mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
acl: ACLName rule should match if any part of ACLName matches
This commit is contained in:
parent
94461948db
commit
f56cff925c
12
src/acl.erl
12
src/acl.erl
@ -371,6 +371,16 @@ all_acl_rules_matches2([Rule | Tail], Data, Host) ->
|
||||
all_acl_rules_matches2([], _Data, _Host) ->
|
||||
true.
|
||||
|
||||
any_acl_rules_matches([], _Data, _Host) ->
|
||||
false;
|
||||
any_acl_rules_matches([Rule|Tail], Data, Host) ->
|
||||
case acl_rule_matches(Rule, Data, Host) of
|
||||
true ->
|
||||
true;
|
||||
false ->
|
||||
any_acl_rules_matches(Tail, Data, Host)
|
||||
end.
|
||||
|
||||
-spec acl_rule_matches(aclspec(), any(), global|binary()) -> boolean().
|
||||
|
||||
acl_rule_matches(all, _Data, _Host) ->
|
||||
@ -380,7 +390,7 @@ acl_rule_matches({acl, all}, _Data, _Host) ->
|
||||
acl_rule_matches({acl, Name}, Data, Host) ->
|
||||
ACLs = get_aclspecs(Name, Host),
|
||||
RawACLs = lists:map(fun(#acl{aclspec = R}) -> R end, ACLs),
|
||||
all_acl_rules_matches(RawACLs, Data, Host);
|
||||
any_acl_rules_matches(RawACLs, Data, Host);
|
||||
acl_rule_matches({ip, {Net, Mask}}, #{ip := {IP, _Port}}, _Host) ->
|
||||
is_ip_match(IP, Net, Mask);
|
||||
acl_rule_matches({ip, {Net, Mask}}, #{ip := IP}, _Host) ->
|
||||
|
@ -36,13 +36,17 @@ defmodule ACLTest do
|
||||
|
||||
test "access rule match with user part ACL" do
|
||||
:acl.add(:global, :basic_acl_1, {:user, "test1"})
|
||||
:acl.add(:global, :basic_acl_1, {:user, "test2"})
|
||||
:acl.add_access(:global, :basic_rule_1, [{:allow, [{:acl, :basic_acl_1}]}])
|
||||
# JID can only be passes as jid record.
|
||||
# => TODO: Support passing JID as binary.
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain1")) == :allow
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain2")) == :allow
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test2@domain1")) == :allow
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test2@domain2")) == :allow
|
||||
# We match on user part only for local domain. As an implicit rule remote domain are not matched
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@otherdomain")) == :deny
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test2@otherdomain")) == :deny
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test11@domain1")) == :deny
|
||||
|
||||
:acl.add(:global, :basic_acl_2, {:user, {"test2", "domain1"}})
|
||||
|
Loading…
Reference in New Issue
Block a user