# HG changeset patch # User Goffi # Date 1367170153 -7200 # Node ID 30988781f30d2948da02de0274c70aa6b6881e5d # Parent ea44c0986f47979e9920b8f84a69a706074b9d85 fixed access check (getItems/notifications) diff -r ea44c0986f47 -r 30988781f30d sat_pubsub/backend.py --- a/sat_pubsub/backend.py Wed Apr 17 22:28:41 2013 +0200 +++ b/sat_pubsub/backend.py Sun Apr 28 19:29:13 2013 +0200 @@ -394,7 +394,7 @@ else: is_user_jid = bool(nodeIdentifierJID.user) - if is_user_jid and nodeIdentifierJID.userhost() != requestor.userhost(): + if is_user_jid and nodeIdentifierJID.userhostJID() != requestor.userhostJID(): #we have an user jid node, but not created by the owner of this jid print "Wrong creator" raise error.Forbidden() @@ -461,7 +461,7 @@ @param entity: entity which must be in group @return: True if requestor is in roster""" roster, authorized_groups = roster_groups - _entity = entity.userhost() + _entity = entity.userhostJID() if not _entity in roster: raise error.NotInRoster @@ -749,7 +749,7 @@ if access_model == 'open': allowed_items.append(item) elif access_model == 'roster': - _subscriber = subscriber.userhost() + _subscriber = subscriber.userhostJID() if not _subscriber in roster: continue #the subscriber is known, is he in the right group ?