diff options
| author | Pablo Polvorin <ppolvorin@process-one.net> | 2016-07-18 23:27:49 -0300 |
|---|---|---|
| committer | Pablo Polvorin <ppolvorin@process-one.net> | 2016-07-19 00:24:06 -0300 |
| commit | 33e0283f0d4f851d2414a8b42434641ca432031d (patch) | |
| tree | 4f63744ebf4af989f428f454782034d9a5734796 /src/ejabberd_commands.erl | |
| parent | Fix ce0d1704c6cc167c8bc891587952f78c55f979ad (diff) | |
Add 'ejabberd:user' and 'ejabberd:admin' oauth scopes
'ejabberd:user' includes all commands defined with policy "user".
'ejabberd:admin' includes commands defined with policy "admin".
Diffstat (limited to '')
| -rw-r--r-- | src/ejabberd_commands.erl | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl index 9d41f50c2..075ff35cf 100644 --- a/src/ejabberd_commands.erl +++ b/src/ejabberd_commands.erl @@ -218,7 +218,7 @@ get_command_format/1, get_command_format/2, get_command_format/3, - get_command_policy/1, + get_command_policy_and_scope/1, get_command_definition/1, get_command_definition/2, get_tags_commands/0, @@ -366,17 +366,23 @@ get_command_format(Name, Auth, Version) -> {Args, Result} end. --spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}. +-spec get_command_policy_and_scope(atom()) -> {ok, open|user|admin|restricted, [oauth_scope()]} | {error, command_not_found}. %% @doc return command policy. -get_command_policy(Name) -> +get_command_policy_and_scope(Name) -> case get_command_definition(Name) of - #ejabberd_commands{policy = Policy} -> - {ok, Policy}; + #ejabberd_commands{policy = Policy} = Cmd -> + {ok, Policy, cmd_scope(Cmd)}; command_not_found -> {error, command_not_found} end. +%% The oauth scopes for a command are the command name itself, +%% also might include either 'ejabberd:user' or 'ejabberd:admin' +cmd_scope(#ejabberd_commands{policy = Policy, name = Name}) -> + [erlang:atom_to_binary(Name,utf8)] ++ [<<"ejabberd:user">> || Policy == user] ++ [<<"ejabberd:admin">> || Policy == admin]. + + -spec get_command_definition(atom()) -> ejabberd_commands(). %% @doc Get the definition record of a command. @@ -627,8 +633,8 @@ check_access_commands(AccessCommands, Auth, Method, Command1, Arguments, CallerI check_auth(_Command, noauth) -> no_auth_provided; check_auth(Command, {User, Server, {oauth, Token}, _}) -> - Scope = erlang:atom_to_binary(Command#ejabberd_commands.name, utf8), - case ejabberd_oauth:check_token(User, Server, Scope, Token) of + ScopeList = cmd_scope(Command), + case ejabberd_oauth:check_token(User, Server, ScopeList, Token) of true -> {ok, User, Server}; false -> |