Mercurial > libervia-pubsub
comparison sat_pubsub/privilege.py @ 470:a549c8e17827
privilege: don't try to get roster if the request if for a jid not belonging to our server
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 21 Oct 2021 17:24:25 +0200 |
| parents | d86e0f8a1405 |
| children | ed9e12701e0f |
comparison
equal
deleted
inserted
replaced
| 469:bcbd2399bfee | 470:a549c8e17827 |
|---|---|
| 240 """Retrieve contact list. | 240 """Retrieve contact list. |
| 241 | 241 |
| 242 @param to_jid: jid of the entity owning the roster | 242 @param to_jid: jid of the entity owning the roster |
| 243 @return: roster data | 243 @return: roster data |
| 244 """ | 244 """ |
| 245 if jid.JID(to_jid.host) != self.backend.server_jid: | |
| 246 # no need to try to get the roster if it's not a user of our own server | |
| 247 return None | |
| 245 if self._permissions[PERM_ROSTER] not in ('get', 'both'): | 248 if self._permissions[PERM_ROSTER] not in ('get', 'both'): |
| 246 log.msg("WARNING: permission not allowed to get roster") | 249 log.msg("WARNING: permission not allowed to get roster") |
| 247 raise failure.Failure(NotAllowedError('roster get is not allowed')) | 250 raise failure.Failure(NotAllowedError('roster get is not allowed')) |
| 248 | 251 |
| 249 iq = IQ(self.xmlstream, 'get') | 252 iq = IQ(self.xmlstream, 'get') |