Mercurial > libervia-pubsub
comparison sat_pubsub/pgsql_storage.py @ 349:20b82fb8de02
backend: check nodes/items permission on disco#items:
- move node access check workflow from getItemsData to a new checkNodeAccess method
- only accessible items are returned to an entity when doing a disco#items on a node
- for PEP, nodes with presence access model are not returned if entity has not presence subscription from the node owner
- all nodes are returned in normal pubsub service
- new NotLeafNodeError exception when an action need to be done on Leaf node and it is not the case
- /!\ access it not fully checked : items access models are not handled for items id in disco#items, and whitelist nodes are returned regardless if requestor is in the white list or not. Furthermore, publisher-roster access is not handled for nodes.
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 27 Aug 2017 20:33:39 +0200 |
parents | f33406fcab5c |
children | 2098295747fd |
comparison
equal
deleted
inserted
replaced
348:d1f63ae1eaf4 | 349:20b82fb8de02 |
---|---|
203 WHERE node=%s""", | 203 WHERE node=%s""", |
204 (nodeIdentifier,), pep, recipient)) | 204 (nodeIdentifier,), pep, recipient)) |
205 row = cursor.fetchone() | 205 row = cursor.fetchone() |
206 return self._buildNode(row) | 206 return self._buildNode(row) |
207 | 207 |
208 def getNodeIds(self, pep): | 208 def getNodeIds(self, pep, recipient, allowed_accesses=None): |
209 d = self.dbpool.runQuery("""SELECT node from nodes WHERE pep is {}NULL""" | 209 """retrieve ids of existing nodes |
210 .format("NOT " if pep else "")) | 210 |
211 @param allowed_accesses(None, set): only nodes with access | |
212 in this set will be returned | |
213 None to return all nodes | |
214 @return (list[unicode]): ids of nodes | |
215 """ | |
216 if not pep: | |
217 query = "SELECT node from nodes WHERE pep is NULL" | |
218 values = [] | |
219 else: | |
220 query = "SELECT node from nodes WHERE pep=%s" | |
221 values = [recipient.userhost()] | |
222 | |
223 if allowed_accesses is not None: | |
224 query += "AND access_model IN %s" | |
225 values.append(tuple(allowed_accesses)) | |
226 | |
227 d = self.dbpool.runQuery(query, values) | |
211 d.addCallback(lambda results: [r[0] for r in results]) | 228 d.addCallback(lambda results: [r[0] for r in results]) |
212 return d | 229 return d |
213 | 230 |
214 def createNode(self, nodeIdentifier, owner, config, pep, recipient=None): | 231 def createNode(self, nodeIdentifier, owner, config, pep, recipient=None): |
215 return self.dbpool.runInteraction(self._createNode, nodeIdentifier, | 232 return self.dbpool.runInteraction(self._createNode, nodeIdentifier, |