1 From b489d2017d046c305598a79e31127c26bc9a98fd Mon Sep 17 00:00:00 2001
2 From: Badlop <badlop@process-one.net>
3 Date: Fri, 7 Jun 2013 19:00:07 +0200
4 Subject: [PATCH] New options access_get and access_set in mod_vcard, _ldap
8 doc/guide.tex | 23 +++++++++++++++++++++--
9 src/mod_vcard.erl | 24 ++++++++++++++++--------
10 src/mod_vcard_ldap.erl | 45 +++++++++++++++++++++++++++------------------
11 3 files changed, 64 insertions(+), 28 deletions(-)
13 diff --git a/doc/guide.tex b/doc/guide.tex
14 index 71f88ee..d5bcfbb 100644
17 @@ -4616,6 +4616,17 @@ Options:
19 \iqdiscitem{\ns{vcard-temp}}
21 +\titem{access\_get}\ind{options!accessget} Access rule that defines
22 + who is allowed to see vCard of local users.
23 + If a rule returns `deny' on the requester
24 + user name, that user cannot see vCards of local users.
25 + By default anybody can see the vCards of local users.
26 +\titem{access\_set}\ind{options!accessset} Access rule that defines
27 + who is allowed to modify his vCard.
28 + If a rule returns `deny' on the requester
29 + user name, that user cannot modify his vCard.
30 + By default each local account can modify his own local vCard.
31 + Notice that vCard of a user can only be edited by the user himself.
32 \titem{\{search, true|false\}}\ind{options!search}This option specifies whether the search
33 functionality is enabled or not
34 If disabled, the option \term{host} will be ignored and the
35 @@ -4651,14 +4662,17 @@ Examples:
38 \item The second situation differs in a way that search results are not limited,
39 - and that all virtual hosts will be searched instead of only the current one:
40 + and that all virtual hosts will be searched instead of only the current one.
41 + Also, vCards of local users can only be seen by Local users.
43 +{access, vcard_get, [{allow, local}]}.
47 {mod_vcard, [{search, true},
49 - {allow_return_all, true}]},
50 + {allow_return_all, true},
51 + {access_get, vcard_get}]},
55 @@ -4696,6 +4710,11 @@ consists of the following \modvcardldap{}-specific options:
58 \iqdiscitem{\ns{vcard-temp}}
59 +\titem{access\_get}\ind{options!accessget} Access rule that defines
60 + who is allowed to see vCard of local users.
61 + If a rule returns `deny' on the requester
62 + user name, that user cannot see vCards of local users.
63 + By default anybody can see the vCards of local users.
64 \titem{\{search, true|false\}}\ind{options!search}This option specifies whether the search
65 functionality is enabled (value: \term{true}) or disabled (value:
66 \term{false}). If disabled, the option \term{host} will be ignored and the
67 diff --git a/src/mod_vcard.erl b/src/mod_vcard.erl
68 index 3b70fe2..0629de6 100644
69 --- a/src/mod_vcard.erl
70 +++ b/src/mod_vcard.erl
71 @@ -181,7 +181,9 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) ->
74 #jid{user = User, lserver = LServer} = From,
75 - case lists:member(LServer, ?MYHOSTS) of
76 + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_set, all),
77 + case lists:member(LServer, ?MYHOSTS) andalso
78 + (acl:match_rule(LServer, Access, From) == allow) of
80 set_vcard(User, LServer, SubEl),
81 IQ#iq{type = result, sub_el = []};
82 @@ -190,13 +192,19 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) ->
85 #jid{luser = LUser, lserver = LServer} = To,
86 - case get_vcard(LUser, LServer) of
89 - sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]};
91 - IQ#iq{type = result, sub_el = Els}
93 + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all),
94 + case acl:match_rule(LServer, Access, From) of
96 + case get_vcard(LUser, LServer) of
99 + sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]};
101 + IQ#iq{type = result, sub_el = Els}
104 + IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]}
108 get_vcard(LUser, LServer) ->
109 diff --git a/src/mod_vcard_ldap.erl b/src/mod_vcard_ldap.erl
110 index d3e6077..b17b1a3 100644
111 --- a/src/mod_vcard_ldap.erl
112 +++ b/src/mod_vcard_ldap.erl
113 @@ -242,38 +242,47 @@ process_local_iq(_From, _To, #iq{type = Type, lang = Lang, sub_el = SubEl} = IQ)
117 -process_sm_iq(_From, #jid{lserver=LServer} = To, #iq{sub_el = SubEl} = IQ) ->
118 - case catch process_vcard_ldap(To, IQ, LServer) of
119 +process_sm_iq(From, #jid{lserver=LServer} = To, #iq{sub_el = SubEl} = IQ) ->
120 + case catch process_vcard_ldap(From, To, IQ, LServer) of
122 IQ#iq{type = error, sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]};
127 -process_vcard_ldap(To, IQ, Server) ->
128 +process_vcard_ldap(From, To, IQ, Server) ->
129 {ok, State} = eldap_utils:get_state(Server, ?PROCNAME),
130 #iq{type = Type, sub_el = SubEl} = IQ,
133 IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]};
135 - #jid{luser = LUser} = To,
136 - LServer = State#state.serverhost,
137 - case ejabberd_auth:is_user_exists(LUser, LServer) of
139 - VCardMap = State#state.vcard_map,
140 - case find_ldap_user(LUser, State) of
141 - #eldap_entry{attributes = Attributes} ->
142 - Vcard = ldap_attributes_to_vcard(Attributes, VCardMap, {LUser, LServer}),
143 - IQ#iq{type = result, sub_el = Vcard};
145 - IQ#iq{type = result, sub_el = []}
148 - IQ#iq{type = result, sub_el = []}
150 + process_vcard_ldap_get_maybe(From, To, IQ, State)
153 +process_vcard_ldap_get_maybe(From, To, IQ, State) ->
154 + #jid{luser = LUser} = To,
155 + #jid{lserver = FromLServer} = From,
156 + LServer = State#state.serverhost,
157 + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all),
158 + case ejabberd_auth:is_user_exists(LUser, LServer) andalso
159 + (acl:match_rule(FromLServer, Access, From) == allow) of
161 + process_vcard_ldap_get(LUser, LServer, IQ, State);
163 + IQ#iq{type = result, sub_el = []}
166 +process_vcard_ldap_get(LUser, LServer, IQ, State) ->
167 + VCardMap = State#state.vcard_map,
168 + case find_ldap_user(LUser, State) of
169 + #eldap_entry{attributes = Attributes} ->
170 + Vcard = ldap_attributes_to_vcard(Attributes, VCardMap, {LUser, LServer}),
171 + IQ#iq{type = result, sub_el = Vcard};
173 + IQ#iq{type = result, sub_el = []}
176 handle_call(get_state, _From, State) ->
177 {reply, {ok, State}, State};
178 handle_call(stop, _From, State) ->