view sat_pubsub/privilege.py @ 306:ee89e4ed47fd

Added tag 0.2.0 for changeset 642dffb9d6f1
author Goffi <goffi@goffi.org>
date Mon, 07 Dec 2015 19:20:27 +0100
parents b96a4ac25f8b
children 5d7c3787672e
line wrap: on
line source

#!/usr/bin/python
#-*- coding: utf-8 -*-
#
"""
Copyright (c) 2015 Jérôme Poisson


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

---

This module implements XEP-0356 (Privileged Entity) to manage rosters, messages and presences
"""

from wokkel import xmppim
from wokkel.compat import IQ
from wokkel import pubsub
from wokkel.iwokkel import IPubSubService
from wokkel.subprotocols import XMPPHandler
from twisted.python import log
from twisted.python import failure
from twisted.words.xish import domish
from twisted.words.protocols.jabber import jid

FORWARDED_NS = 'urn:xmpp:forward:0'
PRIV_ENT_NS = 'urn:xmpp:privilege:1'
PRIV_ENT_ADV_XPATH = '/message/privilege[@xmlns="{}"]'.format(PRIV_ENT_NS)
ROSTER_NS = 'jabber:iq:roster'
PERM_ROSTER = 'roster'
PERM_MESSAGE = 'message'
PERM_PRESENCE = 'presence'
ALLOWED_ROSTER = ('none', 'get', 'set', 'both')
ALLOWED_MESSAGE = ('none', 'outgoing')
ALLOWED_PRESENCE = ('none', 'managed_entity', 'roster')
TO_CHECK = {PERM_ROSTER:ALLOWED_ROSTER, PERM_MESSAGE:ALLOWED_MESSAGE, PERM_PRESENCE:ALLOWED_PRESENCE}


class InvalidStanza(Exception):
    pass

class NotAllowedError(Exception):
    pass

class PrivilegesHandler(XMPPHandler):
    #FIXME: need to manage updates, and database sync
    #TODO: cache

    def __init__(self):
        super(PrivilegesHandler, self).__init__()
        self._permissions = {PERM_ROSTER: 'none',
                             PERM_MESSAGE: 'none',
                             PERM_PRESENCE: 'none'}
        self._pubsub_service = None

    @property
    def permissions(self):
        return self._permissions

    def connectionInitialized(self):
        for handler in self.parent.handlers:
            if IPubSubService.providedBy(handler):
                self._pubsub_service = handler
                break
        self.xmlstream.addObserver(PRIV_ENT_ADV_XPATH, self.onAdvertise)

    def onAdvertise(self, message):
        """Managage the <message/> advertising privileges

        self._permissions will be updated according to advertised privileged
        """
        privilege_elt = message.elements(PRIV_ENT_NS, 'privilege').next()
        for perm_elt in privilege_elt.elements(PRIV_ENT_NS):
            try:
                if perm_elt.name != 'perm':
                    raise InvalidStanza(u'unexpected element {}'.format(perm_elt.name))
                perm_access = perm_elt['access']
                perm_type = perm_elt['type']
                try:
                    if perm_type not in TO_CHECK[perm_access]:
                        raise InvalidStanza(u'bad type [{}] for permission {}'.format(perm_type, perm_access))
                except KeyError:
                    raise InvalidStanza(u'bad permission [{}]'.format(perm_access))
            except InvalidStanza as e:
                log.msg("Invalid stanza received ({}), setting permission to none".format(e))
                for perm in self._permissions:
                    self._permissions[perm] = 'none'
                break

            self._permissions[perm_access] = perm_type or 'none'

        log.msg('Privileges updated: roster={roster}, message={message}, presence={presence}'.format(**self._permissions))

    ## roster ##

    def getRoster(self, to_jid):
        """
        Retrieve contact list.

        @return: Roster as a mapping from L{JID} to L{RosterItem}.
        @rtype: L{twisted.internet.defer.Deferred}
        """
        if self._permissions[PERM_ROSTER] not in ('get', 'both'):
            log.msg("WARNING: permission not allowed to get roster")
            raise failure.Failure(NotAllowedError('roster get is not allowed'))

        def processRoster(result):
            roster = {}
            for element in result.elements(ROSTER_NS, 'item'):
                item = xmppim.RosterItem.fromElement(element)
                roster[item.entity] = item

            return roster

        iq = IQ(self.xmlstream, 'get')
        iq.addElement((ROSTER_NS, 'query'))
        iq["to"] = to_jid.userhost()
        d = iq.send()
        d.addCallback(processRoster)
        return d

    ## message ##

    def sendMessage(self, to_jid, priv_message):
        """ Send privileged message (in the name of the server)

        @param to_jid(jid.JID): main message destinee
        @param priv_message(domish.Element): privileged message
        """
        if self._permissions[PERM_MESSAGE] not in ('outgoing',):
            log.msg("WARNING: permission not allowed to send privileged messages")
            raise failure.Failure(NotAllowedError('privileged messages are not allowed'))

        main_message = domish.Element((None, "message"))
        main_message['to'] = to_jid.full()
        privilege_elt = main_message.addElement((PRIV_ENT_NS, 'privilege'))
        forwarded_elt = privilege_elt.addElement((FORWARDED_NS, 'forwarded'))
        priv_message['xmlns'] = 'jabber:client'
        forwarded_elt.addChild(priv_message)
        self.send(main_message)

    def notifyPublish(self, pep_jid, nodeIdentifier, notifications):
        """Do notifications using privileges"""
        for subscriber, subscriptions, items in notifications:
            message = self._pubsub_service._createNotification('items', pep_jid,
                                               nodeIdentifier, subscriber,
                                               subscriptions)
            for item in items:
                item.uri = pubsub.NS_PUBSUB_EVENT
                message.event.items.addChild(item)
            self.sendMessage(jid.JID(pep_jid.host), message)


    def notifyRetract(self, pep_jid, nodeIdentifier, notifications):
        for subscriber, subscriptions, items in notifications:
            message = self._pubsub_service._createNotification('items', pep_jid,
                                               nodeIdentifier, subscriber,
                                               subscriptions)
            for item in items:
                retract = domish.Element((None, "retract"))
                retract['id'] = item['id']
                message.event.items.addChild(retract)
            self.sendMessage(jid.JID(pep_jid.host), message)


    # def notifyDelete(self, service, nodeIdentifier, subscribers,
    #                        redirectURI=None):
    #     # TODO
    #     for subscriber in subscribers:
    #         message = self._createNotification('delete', service,
    #                                            nodeIdentifier,
    #                                            subscriber)
    #         if redirectURI:
    #             redirect = message.event.delete.addElement('redirect')
    #             redirect['uri'] = redirectURI
    #         self.send(message)