Mercurial > libervia-pubsub
diff sat_pubsub/pgsql_storage.py @ 349:20b82fb8de02
backend: check nodes/items permission on disco#items:
- move node access check workflow from getItemsData to a new checkNodeAccess method
- only accessible items are returned to an entity when doing a disco#items on a node
- for PEP, nodes with presence access model are not returned if entity has not presence subscription from the node owner
- all nodes are returned in normal pubsub service
- new NotLeafNodeError exception when an action need to be done on Leaf node and it is not the case
- /!\ access it not fully checked : items access models are not handled for items id in disco#items, and whitelist nodes are returned regardless if requestor is in the white list or not. Furthermore, publisher-roster access is not handled for nodes.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 27 Aug 2017 20:33:39 +0200 |
| parents | f33406fcab5c |
| children | 2098295747fd |
line wrap: on
line diff
--- a/sat_pubsub/pgsql_storage.py Sun Aug 27 20:26:38 2017 +0200 +++ b/sat_pubsub/pgsql_storage.py Sun Aug 27 20:33:39 2017 +0200 @@ -205,9 +205,26 @@ row = cursor.fetchone() return self._buildNode(row) - def getNodeIds(self, pep): - d = self.dbpool.runQuery("""SELECT node from nodes WHERE pep is {}NULL""" - .format("NOT " if pep else "")) + def getNodeIds(self, pep, recipient, allowed_accesses=None): + """retrieve ids of existing nodes + + @param allowed_accesses(None, set): only nodes with access + in this set will be returned + None to return all nodes + @return (list[unicode]): ids of nodes + """ + if not pep: + query = "SELECT node from nodes WHERE pep is NULL" + values = [] + else: + query = "SELECT node from nodes WHERE pep=%s" + values = [recipient.userhost()] + + if allowed_accesses is not None: + query += "AND access_model IN %s" + values.append(tuple(allowed_accesses)) + + d = self.dbpool.runQuery(query, values) d.addCallback(lambda results: [r[0] for r in results]) return d