Mercurial > libervia-backend
view sat/plugins/plugin_misc_groupblog.py @ 3237:b0c57c9a4bd8
plugin XEP-0384: OMEMO trust policy:
OMEMO trust policy can now be specified. For now there are 2 policies:
- `manual`: each new device fingerprint must be explicitly trusted or not before the
device can be used, and the message sent
- `BTBV` (Blind Trust Before Verification): each new device fingerprint is automically
trusted, until user manually trust or not a device, in which case the behaviour becomes
the same as for `manual` for the entity. When using the Trust UI, user can put the
entity back to blind trust if they wish.
A message is send as feedback to user when a new device is/must be trusted, trying to
explain clearly what's happening to the user.
Devices which have been automically trusted are marked, so user can know which ones may
cause security issue.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 27 Mar 2020 10:02:14 +0100 |
| parents | 559a625a236b |
| children | be6d91572633 |
line wrap: on
line source
#!/usr/bin/env python3 # SAT plugin for microbloging with roster access # Copyright (C) 2009-2020 Jérôme Poisson (goffi@goffi.org) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. from sat.core.i18n import _ from sat.core.constants import Const as C from sat.core.log import getLogger log = getLogger(__name__) from twisted.internet import defer from sat.core import exceptions from wokkel import disco, data_form, iwokkel from zope.interface import implementer try: from twisted.words.protocols.xmlstream import XMPPHandler except ImportError: from wokkel.subprotocols import XMPPHandler NS_PUBSUB = "http://jabber.org/protocol/pubsub" NS_GROUPBLOG = "http://salut-a-toi.org/protocol/groupblog" # NS_PUBSUB_EXP = 'http://goffi.org/protocol/pubsub' #for non official features NS_PUBSUB_EXP = ( NS_PUBSUB ) # XXX: we can't use custom namespace as Wokkel's PubSubService use official NS NS_PUBSUB_GROUPBLOG = NS_PUBSUB_EXP + "#groupblog" NS_PUBSUB_ITEM_CONFIG = NS_PUBSUB_EXP + "#item-config" PLUGIN_INFO = { C.PI_NAME: "Group blogging through collections", C.PI_IMPORT_NAME: "GROUPBLOG", C.PI_TYPE: "MISC", C.PI_PROTOCOLS: [], C.PI_DEPENDENCIES: ["XEP-0277"], C.PI_MAIN: "GroupBlog", C.PI_HANDLER: "yes", C.PI_DESCRIPTION: _("""Implementation of microblogging fine permissions"""), } class GroupBlog(object): """This class use a SàT PubSub Service to manage access on microblog""" def __init__(self, host): log.info(_("Group blog plugin initialization")) self.host = host self._p = self.host.plugins["XEP-0060"] host.trigger.add("XEP-0277_item2data", self._item2dataTrigger) host.trigger.add("XEP-0277_data2entry", self._data2entryTrigger) host.trigger.add("XEP-0277_comments", self._commentsTrigger) ## plugin management methods ## def getHandler(self, client): return GroupBlog_handler() @defer.inlineCallbacks def profileConnected(self, client): try: yield self.host.checkFeatures(client, (NS_PUBSUB_GROUPBLOG,)) except exceptions.FeatureNotFound: client.server_groupblog_available = False log.warning( _( "Server is not able to manage item-access pubsub, we can't use group blog" ) ) else: client.server_groupblog_available = True log.info(_("Server can manage group blogs")) def getFeatures(self, profile): try: client = self.host.getClient(profile) except exceptions.ProfileNotSetError: return {} try: return {"available": C.boolConst(client.server_groupblog_available)} except AttributeError: if self.host.isConnected(profile): log.debug("Profile is not connected, service is not checked yet") else: log.error("client.server_groupblog_available should be available !") return {} def _item2dataTrigger(self, item_elt, entry_elt, microblog_data): """Parse item to find group permission elements""" config_form = data_form.findForm(item_elt, NS_PUBSUB_ITEM_CONFIG) if config_form is None: return access_model = config_form.get(self._p.OPT_ACCESS_MODEL, self._p.ACCESS_OPEN) if access_model == self._p.ACCESS_PUBLISHER_ROSTER: opt = self._p.OPT_ROSTER_GROUPS_ALLOWED microblog_data['groups'] = config_form.fields[opt].values def _data2entryTrigger(self, client, mb_data, entry_elt, item_elt): """Build fine access permission if needed This trigger check if "group*" key are present, and create a fine item config to restrict view to these groups """ groups = mb_data.get('groups', []) if not groups: return if not client.server_groupblog_available: raise exceptions.CancelError("GroupBlog is not available") log.debug("This entry use group blog") form = data_form.Form("submit", formNamespace=NS_PUBSUB_ITEM_CONFIG) access = data_form.Field( None, self._p.OPT_ACCESS_MODEL, value=self._p.ACCESS_PUBLISHER_ROSTER ) allowed = data_form.Field(None, self._p.OPT_ROSTER_GROUPS_ALLOWED, values=groups) form.addField(access) form.addField(allowed) item_elt.addChild(form.toElement()) def _commentsTrigger(self, client, mb_data, options): """This method is called when a comments node is about to be created It changes the access mode to roster if needed, and give the authorized groups """ if "group" in mb_data: options[self._p.OPT_ACCESS_MODEL] = self._p.ACCESS_PUBLISHER_ROSTER options[self._p.OPT_ROSTER_GROUPS_ALLOWED] = mb_data['groups'] @implementer(iwokkel.IDisco) class GroupBlog_handler(XMPPHandler): def getDiscoInfo(self, requestor, target, nodeIdentifier=""): return [disco.DiscoFeature(NS_GROUPBLOG)] def getDiscoItems(self, requestor, target, nodeIdentifier=""): return []