Mercurial > libervia-pubsub

changeset 470:a549c8e17827

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
privilege: don't try to get roster if the request if for a jid not belonging to our server
author Goffi <goffi@goffi.org>
date Thu, 21 Oct 2021 17:24:25 +0200
parents bcbd2399bfee
children ed9e12701e0f
files sat_pubsub/privilege.py
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/sat_pubsub/privilege.py	Fri Oct 15 18:10:11 2021 +0200
+++ b/sat_pubsub/privilege.py	Thu Oct 21 17:24:25 2021 +0200
@@ -242,6 +242,9 @@
         @param to_jid: jid of the entity owning the roster
         @return: roster data
         """
+        if jid.JID(to_jid.host) != self.backend.server_jid:
+            # no need to try to get the roster if it's not a user of our own server
+            return None
         if self._permissions[PERM_ROSTER] not in ('get', 'both'):
             log.msg("WARNING: permission not allowed to get roster")
             raise failure.Failure(NotAllowedError('roster get is not allowed'))