Diff

mod_privilege/mod_privilege.lua @ 1663:ca07a6ada631

mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise
author Goffi <goffi@goffi.org>
date Tue, 07 Apr 2015 12:46:34 +0200
parent 1662:d440a22fa0af
child 1664:6bdcb1418029
line wrap: on
line diff
--- a/mod_privilege/mod_privilege.lua	Mon Apr 06 02:08:09 2015 +0200
+++ b/mod_privilege/mod_privilege.lua	Tue Apr 07 12:46:34 2015 +0200
@@ -13,6 +13,15 @@
 local roster_manager = require("core/rostermanager")
 local user_manager = require("core/usermanager")
 local hosts = prosody.hosts
+-- the folowing sets are used to forward presence stanza
+if not prosody._privilege_presence_man_ent then
+	prosody._privilege_presence_man_ent = set.new()
+end
+local presence_man_ent = prosody._privilege_presence_man_ent
+if not prosody._privilege_presence_roster then
+	prosody._privilege_presence_roster = set.new()
+end
+local presence_roster = prosody._privilege_presence_roster
 
 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
 local _ROSTER_GET_PERM = set.new({'get', 'both'})
@@ -26,6 +35,7 @@
 
 module:log("debug", "Loading privileged entity module ");
 
+
 --> Permissions management <--
 
 privileges = module:get_option("privileged_entities", {})
@@ -44,6 +54,14 @@
 	session.send(message)
 end
 
+function set_presence_perm_set(to_jid, perms)
+	-- fill the global presence sets according to perms
+	if perms.presence == 'managed_entity' then
+		presence_man_ent:add(to_jid)
+	elseif perms.presence == 'roster' then
+		presence_man_ent:add(to_jid) -- roster imply managed_entity
+		presence_roster:add(to_jid)
+	end
 end
 
 function on_auth(event)
@@ -69,10 +87,18 @@
 				end
 			end
 		end
+		-- extra checks for presence permission
+		if ent_priv.permission == 'roster' and not _ROSTER_GET_PERM:contains(session.privileges.roster) then
+			module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege")
+			module:log("warn", "Setting presence permission to none")
+			end_priv.permission = nil
+		end
+
 		if session.type == "component" then
 			-- we send the message stanza only for component
 			-- it will be sent at first <presence/> for other entities
 			advertise_perm(session, bare_jid, ent_priv)
+			set_presence_perm_set(bare_jid, ent_priv)
 		end
 	end
 
@@ -85,6 +111,7 @@
 	local session, stanza = event.origin, event.stanza;
 	if session.privileges then
 		advertise_perm(session, session.full_jid, session.privileges)
+		set_presence_perm_set(session.full_jid, session.privileges)
 	end
 end