From 8a5b08e3f049bfec2d183afb703e21cb4de1b0e6 Mon Sep 17 00:00:00 2001
From: Badlop <badlop@process-one.net>
Date: Fri, 30 Jul 2010 00:57:00 +0200
Subject: New access option in mod_roster to disable changes (EJAB-72)

---
 src/ejabberd_c2s.erl | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

(limited to 'src/ejabberd_c2s.erl')

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 2ee4e0a22..309287721 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -1764,11 +1764,12 @@ presence_track(From, To, Packet, StateData) ->
 	    StateData#state{pres_i = I,
 			    pres_a = A};
 	'subscribe' ->
-	    ejabberd_hooks:run(roster_out_subscription,
-			     StateData#state.server,
-			     [StateData#state.user, StateData#state.server, To, subscribe]),
-	    check_privacy_route(From, StateData, exmpp_jid:bare(From),
-				To, Packet),
+	    try_check_privacy_route(subscribe, StateData#state.user, StateData#state.server,
+		From, StateData, exmpp_jid:bare(From), To, Packet),
+	    StateData;
+	'unsubscribe' ->
+	    try_check_privacy_route(subscribe, StateData#state.user, StateData#state.server,
+		From, StateData, exmpp_jid:bare(From), To, Packet),
 	    StateData;
 	'subscribed' ->
 	    ejabberd_hooks:run(roster_out_subscription,
@@ -1777,13 +1778,6 @@ presence_track(From, To, Packet, StateData) ->
 	    check_privacy_route(From, StateData, exmpp_jid:bare(From),
 				To, Packet),
 	    StateData;
-	'unsubscribe' ->
-	    ejabberd_hooks:run(roster_out_subscription,
-			     StateData#state.server,
-			     [StateData#state.user, StateData#state.server, To, unsubscribe]),
-	    check_privacy_route(From, StateData, exmpp_jid:bare(From),
-				To, Packet),
-	    StateData;
 	'unsubscribed' ->
 	    ejabberd_hooks:run(roster_out_subscription,
 			     StateData#state.server,
@@ -1805,6 +1799,22 @@ presence_track(From, To, Packet, StateData) ->
 			    pres_a = A}
     end.
 
+%%% Check ACL before allowing to send a subscription stanza
+try_check_privacy_route(Type, User, Server, From, StateData, FromRoute, To, Packet) ->
+    JID1 = exmpp_jid:make(User, Server, undefined),
+    Access = gen_mod:get_module_opt(Server, mod_roster, access, all),
+    case acl:match_rule(Server, Access, JID1) of
+	deny ->
+	    %% Silently drop this (un)subscription request
+	    ok;
+	allow ->
+	    ejabberd_hooks:run(roster_out_subscription,
+			       Server,
+			       [User, Server, To, Type]),
+	    check_privacy_route(From, StateData, FromRoute,
+				To, Packet)
+    end.
+
 check_privacy_route(From, StateData, FromRoute, To, Packet) ->
     case ejabberd_hooks:run_fold(
 	   privacy_check_packet, StateData#state.server,
-- 
cgit v1.2.3