from Andy Skelton on
There remains a problem with the roster access model. When a shared roster group is not "displayed", membership in that group does not grant access to the pubsub node. The group must be "displayed" for its members to benefit from the pubsub roster access model.
Example: I have a node called "firehose" with access model "roster" and allowed groups "automattic" and "hosers". Group "automattic" has displayed groups "automattic". Group "hosers" has no displayed groups. Members of "automattic" can subscribe to "firehose" but members of "hosers" can not.
To fix this, I have modified mod_shared_roster:get_jid_info to use get_user_groups instead of get_user_displayed_groups. It works for me.
I have checked other uses of the hook "roster_get_jid_info" and found no place where including non-displayed groups would be wrong.
Another problem: roster "hosers" has members on multiple domains but only members with local JIDs are allowed to subscribe. This stems from mod_shared_roster:get_user_groups getting only the groups that are on the same host as the JID.
I have a workaround in place but I am afraid it points to an area I don't fully understand: mod_shared_roster can have multiple roster groups with the same name on different hosts, while mod_pubsub only uses the name of the group, not a host, for allowed groups.
My fix was to create a version of get_user_groups that gets all the user's groups on a given host, not necessarily the JID server. I am not confident that this is correct.