# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1634829865 -7200
# Node ID a549c8e1782764b3155a4cdec61ab3b1d2a2e283
# Parent  bcbd2399bfeedd5b2f5fd7b813cfb4ef3780e48c
privilege: don't try to get roster if the request if for a jid not belonging to our server

diff -r bcbd2399bfee -r a549c8e17827 sat_pubsub/privilege.py
--- a/sat_pubsub/privilege.py	Fri Oct 15 18:10:11 2021 +0200
+++ b/sat_pubsub/privilege.py	Thu Oct 21 17:24:25 2021 +0200
@@ -242,6 +242,9 @@
         @param to_jid: jid of the entity owning the roster
         @return: roster data
         """
+        if jid.JID(to_jid.host) != self.backend.server_jid:
+            # no need to try to get the roster if it's not a user of our own server
+            return None
         if self._permissions[PERM_ROSTER] not in ('get', 'both'):
             log.msg("WARNING: permission not allowed to get roster")
             raise failure.Failure(NotAllowedError('roster get is not allowed'))