[GATE-7] Added support for access restrictions (during new registrations).

Added another index to restrictions table. git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@6295 b35dd754-fafc-0310-a699-88a17e54d16e

[GATE-7] Added support for access restrictions (during new registrations).
Added another index to restrictions table. git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@6295 b35dd754-fafc-0310-a699-88a17e54d16e
3f067a1d · Daniel Henninger · dhenninger · b2f655c4 · 3f067a1d · 3f067a1d
Commit 3f067a1d authored Dec 04, 2006 by Daniel Henninger Committed by dhenninger Dec 04, 2006
16 changed files
--- a/src/plugins/gateway/src/database/gateway_db2.sql
+++ b/src/plugins/gateway/src/database/gateway_db2.sql
@@ -27,5 +27,6 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);
--- a/src/plugins/gateway/src/database/gateway_hsqldb.sql
+++ b/src/plugins/gateway/src/database/gateway_hsqldb.sql
@@ -27,5 +27,6 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);
--- a/src/plugins/gateway/src/database/gateway_mysql.sql
+++ b/src/plugins/gateway/src/database/gateway_mysql.sql
@@ -25,7 +25,8 @@ CREATE TABLE gatewayRestrictions (
   transportType     VARCHAR(15)    NOT NULL,
   username          VARCHAR(255),
   groupname         VARCHAR(50),
-   INDEX gatewayRstr_ttype_idx(transportType)
+   INDEX gatewayRstr_ttype_idx(transportType),
+   INDEX gatewayRstr_uname_idx(username)
 );
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);
--- a/src/plugins/gateway/src/database/gateway_oracle.sql
+++ b/src/plugins/gateway/src/database/gateway_oracle.sql
@@ -27,6 +27,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR2(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);

--- a/src/plugins/gateway/src/database/gateway_postgresql.sql
+++ b/src/plugins/gateway/src/database/gateway_postgresql.sql
@@ -27,5 +27,6 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);
--- a/src/plugins/gateway/src/database/gateway_sqlserver.sql
+++ b/src/plugins/gateway/src/database/gateway_sqlserver.sql
@@ -27,5 +27,6 @@ CREATE TABLE gatewayRestrictions (
   groupname         NVARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);
--- a/src/plugins/gateway/src/database/gateway_sybase.sql
+++ b/src/plugins/gateway/src/database/gateway_sybase.sql
@@ -27,5 +27,6 @@ CREATE TABLE gatewayRestrictions (
   groupname         NVARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 INSERT INTO jiveVersion (name, version) VALUES ('gateway', 2);
--- a/src/plugins/gateway/src/database/upgrade/2/gateway_db2.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_db2.sql
@@ -5,6 +5,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 -- Update database version
 UPDATE jiveVersion SET version = 2 WHERE name = 'gateway';
--- a/src/plugins/gateway/src/database/upgrade/2/gateway_hsqldb.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_hsqldb.sql
@@ -5,6 +5,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 // Update database version
 UPDATE jiveVersion SET version = 2 WHERE name = 'gateway';
--- a/src/plugins/gateway/src/database/upgrade/2/gateway_mysql.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_mysql.sql
@@ -3,7 +3,8 @@ CREATE TABLE gatewayRestrictions (
   transportType     VARCHAR(15)    NOT NULL,
   username          VARCHAR(255),
   groupname         VARCHAR(50),
-   INDEX gatewayRstr_ttype_idx(transportType)
+   INDEX gatewayRstr_ttype_idx(transportType),
+   INDEX gatewayRstr_uname_idx(username)
 );
 # Update database version

--- a/src/plugins/gateway/src/database/upgrade/2/gateway_oracle.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_oracle.sql
@@ -5,6 +5,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR2(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 -- Update database version
 UPDATE jiveVersion SET version = 2 WHERE name = 'gateway';

--- a/src/plugins/gateway/src/database/upgrade/2/gateway_postgresql.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_postgresql.sql
@@ -5,6 +5,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         VARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 -- Update database version
 UPDATE jiveVersion SET version = 2 WHERE name = 'gateway';
--- a/src/plugins/gateway/src/database/upgrade/2/gateway_sqlserver.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_sqlserver.sql
@@ -5,6 +5,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         NVARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 /* Update database version */
 UPDATE jiveVersion SET version = 2 WHERE name = 'gateway';
--- a/src/plugins/gateway/src/database/upgrade/2/gateway_sybase.sql
+++ b/src/plugins/gateway/src/database/upgrade/2/gateway_sybase.sql
@@ -5,6 +5,7 @@ CREATE TABLE gatewayRestrictions (
   groupname         NVARCHAR(50)
 );
 CREATE INDEX gatewayRstr_ttype_idx ON gatewayRestrictions (transportType);
+CREATE INDEX gatewayRstr_uname_idx ON gatewayRestrictions (username);
 /* Update database version */
 UPDATE jiveVersion SET version = 2 WHERE name = 'gateway';
--- a/src/plugins/gateway/src/java/org/jivesoftware/wildfire/gateway/BaseTransport.java
+++ b/src/plugins/gateway/src/java/org/jivesoftware/wildfire/gateway/BaseTransport.java
@@ -82,6 +82,12 @@ public abstract class BaseTransport implements Component, RosterEventListener {
     */
    public final RegistrationManager registrationManager = new RegistrationManager();
+    /**
+     * Manages permission information.
+     * @see org.jivesoftware.wildfire.gateway.PermissionManager
+     */
+    public final PermissionManager permissionManager = new PermissionManager();
    /**
     * JID of the transport in question.
     */
@@ -259,7 +265,6 @@ public abstract class BaseTransport implements Component, RosterEventListener {
                        session = this.registrationLoggedIn(registration, from, getPresenceType(packet), packet.getStatus(), packet.getPriority());
                        sessionManager.storeSession(from, session);
                    }
                }
                else if (packet.getType() == Presence.Type.unavailable) {
@@ -558,6 +563,21 @@ public abstract class BaseTransport implements Component, RosterEventListener {
            }
            if (packet.getType() == IQ.Type.set) {
+                Boolean registered = false;
+                Collection<Registration> registrations = registrationManager.getRegistrations(from, this.transportType);
+                if (registrations.iterator().hasNext()) {
+                    registered = true;
+                }
+                if (!registered && !permissionManager.hasAccess(this.transportType, from)) {
+                    // User does not have permission to register with transport.
+                    // We want to allow them to change settings if they are already registered.
+                    IQ result = IQ.createResultIQ(packet);
+                    result.setError(Condition.bad_request);
+                    reply.add(result);
+                    return reply;
+                }
                Element userEl = packet.getChildElement().element("username");
                Element passEl = packet.getChildElement().element("password");
                Element nickEl = packet.getChildElement().element("nick");
@@ -642,6 +662,14 @@ public abstract class BaseTransport implements Component, RosterEventListener {
                    registered = true;
                }
+                if (!registered && !permissionManager.hasAccess(this.transportType, from)) {
+                    // User does not have permission to register with transport.
+                    // We want to allow them to change settings if they are already registered.
+                    result.setError(Condition.bad_request);
+                    reply.add(result);
+                    return reply;
+                }
                DataForm form = new DataForm(DataForm.Type.form);
                form.addInstruction(getTerminologyRegistration());

--- a/src/plugins/gateway/src/java/org/jivesoftware/wildfire/gateway/PermissionManager.java
+++ b/src/plugins/gateway/src/java/org/jivesoftware/wildfire/gateway/PermissionManager.java
@@ -10,6 +10,20 @@
 package org.jivesoftware.wildfire.gateway;
+import org.xmpp.packet.JID;
+import org.jivesoftware.util.JiveGlobals;
+import org.jivesoftware.util.Log;
+import org.jivesoftware.database.DbConnectionManager;
+import org.jivesoftware.wildfire.group.GroupManager;
+import org.jivesoftware.wildfire.group.Group;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Collection;
 /**
 * Registration Permissions Manager
 *
@@ -21,4 +35,69 @@ package org.jivesoftware.wildfire.gateway;
 */
 public class PermissionManager {
+    private static final String IS_USER_LISTED =
+            "SELECT count(*) FROM gatewayRestrictions WHERE transportType=? AND username=?";
+    private static final String GROUPS_LISTED =
+            "SELECT groupname FROM gatewayRestrictions WHERE transportType=?";
+    public boolean hasAccess(TransportType type, JID jid) {
+        int setting = JiveGlobals.getIntProperty("plugin.gateway."+type.toString()+".registration", 1);
+        if (setting == 1) { return true; }
+        if (setting == 3) { return false; }
+        if (isUserAllowed(type, jid)) { return true; }
+        if (isUserInAllowedGroup(type, jid)) { return true; }
+        return false;
+    }
+    public boolean isUserAllowed(TransportType type, JID jid) {
+        Connection con = null;
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            con = DbConnectionManager.getConnection();
+            pstmt = con.prepareStatement(IS_USER_LISTED);
+            pstmt.setString(1, type.toString());
+            pstmt.setString(2, jid.getNode());
+            rs = pstmt.executeQuery();
+            rs.next();
+            return (rs.getInt(1) > 1);
+        }
+        catch (SQLException sqle) {
+            Log.error(sqle);
+        }
+        finally {
+            DbConnectionManager.closeConnection(rs, pstmt, con);
+        }
+        return false;
+    }
+    public boolean isUserInAllowedGroup(TransportType type, JID jid) {
+        ArrayList<String> allowedGroups = new ArrayList<String>();
+        Connection con = null;
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            con = DbConnectionManager.getConnection();
+            pstmt = con.prepareStatement(GROUPS_LISTED);
+            pstmt.setString(1, type.toString());
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                allowedGroups.add(rs.getString(1));
+            }
+        }
+        catch (SQLException sqle) {
+            Log.error(sqle);
+        }
+        finally {
+            DbConnectionManager.closeConnection(rs, pstmt, con);
+        }
+        Collection<Group> userGroups = GroupManager.getInstance().getGroups(jid);
+        for (Group g : userGroups) {
+            if (allowedGroups.contains(g.getName())) {
+                return true;
+            }
+        }
+        return false;
+    }
 }