Commit 62a568f0 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

Added permissions checkings. JM-450

git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@3072 b35dd754-fafc-0310-a699-88a17e54d16e
parent 4d9dc644
......@@ -11,6 +11,8 @@
package org.jivesoftware.messenger.commands;
import org.dom4j.Element;
import org.xmpp.packet.JID;
import org.jivesoftware.messenger.XMPPServer;
import java.util.List;
......@@ -40,12 +42,6 @@ public abstract class AdHocCommand {
*/
private String label = getDefaultLabel();
/**
* Flag that indicates if the default permission schema defined in AdHocCommandHandler should
* be overridden while the permission schema defined for this command.
*/
private boolean overridePermissions;
public AdHocCommand() {
}
......@@ -57,12 +53,24 @@ public abstract class AdHocCommand {
this.label = label;
}
public boolean isOverridePermissions() {
return overridePermissions;
/**
* Returns true if the requester is allowed to execute this command. By default only admins
* are allowed to execute commands. Subclasses may redefine this method with any specific
* logic.<p>
*
* Note: The bare JID of the requester will be compared with the bare JID of the admins.
*
* @param requester the JID of the user requesting to execute this command.
* @return true if the requester is allowed to execute this command.
*/
public boolean hasPermission(JID requester) {
String requesterBareJID = requester.toBareJID();
for (JID adminJID : XMPPServer.getInstance().getAdmins()) {
if (adminJID.toBareJID().equals(requesterBareJID)) {
return true;
}
public void setOverridePermissions(boolean overridePermissions) {
this.overridePermissions = overridePermissions;
}
return false;
}
/**
......
......@@ -106,7 +106,13 @@ public class AdHocCommandHandler extends IQHandler
reply.setError(PacketError.Condition.item_not_found);
}
else {
// TODO Check that the requester has enough permission. Answer forbidden error if requester permissions are not enough
// Check that the requester has enough permission. Answer forbidden error if
// requester permissions are not enough to execute the requested command
if (!command.hasPermission(packet.getFrom())) {
reply.setChildElement(iqCommand.createCopy());
reply.setError(PacketError.Condition.forbidden);
return reply;
}
// Create new session ID
sessionid = StringUtils.randomString(15);
......@@ -318,8 +324,9 @@ public class AdHocCommandHandler extends IQHandler
return true;
}
else {
// TODO Should we include permission checking? Wait for answer from mailing list
return commands.containsKey(node);
// Only include commands that the sender can execute
AdHocCommand command = commands.get(node);
return command != null && command.hasPermission(senderJID);
}
}
......@@ -331,7 +338,8 @@ public class AdHocCommandHandler extends IQHandler
else {
Element item;
for (AdHocCommand command : commands.values()) {
// TODO Only include commands that the sender can invoke (i.e. has enough permissions)
// Only include commands that the sender can invoke (i.e. has enough permissions)
if (command.hasPermission(senderJID)) {
item = DocumentHelper.createElement("item");
item.addAttribute("jid", serverName);
item.addAttribute("node", command.getCode());
......@@ -340,6 +348,7 @@ public class AdHocCommandHandler extends IQHandler
answer.add(item);
}
}
}
return answer.iterator();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment