acl:access_rules_validator/1;
 mod_opt_type(db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
@ -992,6 +995,7 @@ mod_options(Host) ->
     {access_admin, none},
     {access_create, all},
     {access_persistent, all},
     {access_mam, all},
     {access_register, all},
     {db_type, ejabberd_config:default_db(Host, ?MODULE)},
     {ram_db_type, ejabberd_config:default_ram_db(Host, ?MODULE)},
--- a/src/mod_muc_admin.erl
+++ b/src/mod_muc_admin.erl
@ -604,6 +604,7 @@ create_room_with_opts(Name1, Host1, ServerHost, CustomRoomOpts) ->
    AcCreate = gen_mod:get_module_opt(ServerHost, mod_muc, access_create),
    AcAdmin = gen_mod:get_module_opt(ServerHost, mod_muc, access_admin),
    AcPer = gen_mod:get_module_opt(ServerHost, mod_muc, access_persistent),
    AcMam = gen_mod:get_module_opt(ServerHost, mod_muc, access_mam),
    HistorySize = gen_mod:get_module_opt(ServerHost, mod_muc, history_size),
    RoomShaper = gen_mod:get_module_opt(ServerHost, mod_muc, room_shaper),
    QueueType = gen_mod:get_module_opt(ServerHost, mod_muc, queue_type),
@ -615,7 +616,7 @@ create_room_with_opts(Name1, Host1, ServerHost, CustomRoomOpts) ->
 	    {ok, Pid} = mod_muc_room:start(
 			  Host,
 			  ServerHost,
-			  {Access, AcCreate, AcAdmin, AcPer},
+			  {Access, AcCreate, AcAdmin, AcPer, AcMam},
 			  Name,
 			  HistorySize,
 			  RoomShaper,
--- a/src/mod_muc_room.erl
+++ b/src/mod_muc_room.erl
@ -1409,7 +1409,7 @@ get_affiliations_callback(StateData) ->
 -spec get_service_affiliation(jid(), state()) -> owner | none.
 get_service_affiliation(JID, StateData) ->
    {_AccessRoute, _AccessCreate, AccessAdmin,
-     _AccessPersistent} =
+     _AccessPersistent, _AccessMam} =
 	StateData#state.access,
    case acl:match_rule(StateData#state.server_host,
 			AccessAdmin, JID)
@ -3170,6 +3170,7 @@ process_iq_owner(From, #iq{type = set, lang = Lang,
 			Options ->
 			    case is_allowed_log_change(Options, StateData, From) andalso
 				is_allowed_persistent_change(Options, StateData, From) andalso
 				is_allowed_mam_change(Options, StateData, From) andalso
 				is_allowed_room_name_desc_limits(Options, StateData) andalso
 				is_password_settings_correct(Options, StateData) of
 				true ->
@ -3234,13 +3235,26 @@ is_allowed_persistent_change(Options, StateData, From) ->
      false -> true;
      true ->
 	  {_AccessRoute, _AccessCreate, _AccessAdmin,
-	   AccessPersistent} =
+	   AccessPersistent, _AccessMam} =
 	      StateData#state.access,
 	  allow ==
 	    acl:match_rule(StateData#state.server_host,
 			   AccessPersistent, From)
    end.
 -spec is_allowed_mam_change(muc_roomconfig:result(), state(), jid()) -> boolean().
 is_allowed_mam_change(Options, StateData, From) ->
    case proplists:is_defined(mam, Options) of
      false -> true;
      true ->
 	  {_AccessRoute, _AccessCreate, _AccessAdmin,
 	   _AccessPersistent, AccessMam} =
 	      StateData#state.access,
 	  allow ==
 	    acl:match_rule(StateData#state.server_host,
 			   AccessMam, From)
    end.
 %% Check if the Room Name and Room Description defined in the Data Form
 %% are conformant to the configured limits
 -spec is_allowed_room_name_desc_limits(muc_roomconfig:result(), state()) -> boolean().
@ -3283,7 +3297,7 @@ get_default_room_maxusers(RoomState) ->
 -spec get_config(binary(), state(), jid()) -> xdata().
 get_config(Lang, StateData, From) ->
-    {_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent} =
+    {_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent, _AccessMam} =
 	StateData#state.access,
    ServiceMaxUsers = get_service_max_users(StateData),
    DefaultRoomMaxUsers = get_default_room_maxusers(StateData),