Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-898

PubSub: roster access model not fully supported

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Cancelled
    • Affects Version/s: ejabberd 2.1.0
    • Fix Version/s: None
    • Labels:
      None

      Description

      from Andy Skelton on EJAB-780:
      There remains a problem with the roster access model. When a shared roster group is not "displayed", membership in that group does not grant access to the pubsub node. The group must be "displayed" for its members to benefit from the pubsub roster access model.

      Example: I have a node called "firehose" with access model "roster" and allowed groups "automattic" and "hosers". Group "automattic" has displayed groups "automattic". Group "hosers" has no displayed groups. Members of "automattic" can subscribe to "firehose" but members of "hosers" can not.

      To fix this, I have modified mod_shared_roster:get_jid_info to use get_user_groups instead of get_user_displayed_groups. It works for me.

      I have checked other uses of the hook "roster_get_jid_info" and found no place where including non-displayed groups would be wrong.

      Another problem: roster "hosers" has members on multiple domains but only members with local JIDs are allowed to subscribe. This stems from mod_shared_roster:get_user_groups getting only the groups that are on the same host as the JID.

      I have a workaround in place but I am afraid it points to an area I don't fully understand: mod_shared_roster can have multiple roster groups with the same name on different hosts, while mod_pubsub only uses the name of the group, not a host, for allowed groups.

      My fix was to create a version of get_user_groups that gets all the user's groups on a given host, not necessarily the JID server. I am not confident that this is correct.

        Issue Links

          Activity

          Hide
          cromain@process-one.net Christophe Romain (Inactive) added a comment -

          this patch is not complete and should be reworked.
          get_group_name call should not be removed.
          this will be reviewed after ejabberd 2.1 and 3.0 release.

          Show
          cromain@process-one.net Christophe Romain (Inactive) added a comment - this patch is not complete and should be reworked. get_group_name call should not be removed. this will be reviewed after ejabberd 2.1 and 3.0 release.

            People

            • Assignee:
              cromain@process-one.net Christophe Romain (Inactive)
              Reporter:
              cromain@process-one.net Christophe Romain (Inactive)
              Participants:
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development