libervia-pubsub: sat_pubsub/backend.py comparison

comparison sat_pubsub/backend.py @ 349:20b82fb8de02

backend: check nodes/items permission on disco#items: - move node access check workflow from getItemsData to a new checkNodeAccess method - only accessible items are returned to an entity when doing a disco#items on a node - for PEP, nodes with presence access model are not returned if entity has not presence subscription from the node owner - all nodes are returned in normal pubsub service - new NotLeafNodeError exception when an action need to be done on Leaf node and it is not the case - /!\ access it not fully checked : items access models are not handled for items id in disco#items, and whitelist nodes are returned regardless if requestor is in the white list or not. Furthermore, publisher-roster access is not handled for nodes.

author	Goffi <goffi@goffi.org>
date	Sun, 27 Aug 2017 20:33:39 +0200
parents	3bbab2173ebc
children	efbdca10f0fb

comparison

equal deleted inserted replaced

-:d1f63ae1eaf4
+:20b82fb8de02
 # FIXME: manage pep and recipient
 d = self.storage.getNode(nodeIdentifier, pep, recipient)
 d.addCallback(lambda node: node.getType())
 return d
+def _getNodesIds(self, subscribed, pep, recipient):
-def getNodes(self, pep):
+# TODO: filter whitelist nodes
-return self.storage.getNodeIds(pep)
+# TODO: handle publisher-roster (should probably be renamed to owner-roster for nodes)
+if not subscribed:
+allowed_accesses = {'open', 'whitelist'}
+else:
+allowed_accesses = {'open', 'presence', 'whitelist'}
+return self.storage.getNodeIds(pep, recipient, allowed_accesses)
+def getNodes(self, requestor, pep, recipient):
+if pep:
+d = self.privilege.isSubscribedFrom(requestor, recipient)
+d.addCallback(self._getNodesIds, pep, recipient)
+return d
+return self.storage.getNodeIds(pep, recipient)
 def getNodeMetaData(self, nodeIdentifier, pep, recipient=None):
 # FIXME: manage pep and recipient
 d = self.storage.getNode(nodeIdentifier, pep, recipient)
 d = defer.gatherResults(d_list, consumeErrors=True)
 d.addCallback(lambda _: None)
 d.addErrback(self.unwrapFirstError)
 return d
-def getItemsIds(self, nodeIdentifier, authorized_groups, unrestricted, maxItems=None, ext_data=None, pep=False, recipient=None):
-d = self.storage.getNode(nodeIdentifier, pep, recipient)
-d.addCallback(lambda node: node.getItemsIds(authorized_groups,
-unrestricted,
-maxItems,
-ext_data))
-return d
-def getItems(self, nodeIdentifier, requestor, recipient, maxItems=None,
-itemIdentifiers=None, ext_data=None):
-d = self.getItemsData(nodeIdentifier, requestor, recipient, maxItems, itemIdentifiers, ext_data)
-d.addCallback(lambda items_data: [item_data.item for item_data in items_data])
-return d
 @defer.inlineCallbacks
-def getOwnerRoster(self, node, owners=None):
+def checkNodeAccess(self, node, requestor):
-if owners is None:
+"""check if a requestor can access data of a node
-owners = yield node.getOwners()
+@param node(Node): node to check
-if len(owners) != 1:
+@param requestor(jid.JID): entity who want to access node
-log.msg('publisher-roster access is not allowed with more than 1 owner')
+@return (tuple): permissions data with:
-return
+- owner(bool): True if requestor is owner of the node
+- roster(None, ): roster of the requestor
-owner_jid = owners[0]
+None if not needed/available
+- access_model(str): access model of the node
-try:
+@raise error.Forbidden: access is not granted
-roster = yield self.privilege.getRoster(owner_jid)
+@raise error.NotLeafNodeError: this node is not a leaf
-except Exception as e:
+"""
-log.msg("Error while getting roster of {owner_jid}: {msg}".format(
-owner_jid = owner_jid.full(),
-msg = e))
-return
-defer.returnValue(roster)
-@defer.inlineCallbacks
-def getItemsData(self, nodeIdentifier, requestor, recipient, maxItems=None,
-itemIdentifiers=None, ext_data=None):
-"""like getItems but return the whole ItemData"""
-if maxItems == 0:
-log.msg("WARNING: maxItems=0 on items retrieval")
-defer.returnValue([])
-if ext_data is None:
-ext_data = {}
-node = yield self.storage.getNode(nodeIdentifier, ext_data.get('pep', False), recipient)
 node, affiliation = yield _getAffiliation(node, requestor)
 if not iidavoll.ILeafNode.providedBy(node):
-defer.returnValue([])
+raise error.NotLeafNodeError()
 if affiliation == 'outcast':
 raise error.Forbidden()
 # node access check
 owner = affiliation == 'owner'
 access_model = node.getAccessModel()
 roster = None
 if access_model == const.VAL_AMODEL_OPEN or owner:
 pass
 elif access_model == const.VAL_AMODEL_PUBLISHER_ROSTER:
+# FIXME: publisher roster should be used, not owner
 roster = yield self.getOwnerRoster(node)
 if roster is None:
 raise error.Forbidden()
 if affiliation not in ('owner', 'publisher', 'member'):
 raise error.Forbidden()
 else:
 raise Exception(u"Unknown access_model")
+defer.returnValue((affiliation, owner, roster, access_model))
+@defer.inlineCallbacks
+def getItemsIds(self, nodeIdentifier, requestor, authorized_groups, unrestricted, maxItems=None, ext_data=None, pep=False, recipient=None):
+# FIXME: items access model are not checked
+# TODO: check items access model
+node = yield self.storage.getNode(nodeIdentifier, pep, recipient)
+affiliation, owner, roster, access_model = yield self.checkNodeAccess(node, requestor)
+ids = yield node.getItemsIds(authorized_groups,
+unrestricted,
+maxItems,
+ext_data)
+defer.returnValue(ids)
+def getItems(self, nodeIdentifier, requestor, recipient, maxItems=None,
+itemIdentifiers=None, ext_data=None):
+d = self.getItemsData(nodeIdentifier, requestor, recipient, maxItems, itemIdentifiers, ext_data)
+d.addCallback(lambda items_data: [item_data.item for item_data in items_data])
+return d
+@defer.inlineCallbacks
+def getOwnerRoster(self, node, owners=None):
+# FIXME: roster of publisher, not owner, must be used
+if owners is None:
+owners = yield node.getOwners()
+if len(owners) != 1:
+log.msg('publisher-roster access is not allowed with more than 1 owner')
+return
+owner_jid = owners[0]
+try:
+roster = yield self.privilege.getRoster(owner_jid)
+except Exception as e:
+log.msg("Error while getting roster of {owner_jid}: {msg}".format(
+owner_jid = owner_jid.full(),
+msg = e))
+return
+defer.returnValue(roster)
+@defer.inlineCallbacks
+def getItemsData(self, nodeIdentifier, requestor, recipient, maxItems=None,
+itemIdentifiers=None, ext_data=None):
+"""like getItems but return the whole ItemData"""
+if maxItems == 0:
+log.msg("WARNING: maxItems=0 on items retrieval")
+defer.returnValue([])
+if ext_data is None:
+ext_data = {}
+node = yield self.storage.getNode(nodeIdentifier, ext_data.get('pep', False), recipient)
+try:
+affiliation, owner, roster, access_model = yield self.checkNodeAccess(node, requestor)
+except error.NotLeafNodeError:
+defer.returnValue([])
 # at this point node access is checked
 if owner:
 # requestor_groups is only used in restricted access
 requestor_groups = None
 else:
 if roster is None:
+# FIXME: publisher roster should be used, not owner
 roster = yield self.getOwnerRoster(node)
 if roster is None:
 roster = {}
 roster_item = roster.get(requestor.userhostJID())
 requestor_groups = tuple(roster_item.groups) if roster_item else tuple()
 access_list = item_data.config
 if access_model == const.VAL_AMODEL_OPEN:
 allowed_items.append(item)
 elif access_model == const.VAL_AMODEL_PUBLISHER_ROSTER:
 if owner_roster is None:
+# FIXME: publisher roster should be used, not owner
 owner_roster= yield self.getOwnerRoster(node, owners)
 if owner_roster is None:
 owner_roster = {}
 if not subscriber_bare in owner_roster:
 continue
 d.addErrback(trapNotFound)
 d.addErrback(self._mapErrors)
 return d
 def getNodes(self, requestor, service, nodeIdentifier):
+"""return nodes for disco#items
+Pubsub/PEP nodes will be returned if disco node is not specified
+else Pubsub/PEP items will be returned
+(according to what requestor can access)
+"""
 try:
 pep = service.pep
 except AttributeError:
 pep = False
 if service.resource:
 return defer.succeed([])
 if nodeIdentifier:
 d = self.backend.getItemsIds(nodeIdentifier,
+requestor,
 [],
 requestor.userhostJID() == service,
 None,
 None,
 pep,
 service)
+# items must be set as name, not node
+d.addCallback(lambda items: [(None, item) for item in items])
 else:
-d = self.backend.getNodes(pep)
+d = self.backend.getNodes(requestor.userhostJID(),
+pep,
+service)
 return d.addErrback(self._mapErrors)
 def getConfigurationOptions(self):
 return self.backend.nodeOptions

Mercurial > libervia-pubsub

comparison sat_pubsub/backend.py @ 349:20b82fb8de02