Mercurial > libervia-pubsub
comparison sat_pubsub/pgsql_storage.py @ 349:20b82fb8de02
backend: check nodes/items permission on disco#items:
- move node access check workflow from getItemsData to a new checkNodeAccess method
- only accessible items are returned to an entity when doing a disco#items on a node
- for PEP, nodes with presence access model are not returned if entity has not presence subscription from the node owner
- all nodes are returned in normal pubsub service
- new NotLeafNodeError exception when an action need to be done on Leaf node and it is not the case
- /!\ access it not fully checked : items access models are not handled for items id in disco#items, and whitelist nodes are returned regardless if requestor is in the white list or not. Furthermore, publisher-roster access is not handled for nodes.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 27 Aug 2017 20:33:39 +0200 |
| parents | f33406fcab5c |
| children | 2098295747fd |
comparison
equal
deleted
inserted
replaced
| 348:d1f63ae1eaf4 | 349:20b82fb8de02 |
|---|---|
| 203 WHERE node=%s""", | 203 WHERE node=%s""", |
| 204 (nodeIdentifier,), pep, recipient)) | 204 (nodeIdentifier,), pep, recipient)) |
| 205 row = cursor.fetchone() | 205 row = cursor.fetchone() |
| 206 return self._buildNode(row) | 206 return self._buildNode(row) |
| 207 | 207 |
| 208 def getNodeIds(self, pep): | 208 def getNodeIds(self, pep, recipient, allowed_accesses=None): |
| 209 d = self.dbpool.runQuery("""SELECT node from nodes WHERE pep is {}NULL""" | 209 """retrieve ids of existing nodes |
| 210 .format("NOT " if pep else "")) | 210 |
| 211 @param allowed_accesses(None, set): only nodes with access | |
| 212 in this set will be returned | |
| 213 None to return all nodes | |
| 214 @return (list[unicode]): ids of nodes | |
| 215 """ | |
| 216 if not pep: | |
| 217 query = "SELECT node from nodes WHERE pep is NULL" | |
| 218 values = [] | |
| 219 else: | |
| 220 query = "SELECT node from nodes WHERE pep=%s" | |
| 221 values = [recipient.userhost()] | |
| 222 | |
| 223 if allowed_accesses is not None: | |
| 224 query += "AND access_model IN %s" | |
| 225 values.append(tuple(allowed_accesses)) | |
| 226 | |
| 227 d = self.dbpool.runQuery(query, values) | |
| 211 d.addCallback(lambda results: [r[0] for r in results]) | 228 d.addCallback(lambda results: [r[0] for r in results]) |
| 212 return d | 229 return d |
| 213 | 230 |
| 214 def createNode(self, nodeIdentifier, owner, config, pep, recipient=None): | 231 def createNode(self, nodeIdentifier, owner, config, pep, recipient=None): |
| 215 return self.dbpool.runInteraction(self._createNode, nodeIdentifier, | 232 return self.dbpool.runInteraction(self._createNode, nodeIdentifier, |