diff options
| author | Paweł Chmielowski <pchmielowski@process-one.net> | 2016-06-21 12:26:31 +0200 |
|---|---|---|
| committer | Paweł Chmielowski <pchmielowski@process-one.net> | 2016-06-21 12:26:31 +0200 |
| commit | 804190e4a899a1f7b05f1161490c5d151acde6f2 (patch) | |
| tree | 08ff5b4888e589e60cb11dc7e5f627d12da960e6 /src/acl.erl | |
| parent | Allow {mod_}opt_type to transform values passed to it, and for better error r... (diff) | |
Add acl:{access,shaper}_rules_validator for use in {mod_}opt_type()
Diffstat (limited to 'src/acl.erl')
| -rw-r--r-- | src/acl.erl | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/src/acl.erl b/src/acl.erl index 693219ebe..95c9ebbd4 100644 --- a/src/acl.erl +++ b/src/acl.erl @@ -34,7 +34,8 @@ load_from_config/0, match_rule/3, transform_options/1, opt_type/1, acl_rule_matches/3, acl_rule_verify/1, access_matches/3, - transform_access_rules_config/1]). + transform_access_rules_config/1, + access_rules_validator/1, shaper_rules_validator/1]). -include("ejabberd.hrl"). -include("logger.hrl"). @@ -334,6 +335,25 @@ acl_rule_verify({node_glob, {UR, SR}}) when is_binary(UR), is_binary(SR) -> true; acl_rule_verify(_Spec) -> false. +invalid_syntax(Msg, Data) -> + throw({invalid_syntax, iolist_to_binary(io_lib:format(Msg, Data))}). + +acl_rules_verify([{acl, Name} | Rest], true) when is_atom(Name) -> + acl_rules_verify(Rest, true); +acl_rules_verify([{acl, Name} = Rule | _Rest], false) when is_atom(Name) -> + invalid_syntax(<<"Using acl: rules not allowed: ~p">>, [Rule]); +acl_rules_verify([Rule | Rest], AllowAcl) -> + case acl_rule_verify(Rule) of + false -> + invalid_syntax(<<"Invalid rule: ~p">>, [Rule]); + true -> + acl_rules_verify(Rest, AllowAcl) + end; +acl_rules_verify([], _AllowAcl) -> + true; +acl_rules_verify(Rules, _AllowAcl) -> + invalid_syntax(<<"Not a acl rules list: ~p">>, [Rules]). + all_acl_rules_matches([], _Data, _Host) -> @@ -533,6 +553,44 @@ transform_access_rules_config2({Res, Rules}) when is_list(Rules) -> transform_access_rules_config2({Res, Rule}) -> {Res, [Rule]}. +access_rules_validator(Name) when is_atom(Name) -> + Name; +access_rules_validator(Rules0) -> + Rules = transform_access_rules_config(Rules0), + access_shaper_rules_validator(Rules, fun(allow) -> true; + (deny) -> true; + (_) -> false + end), + throw({replace_with, Rules}). + + +shaper_rules_validator(Name) when is_atom(Name) -> + Name; +shaper_rules_validator(Rules0) -> + Rules = transform_access_rules_config(Rules0), + access_shaper_rules_validator(Rules, fun(V) when is_atom(V) -> true; + (V2) when is_integer(V2) -> true; + (_) -> false + end), + throw({replace_with, Rules}). + +access_shaper_rules_validator([{Type, Acls} = Rule | Rest], RuleTypeCheck) -> + case RuleTypeCheck(Type) of + true -> + case acl_rules_verify(Acls, true) of + true -> + access_shaper_rules_validator(Rest, RuleTypeCheck); + Err -> + Err + end; + false -> + invalid_syntax(<<"Invalid rule type: ~p in rule ~p">>, [Type, Rule]) + end; +access_shaper_rules_validator([], _RuleTypeCheck) -> + true; +access_shaper_rules_validator(Value, _RuleTypeCheck) -> + invalid_syntax(<<"Not a rule definition: ~p">>, [Value]). + transform_options(Opts) -> Opts1 = lists:foldl(fun transform_options/2, [], Opts), |