comparison sat_pubsub/backend.py @ 243:42048e37699e

added experimental roster access_model (use remote_roster)
author Goffi <goffi@goffi.org>
date Sun, 27 May 2012 15:55:25 +0200
parents 70c8bb90d75f
children 50f6ee966da8
comparison
equal deleted inserted replaced
242:a6170637690d 243:42048e37699e
414 414
415 def getItems(self, nodeIdentifier, requestor, maxItems=None, 415 def getItems(self, nodeIdentifier, requestor, maxItems=None,
416 itemIdentifiers=None): 416 itemIdentifiers=None):
417 d = self.storage.getNode(nodeIdentifier) 417 d = self.storage.getNode(nodeIdentifier)
418 d.addCallback(_getAffiliation, requestor) 418 d.addCallback(_getAffiliation, requestor)
419 d.addCallback(self._doGetItems, maxItems, itemIdentifiers) 419 d.addCallback(self._doGetItems, requestor, maxItems, itemIdentifiers)
420 return d 420 return d
421 421
422 422 def checkGroup(self, roster_groups, entity):
423 def _doGetItems(self, result, maxItems, itemIdentifiers): 423 """Check that requester is in roster
424 @param roster_group: tuple which 2 items:
425 - roster: mapping of jid to RosterItem as given by self.roster.getRoster
426 - groups: list of authorized groups
427 @param entity: entity which must be in group
428 @return: True if requestor is in roster"""
429 roster, authorized_groups = roster_groups
430 _entity = entity.userhost()
431
432 if not _entity in roster:
433 raise error.NotInRoster
434 if roster[_entity].groups.intersection(authorized_groups):
435 return True
436 raise error.NotInRoster
437
438 def _getNodeGroups(self, roster, nodeIdentifier):
439 d = self.storage.getNodeGroups(nodeIdentifier)
440 d.addCallback(lambda groups: (roster, groups))
441 return d
442
443 def _doGetItems(self, result, requestor, maxItems, itemIdentifiers):
424 node, affiliation = result 444 node, affiliation = result
445
446 def access_checked(authorized):
447 if not authorized:
448 raise error.NotAuthorized()
449
450 if itemIdentifiers:
451 return node.getItemsById(itemIdentifiers)
452 else:
453 return node.getItems(maxItems)
454
425 455
426 if not ILeafNode.providedBy(node): 456 if not ILeafNode.providedBy(node):
427 return [] 457 return []
428 458
429 if affiliation == 'outcast': 459 if affiliation == 'outcast':
430 raise error.Forbidden() 460 raise error.Forbidden()
431 461
432 if itemIdentifiers: 462 access_model = node.getConfiguration()["pubsub#access_model"]
433 return node.getItemsById(itemIdentifiers) 463
434 else: 464 if access_model == 'open' or affiliation == 'owner':
435 return node.getItems(maxItems) 465 d = defer.succeed(True)
436 466 d.addCallback(access_checked)
467 elif access_model == 'roster':
468 d = node.getNodeOwner()
469 d.addCallback(self.roster.getRoster)
470 d.addCallback(self._getNodeGroups,node.nodeIdentifier)
471 d.addCallback(self.checkGroup, requestor)
472 d.addCallback(access_checked)
473
474 return d
437 475
438 def retractItem(self, nodeIdentifier, itemIdentifiers, requestor): 476 def retractItem(self, nodeIdentifier, itemIdentifiers, requestor):
439 d = self.storage.getNode(nodeIdentifier) 477 d = self.storage.getNode(nodeIdentifier)
440 d.addCallback(_getAffiliation, requestor) 478 d.addCallback(_getAffiliation, requestor)
441 d.addCallback(self._doRetract, itemIdentifiers) 479 d.addCallback(self._doRetract, itemIdentifiers)
573 611
574 _errorMap = { 612 _errorMap = {
575 error.NodeNotFound: ('item-not-found', None, None), 613 error.NodeNotFound: ('item-not-found', None, None),
576 error.NodeExists: ('conflict', None, None), 614 error.NodeExists: ('conflict', None, None),
577 error.Forbidden: ('forbidden', None, None), 615 error.Forbidden: ('forbidden', None, None),
616 error.NotAuthorized: ('not-authorized', None, None),
617 error.NotInRoster: ('not-authorized', 'not-in-roster-group', None),
578 error.ItemForbidden: ('bad-request', 'item-forbidden', None), 618 error.ItemForbidden: ('bad-request', 'item-forbidden', None),
579 error.ItemRequired: ('bad-request', 'item-required', None), 619 error.ItemRequired: ('bad-request', 'item-required', None),
580 error.NoInstantNodes: ('not-acceptable', 620 error.NoInstantNodes: ('not-acceptable',
581 'unsupported', 621 'unsupported',
582 'instant-nodes'), 622 'instant-nodes'),