diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/mod_pubsub/node_default.erl | 6 |
2 files changed, 6 insertions, 3 deletions
@@ -4,6 +4,9 @@ permissions (thanks to Andy Skelton)(EJAB-840) * src/mod_pubsub/node_default.erl: Likewise + * src/mod_pubsub/node_default.erl: prevent unauthorized entity to gain + none-affiliation for given entity (EJAB-840) + 2009-01-10 Christophe Romain <christophe.romain@process-one.net> * src/mod_pubsub/node_default.erl: fix unsubscription of full jid diff --git a/src/mod_pubsub/node_default.erl b/src/mod_pubsub/node_default.erl index a92c49aa8..e1d4fd6ea 100644 --- a/src/mod_pubsub/node_default.erl +++ b/src/mod_pubsub/node_default.erl @@ -356,6 +356,9 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) -> _ -> get_state(Host, Node, SubKey) end, if + %% Requesting entity is prohibited from unsubscribing entity + not Authorized -> + {error, ?ERR_FORBIDDEN}; %% Entity did not specify SubID %%SubID == "", ?? -> %% {error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "subid-required")}; @@ -365,9 +368,6 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) -> %% Requesting entity is not a subscriber SubState#pubsub_state.subscription == none -> {error, ?ERR_EXTENDED(?ERR_UNEXPECTED_REQUEST, "not-subscribed")}; - %% Requesting entity is prohibited from unsubscribing entity - not Authorized -> - {error, ?ERR_FORBIDDEN}; %% Was just subscriber, remove the record SubState#pubsub_state.affiliation == none -> del_state(SubState#pubsub_state.stateid), |