--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/sat_pubsub/privilege.py	Tue Mar 31 17:31:56 2015 +0200
@@ -0,0 +1,157 @@
+#!/usr/bin/python
+#-*- coding: utf-8 -*-
+#
+"""
+Copyright (c) 2003-2011 Ralph Meijer
+Copyright (c) 2012, 2013, 2014, 2015 Jérôme Poisson
+
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+--
+
+This program is based on Idavoll (http://idavoll.ik.nu/),
+originaly written by Ralph Meijer (http://ralphm.net/blog/)
+It is sublicensed under AGPL v3 (or any later version) as allowed by the original
+license.
+
+--
+
+Here is a copy of the original license:
+
+Copyright (c) 2003-2011 Ralph Meijer
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+"""
+
+"""
+Remote roster client.
+
+This module access roster throught a hacked version of
+remote roster management http://jkaluza.fedorapeople.org/remote-roster.html
+"""
+
+from wokkel import xmppim
+from wokkel.compat import IQ
+from wokkel.subprotocols import XMPPHandler
+from twisted.python import log
+from twisted.python import failure
+
+PRIV_ENT_NS = 'urn:xmpp:privilege:1'
+PRIV_ENT_ADV_XPATH = '/message/privilege[@xmlns="{}"]'.format(PRIV_ENT_NS)
+ROSTER_NS = 'jabber:iq:roster'
+PERM_ROSTER = 'roster'
+PERM_MESSAGE = 'message'
+PERM_PRESENCE = 'presence'
+ALLOWED_ROSTER = ('none', 'get', 'set', 'both')
+ALLOWED_MESSAGE = ('none', 'outgoing')
+ALLOWED_PRESENCE = ('none', 'managed_entity', 'roster')
+TO_CHECK = {PERM_ROSTER:ALLOWED_ROSTER, PERM_MESSAGE:ALLOWED_MESSAGE, PERM_PRESENCE:ALLOWED_PRESENCE}
+
+
+class InvalidStanza(Exception):
+    pass
+
+class NotAllowedError(Exception):
+    pass
+
+class PrivilegesHandler(XMPPHandler):
+    #FIXME: need to manage updates, and database sync
+    #TODO: cache
+
+    def __init__(self):
+        super(PrivilegesHandler, self).__init__()
+        self._permissions = {PERM_ROSTER: 'none',
+                             PERM_MESSAGE: 'none',
+                             PERM_PRESENCE: 'none'}
+
+    @property
+    def permissions(self):
+        return self._permissions
+
+    def connectionInitialized(self):
+        self.xmlstream.addObserver(PRIV_ENT_ADV_XPATH, self.onAdvertise)
+
+    def onAdvertise(self, message):
+        """Managage the <message/> advertising privileges
+
+        self._permissions will be updated according to advertised privileged
+        """
+        privilege_elt = message.elements(PRIV_ENT_NS, 'privilege').next()
+        for perm_elt in privilege_elt.elements(PRIV_ENT_NS):
+            try:
+                if perm_elt.name != 'perm':
+                    raise InvalidStanza(u'unexpected element {}'.format(perm_elt.name))
+                perm_access = perm_elt['access']
+                perm_type = perm_elt['type']
+                try:
+                    if perm_type not in TO_CHECK[perm_access]:
+                        raise InvalidStanza(u'bad type [{}] for permission {}'.format(perm_type, perm_access))
+                except KeyError:
+                    raise InvalidStanza(u'bad permission [{}]'.format(perm_access))
+            except InvalidStanza as e:
+                log.msg("Invalid stanza received ({}), setting permission to none".format(e))
+                for perm in self._permissions:
+                    self._permissions[perm] = 'none'
+                break
+
+            self._permissions[perm_access] = perm_type or 'none'
+
+        log.msg('Privileges updated: roster={roster}, message={message}, presence={presence}'.format(**self._permissions))
+
+
+    def getRoster(self, to_jid):
+        """
+        Retrieve contact list.
+
+        @return: Roster as a mapping from L{JID} to L{RosterItem}.
+        @rtype: L{twisted.internet.defer.Deferred}
+        """
+        if self._permissions[PERM_ROSTER] not in ('get', 'both'):
+            log.msg("WARNING: permission not allowed to get roster")
+            raise failure.Failure(NotAllowedError('roster get is not allowed'))
+
+        def processRoster(result):
+            roster = {}
+            for element in result.elements(ROSTER_NS, 'item'):
+                item = xmppim.RosterItem.fromElement(element)
+                roster[item.entity] = item
+
+            return roster
+
+        iq = IQ(self.xmlstream, 'get')
+        iq.addElement((ROSTER_NS, 'query'))
+        iq["to"] = to_jid.userhost()
+        d = iq.send()
+        d.addCallback(processRoster)
+        return d
+
+