Mercurial > libervia-pubsub
comparison sat_pubsub/backend.py @ 461:c9238fca1fb3
backend: fix node creation permission check for PEP
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 15 Oct 2021 09:32:07 +0200 |
| parents | 607616f9ef5b |
| children | f520ac3164b0 |
comparison
equal
deleted
inserted
replaced
| 460:607616f9ef5b | 461:c9238fca1fb3 |
|---|---|
| 300 option["value"] = value | 300 option["value"] = value |
| 301 options.append(option) | 301 options.append(option) |
| 302 | 302 |
| 303 return options | 303 return options |
| 304 | 304 |
| 305 def _checkAuth(self, node, requestor): | 305 async def _checkAuth(self, node, requestor): |
| 306 """ Check authorisation of publishing in node for requestor """ | 306 """ Check authorisation of publishing in node for requestor """ |
| 307 | 307 affiliation = await node.getAffiliation(requestor) |
| 308 def check(affiliation): | 308 configuration = node.getConfiguration() |
| 309 d = defer.succeed((affiliation, node)) | 309 publish_model = configuration[const.OPT_PUBLISH_MODEL] |
| 310 configuration = node.getConfiguration() | 310 if publish_model == const.VAL_PMODEL_PUBLISHERS: |
| 311 publish_model = configuration[const.OPT_PUBLISH_MODEL] | 311 if affiliation not in ['owner', 'publisher']: |
| 312 if publish_model == const.VAL_PMODEL_PUBLISHERS: | 312 raise error.Forbidden() |
| 313 if affiliation not in ['owner', 'publisher']: | 313 elif publish_model == const.VAL_PMODEL_SUBSCRIBERS: |
| 314 if affiliation not in ['owner', 'publisher']: | |
| 315 # we are in subscribers publish model, we must check that | |
| 316 # the requestor is a subscriber to allow him to publish | |
| 317 subscribed = await node.isSubscribed(requestor) | |
| 318 if not subscribed: | |
| 314 raise error.Forbidden() | 319 raise error.Forbidden() |
| 315 elif publish_model == const.VAL_PMODEL_SUBSCRIBERS: | 320 elif publish_model != const.VAL_PMODEL_OPEN: |
| 316 if affiliation not in ['owner', 'publisher']: | 321 # publish_model must be publishers (default), subscribers or open. |
| 317 # we are in subscribers publish model, we must check that | 322 raise ValueError('Unexpected value') |
| 318 # the requestor is a subscriber to allow him to publish | 323 |
| 319 | 324 return (affiliation, node) |
| 320 def checkSubscription(subscribed): | |
| 321 if not subscribed: | |
| 322 raise error.Forbidden() | |
| 323 return (affiliation, node) | |
| 324 | |
| 325 d.addCallback(lambda __: node.isSubscribed(requestor)) | |
| 326 d.addCallback(checkSubscription) | |
| 327 elif publish_model != const.VAL_PMODEL_OPEN: | |
| 328 # publish_model must be publishers (default), subscribers or open. | |
| 329 raise ValueError('Unexpected value') | |
| 330 | |
| 331 return d | |
| 332 | |
| 333 d = node.getAffiliation(requestor) | |
| 334 d.addCallback(check) | |
| 335 return d | |
| 336 | 325 |
| 337 def parseItemConfig(self, item): | 326 def parseItemConfig(self, item): |
| 338 """Get and remove item configuration information | 327 """Get and remove item configuration information |
| 339 | 328 |
| 340 @param item (domish.Element): item to parse | 329 @param item (domish.Element): item to parse |
| 703 return True | 692 return True |
| 704 | 693 |
| 705 def supportsInstantNodes(self): | 694 def supportsInstantNodes(self): |
| 706 return True | 695 return True |
| 707 | 696 |
| 708 def createNode(self, nodeIdentifier, requestor, options=None, pep=False, recipient=None): | 697 async def _createNode( |
| 698 self, | |
| 699 nodeIdentifier: Optional[str], | |
| 700 requestor: jid.JID, | |
| 701 options: Optional[dict] = None, | |
| 702 pep: bool = False, | |
| 703 recipient: Optional[jid.JID] = None | |
| 704 ) -> str: | |
| 705 if pep: | |
| 706 if recipient == self.server_jid: | |
| 707 if not self.isAdmin(requestor): | |
| 708 raise error.Forbidden() | |
| 709 elif requestor.userhostJID() != recipient.userhostJID(): | |
| 710 raise error.Forbidden() | |
| 711 | |
| 709 if not nodeIdentifier: | 712 if not nodeIdentifier: |
| 710 nodeIdentifier = 'generic/%s' % uuid.uuid4() | 713 nodeIdentifier = 'generic/%s' % uuid.uuid4() |
| 711 | 714 |
| 712 if not options: | 715 if not options: |
| 713 options = {} | 716 options = {} |
| 716 config = self.storage.getDefaultConfiguration(nodeType) | 719 config = self.storage.getDefaultConfiguration(nodeType) |
| 717 config['pubsub#node_type'] = nodeType | 720 config['pubsub#node_type'] = nodeType |
| 718 config.update(options) | 721 config.update(options) |
| 719 | 722 |
| 720 # TODO: handle schema on creation | 723 # TODO: handle schema on creation |
| 721 d = self.storage.createNode(nodeIdentifier, requestor, config, None, pep, recipient) | 724 await self.storage.createNode( |
| 722 d.addCallback(lambda _: nodeIdentifier) | 725 nodeIdentifier, requestor, config, None, pep, recipient |
| 723 return d | 726 ) |
| 727 return nodeIdentifier | |
| 728 | |
| 729 def createNode( | |
| 730 self, | |
| 731 nodeIdentifier: Optional[str], | |
| 732 requestor: jid.JID, | |
| 733 options: Optional[dict] = None, | |
| 734 pep: bool = False, | |
| 735 recipient: Optional[jid.JID] = None | |
| 736 ) -> defer.Deferred: | |
| 737 return defer.ensureDeferred(self._createNode( | |
| 738 nodeIdentifier=nodeIdentifier, | |
| 739 requestor=requestor, | |
| 740 options=options, | |
| 741 pep=pep, | |
| 742 recipient=recipient | |
| 743 )) | |
| 724 | 744 |
| 725 def getDefaultConfiguration(self, nodeType): | 745 def getDefaultConfiguration(self, nodeType): |
| 726 d = defer.succeed(self.storage.getDefaultConfiguration(nodeType)) | 746 d = defer.succeed(self.storage.getDefaultConfiguration(nodeType)) |
| 727 return d | 747 return d |
| 728 | 748 |