]>
Commit | Line | Data |
---|---|---|
f2da2f0c AM |
1 | From b489d2017d046c305598a79e31127c26bc9a98fd Mon Sep 17 00:00:00 2001 |
2 | From: Badlop <badlop@process-one.net> | |
3 | Date: Fri, 7 Jun 2013 19:00:07 +0200 | |
4 | Subject: [PATCH] New options access_get and access_set in mod_vcard, _ldap | |
5 | and _odbc (EJAB-797) | |
6 | ||
7 | --- | |
8 | doc/guide.tex | 23 +++++++++++++++++++++-- | |
9 | src/mod_vcard.erl | 24 ++++++++++++++++-------- | |
10 | src/mod_vcard_ldap.erl | 45 +++++++++++++++++++++++++++------------------ | |
11 | 3 files changed, 64 insertions(+), 28 deletions(-) | |
12 | ||
52421ab2 | 13 | diff --git a/doc/guide.tex b/doc/guide.tex |
f2da2f0c | 14 | index 71f88ee..d5bcfbb 100644 |
52421ab2 | 15 | --- a/doc/guide.tex |
16 | +++ b/doc/guide.tex | |
f2da2f0c | 17 | @@ -4616,6 +4616,17 @@ Options: |
52421ab2 | 18 | \hostitem{vjud} |
19 | \iqdiscitem{\ns{vcard-temp}} | |
f2da2f0c | 20 | \dbtype |
52421ab2 | 21 | +\titem{access\_get}\ind{options!accessget} Access rule that defines |
22 | + who is allowed to see vCard of local users. | |
23 | + If a rule returns `deny' on the requester | |
24 | + user name, that user cannot see vCards of local users. | |
25 | + By default anybody can see the vCards of local users. | |
26 | +\titem{access\_set}\ind{options!accessset} Access rule that defines | |
27 | + who is allowed to modify his vCard. | |
28 | + If a rule returns `deny' on the requester | |
29 | + user name, that user cannot modify his vCard. | |
30 | + By default each local account can modify his own local vCard. | |
31 | + Notice that vCard of a user can only be edited by the user himself. | |
32 | \titem{\{search, true|false\}}\ind{options!search}This option specifies whether the search | |
33 | functionality is enabled or not | |
34 | If disabled, the option \term{host} will be ignored and the | |
f2da2f0c | 35 | @@ -4651,14 +4662,17 @@ Examples: |
52421ab2 | 36 | ]}. |
37 | \end{verbatim} | |
38 | \item The second situation differs in a way that search results are not limited, | |
39 | - and that all virtual hosts will be searched instead of only the current one: | |
40 | + and that all virtual hosts will be searched instead of only the current one. | |
41 | + Also, vCards of local users can only be seen by Local users. | |
42 | \begin{verbatim} | |
43 | +{access, vcard_get, [{allow, local}]}. | |
44 | {modules, | |
45 | [ | |
46 | ... | |
47 | {mod_vcard, [{search, true}, | |
48 | {matches, infinity}, | |
49 | - {allow_return_all, true}]}, | |
50 | + {allow_return_all, true}, | |
51 | + {access_get, vcard_get}]}, | |
52 | ... | |
53 | ]}. | |
54 | \end{verbatim} | |
f2da2f0c AM |
55 | @@ -4696,6 +4710,11 @@ consists of the following \modvcardldap{}-specific options: |
56 | \begin{description} | |
57 | \hostitem{vjud} | |
58 | \iqdiscitem{\ns{vcard-temp}} | |
59 | +\titem{access\_get}\ind{options!accessget} Access rule that defines | |
60 | + who is allowed to see vCard of local users. | |
61 | + If a rule returns `deny' on the requester | |
62 | + user name, that user cannot see vCards of local users. | |
63 | + By default anybody can see the vCards of local users. | |
64 | \titem{\{search, true|false\}}\ind{options!search}This option specifies whether the search | |
65 | functionality is enabled (value: \term{true}) or disabled (value: | |
66 | \term{false}). If disabled, the option \term{host} will be ignored and the | |
52421ab2 | 67 | diff --git a/src/mod_vcard.erl b/src/mod_vcard.erl |
f2da2f0c | 68 | index 3b70fe2..0629de6 100644 |
52421ab2 | 69 | --- a/src/mod_vcard.erl |
70 | +++ b/src/mod_vcard.erl | |
f2da2f0c | 71 | @@ -181,7 +181,9 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> |
52421ab2 | 72 | case Type of |
73 | set -> | |
74 | #jid{user = User, lserver = LServer} = From, | |
75 | - case lists:member(LServer, ?MYHOSTS) of | |
76 | + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_set, all), | |
77 | + case lists:member(LServer, ?MYHOSTS) andalso | |
78 | + (acl:match_rule(LServer, Access, From) == allow) of | |
79 | true -> | |
80 | set_vcard(User, LServer, SubEl), | |
81 | IQ#iq{type = result, sub_el = []}; | |
f2da2f0c | 82 | @@ -190,13 +192,19 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> |
52421ab2 | 83 | end; |
84 | get -> | |
85 | #jid{luser = LUser, lserver = LServer} = To, | |
f2da2f0c AM |
86 | - case get_vcard(LUser, LServer) of |
87 | - error -> | |
88 | - IQ#iq{type = error, | |
89 | - sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]}; | |
90 | - Els -> | |
91 | - IQ#iq{type = result, sub_el = Els} | |
92 | - end | |
93 | + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all), | |
94 | + case acl:match_rule(LServer, Access, From) of | |
95 | + allow -> | |
96 | + case get_vcard(LUser, LServer) of | |
97 | + error -> | |
98 | + IQ#iq{type = error, | |
99 | + sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]}; | |
100 | + Els -> | |
101 | + IQ#iq{type = result, sub_el = Els} | |
102 | + end; | |
103 | + deny -> | |
104 | + IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]} | |
105 | + end | |
52421ab2 | 106 | end. |
107 | ||
f2da2f0c | 108 | get_vcard(LUser, LServer) -> |
52421ab2 | 109 | diff --git a/src/mod_vcard_ldap.erl b/src/mod_vcard_ldap.erl |
f2da2f0c | 110 | index d3e6077..b17b1a3 100644 |
52421ab2 | 111 | --- a/src/mod_vcard_ldap.erl |
112 | +++ b/src/mod_vcard_ldap.erl | |
f2da2f0c | 113 | @@ -242,38 +242,47 @@ process_local_iq(_From, _To, #iq{type = Type, lang = Lang, sub_el = SubEl} = IQ) |
52421ab2 | 114 | ]}]} |
115 | end. | |
116 | ||
117 | -process_sm_iq(_From, #jid{lserver=LServer} = To, #iq{sub_el = SubEl} = IQ) -> | |
118 | - case catch process_vcard_ldap(To, IQ, LServer) of | |
119 | +process_sm_iq(From, #jid{lserver=LServer} = To, #iq{sub_el = SubEl} = IQ) -> | |
120 | + case catch process_vcard_ldap(From, To, IQ, LServer) of | |
121 | {'EXIT', _} -> | |
122 | IQ#iq{type = error, sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]}; | |
123 | Other -> | |
124 | Other | |
125 | end. | |
126 | ||
127 | -process_vcard_ldap(To, IQ, Server) -> | |
128 | +process_vcard_ldap(From, To, IQ, Server) -> | |
129 | {ok, State} = eldap_utils:get_state(Server, ?PROCNAME), | |
130 | #iq{type = Type, sub_el = SubEl} = IQ, | |
131 | case Type of | |
132 | set -> | |
133 | IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]}; | |
134 | get -> | |
135 | - #jid{luser = LUser} = To, | |
136 | - LServer = State#state.serverhost, | |
137 | - case ejabberd_auth:is_user_exists(LUser, LServer) of | |
138 | - true -> | |
139 | - VCardMap = State#state.vcard_map, | |
140 | - case find_ldap_user(LUser, State) of | |
141 | - #eldap_entry{attributes = Attributes} -> | |
142 | - Vcard = ldap_attributes_to_vcard(Attributes, VCardMap, {LUser, LServer}), | |
143 | - IQ#iq{type = result, sub_el = Vcard}; | |
144 | - _ -> | |
145 | - IQ#iq{type = result, sub_el = []} | |
146 | - end; | |
147 | - _ -> | |
148 | - IQ#iq{type = result, sub_el = []} | |
149 | - end | |
150 | + process_vcard_ldap_get_maybe(From, To, IQ, State) | |
151 | end. | |
152 | ||
153 | +process_vcard_ldap_get_maybe(From, To, IQ, State) -> | |
154 | + #jid{luser = LUser} = To, | |
155 | + #jid{lserver = FromLServer} = From, | |
156 | + LServer = State#state.serverhost, | |
157 | + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all), | |
d803d5e7 | 158 | + case ejabberd_auth:is_user_exists(LUser, LServer) andalso |
159 | + (acl:match_rule(FromLServer, Access, From) == allow) of | |
52421ab2 | 160 | + true -> |
161 | + process_vcard_ldap_get(LUser, LServer, IQ, State); | |
162 | + _ -> | |
163 | + IQ#iq{type = result, sub_el = []} | |
164 | + end. | |
165 | + | |
166 | +process_vcard_ldap_get(LUser, LServer, IQ, State) -> | |
167 | + VCardMap = State#state.vcard_map, | |
168 | + case find_ldap_user(LUser, State) of | |
169 | + #eldap_entry{attributes = Attributes} -> | |
170 | + Vcard = ldap_attributes_to_vcard(Attributes, VCardMap, {LUser, LServer}), | |
171 | + IQ#iq{type = result, sub_el = Vcard}; | |
172 | + _ -> | |
173 | + IQ#iq{type = result, sub_el = []} | |
174 | + end. | |
175 | + | |
176 | handle_call(get_state, _From, State) -> | |
177 | {reply, {ok, State}, State}; | |
178 | handle_call(stop, _From, State) -> | |
f2da2f0c AM |
179 | -- |
180 | 1.7.10.4 | |
181 |