# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1338731848 -7200
# Node ID 50f6ee966da8d34c44b268eff32016689aae5d9e
# Parent  70fae534b83abc836c2a9a059ae8696abcb07c38
item are gotten according to item's access model in getItems

diff -r 70fae534b83a -r 50f6ee966da8 db/pubsub.sql
--- a/db/pubsub.sql	Thu May 31 00:24:20 2012 +0200
+++ b/db/pubsub.sql	Sun Jun 03 15:57:28 2012 +0200
@@ -53,8 +53,8 @@
     item text NOT NULL,
     publisher text NOT NULL,
     data text,
-    access_model text NOT NULL DEFAULT 'default'
-        CHECK (access_model IN ('default','open', 'roster')),
+    access_model text NOT NULL DEFAULT 'open'
+        CHECK (access_model IN ('open', 'roster')),
     date timestamp with time zone NOT NULL DEFAULT now(),
     UNIQUE (node_id, item)
 );
diff -r 70fae534b83a -r 50f6ee966da8 sat_pubsub/backend.py
--- a/sat_pubsub/backend.py	Thu May 31 00:24:20 2012 +0200
+++ b/sat_pubsub/backend.py	Sun Jun 03 15:57:28 2012 +0200
@@ -432,7 +432,7 @@
         if not _entity in roster:
             raise error.NotInRoster
         if roster[_entity].groups.intersection(authorized_groups):
-            return True
+            return (True, roster)
         raise error.NotInRoster
 
     def _getNodeGroups(self, roster, nodeIdentifier):
@@ -443,14 +443,18 @@
     def _doGetItems(self, result, requestor, maxItems, itemIdentifiers):
         node, affiliation = result
 
-        def access_checked(authorized):
+        def access_checked(access_data):
+            authorized, roster = access_data
             if not authorized:
                 raise error.NotAuthorized()
 
+            roster_item = roster.get(requestor.userhost())
+            authorized_groups = tuple(roster_item.groups) if roster_item else tuple()
+
             if itemIdentifiers:
-                return node.getItemsById(itemIdentifiers)
+                return node.getItemsById(authorized_groups, affiliation == 'owner', itemIdentifiers)
             else:
-                return node.getItems(maxItems)
+                return node.getItems(authorized_groups, affiliation == 'owner', maxItems)
 
 
         if not ILeafNode.providedBy(node):
@@ -460,13 +464,13 @@
             raise error.Forbidden()
 
         access_model = node.getConfiguration()["pubsub#access_model"]
+        d = node.getNodeOwner()
+        d.addCallback(self.roster.getRoster)
         
         if access_model == 'open' or affiliation == 'owner':
-            d = defer.succeed(True)
+            d.addCallback(lambda roster: (True,roster))
             d.addCallback(access_checked)
         elif access_model == 'roster':
-            d = node.getNodeOwner()
-            d.addCallback(self.roster.getRoster)
             d.addCallback(self._getNodeGroups,node.nodeIdentifier)
             d.addCallback(self.checkGroup, requestor)
             d.addCallback(access_checked)
diff -r 70fae534b83a -r 50f6ee966da8 sat_pubsub/pgsql_storage.py
--- a/sat_pubsub/pgsql_storage.py	Thu May 31 00:24:20 2012 +0200
+++ b/sat_pubsub/pgsql_storage.py	Sun Jun 03 15:57:28 2012 +0200
@@ -592,32 +592,44 @@
         return deleted
 
 
-    def getItems(self, maxItems=None):
-        return self.dbpool.runInteraction(self._getItems, maxItems)
+    def getItems(self, authorized_groups, unrestricted, maxItems=None):
+        return self.dbpool.runInteraction(self._getItems, authorized_groups, unrestricted, maxItems)
 
 
-    def _getItems(self, cursor, maxItems):
+    def _getItems(self, cursor, authorized_groups, unrestricted, maxItems):
         self._checkNodeExists(cursor)
-        query = """SELECT data FROM nodes
-                   INNER  JOIN items USING (node_id)
-                   WHERE node=%s ORDER BY date DESC"""
+        if unrestricted:
+            query = ["""SELECT data FROM nodes
+                       INNER  JOIN items USING (node_id)
+                       WHERE node=%s ORDER BY date DESC"""]
+            args = [self.nodeIdentifier]
+        else:
+            query = ["""SELECT data FROM nodes
+                       INNER  JOIN items USING (node_id)
+                       LEFT JOIN item_groups_authorized USING (item_id)
+                       WHERE node=%s AND
+                       (items.access_model='open' or
+                        (items.access_model='roster' and groupname in (%s))
+                       )
+                       ORDER BY date DESC"""]
+            args = [self.nodeIdentifier, authorized_groups]
+
         if maxItems:
-            cursor.execute(query + " LIMIT %s",
-                           (self.nodeIdentifier,
-                            maxItems))
-        else:
-            cursor.execute(query, (self.nodeIdentifier,))
+            query.append("LIMIT %s")
+            args.append(maxItems)
+       
+        cursor.execute(' '.join(query), args)
 
         result = cursor.fetchall()
         items = [stripNamespace(parseXml(r[0])) for r in result]
         return items
 
 
-    def getItemsById(self, itemIdentifiers):
+    def getItemsById(self, authorized_groups, unrestricted, itemIdentifiers):
         return self.dbpool.runInteraction(self._getItemsById, itemIdentifiers)
 
 
-    def _getItemsById(self, cursor, itemIdentifiers):
+    def _getItemsById(self, cursor, authorized_groups, unrestricted, itemIdentifiers):
         self._checkNodeExists(cursor)
         items = []
         for itemIdentifier in itemIdentifiers: