libervia-pubsub: sat_pubsub/backend.py comparison

comparison sat_pubsub/backend.py @ 405:c56a728412f1

file organisation + setup refactoring: - `/src` has been renamed to `/sat_pubsub`, this is the recommended naming convention - revamped `setup.py` on the basis of SàT's `setup.py` - added a `VERSION` which is the unique place where version number will now be set - use same trick as in SàT to specify dev version (`D` at the end) - use setuptools_scm to retrieve Mercurial hash when in dev version

author	Goffi <goffi@goffi.org>
date	Fri, 16 Aug 2019 12:00:02 +0200
parents	src/backend.py@1dc606612405
children	ccb2a22ea0fc

comparison

equal deleted inserted replaced

-:105a0772eedd
+:c56a728412f1
+#!/usr/bin/python
+#-*- coding: utf-8 -*-
+#
+# Copyright (c) 2012-2019 Jérôme Poisson
+# Copyright (c) 2013-2016 Adrien Cossa
+# Copyright (c) 2003-2011 Ralph Meijer
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# --
+# This program is based on Idavoll (http://idavoll.ik.nu/),
+# originaly written by Ralph Meijer (http://ralphm.net/blog/)
+# It is sublicensed under AGPL v3 (or any later version) as allowed by the original
+# license.
+# --
+# Here is a copy of the original license:
+# Copyright (c) 2003-2011 Ralph Meijer
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+"""
+Generic publish-subscribe backend.
+This module implements a generic publish-subscribe backend service with
+business logic as per
+U{XEP-0060<http://www.xmpp.org/extensions/xep-0060.html>} that interacts with
+a given storage facility. It also provides an adapter from the XMPP
+publish-subscribe protocol.
+"""
+import copy
+import uuid
+from zope.interface import implements
+from twisted.application import service
+from twisted.python import components, log
+from twisted.internet import defer, reactor
+from twisted.words.protocols.jabber.error import StanzaError
+# from twisted.words.protocols.jabber.jid import JID, InvalidFormat
+from twisted.words.xish import domish, utility
+from wokkel import disco
+from wokkel import data_form
+from wokkel import rsm
+from wokkel import iwokkel
+from wokkel import pubsub
+from wokkel.subprotocols import XMPPHandler
+from sat_pubsub import error
+from sat_pubsub import iidavoll
+from sat_pubsub import const
+from sat_pubsub import container
+def _getAffiliation(node, entity):
+d = node.getAffiliation(entity)
+d.addCallback(lambda affiliation: (node, affiliation))
+return d
+def elementCopy(element):
+"""Make a copy of a domish.Element
+The copy will have its own children list, so other elements
+can be added as direct children without modifying orignal one.
+Children are not deeply copied, so if an element is added to a child or grandchild,
+it will also affect original element.
+@param element(domish.Element): Element to clone
+"""
+new_elt = domish.Element(
+(element.uri, element.name),
+defaultUri = element.defaultUri,
+attribs = element.attributes,
+localPrefixes = element.localPrefixes)
+new_elt.parent = element.parent
+new_elt.children = element.children[:]
+return new_elt
+def itemDataCopy(item_data):
+"""Make a copy of an item_data
+deep copy every element of the tuple but item
+do an elementCopy of item_data.item
+@param item_data(ItemData): item data to copy
+@return (ItemData): copied data
+"""
+return container.ItemData(*[elementCopy(item_data.item)]
++ [copy.deepcopy(d) for d in item_data[1:]])
+class BackendService(service.Service, utility.EventDispatcher):
+"""
+Generic publish-subscribe backend service.
+@cvar nodeOptions: Node configuration form as a mapping from the field
+name to a dictionary that holds the field's type, label
+and possible options to choose from.
+@type nodeOptions: C{dict}.
+@cvar defaultConfig: The default node configuration.
+"""
+implements(iidavoll.IBackendService)
+nodeOptions = {
+const.OPT_PERSIST_ITEMS:
+{"type": "boolean",
+"label": "Persist items to storage"},
+const.OPT_DELIVER_PAYLOADS:
+{"type": "boolean",
+"label": "Deliver payloads with event notifications"},
+const.OPT_SEND_LAST_PUBLISHED_ITEM:
+{"type": "list-single",
+"label": "When to send the last published item",
+"options": {
+"never": "Never",
+"on_sub": "When a new subscription is processed"}
+},
+const.OPT_ACCESS_MODEL:
+{"type": "list-single",
+"label": "Who can subscribe to this node",
+"options": {
+const.VAL_AMODEL_OPEN: "Public node",
+const.VAL_AMODEL_PRESENCE: "Node restricted to entites subscribed to owner presence",
+const.VAL_AMODEL_PUBLISHER_ROSTER: "Node restricted to some groups of publisher's roster",
+const.VAL_AMODEL_WHITELIST: "Node restricted to some jids",
+}
+},
+const.OPT_ROSTER_GROUPS_ALLOWED:
+{"type": "list-multi",
+"label": "Groups of the roster allowed to access the node",
+},
+const.OPT_PUBLISH_MODEL:
+{"type": "list-single",
+"label": "Who can publish to this node",
+"options": {
+const.VAL_PMODEL_OPEN: "Everybody can publish",
+const.VAL_PMODEL_PUBLISHERS: "Only owner and publishers can publish",
+const.VAL_PMODEL_SUBSCRIBERS: "Everybody which subscribed to the node",
+}
+},
+const.OPT_SERIAL_IDS:
+{"type": "boolean",
+"label": "Use serial ids"},
+const.OPT_CONSISTENT_PUBLISHER:
+{"type": "boolean",
+"label": "Keep publisher on update"},
+}
+subscriptionOptions = {
+"pubsub#subscription_type":
+{"type": "list-single",
+"options": {
+"items": "Receive notification of new items only",
+"nodes": "Receive notification of new nodes only"}
+},
+"pubsub#subscription_depth":
+{"type": "list-single",
+"options": {
+"1": "Receive notification from direct child nodes only",
+"all": "Receive notification from all descendent nodes"}
+},
+}
+def __init__(self, storage, config):
+utility.EventDispatcher.__init__(self)
+self.storage = storage
+self._callbackList = []
+self.config = config
+self.admins = config[u'admins_jids_list']
+def isAdmin(self, entity_jid):
+"""Return True if an entity is an administrator"""
+return entity_jid.userhostJID() in self.admins
+def supportsPublishOptions(self):
+return True
+def supportsPublisherAffiliation(self):
+return True
+def supportsGroupBlog(self):
+return True
+def supportsOutcastAffiliation(self):
+return True
+def supportsPersistentItems(self):
+return True
+def supportsPublishModel(self):
+return True
+def getNodeType(self, nodeIdentifier, pep, recipient=None):
+# FIXME: manage pep and recipient
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(lambda node: node.getType())
+return d
+def _getNodesIds(self, subscribed, pep, recipient):
+# TODO: filter whitelist nodes
+# TODO: handle publisher-roster (should probably be renamed to owner-roster for nodes)
+if not subscribed:
+allowed_accesses = {'open', 'whitelist'}
+else:
+allowed_accesses = {'open', 'presence', 'whitelist'}
+return self.storage.getNodeIds(pep, recipient, allowed_accesses)
+def getNodes(self, requestor, pep, recipient):
+if pep:
+d = self.privilege.isSubscribedFrom(requestor, recipient)
+d.addCallback(self._getNodesIds, pep, recipient)
+return d
+return self.storage.getNodeIds(pep, recipient)
+def getNodeMetaData(self, nodeIdentifier, pep, recipient=None):
+# FIXME: manage pep and recipient
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(lambda node: node.getMetaData())
+d.addCallback(self._makeMetaData)
+return d
+def _makeMetaData(self, metaData):
+options = []
+for key, value in metaData.iteritems():
+if key in self.nodeOptions:
+option = {"var": key}
+option.update(self.nodeOptions[key])
+option["value"] = value
+options.append(option)
+return options
+def _checkAuth(self, node, requestor):
+""" Check authorisation of publishing in node for requestor """
+def check(affiliation):
+d = defer.succeed((affiliation, node))
+configuration = node.getConfiguration()
+publish_model = configuration[const.OPT_PUBLISH_MODEL]
+if publish_model == const.VAL_PMODEL_PUBLISHERS:
+if affiliation not in ['owner', 'publisher']:
+raise error.Forbidden()
+elif publish_model == const.VAL_PMODEL_SUBSCRIBERS:
+if affiliation not in ['owner', 'publisher']:
+# we are in subscribers publish model, we must check that
+# the requestor is a subscriber to allow him to publish
+def checkSubscription(subscribed):
+if not subscribed:
+raise error.Forbidden()
+return (affiliation, node)
+d.addCallback(lambda ignore: node.isSubscribed(requestor))
+d.addCallback(checkSubscription)
+elif publish_model != const.VAL_PMODEL_OPEN:
+raise ValueError('Unexpected value') # publish_model must be publishers (default), subscribers or open.
+return d
+d = node.getAffiliation(requestor)
+d.addCallback(check)
+return d
+def parseItemConfig(self, item):
+"""Get and remove item configuration information
+@param item (domish.Element): item to parse
+@return (tuple[unicode, dict)): (access_model, item_config)
+"""
+item_config = None
+access_model = const.VAL_AMODEL_DEFAULT
+for idx, elt in enumerate(item.elements()):
+if elt.uri != data_form.NS_X_DATA or elt.name != 'x':
+continue
+form = data_form.Form.fromElement(elt)
+if form.formNamespace == const.NS_ITEM_CONFIG:
+item_config = form
+del item.children[idx] #we need to remove the config from item
+break
+if item_config:
+access_model = item_config.get(const.OPT_ACCESS_MODEL, const.VAL_AMODEL_DEFAULT)
+return (access_model, item_config)
+def parseCategories(self, item_elt):
+"""Check if item contain an atom entry, and parse categories if possible
+@param item_elt (domish.Element): item to parse
+@return (list): list of found categories
+"""
+categories = []
+try:
+entry_elt = item_elt.elements(const.NS_ATOM, "entry").next()
+except StopIteration:
+return categories
+for category_elt in entry_elt.elements(const.NS_ATOM, 'category'):
+category = category_elt.getAttribute('term')
+if category:
+categories.append(category)
+return categories
+def enforceSchema(self, item_elt, schema, affiliation):
+"""modifify item according to element, or refuse publishing
+@param item_elt(domish.Element): item to check/modify
+@param schema(domish.Eement): schema to enfore
+@param affiliation(unicode): affiliation of the publisher
+"""
+try:
+x_elt = next(item_elt.elements(data_form.NS_X_DATA, 'x'))
+item_form = data_form.Form.fromElement(x_elt)
+except (StopIteration, data_form.Error):
+raise pubsub.BadRequest(text="node has a schema but item has no form")
+else:
+item_elt.children.remove(x_elt)
+schema_form = data_form.Form.fromElement(schema)
+# we enforce restrictions
+for field_elt in schema.elements(data_form.NS_X_DATA, 'field'):
+var = field_elt['var']
+for restrict_elt in field_elt.elements(const.NS_SCHEMA_RESTRICT, 'restrict'):
+write_restriction = restrict_elt.attributes.get('write')
+if write_restriction is not None:
+if write_restriction == 'owner':
+if affiliation != 'owner':
+# write is not allowed on this field, we use default value
+# we can safely use Field from schema_form because
+# we have created this instance only for this method
+try:
+item_form.removeField(item_form.fields[var])
+except KeyError:
+pass
+item_form.addField(schema_form.fields[var])
+else:
+raise StanzaError('feature-not-implemented', text='unknown write restriction {}'.format(write_restriction))
+# we now remove every field which is not in data schema
+to_remove = set()
+for item_var, item_field in item_form.fields.iteritems():
+if item_var not in schema_form.fields:
+to_remove.add(item_field)
+for field in to_remove:
+item_form.removeField(field)
+item_elt.addChild(item_form.toElement())
+def _checkOverwrite(self, node, itemIdentifiers, publisher):
+"""Check that publisher can overwrite items
+current publisher must correspond to each item publisher
+"""
+def doCheck(item_pub_map):
+for item_publisher in item_pub_map.itervalues():
+if item_publisher.userhost() != publisher.userhost():
+raise error.ItemForbidden()
+d = node.getItemsPublishers(itemIdentifiers)
+d.addCallback(doCheck)
+return d
+def publish(self, nodeIdentifier, items, requestor, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(self._checkAuth, requestor)
+#FIXME: owner and publisher are not necessarly the same. So far we use only owner to get roster.
+#FIXME: in addition, there can be several owners: that is not managed yet
+d.addCallback(self._doPublish, items, requestor, pep, recipient)
+return d
+@defer.inlineCallbacks
+def _doPublish(self, result, items, requestor, pep, recipient):
+affiliation, node = result
+if node.nodeType == 'collection':
+raise error.NoPublishing()
+configuration = node.getConfiguration()
+persistItems = configuration[const.OPT_PERSIST_ITEMS]
+deliverPayloads = configuration[const.OPT_DELIVER_PAYLOADS]
+if items and not persistItems and not deliverPayloads:
+raise error.ItemForbidden()
+elif not items and (persistItems or deliverPayloads):
+raise error.ItemRequired()
+items_data = []
+check_overwrite = False
+ret_payload = None  # payload returned, None or domish.Element
+for item in items:
+# we enforce publisher (cf XEP-0060 §7.1.2.3)
+item['publisher'] = requestor.full()
+if persistItems or deliverPayloads:
+item.uri = None
+item.defaultUri = None
+if not item.getAttribute("id"):
+item["id"] = yield node.getNextId()
+new_item = True
+if ret_payload is None:
+ret_pubsub_elt = domish.Element((pubsub.NS_PUBSUB, u'pubsub'))
+ret_publish_elt = ret_pubsub_elt.addElement(u'publish')
+ret_publish_elt[u'node'] = node.nodeIdentifier
+ret_payload = ret_pubsub_elt
+ret_publish_elt = ret_payload.publish
+ret_item_elt = ret_publish_elt.addElement(u'item')
+ret_item_elt["id"] = item[u"id"]
+else:
+check_overwrite = True
+new_item = False
+access_model, item_config = self.parseItemConfig(item)
+categories = self.parseCategories(item)
+schema = node.getSchema()
+if schema is not None:
+self.enforceSchema(item, schema, affiliation)
+items_data.append(container.ItemData(item, access_model, item_config, categories, new=new_item))
+if persistItems:
+if check_overwrite:
+itemIdentifiers = [item['id'] for item in items
+if item.getAttribute('id')]
+if affiliation == 'owner' or self.isAdmin(requestor):
+if configuration[const.OPT_CONSISTENT_PUBLISHER]:
+pub_map = yield node.getItemsPublishers(itemIdentifiers)
+publishers = set(pub_map.values())
+if len(publishers) != 1:
+# TODO: handle multiple items publishing (from several
+#       publishers)
+raise error.NoPublishing(
+u"consistent_publisher is currently only possible when "
+u"publishing items from a single publisher. Try to "
+u"publish one item at a time")
+# we replace requestor and new payload's publisher by original
+# item publisher to keep publisher consistent
+requestor = publishers.pop()
+for item in items:
+item['publisher'] = requestor.full()
+else:
+# we don't want a publisher to overwrite the item
+# of an other publisher
+yield self._checkOverwrite(node, itemIdentifiers, requestor)
+# TODO: check conflict and recalculate max id if serial_ids is set
+yield node.storeItems(items_data, requestor)
+yield self._doNotify(node, items_data, deliverPayloads, pep, recipient)
+defer.returnValue(ret_payload)
+def _doNotify(self, node, items_data, deliverPayloads, pep, recipient):
+if items_data and not deliverPayloads:
+for item_data in items_data:
+item_data.item.children = []
+self.dispatch({'items_data': items_data, 'node': node, 'pep': pep, 'recipient': recipient},
+'//event/pubsub/notify')
+def getNotifications(self, node, items_data):
+"""Build a list of subscriber to the node
+subscribers will be associated with subscribed items,
+and subscription type.
+"""
+def toNotifications(subscriptions, items_data):
+subsBySubscriber = {}
+for subscription in subscriptions:
+if subscription.options.get('pubsub#subscription_type',
+'items') == 'items':
+subs = subsBySubscriber.setdefault(subscription.subscriber,
+set())
+subs.add(subscription)
+notifications = [(subscriber, subscriptions_, items_data)
+for subscriber, subscriptions_
+in subsBySubscriber.iteritems()]
+return notifications
+def rootNotFound(failure):
+failure.trap(error.NodeNotFound)
+return []
+d1 = node.getSubscriptions('subscribed')
+# FIXME: must add root node subscriptions ?
+# d2 = self.storage.getNode('', False) # FIXME: to check
+# d2.addCallback(lambda node: node.getSubscriptions('subscribed'))
+# d2.addErrback(rootNotFound)
+# d = defer.gatherResults([d1, d2])
+# d.addCallback(lambda result: result[0] + result[1])
+d1.addCallback(toNotifications, items_data)
+return d1
+def registerPublishNotifier(self, observerfn, *args, **kwargs):
+self.addObserver('//event/pubsub/notify', observerfn, *args, **kwargs)
+def registerRetractNotifier(self, observerfn, *args, **kwargs):
+self.addObserver('//event/pubsub/retract', observerfn, *args, **kwargs)
+def subscribe(self, nodeIdentifier, subscriber, requestor, pep, recipient):
+subscriberEntity = subscriber.userhostJID()
+if subscriberEntity != requestor.userhostJID():
+return defer.fail(error.Forbidden())
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, subscriberEntity)
+d.addCallback(self._doSubscribe, subscriber, pep, recipient)
+return d
+def _doSubscribe(self, result, subscriber, pep, recipient):
+node, affiliation = result
+if affiliation == 'outcast':
+raise error.Forbidden()
+access_model = node.getAccessModel()
+if access_model == const.VAL_AMODEL_OPEN:
+d = defer.succeed(None)
+elif access_model == const.VAL_AMODEL_PRESENCE:
+d = self.checkPresenceSubscription(node, subscriber)
+elif access_model == const.VAL_AMODEL_PUBLISHER_ROSTER:
+d = self.checkRosterGroups(node, subscriber)
+elif access_model == const.VAL_AMODEL_WHITELIST:
+d = self.checkNodeAffiliations(node, subscriber)
+else:
+raise NotImplementedError
+def trapExists(failure):
+failure.trap(error.SubscriptionExists)
+return False
+def cb(sendLast):
+d = node.getSubscription(subscriber)
+if sendLast:
+d.addCallback(self._sendLastPublished, node, pep, recipient)
+return d
+d.addCallback(lambda _: node.addSubscription(subscriber, 'subscribed', {}))
+d.addCallbacks(lambda _: True, trapExists)
+d.addCallback(cb)
+return d
+def _sendLastPublished(self, subscription, node, pep, recipient):
+def notifyItem(items_data):
+if items_data:
+reactor.callLater(0, self.dispatch,
+{'items_data': items_data,
+'node': node,
+'pep': pep,
+'recipient': recipient,
+'subscription': subscription,
+},
+'//event/pubsub/notify')
+config = node.getConfiguration()
+sendLastPublished = config.get('pubsub#send_last_published_item',
+'never')
+if sendLastPublished == 'on_sub' and node.nodeType == 'leaf':
+entity = subscription.subscriber.userhostJID()
+d = self.getItemsData(node.nodeIdentifier, entity, recipient, maxItems=1, ext_data={'pep': pep})
+d.addCallback(notifyItem)
+d.addErrback(log.err)
+return subscription
+def unsubscribe(self, nodeIdentifier, subscriber, requestor, pep, recipient):
+if subscriber.userhostJID() != requestor.userhostJID():
+return defer.fail(error.Forbidden())
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(lambda node: node.removeSubscription(subscriber))
+return d
+def getSubscriptions(self, requestor, nodeIdentifier, pep, recipient):
+"""retrieve subscriptions of an entity
+@param requestor(jid.JID): entity who want to check subscriptions
+@param nodeIdentifier(unicode, None): identifier of the node
+node to get all subscriptions of a service
+@param pep(bool): True if it's a PEP request
+@param recipient(jid.JID, None): recipient of the PEP request
+"""
+return self.storage.getSubscriptions(requestor, nodeIdentifier, pep, recipient)
+def supportsAutoCreate(self):
+return True
+def supportsCreatorCheck(self):
+return True
+def supportsInstantNodes(self):
+return True
+def createNode(self, nodeIdentifier, requestor, options = None, pep=False, recipient=None):
+if not nodeIdentifier:
+nodeIdentifier = 'generic/%s' % uuid.uuid4()
+if not options:
+options = {}
+# if self.supportsCreatorCheck():
+#     groupblog = nodeIdentifier.startswith(const.NS_GROUPBLOG_PREFIX)
+#     try:
+#         nodeIdentifierJID = JID(nodeIdentifier[len(const.NS_GROUPBLOG_PREFIX):] if groupblog else nodeIdentifier)
+#     except InvalidFormat:
+#         is_user_jid = False
+#     else:
+#         is_user_jid = bool(nodeIdentifierJID.user)
+#     if is_user_jid and nodeIdentifierJID.userhostJID() != requestor.userhostJID():
+#         #we have an user jid node, but not created by the owner of this jid
+#         print "Wrong creator"
+#         raise error.Forbidden()
+nodeType = 'leaf'
+config = self.storage.getDefaultConfiguration(nodeType)
+config['pubsub#node_type'] = nodeType
+config.update(options)
+# TODO: handle schema on creation
+d = self.storage.createNode(nodeIdentifier, requestor, config, None, pep, recipient)
+d.addCallback(lambda _: nodeIdentifier)
+return d
+def getDefaultConfiguration(self, nodeType):
+d = defer.succeed(self.storage.getDefaultConfiguration(nodeType))
+return d
+def getNodeConfiguration(self, nodeIdentifier, pep, recipient):
+if not nodeIdentifier:
+return defer.fail(error.NoRootNode())
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(lambda node: node.getConfiguration())
+return d
+def setNodeConfiguration(self, nodeIdentifier, options, requestor, pep, recipient):
+if not nodeIdentifier:
+return defer.fail(error.NoRootNode())
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doSetNodeConfiguration, requestor, options)
+return d
+def _doSetNodeConfiguration(self, result, requestor, options):
+node, affiliation = result
+if affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+return node.setConfiguration(options)
+def getNodeSchema(self, nodeIdentifier, pep, recipient):
+if not nodeIdentifier:
+return defer.fail(error.NoRootNode())
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(lambda node: node.getSchema())
+return d
+def setNodeSchema(self, nodeIdentifier, schema, requestor, pep, recipient):
+"""set or remove Schema of a node
+@param nodeIdentifier(unicode): identifier of the pubusb node
+@param schema(domish.Element, None): schema to set
+None to remove schema
+@param requestor(jid.JID): entity doing the request
+@param pep(bool): True if it's a PEP request
+@param recipient(jid.JID, None): recipient of the PEP request
+"""
+if not nodeIdentifier:
+return defer.fail(error.NoRootNode())
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doSetNodeSchema, requestor, schema)
+return d
+def _doSetNodeSchema(self, result, requestor, schema):
+node, affiliation = result
+if affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+return node.setSchema(schema)
+def getAffiliations(self, entity, nodeIdentifier, pep, recipient):
+return self.storage.getAffiliations(entity, nodeIdentifier, pep, recipient)
+def getAffiliationsOwner(self, nodeIdentifier, requestor, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doGetAffiliationsOwner, requestor)
+return d
+def _doGetAffiliationsOwner(self, result, requestor):
+node, affiliation = result
+if affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+return node.getAffiliations()
+def setAffiliationsOwner(self, nodeIdentifier, requestor, affiliations, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doSetAffiliationsOwner, requestor, affiliations)
+return d
+def _doSetAffiliationsOwner(self, result, requestor, affiliations):
+# Check that requestor is allowed to set affiliations, and delete entities
+# with "none" affiliation
+# TODO: return error with failed affiliations in case of failure
+node, requestor_affiliation = result
+if requestor_affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+# we don't allow requestor to change its own affiliation
+requestor_bare = requestor.userhostJID()
+if requestor_bare in affiliations and affiliations[requestor_bare] != 'owner':
+# FIXME: it may be interesting to allow the owner to ask for ownership removal
+#        if at least one other entity is owner for this node
+raise error.Forbidden("You can't change your own affiliation")
+to_delete = [jid_ for jid_, affiliation in affiliations.iteritems() if affiliation == 'none']
+for jid_ in to_delete:
+del affiliations[jid_]
+if to_delete:
+d = node.deleteAffiliations(to_delete)
+if affiliations:
+d.addCallback(lambda dummy: node.setAffiliations(affiliations))
+else:
+d = node.setAffiliations(affiliations)
+return d
+def getSubscriptionsOwner(self, nodeIdentifier, requestor, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doGetSubscriptionsOwner, requestor)
+return d
+def _doGetSubscriptionsOwner(self, result, requestor):
+node, affiliation = result
+if affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+return node.getSubscriptions()
+def setSubscriptionsOwner(self, nodeIdentifier, requestor, subscriptions, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doSetSubscriptionsOwner, requestor, subscriptions)
+return d
+def unwrapFirstError(self, failure):
+failure.trap(defer.FirstError)
+return failure.value.subFailure
+def _doSetSubscriptionsOwner(self, result, requestor, subscriptions):
+# Check that requestor is allowed to set subscriptions, and delete entities
+# with "none" subscription
+# TODO: return error with failed subscriptions in case of failure
+node, requestor_affiliation = result
+if requestor_affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+d_list = []
+for subscription in subscriptions.copy():
+if subscription.state == 'none':
+subscriptions.remove(subscription)
+d_list.append(node.removeSubscription(subscription.subscriber))
+if subscriptions:
+d_list.append(node.setSubscriptions(subscriptions))
+d = defer.gatherResults(d_list, consumeErrors=True)
+d.addCallback(lambda _: None)
+d.addErrback(self.unwrapFirstError)
+return d
+def filterItemsWithSchema(self, items_data, schema, owner):
+"""check schema restriction and remove fields/items if they don't comply
+@param items_data(list[ItemData]): items to filter
+items in this list will be modified
+@param schema(domish.Element): node schema
+@param owner(bool): True is requestor is a owner of the node
+"""
+fields_to_remove = set()
+for field_elt in schema.elements(data_form.NS_X_DATA, 'field'):
+for restrict_elt in field_elt.elements(const.NS_SCHEMA_RESTRICT, 'restrict'):
+read_restriction = restrict_elt.attributes.get('read')
+if read_restriction is not None:
+if read_restriction == 'owner':
+if not owner:
+fields_to_remove.add(field_elt['var'])
+else:
+raise StanzaError('feature-not-implemented', text='unknown read restriction {}'.format(read_restriction))
+items_to_remove = []
+for idx, item_data in enumerate(items_data):
+item_elt = item_data.item
+try:
+x_elt = next(item_elt.elements(data_form.NS_X_DATA, 'x'))
+except StopIteration:
+log.msg("WARNING, item {id} has a schema but no form, ignoring it")
+items_to_remove.append(item_data)
+continue
+form = data_form.Form.fromElement(x_elt)
+# we remove fields which are not visible for this user
+for field in fields_to_remove:
+try:
+form.removeField(form.fields[field])
+except KeyError:
+continue
+item_elt.children.remove(x_elt)
+item_elt.addChild(form.toElement())
+for item_data in items_to_remove:
+items_data.remove(item_data)
+def checkPresenceSubscription(self, node, requestor):
+"""check if requestor has presence subscription from node owner
+@param node(Node): node to check
+@param requestor(jid.JID): entity who want to access node
+"""
+def gotRoster(roster):
+if roster is None:
+raise error.Forbidden()
+if requestor not in roster:
+raise error.Forbidden()
+if not roster[requestor].subscriptionFrom:
+raise error.Forbidden()
+d = self.getOwnerRoster(node)
+d.addCallback(gotRoster)
+return d
+@defer.inlineCallbacks
+def checkRosterGroups(self, node, requestor):
+"""check if requestor is in allowed groups of a node
+@param node(Node): node to check
+@param requestor(jid.JID): entity who want to access node
+"""
+roster = yield self.getOwnerRoster(node)
+if roster is None:
+raise error.Forbidden()
+if requestor not in roster:
+raise error.Forbidden()
+authorized_groups = yield node.getAuthorizedGroups()
+if not roster[requestor].groups.intersection(authorized_groups):
+# requestor is in roster but not in one of the allowed groups
+raise error.Forbidden()
+def checkNodeAffiliations(self, node, requestor):
+"""check if requestor is in white list of a node
+@param node(Node): node to check
+@param requestor(jid.JID): entity who want to access node
+"""
+def gotAffiliations(affiliations):
+try:
+affiliation = affiliations[requestor.userhostJID()]
+except KeyError:
+raise error.Forbidden()
+else:
+if affiliation not in ('owner', 'publisher', 'member'):
+raise error.Forbidden()
+d = node.getAffiliations()
+d.addCallback(gotAffiliations)
+return d
+@defer.inlineCallbacks
+def checkNodeAccess(self, node, requestor):
+"""check if a requestor can access data of a node
+@param node(Node): node to check
+@param requestor(jid.JID): entity who want to access node
+@return (tuple): permissions data with:
+- owner(bool): True if requestor is owner of the node
+- roster(None, ): roster of the requestor
+None if not needed/available
+- access_model(str): access model of the node
+@raise error.Forbidden: access is not granted
+@raise error.NotLeafNodeError: this node is not a leaf
+"""
+node, affiliation = yield _getAffiliation(node, requestor)
+if not iidavoll.ILeafNode.providedBy(node):
+raise error.NotLeafNodeError()
+if affiliation == 'outcast':
+raise error.Forbidden()
+# node access check
+owner = affiliation == 'owner'
+access_model = node.getAccessModel()
+roster = None
+if access_model == const.VAL_AMODEL_OPEN or owner:
+pass
+elif access_model == const.VAL_AMODEL_PRESENCE:
+yield self.checkPresenceSubscription(node, requestor)
+elif access_model == const.VAL_AMODEL_PUBLISHER_ROSTER:
+# FIXME: for node, access should be renamed owner-roster, not publisher
+yield self.checkRosterGroups(node, requestor)
+elif access_model == const.VAL_AMODEL_WHITELIST:
+yield self.checkNodeAffiliations(node, requestor)
+else:
+raise Exception(u"Unknown access_model")
+defer.returnValue((affiliation, owner, roster, access_model))
+@defer.inlineCallbacks
+def getItemsIds(self, nodeIdentifier, requestor, authorized_groups, unrestricted, maxItems=None, ext_data=None, pep=False, recipient=None):
+# FIXME: items access model are not checked
+# TODO: check items access model
+node = yield self.storage.getNode(nodeIdentifier, pep, recipient)
+affiliation, owner, roster, access_model = yield self.checkNodeAccess(node, requestor)
+ids = yield node.getItemsIds(authorized_groups,
+unrestricted,
+maxItems,
+ext_data)
+defer.returnValue(ids)
+def getItems(self, nodeIdentifier, requestor, recipient, maxItems=None,
+itemIdentifiers=None, ext_data=None):
+d = self.getItemsData(nodeIdentifier, requestor, recipient, maxItems, itemIdentifiers, ext_data)
+d.addCallback(lambda items_data: [item_data.item for item_data in items_data])
+return d
+@defer.inlineCallbacks
+def getOwnerRoster(self, node, owners=None):
+# FIXME: roster of publisher, not owner, must be used
+if owners is None:
+owners = yield node.getOwners()
+if len(owners) != 1:
+log.msg('publisher-roster access is not allowed with more than 1 owner')
+return
+owner_jid = owners[0]
+try:
+roster = yield self.privilege.getRoster(owner_jid)
+except Exception as e:
+log.msg("Error while getting roster of {owner_jid}: {msg}".format(
+owner_jid = owner_jid.full(),
+msg = e))
+return
+defer.returnValue(roster)
+@defer.inlineCallbacks
+def getItemsData(self, nodeIdentifier, requestor, recipient, maxItems=None,
+itemIdentifiers=None, ext_data=None):
+"""like getItems but return the whole ItemData"""
+if maxItems == 0:
+log.msg("WARNING: maxItems=0 on items retrieval")
+defer.returnValue([])
+if ext_data is None:
+ext_data = {}
+node = yield self.storage.getNode(nodeIdentifier, ext_data.get('pep', False), recipient)
+try:
+affiliation, owner, roster, access_model = yield self.checkNodeAccess(node, requestor)
+except error.NotLeafNodeError:
+defer.returnValue([])
+# at this point node access is checked
+if owner:
+# requestor_groups is only used in restricted access
+requestor_groups = None
+else:
+if roster is None:
+# FIXME: publisher roster should be used, not owner
+roster = yield self.getOwnerRoster(node)
+if roster is None:
+roster = {}
+roster_item = roster.get(requestor.userhostJID())
+requestor_groups = tuple(roster_item.groups) if roster_item else tuple()
+if itemIdentifiers:
+items_data = yield node.getItemsById(requestor_groups, owner, itemIdentifiers)
+else:
+items_data = yield node.getItems(requestor_groups, owner, maxItems, ext_data)
+if owner:
+# Add item config data form to items with roster access model
+for item_data in items_data:
+if item_data.access_model == const.VAL_AMODEL_OPEN:
+pass
+elif item_data.access_model == const.VAL_AMODEL_PUBLISHER_ROSTER:
+form = data_form.Form('submit', formNamespace=const.NS_ITEM_CONFIG)
+access = data_form.Field(None, const.OPT_ACCESS_MODEL, value=const.VAL_AMODEL_PUBLISHER_ROSTER)
+allowed = data_form.Field(None, const.OPT_ROSTER_GROUPS_ALLOWED, values=item_data.config[const.OPT_ROSTER_GROUPS_ALLOWED])
+form.addField(access)
+form.addField(allowed)
+item_data.item.addChild(form.toElement())
+elif access_model == const.VAL_AMODEL_WHITELIST:
+#FIXME
+raise NotImplementedError
+else:
+raise error.BadAccessTypeError(access_model)
+schema = node.getSchema()
+if schema is not None:
+self.filterItemsWithSchema(items_data, schema, owner)
+yield self._items_rsm(items_data, node, requestor_groups, owner, itemIdentifiers, ext_data)
+defer.returnValue(items_data)
+def _setCount(self, value, response):
+response.count = value
+def _setIndex(self, value, response, adjust):
+"""Set index in RSM response
+@param value(int): value of the reference index (i.e. before or after item)
+@param response(RSMResponse): response instance to fill
+@param adjust(int): adjustement term (i.e. difference between reference index and first item of the result)
+"""
+response.index = value + adjust
+def _items_rsm(self, items_data, node, authorized_groups, owner,
+itemIdentifiers, ext_data):
+# FIXME: move this to a separate module
+# TODO: Index can be optimized by keeping a cache of the last RSM request
+#       An other optimisation would be to look for index first and use it as offset
+try:
+rsm_request = ext_data['rsm']
+except KeyError:
+# No RSM in this request, nothing to do
+return items_data
+if itemIdentifiers:
+log.msg("WARNING, itemIdentifiers used with RSM, ignoring the RSM part")
+return items_data
+response = rsm.RSMResponse()
+d_count = node.getItemsCount(authorized_groups, owner, ext_data)
+d_count.addCallback(self._setCount, response)
+d_list = [d_count]
+if items_data:
+response.first = items_data[0].item['id']
+response.last = items_data[-1].item['id']
+# index handling
+if rsm_request.index is not None:
+response.index = rsm_request.index
+elif rsm_request.before:
+# The last page case (before == '') is managed in render method
+d_index = node.getItemsIndex(rsm_request.before, authorized_groups, owner, ext_data)
+d_index.addCallback(self._setIndex, response, -len(items_data))
+d_list.append(d_index)
+elif rsm_request.after is not None:
+d_index = node.getItemsIndex(rsm_request.after, authorized_groups, owner, ext_data)
+d_index.addCallback(self._setIndex, response, 1)
+d_list.append(d_index)
+else:
+# the first page was requested
+response.index = 0
+def render(result):
+if rsm_request.before == '':
+# the last page was requested
+response.index = response.count - len(items_data)
+items_data.append(container.ItemData(response.toElement()))
+return items_data
+return defer.DeferredList(d_list).addCallback(render)
+def retractItem(self, nodeIdentifier, itemIdentifiers, requestor, notify, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doRetract, itemIdentifiers, requestor, notify, pep, recipient)
+return d
+def _doRetract(self, result, itemIdentifiers, requestor, notify, pep, recipient):
+node, affiliation = result
+persistItems = node.getConfiguration()[const.OPT_PERSIST_ITEMS]
+if not persistItems:
+raise error.NodeNotPersistent()
+# we need to get the items before removing them, for the notifications
+def removeItems(items_data):
+"""Remove the items and keep only actually removed ones in items_data"""
+d = node.removeItems(itemIdentifiers)
+d.addCallback(lambda removed: [item_data for item_data in items_data if item_data.item["id"] in removed])
+return d
+def checkPublishers(publishers_map):
+"""Called when requestor is neither owner neither publisher of the Node
+We check that requestor is publisher of all the items he wants to retract
+and raise error.Forbidden if it is not the case
+"""
+# TODO: the behaviour should be configurable (per node ?)
+if (any((requestor.userhostJID() != publisher.userhostJID()
+for publisher in publishers_map.itervalues()))
+and not self.isAdmin(requestor)
+):
+raise error.Forbidden()
+if affiliation in ['owner', 'publisher']:
+# the requestor is owner or publisher of the node
+# he can retract what he wants
+d = defer.succeed(None)
+else:
+# the requestor doesn't have right to retract on the whole node
+# we check if he is a publisher for all items he wants to retract
+# and forbid the retraction else.
+d = node.getItemsPublishers(itemIdentifiers)
+d.addCallback(checkPublishers)
+d.addCallback(lambda dummy: node.getItemsById(None, True, itemIdentifiers))
+d.addCallback(removeItems)
+if notify:
+d.addCallback(self._doNotifyRetraction, node, pep, recipient)
+return d
+def _doNotifyRetraction(self, items_data, node, pep, recipient):
+self.dispatch({'items_data': items_data,
+'node': node,
+'pep': pep,
+'recipient': recipient},
+'//event/pubsub/retract')
+def purgeNode(self, nodeIdentifier, requestor, pep, recipient):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doPurge, requestor)
+return d
+def _doPurge(self, result, requestor):
+node, affiliation = result
+persistItems = node.getConfiguration()[const.OPT_PERSIST_ITEMS]
+if affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+if not persistItems:
+raise error.NodeNotPersistent()
+d = node.purge()
+d.addCallback(self._doNotifyPurge, node.nodeIdentifier)
+return d
+def _doNotifyPurge(self, result, nodeIdentifier):
+self.dispatch(nodeIdentifier, '//event/pubsub/purge')
+def registerPreDelete(self, preDeleteFn):
+self._callbackList.append(preDeleteFn)
+def getSubscribers(self, nodeIdentifier, pep, recipient):
+def cb(subscriptions):
+return [subscription.subscriber for subscription in subscriptions]
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(lambda node: node.getSubscriptions('subscribed'))
+d.addCallback(cb)
+return d
+def deleteNode(self, nodeIdentifier, requestor, pep, recipient, redirectURI=None):
+d = self.storage.getNode(nodeIdentifier, pep, recipient)
+d.addCallback(_getAffiliation, requestor)
+d.addCallback(self._doPreDelete, requestor, redirectURI, pep, recipient)
+return d
+def _doPreDelete(self, result, requestor, redirectURI, pep, recipient):
+node, affiliation = result
+if affiliation != 'owner' and not self.isAdmin(requestor):
+raise error.Forbidden()
+data = {'node': node,
+'redirectURI': redirectURI}
+d = defer.DeferredList([cb(data, pep, recipient)
+for cb in self._callbackList],
+consumeErrors=1)
+d.addCallback(self._doDelete, node.nodeDbId)
+def _doDelete(self, result, nodeDbId):
+dl = []
+for succeeded, r in result:
+if succeeded and r:
+dl.extend(r)
+d = self.storage.deleteNodeByDbId(nodeDbId)
+d.addCallback(self._doNotifyDelete, dl)
+return d
+def _doNotifyDelete(self, result, dl):
+for d in dl:
+d.callback(None)
+class PubSubResourceFromBackend(pubsub.PubSubResource):
+"""
+Adapts a backend to an xmpp publish-subscribe service.
+"""
+features = [
+"config-node",
+"create-nodes",
+"delete-any",
+"delete-nodes",
+"item-ids",
+"meta-data",
+"publish",
+"purge-nodes",
+"retract-items",
+"retrieve-affiliations",
+"retrieve-default",
+"retrieve-items",
+"retrieve-subscriptions",
+"subscribe",
+]
+discoIdentity = disco.DiscoIdentity('pubsub',
+'service',
+u'Salut à Toi pubsub service')
+pubsubService = None
+_errorMap = {
+error.NodeNotFound: ('item-not-found', None, None),
+error.NodeExists: ('conflict', None, None),
+error.Forbidden: ('forbidden', None, None),
+error.NotAuthorized: ('not-authorized', None, None),
+error.ItemNotFound: ('item-not-found', None, None),
+error.ItemForbidden: ('bad-request', 'item-forbidden', None),
+error.ItemRequired: ('bad-request', 'item-required', None),
+error.NoInstantNodes: ('not-acceptable',
+'unsupported',
+'instant-nodes'),
+error.NotSubscribed: ('unexpected-request', 'not-subscribed', None),
+error.InvalidConfigurationOption: ('not-acceptable', None, None),
+error.InvalidConfigurationValue: ('not-acceptable', None, None),
+error.NodeNotPersistent: ('feature-not-implemented',
+'unsupported',
+'persistent-node'),
+error.NoRootNode: ('bad-request', None, None),
+error.NoCollections: ('feature-not-implemented',
+'unsupported',
+'collections'),
+error.NoPublishing: ('feature-not-implemented',
+'unsupported',
+'publish'),
+}
+def __init__(self, backend):
+pubsub.PubSubResource.__init__(self)
+self.backend = backend
+self.hideNodes = False
+self.backend.registerPublishNotifier(self._notifyPublish)
+self.backend.registerRetractNotifier(self._notifyRetract)
+self.backend.registerPreDelete(self._preDelete)
+# FIXME: to be removed, it's not useful anymore as PEP is now used
+# if self.backend.supportsCreatorCheck():
+#     self.features.append("creator-jid-check")  #SàT custom feature: Check that a node (which correspond to
+#                    a jid in this server) is created by the right jid
+if self.backend.supportsAutoCreate():
+self.features.append("auto-create")
+if self.backend.supportsPublishOptions():
+self.features.append("publish-options")
+if self.backend.supportsInstantNodes():
+self.features.append("instant-nodes")
+if self.backend.supportsOutcastAffiliation():
+self.features.append("outcast-affiliation")
+if self.backend.supportsPersistentItems():
+self.features.append("persistent-items")
+if self.backend.supportsPublisherAffiliation():
+self.features.append("publisher-affiliation")
+if self.backend.supportsGroupBlog():
+self.features.append("groupblog")
+# if self.backend.supportsPublishModel():       #XXX: this feature is not really described in XEP-0060, we just can see it in examples
+#     self.features.append("publish_model")     #     but it's necessary for microblogging comments (see XEP-0277)
+def getFullItem(self, item_data):
+""" Attach item configuration to this item
+Used to give item configuration back to node's owner (and *only* to owner)
+"""
+# TODO: a test should check that only the owner get the item configuration back
+item, item_config = item_data.item, item_data.config
+if item_config:
+new_item = elementCopy(item)
+new_item.addChild(item_config.toElement())
+return new_item
+else:
+return item
+@defer.inlineCallbacks
+def _notifyPublish(self, data):
+items_data = data['items_data']
+node = data['node']
+pep = data['pep']
+recipient = data['recipient']
+owners, notifications_filtered = yield self._prepareNotify(items_data, node, data.get('subscription'), pep, recipient)
+# we notify the owners
+# FIXME: check if this comply with XEP-0060 (option needed ?)
+# TODO: item's access model have to be sent back to owner
+# TODO: same thing for getItems
+for owner_jid in owners:
+notifications_filtered.append(
+(owner_jid,
+{pubsub.Subscription(node.nodeIdentifier,
+owner_jid,
+'subscribed')},
+[self.getFullItem(item_data) for item_data in items_data]))
+if pep:
+defer.returnValue(self.backend.privilege.notifyPublish(
+recipient,
+node.nodeIdentifier,
+notifications_filtered))
+else:
+defer.returnValue(self.pubsubService.notifyPublish(
+self.serviceJID,
+node.nodeIdentifier,
+notifications_filtered))
+def _notifyRetract(self, data):
+items_data = data['items_data']
+node = data['node']
+pep = data['pep']
+recipient = data['recipient']
+def afterPrepare(result):
+owners, notifications_filtered = result
+#we add the owners
+for owner_jid in owners:
+notifications_filtered.append(
+(owner_jid,
+{pubsub.Subscription(node.nodeIdentifier,
+owner_jid,
+'subscribed')},
+[item_data.item for item_data in items_data]))
+if pep:
+return self.backend.privilege.notifyRetract(
+recipient,
+node.nodeIdentifier,
+notifications_filtered)
+else:
+return self.pubsubService.notifyRetract(
+self.serviceJID,
+node.nodeIdentifier,
+notifications_filtered)
+d = self._prepareNotify(items_data, node, data.get('subscription'), pep, recipient)
+d.addCallback(afterPrepare)
+return d
+@defer.inlineCallbacks
+def _prepareNotify(self, items_data, node, subscription=None, pep=None, recipient=None):
+"""Do a bunch of permissions check and filter notifications
+The owner is not added to these notifications,
+it must be added by the calling method
+@param items_data(tuple): must contain:
+- item (domish.Element)
+- access_model (unicode)
+- access_list (dict as returned getItemsById, or item_config)
+@param node(LeafNode): node hosting the items
+@param subscription(pubsub.Subscription, None): TODO
+@return (tuple): will contain:
+- notifications_filtered
+- node_owner_jid
+- items_data
+"""
+if subscription is None:
+notifications = yield self.backend.getNotifications(node, items_data)
+else:
+notifications = [(subscription.subscriber, [subscription], items_data)]
+if pep and node.getConfiguration()[const.OPT_ACCESS_MODEL] in ('open', 'presence'):
+# for PEP we need to manage automatic subscriptions (cf. XEP-0163 §4)
+explicit_subscribers = {subscriber for subscriber, _, _ in notifications}
+auto_subscribers = yield self.backend.privilege.getAutoSubscribers(recipient, node.nodeIdentifier, explicit_subscribers)
+for sub_jid in auto_subscribers:
+sub = pubsub.Subscription(node.nodeIdentifier, sub_jid, 'subscribed')
+notifications.append((sub_jid, [sub], items_data))
+owners = yield node.getOwners()
+owner_roster = None
+# now we check access of subscriber for each item, and keep only allowed ones
+#we filter items not allowed for the subscribers
+notifications_filtered = []
+schema = node.getSchema()
+for subscriber, subscriptions, items_data in notifications:
+subscriber_bare = subscriber.userhostJID()
+if subscriber_bare in owners:
+# as notification is always sent to owner,
+# we ignore owner if he is here
+continue
+allowed_items = [] #we keep only item which subscriber can access
+if schema is not None:
+# we have to copy items_data because different subscribers may receive
+# different items (e.g. read restriction in schema)
+items_data = [itemDataCopy(item_data) for item_data in items_data]
+self.backend.filterItemsWithSchema(items_data, schema, False)
+for item_data in items_data:
+item, access_model = item_data.item, item_data.access_model
+access_list = item_data.config
+if access_model == const.VAL_AMODEL_OPEN:
+allowed_items.append(item)
+elif access_model == const.VAL_AMODEL_PUBLISHER_ROSTER:
+if owner_roster is None:
+# FIXME: publisher roster should be used, not owner
+owner_roster= yield self.backend.getOwnerRoster(node, owners)
+if owner_roster is None:
+owner_roster = {}
+if not subscriber_bare in owner_roster:
+continue
+#the subscriber is known, is he in the right group ?
+authorized_groups = access_list[const.OPT_ROSTER_GROUPS_ALLOWED]
+if owner_roster[subscriber_bare].groups.intersection(authorized_groups):
+allowed_items.append(item)
+else: #unknown access_model
+# TODO: white list access
+raise NotImplementedError
+if allowed_items:
+notifications_filtered.append((subscriber, subscriptions, allowed_items))
+defer.returnValue((owners, notifications_filtered))
+def _preDelete(self, data, pep, recipient):
+nodeIdentifier = data['node'].nodeIdentifier
+redirectURI = data.get('redirectURI', None)
+d = self.backend.getSubscribers(nodeIdentifier, pep, recipient)
+d.addCallback(lambda subscribers: self.pubsubService.notifyDelete(
+self.serviceJID,
+nodeIdentifier,
+subscribers,
+redirectURI))
+return d
+def _mapErrors(self, failure):
+e = failure.trap(*self._errorMap.keys())
+condition, pubsubCondition, feature = self._errorMap[e]
+msg = failure.value.msg
+if pubsubCondition:
+exc = pubsub.PubSubError(condition, pubsubCondition, feature, msg)
+else:
+exc = StanzaError(condition, text=msg)
+raise exc
+def getInfo(self, requestor, service, nodeIdentifier, pep=None, recipient=None):
+return [] # FIXME: disabled for now, need to manage PEP
+if not requestor.resource:
+# this avoid error when getting a disco request from server during namespace delegation
+return []
+info = {}
+def saveType(result):
+info['type'] = result
+return nodeIdentifier
+def saveMetaData(result):
+info['meta-data'] = result
+return info
+def trapNotFound(failure):
+failure.trap(error.NodeNotFound)
+return info
+d = defer.succeed(nodeIdentifier)
+d.addCallback(self.backend.getNodeType)
+d.addCallback(saveType)
+d.addCallback(self.backend.getNodeMetaData)
+d.addCallback(saveMetaData)
+d.addErrback(trapNotFound)
+d.addErrback(self._mapErrors)
+return d
+def getNodes(self, requestor, service, nodeIdentifier):
+"""return nodes for disco#items
+Pubsub/PEP nodes will be returned if disco node is not specified
+else Pubsub/PEP items will be returned
+(according to what requestor can access)
+"""
+try:
+pep = service.pep
+except AttributeError:
+pep = False
+if service.resource:
+return defer.succeed([])
+if nodeIdentifier:
+d = self.backend.getItemsIds(nodeIdentifier,
+requestor,
+[],
+requestor.userhostJID() == service,
+None,
+None,
+pep,
+service)
+# items must be set as name, not node
+d.addCallback(lambda items: [(None, item) for item in items])
+else:
+d = self.backend.getNodes(requestor.userhostJID(),
+pep,
+service)
+return d.addErrback(self._mapErrors)
+def getConfigurationOptions(self):
+return self.backend.nodeOptions
+def _publish_errb(self, failure, request):
+if failure.type == error.NodeNotFound and self.backend.supportsAutoCreate():
+print "Auto-creating node %s" % (request.nodeIdentifier,)
+d = self.backend.createNode(request.nodeIdentifier,
+request.sender,
+pep=self._isPep(request),
+recipient=request.recipient)
+d.addCallback(lambda ignore,
+request: self.backend.publish(request.nodeIdentifier,
+request.items,
+request.sender,
+self._isPep(request),
+request.recipient,
+),
+request)
+return d
+return failure
+def _isPep(self, request):
+try:
+return request.delegated
+except AttributeError:
+return False
+def publish(self, request):
+d = self.backend.publish(request.nodeIdentifier,
+request.items,
+request.sender,
+self._isPep(request),
+request.recipient)
+d.addErrback(self._publish_errb, request)
+return d.addErrback(self._mapErrors)
+def subscribe(self, request):
+d = self.backend.subscribe(request.nodeIdentifier,
+request.subscriber,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def unsubscribe(self, request):
+d = self.backend.unsubscribe(request.nodeIdentifier,
+request.subscriber,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def subscriptions(self, request):
+d = self.backend.getSubscriptions(request.sender,
+request.nodeIdentifier,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def affiliations(self, request):
+"""Retrieve affiliation for normal entity (cf. XEP-0060 §5.7)
+retrieve all node where this jid is affiliated
+"""
+d = self.backend.getAffiliations(request.sender,
+request.nodeIdentifier,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def create(self, request):
+d = self.backend.createNode(request.nodeIdentifier,
+request.sender, request.options,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def default(self, request):
+d = self.backend.getDefaultConfiguration(request.nodeType,
+self._isPep(request),
+request.sender)
+return d.addErrback(self._mapErrors)
+def configureGet(self, request):
+d = self.backend.getNodeConfiguration(request.nodeIdentifier,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def configureSet(self, request):
+d = self.backend.setNodeConfiguration(request.nodeIdentifier,
+request.options,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def affiliationsGet(self, request):
+"""Retrieve affiliations for owner (cf. XEP-0060 §8.9.1)
+retrieve all affiliations for a node
+"""
+d = self.backend.getAffiliationsOwner(request.nodeIdentifier,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def affiliationsSet(self, request):
+d = self.backend.setAffiliationsOwner(request.nodeIdentifier,
+request.sender,
+request.affiliations,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def subscriptionsGet(self, request):
+"""Retrieve subscriptions for owner (cf. XEP-0060 §8.8.1)
+retrieve all affiliations for a node
+"""
+d = self.backend.getSubscriptionsOwner(request.nodeIdentifier,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def subscriptionsSet(self, request):
+d = self.backend.setSubscriptionsOwner(request.nodeIdentifier,
+request.sender,
+request.subscriptions,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def items(self, request):
+ext_data = {}
+if const.FLAG_ENABLE_RSM and request.rsm is not None:
+if request.rsm.max < 0:
+raise pubsub.BadRequest(text="max can't be negative")
+ext_data['rsm'] = request.rsm
+try:
+ext_data['pep'] = request.delegated
+except AttributeError:
+pass
+ext_data['order_by'] = request.orderBy or []
+d = self.backend.getItems(request.nodeIdentifier,
+request.sender,
+request.recipient,
+request.maxItems,
+request.itemIdentifiers,
+ext_data)
+return d.addErrback(self._mapErrors)
+def retract(self, request):
+d = self.backend.retractItem(request.nodeIdentifier,
+request.itemIdentifiers,
+request.sender,
+request.notify,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def purge(self, request):
+d = self.backend.purgeNode(request.nodeIdentifier,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+def delete(self, request):
+d = self.backend.deleteNode(request.nodeIdentifier,
+request.sender,
+self._isPep(request),
+request.recipient)
+return d.addErrback(self._mapErrors)
+components.registerAdapter(PubSubResourceFromBackend,
+iidavoll.IBackendService,
+iwokkel.IPubSubResource)
+class ExtraDiscoHandler(XMPPHandler):
+implements(iwokkel.IDisco)
+# see comment in twisted/plugins/pubsub.py
+# FIXME: upstream must be fixed so we can use custom (non pubsub#) disco features
+def getDiscoInfo(self, requestor, service, nodeIdentifier=''):
+return [disco.DiscoFeature(pubsub.NS_ORDER_BY)]
+def getDiscoItems(self, requestor, service, nodeIdentifier=''):
+return []

Mercurial > libervia-pubsub

comparison sat_pubsub/backend.py @ 405:c56a728412f1