Mercurial > libervia-pubsub
view .hgtags @ 330:82d1259b3e36
backend, pgsql storage: better items/notification handling, various fixes:
- replaced const.VAL_AMODEL_ROSTER by const.VAL_AMODEL_PUBLISHER_ROSTER to follow change in pgsql schema
- implemented whitelist access model
- fixed bad access check during items retrieval (access was checked on recipient instead of requestor/sender)
- getItemsData and notification filtering now use inline callbacks: this make these complexe workflows far mor easy to read, and clarity is imperative in these security critical sections.
- publisher-roster access model now need to have only one owner, else it will fail. The idea is to use this model only when owner=publisher, else there is ambiguity on the roster to use to check access
- replaced getNodeOwner by node.getOwners, as a node can have several owners
- notifications filtering has been fixed in a similar way
- psql: simplified withPEP method, pep_table argument is actually not needed
- removed error.NotInRoster: error.Forbidden is used instead
- notifications now notify all the owners, not only the first one
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 26 Mar 2017 20:52:32 +0200 |
parents | c057d78b482f |
children | 4b5d4da54d9e |
line wrap: on
line source
b2149e448465d54e39bb8892ba9ded3313510738 idavoll-0.5.0 e289636ccc4f9e3690879aaf7b9bb5f2674c3fc8 idavoll-0.7.3 560b6cdc50b20d7590a70b0311d4781e3296c589 0.1.0 232002e132dbf9c7563d9f78f4b5e2bcdc2764de 0.1.1 642dffb9d6f1e7b2e7d5e9cb6ba17b6950fdf0bb 0.2.0