Mercurial > libervia-pubsub
changeset 248:50f6ee966da8
item are gotten according to item's access model in getItems
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 03 Jun 2012 15:57:28 +0200 |
parents | 70fae534b83a |
children | aaf5e34ff765 |
files | db/pubsub.sql sat_pubsub/backend.py sat_pubsub/pgsql_storage.py |
diffstat | 3 files changed, 38 insertions(+), 22 deletions(-) [+] |
line wrap: on
line diff
--- a/db/pubsub.sql Thu May 31 00:24:20 2012 +0200 +++ b/db/pubsub.sql Sun Jun 03 15:57:28 2012 +0200 @@ -53,8 +53,8 @@ item text NOT NULL, publisher text NOT NULL, data text, - access_model text NOT NULL DEFAULT 'default' - CHECK (access_model IN ('default','open', 'roster')), + access_model text NOT NULL DEFAULT 'open' + CHECK (access_model IN ('open', 'roster')), date timestamp with time zone NOT NULL DEFAULT now(), UNIQUE (node_id, item) );
--- a/sat_pubsub/backend.py Thu May 31 00:24:20 2012 +0200 +++ b/sat_pubsub/backend.py Sun Jun 03 15:57:28 2012 +0200 @@ -432,7 +432,7 @@ if not _entity in roster: raise error.NotInRoster if roster[_entity].groups.intersection(authorized_groups): - return True + return (True, roster) raise error.NotInRoster def _getNodeGroups(self, roster, nodeIdentifier): @@ -443,14 +443,18 @@ def _doGetItems(self, result, requestor, maxItems, itemIdentifiers): node, affiliation = result - def access_checked(authorized): + def access_checked(access_data): + authorized, roster = access_data if not authorized: raise error.NotAuthorized() + roster_item = roster.get(requestor.userhost()) + authorized_groups = tuple(roster_item.groups) if roster_item else tuple() + if itemIdentifiers: - return node.getItemsById(itemIdentifiers) + return node.getItemsById(authorized_groups, affiliation == 'owner', itemIdentifiers) else: - return node.getItems(maxItems) + return node.getItems(authorized_groups, affiliation == 'owner', maxItems) if not ILeafNode.providedBy(node): @@ -460,13 +464,13 @@ raise error.Forbidden() access_model = node.getConfiguration()["pubsub#access_model"] + d = node.getNodeOwner() + d.addCallback(self.roster.getRoster) if access_model == 'open' or affiliation == 'owner': - d = defer.succeed(True) + d.addCallback(lambda roster: (True,roster)) d.addCallback(access_checked) elif access_model == 'roster': - d = node.getNodeOwner() - d.addCallback(self.roster.getRoster) d.addCallback(self._getNodeGroups,node.nodeIdentifier) d.addCallback(self.checkGroup, requestor) d.addCallback(access_checked)
--- a/sat_pubsub/pgsql_storage.py Thu May 31 00:24:20 2012 +0200 +++ b/sat_pubsub/pgsql_storage.py Sun Jun 03 15:57:28 2012 +0200 @@ -592,32 +592,44 @@ return deleted - def getItems(self, maxItems=None): - return self.dbpool.runInteraction(self._getItems, maxItems) + def getItems(self, authorized_groups, unrestricted, maxItems=None): + return self.dbpool.runInteraction(self._getItems, authorized_groups, unrestricted, maxItems) - def _getItems(self, cursor, maxItems): + def _getItems(self, cursor, authorized_groups, unrestricted, maxItems): self._checkNodeExists(cursor) - query = """SELECT data FROM nodes - INNER JOIN items USING (node_id) - WHERE node=%s ORDER BY date DESC""" + if unrestricted: + query = ["""SELECT data FROM nodes + INNER JOIN items USING (node_id) + WHERE node=%s ORDER BY date DESC"""] + args = [self.nodeIdentifier] + else: + query = ["""SELECT data FROM nodes + INNER JOIN items USING (node_id) + LEFT JOIN item_groups_authorized USING (item_id) + WHERE node=%s AND + (items.access_model='open' or + (items.access_model='roster' and groupname in (%s)) + ) + ORDER BY date DESC"""] + args = [self.nodeIdentifier, authorized_groups] + if maxItems: - cursor.execute(query + " LIMIT %s", - (self.nodeIdentifier, - maxItems)) - else: - cursor.execute(query, (self.nodeIdentifier,)) + query.append("LIMIT %s") + args.append(maxItems) + + cursor.execute(' '.join(query), args) result = cursor.fetchall() items = [stripNamespace(parseXml(r[0])) for r in result] return items - def getItemsById(self, itemIdentifiers): + def getItemsById(self, authorized_groups, unrestricted, itemIdentifiers): return self.dbpool.runInteraction(self._getItemsById, itemIdentifiers) - def _getItemsById(self, cursor, itemIdentifiers): + def _getItemsById(self, cursor, authorized_groups, unrestricted, itemIdentifiers): self._checkNodeExists(cursor) items = [] for itemIdentifier in itemIdentifiers: