Mercurial > libervia-pubsub
changeset 470:a549c8e17827
privilege: don't try to get roster if the request if for a jid not belonging to our server
author | Goffi <goffi@goffi.org> |
---|---|
date | Thu, 21 Oct 2021 17:24:25 +0200 |
parents | bcbd2399bfee |
children | ed9e12701e0f |
files | sat_pubsub/privilege.py |
diffstat | 1 files changed, 3 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/sat_pubsub/privilege.py Fri Oct 15 18:10:11 2021 +0200 +++ b/sat_pubsub/privilege.py Thu Oct 21 17:24:25 2021 +0200 @@ -242,6 +242,9 @@ @param to_jid: jid of the entity owning the roster @return: roster data """ + if jid.JID(to_jid.host) != self.backend.server_jid: + # no need to try to get the roster if it's not a user of our own server + return None if self._permissions[PERM_ROSTER] not in ('get', 'both'): log.msg("WARNING: permission not allowed to get roster") raise failure.Failure(NotAllowedError('roster get is not allowed'))