# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1427815633 -7200
# Node ID 1146cb4493a999632c6459fc5eccee314745530f
# Parent  7116bc76663b451b973d65db93ea6cc7b09f25c3
mod_privilege: roster get permission implemented

diff -r 7116bc76663b -r 1146cb4493a9 mod_privilege/mod_privilege.lua
--- a/mod_privilege/mod_privilege.lua	Fri Mar 27 13:26:28 2015 +0100
+++ b/mod_privilege/mod_privilege.lua	Tue Mar 31 17:27:13 2015 +0200
@@ -1,18 +1,30 @@
+-- XEP-0356 (Privileged Entity)
+-- Copyright (C) 2015 Jérôme Poisson
+--
+-- This module is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+
+
 local jid = require("util/jid")
 local set = require("util/set")
 local st = require("util/stanza")
+local roster_manager = require("core/rostermanager")
+
 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
+local _ROSTER_GET_PERM = set.new({'get', 'both'})
+local _ROSTER_SET_PERM = set.new({'set', 'both'})
 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'})
 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE}
 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1'
 
-module:log("info", "Loading privileged entity module ");
+
+module:log("debug", "Loading privileged entity module ");
+
+--> Permissions management <--
 
 privileges = module:get_option("privileged_entities", {})
 
-module:log("warn", "Connection, HOST="..tostring(module:get_host()).." ("..tostring(module:get_host_type())..")")
-
 function advertise_perm(to_jid, perms)
 	-- send <message/> stanza to advertise permissions
 	-- as expained in section 4.2
@@ -34,7 +46,6 @@
 	
 	local session = event.session
 	local bare_jid = jid.join(session.username, session.host)
-	module:log("info", "======>>> on_auth, type="..tostring(event.session.type)..", jid="..tostring(bare_jid));
 
 	local ent_priv = privileges[bare_jid]
 	if ent_priv ~= nil then
@@ -64,3 +75,45 @@
 
 module:hook('authentication-success', on_auth)
 module:hook('component-authenticated', on_auth)
+
+
+--> roster permission <--
+
+module:hook("iq-get/bare/jabber:iq:roster:query", function(event)
+	local session, stanza = event.origin, event.stanza;
+	if not stanza.attr.to then
+		-- we don't want stanzas addressed to /self
+		return;
+	end
+	
+	if session.privileges and _ROSTER_GET_PERM:contains(session.privileges.roster) then
+		module:log("debug", "Roster get from allowed privileged entity received")
+		-- following code is adapted from mod_remote_roster
+		local node, host = jid.split(stanza.attr.to);
+		local roster = roster_manager.load_roster(node, host);
+		
+		local reply = st.reply(stanza):query("jabber:iq:roster");
+		for entity_jid, item in pairs(roster) do
+			if entity_jid and entity_jid ~= "pending" then
+				local node, host = jid.split(entity_jid);
+					reply:tag("item", {
+						jid = entity_jid,
+						subscription = item.subscription,
+						ask = item.ask,
+						name = item.name,
+					});
+					for group in pairs(item.groups) do
+						reply:tag("group"):text(group):up();
+					end
+					reply:up(); -- move out from item
+			end
+		end
+		session.send(reply);
+	else
+	    module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission")
+		session.send(st.error_reply(stanza, 'auth', 'forbidden'))
+	end
+	
+	return true
+
+end);