view sat_pubsub/privilege.py @ 285:a87c155d0fd5

replaced former roster dirty hack by a XEP-0356 first draft implementation, only roster get is implemented so far
author Goffi <goffi@goffi.org>
date Tue, 31 Mar 2015 17:31:56 +0200
parents sat_pubsub/remote_roster.py@002c59dbc23f
children 2f87fa282dfd
line wrap: on
line source

#!/usr/bin/python
#-*- coding: utf-8 -*-
#
"""
Copyright (c) 2003-2011 Ralph Meijer
Copyright (c) 2012, 2013, 2014, 2015 Jérôme Poisson


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
--

This program is based on Idavoll (http://idavoll.ik.nu/),
originaly written by Ralph Meijer (http://ralphm.net/blog/)
It is sublicensed under AGPL v3 (or any later version) as allowed by the original
license.

--

Here is a copy of the original license:

Copyright (c) 2003-2011 Ralph Meijer

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

"""

"""
Remote roster client.

This module access roster throught a hacked version of
remote roster management http://jkaluza.fedorapeople.org/remote-roster.html
"""

from wokkel import xmppim
from wokkel.compat import IQ
from wokkel.subprotocols import XMPPHandler
from twisted.python import log
from twisted.python import failure

PRIV_ENT_NS = 'urn:xmpp:privilege:1'
PRIV_ENT_ADV_XPATH = '/message/privilege[@xmlns="{}"]'.format(PRIV_ENT_NS)
ROSTER_NS = 'jabber:iq:roster'
PERM_ROSTER = 'roster'
PERM_MESSAGE = 'message'
PERM_PRESENCE = 'presence'
ALLOWED_ROSTER = ('none', 'get', 'set', 'both')
ALLOWED_MESSAGE = ('none', 'outgoing')
ALLOWED_PRESENCE = ('none', 'managed_entity', 'roster')
TO_CHECK = {PERM_ROSTER:ALLOWED_ROSTER, PERM_MESSAGE:ALLOWED_MESSAGE, PERM_PRESENCE:ALLOWED_PRESENCE}


class InvalidStanza(Exception):
    pass

class NotAllowedError(Exception):
    pass

class PrivilegesHandler(XMPPHandler):
    #FIXME: need to manage updates, and database sync
    #TODO: cache

    def __init__(self):
        super(PrivilegesHandler, self).__init__()
        self._permissions = {PERM_ROSTER: 'none',
                             PERM_MESSAGE: 'none',
                             PERM_PRESENCE: 'none'}

    @property
    def permissions(self):
        return self._permissions

    def connectionInitialized(self):
        self.xmlstream.addObserver(PRIV_ENT_ADV_XPATH, self.onAdvertise)

    def onAdvertise(self, message):
        """Managage the <message/> advertising privileges

        self._permissions will be updated according to advertised privileged
        """
        privilege_elt = message.elements(PRIV_ENT_NS, 'privilege').next()
        for perm_elt in privilege_elt.elements(PRIV_ENT_NS):
            try:
                if perm_elt.name != 'perm':
                    raise InvalidStanza(u'unexpected element {}'.format(perm_elt.name))
                perm_access = perm_elt['access']
                perm_type = perm_elt['type']
                try:
                    if perm_type not in TO_CHECK[perm_access]:
                        raise InvalidStanza(u'bad type [{}] for permission {}'.format(perm_type, perm_access))
                except KeyError:
                    raise InvalidStanza(u'bad permission [{}]'.format(perm_access))
            except InvalidStanza as e:
                log.msg("Invalid stanza received ({}), setting permission to none".format(e))
                for perm in self._permissions:
                    self._permissions[perm] = 'none'
                break

            self._permissions[perm_access] = perm_type or 'none'

        log.msg('Privileges updated: roster={roster}, message={message}, presence={presence}'.format(**self._permissions))


    def getRoster(self, to_jid):
        """
        Retrieve contact list.

        @return: Roster as a mapping from L{JID} to L{RosterItem}.
        @rtype: L{twisted.internet.defer.Deferred}
        """
        if self._permissions[PERM_ROSTER] not in ('get', 'both'):
            log.msg("WARNING: permission not allowed to get roster")
            raise failure.Failure(NotAllowedError('roster get is not allowed'))

        def processRoster(result):
            roster = {}
            for element in result.elements(ROSTER_NS, 'item'):
                item = xmppim.RosterItem.fromElement(element)
                roster[item.entity] = item

            return roster

        iq = IQ(self.xmlstream, 'get')
        iq.addElement((ROSTER_NS, 'query'))
        iq["to"] = to_jid.userhost()
        d = iq.send()
        d.addCallback(processRoster)
        return d