Added permissions checkings. JM-450

git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@3072 b35dd754-fafc-0310-a699-88a17e54d16e

Added permissions checkings. JM-450
git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@3072 b35dd754-fafc-0310-a699-88a17e54d16e
62a568f0 · Gaston Dombiak · gato · 4d9dc644 · 62a568f0 · 62a568f0
Commit 62a568f0 authored Nov 14, 2005 by Gaston Dombiak Committed by gato Nov 14, 2005
Showing with 39 additions and 22 deletions

AdHocCommand.java ...ava/org/jivesoftware/messenger/commands/AdHocCommand.java +20 -12

AdHocCommandHandler.java .../jivesoftware/messenger/commands/AdHocCommandHandler.java +19 -10

No files found.
--- a/src/java/org/jivesoftware/messenger/commands/AdHocCommand.java
+++ b/src/java/org/jivesoftware/messenger/commands/AdHocCommand.java
@@ -11,6 +11,8 @@
 package org.jivesoftware.messenger.commands;
 import org.dom4j.Element;
+import org.xmpp.packet.JID;
+import org.jivesoftware.messenger.XMPPServer;
 import java.util.List;
@@ -40,12 +42,6 @@ public abstract class AdHocCommand {
     */
    private String label = getDefaultLabel();
-    /**
-     * Flag that indicates if the default permission schema defined in AdHocCommandHandler should
-     * be overridden while the permission schema defined for this command.
-     */
-    private boolean overridePermissions;
    public AdHocCommand() {
    }
@@ -57,12 +53,24 @@ public abstract class AdHocCommand {
        this.label = label;
    }
-    public boolean isOverridePermissions() {
+    /**
-        return overridePermissions;
+     * Returns true if the requester is allowed to execute this command. By default only admins
-    }
+     * are allowed to execute commands. Subclasses may redefine this method with any specific
+     * logic.<p>
-    public void setOverridePermissions(boolean overridePermissions) {
+     *
-        this.overridePermissions = overridePermissions;
+     * Note: The bare JID of the requester will be compared with the bare JID of the admins.
+     *
+     * @param requester the JID of the user requesting to execute this command.
+     * @return true if the requester is allowed to execute this command.
+     */
+    public boolean hasPermission(JID requester) {
+        String requesterBareJID = requester.toBareJID();
+        for (JID adminJID : XMPPServer.getInstance().getAdmins()) {
+            if (adminJID.toBareJID().equals(requesterBareJID)) {
+                return true;
+            }
+        }
+        return false;
    }
    /**

--- a/src/java/org/jivesoftware/messenger/commands/AdHocCommandHandler.java
+++ b/src/java/org/jivesoftware/messenger/commands/AdHocCommandHandler.java
@@ -106,7 +106,13 @@ public class AdHocCommandHandler extends IQHandler
                reply.setError(PacketError.Condition.item_not_found);
            }
            else {
-                // TODO Check that the requester has enough permission. Answer forbidden error if requester permissions are not enough
+                // Check that the requester has enough permission. Answer forbidden error if
+                // requester permissions are not enough to execute the requested command
+                if (!command.hasPermission(packet.getFrom())) {
+                    reply.setChildElement(iqCommand.createCopy());
+                    reply.setError(PacketError.Condition.forbidden);
+                    return reply;
+                }
                // Create new session ID
                sessionid = StringUtils.randomString(15);
@@ -318,8 +324,9 @@ public class AdHocCommandHandler extends IQHandler
            return true;
        }
        else {
-            // TODO Should we include permission checking? Wait for answer from mailing list
+            // Only include commands that the sender can execute
-            return commands.containsKey(node);
+            AdHocCommand command = commands.get(node);
+            return command != null && command.hasPermission(senderJID);
        }
    }
@@ -331,13 +338,15 @@ public class AdHocCommandHandler extends IQHandler
        else {
            Element item;
            for (AdHocCommand command : commands.values()) {
-                // TODO Only include commands that the sender can invoke (i.e. has enough permissions)
+                // Only include commands that the sender can invoke (i.e. has enough permissions)
-                item = DocumentHelper.createElement("item");
+                if (command.hasPermission(senderJID)) {
-                item.addAttribute("jid", serverName);
+                    item = DocumentHelper.createElement("item");
-                item.addAttribute("node", command.getCode());
+                    item.addAttribute("jid", serverName);
-                item.addAttribute("name", command.getLabel());
+                    item.addAttribute("node", command.getCode());
+                    item.addAttribute("name", command.getLabel());
-                answer.add(item);
+                    answer.add(item);
+                }
            }
        }
        return answer.iterator();