prevent unauthorized entity to gain none-affiliation for given entity

SVN Revision: 1802
author: Christophe Romain <christophe.romain@process-one.net> 2009-01-11 07:08:10 +0300
committer: Christophe Romain <christophe.romain@process-one.net> 2009-01-11 07:08:10 +0300
commit: 1ac9246a498027a190b389a70e46429aa83d96f0 (patch)
tree: e307b709ef71425f716483d0901cfcce06e84460 /src
parent: 8090011126fdabe36fdd0b9c2eea23c6270afa9c (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/mod_pubsub/node_default.erl b/src/mod_pubsub/node_default.erl
index a92c49aa8..e1d4fd6ea 100644
--- a/src/mod_pubsub/node_default.erl
+++ b/src/mod_pubsub/node_default.erl
@@ -356,6 +356,9 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) ->
 	_ -> get_state(Host, Node, SubKey)
 	end,
     if
+	%% Requesting entity is prohibited from unsubscribing entity
+	not Authorized ->
+	    {error, ?ERR_FORBIDDEN};
 	%% Entity did not specify SubID
 	%%SubID == "", ?? ->
 	%%	{error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "subid-required")};
@@ -365,9 +368,6 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) ->
 	%% Requesting entity is not a subscriber
 	SubState#pubsub_state.subscription == none ->
 	    {error, ?ERR_EXTENDED(?ERR_UNEXPECTED_REQUEST, "not-subscribed")};
-	%% Requesting entity is prohibited from unsubscribing entity
-	not Authorized ->
-	    {error, ?ERR_FORBIDDEN};
 	%% Was just subscriber, remove the record
 	SubState#pubsub_state.affiliation == none ->
 	    del_state(SubState#pubsub_state.stateid),
author	Christophe Romain <christophe.romain@process-one.net>	2009-01-11 07:08:10 +0300
committer	Christophe Romain <christophe.romain@process-one.net>	2009-01-11 07:08:10 +0300
commit	1ac9246a498027a190b389a70e46429aa83d96f0 (patch)
tree	e307b709ef71425f716483d0901cfcce06e84460 /src
parent	8090011126fdabe36fdd0b9c2eea23c6270afa9c (diff)