diff options
| author | Mickaël Rémond <mickael.remond@process-one.net> | 2016-04-13 09:45:56 +0200 |
|---|---|---|
| committer | Mickaël Rémond <mickael.remond@process-one.net> | 2016-04-13 09:45:56 +0200 |
| commit | b2abc1edb7ebc35a6c243375c94192446cb4ac1e (patch) | |
| tree | ce38fa8eac3e4540e4792d39f059f6f04a4fab9b /src | |
| parent | Fix typo in error message (diff) | |
| parent | Synchronizing master changes (diff) | |
Add preliminary tests on ACL module and prepare clean-up / refactor
Diffstat (limited to 'src')
| -rw-r--r-- | src/acl.erl | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/src/acl.erl b/src/acl.erl index fdf397d88..06202c67e 100644 --- a/src/acl.erl +++ b/src/acl.erl @@ -31,9 +31,11 @@ -export([start/0, to_record/3, add/3, add_list/3, add_local/3, add_list_local/3, load_from_config/0, - match_rule/3, match_acl/3, transform_options/1, + match_rule/3, match_access/4, match_acl/3, transform_options/1, opt_type/1]). +-export([add_access/3, clear/0]). + -include("ejabberd.hrl"). -include("logger.hrl"). -include("jlib.hrl"). @@ -43,6 +45,7 @@ rules = [] :: [access_rule()]}). -type regexp() :: binary(). +-type iprange() :: {inet:ip_address(), integer()} | binary(). -type glob() :: binary(). -type access_name() :: atom(). -type access_rule() :: {atom(), any()}. @@ -61,7 +64,7 @@ {user_glob, {glob(), host()} | glob()} | {server_glob, glob()} | {resource_glob, glob()} | - {ip, {inet:ip_address(), integer()}} | + {ip, iprange()} | {node_glob, {glob(), glob()}}. -type acl() :: #acl{aclname :: aclname(), @@ -204,6 +207,12 @@ load_from_config() -> end, AccessRules) end, Hosts). +%% Delete all previous set ACLs and Access rules +clear() -> + mnesia:clear_table(acl), + mnesia:clear_table(access), + ok. + b(S) -> iolist_to_binary(S). @@ -246,6 +255,19 @@ normalize_spec(Spec) -> end end. +-spec match_access(global | binary(), access_name(), + jid() | ljid() | inet:ip_address(), + atom()) -> any(). + +match_access(_Host, all, _JID, _Default) -> + allow; +match_access(_Host, none, _JID, _Default) -> + deny; +match_access(_Host, {user, UserPattern}, JID, Default) -> + match_user_spec({user, UserPattern}, JID, Default); +match_access(Host, AccessRule, JID, _Default) -> + match_rule(Host, AccessRule, JID). + -spec match_rule(global | binary(), access_name(), jid() | ljid() | inet:ip_address()) -> any(). @@ -348,6 +370,16 @@ match_acl(ACL, JID, Host) -> get_aclspecs(ACL, Host) -> ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}). + +match_user_spec(Spec, JID, Default) -> + case do_match_user_spec(Spec, jid:tolower(JID)) of + true -> Default; + false -> deny + end. + +do_match_user_spec({user, {U, S}}, {User, Server, _Resource}) -> + U == User andalso S == Server. + is_regexp_match(String, RegExp) -> case ejabberd_regexp:run(String, RegExp) of nomatch -> false; |