1 local events = require "util.events"; |
|
2 local cache = require "util.cache"; |
|
3 |
|
4 local service = {}; |
|
5 local service_mt = { __index = service }; |
|
6 |
|
7 local default_config = { __index = { |
|
8 itemstore = function (config, _) return cache.new(config["max_items"]) end; |
|
9 broadcaster = function () end; |
|
10 get_affiliation = function () end; |
|
11 capabilities = {}; |
|
12 } }; |
|
13 local default_node_config = { __index = { |
|
14 ["persist_items"] = false; |
|
15 ["max_items"] = 20; |
|
16 } }; |
|
17 |
|
18 local function new(config) |
|
19 config = config or {}; |
|
20 return setmetatable({ |
|
21 config = setmetatable(config, default_config); |
|
22 node_defaults = setmetatable(config.node_defaults or {}, default_node_config); |
|
23 affiliations = {}; |
|
24 subscriptions = {}; |
|
25 nodes = {}; |
|
26 data = {}; |
|
27 events = events.new(); |
|
28 }, service_mt); |
|
29 end |
|
30 |
|
31 function service:jids_equal(jid1, jid2) |
|
32 local normalize = self.config.normalize_jid; |
|
33 return normalize(jid1) == normalize(jid2); |
|
34 end |
|
35 |
|
36 function service:may(node, actor, action) |
|
37 if actor == true then return true; end |
|
38 |
|
39 local node_obj = self.nodes[node]; |
|
40 local node_aff = node_obj and node_obj.affiliations[actor]; |
|
41 local service_aff = self.affiliations[actor] |
|
42 or self.config.get_affiliation(actor, node, action) |
|
43 or "none"; |
|
44 |
|
45 -- Check if node allows/forbids it |
|
46 local node_capabilities = node_obj and node_obj.capabilities; |
|
47 if node_capabilities then |
|
48 local caps = node_capabilities[node_aff or service_aff]; |
|
49 if caps then |
|
50 local can = caps[action]; |
|
51 if can ~= nil then |
|
52 return can; |
|
53 end |
|
54 end |
|
55 end |
|
56 |
|
57 -- Check service-wide capabilities instead |
|
58 local service_capabilities = self.config.capabilities; |
|
59 local caps = service_capabilities[node_aff or service_aff]; |
|
60 if caps then |
|
61 local can = caps[action]; |
|
62 if can ~= nil then |
|
63 return can; |
|
64 end |
|
65 end |
|
66 |
|
67 return false; |
|
68 end |
|
69 |
|
70 function service:set_affiliation(node, actor, jid, affiliation) |
|
71 -- Access checking |
|
72 if not self:may(node, actor, "set_affiliation") then |
|
73 return false, "forbidden"; |
|
74 end |
|
75 -- |
|
76 local node_obj = self.nodes[node]; |
|
77 if not node_obj then |
|
78 return false, "item-not-found"; |
|
79 end |
|
80 node_obj.affiliations[jid] = affiliation; |
|
81 local _, jid_sub = self:get_subscription(node, true, jid); |
|
82 if not jid_sub and not self:may(node, jid, "be_unsubscribed") then |
|
83 local ok, err = self:add_subscription(node, true, jid); |
|
84 if not ok then |
|
85 return ok, err; |
|
86 end |
|
87 elseif jid_sub and not self:may(node, jid, "be_subscribed") then |
|
88 local ok, err = self:add_subscription(node, true, jid); |
|
89 if not ok then |
|
90 return ok, err; |
|
91 end |
|
92 end |
|
93 return true; |
|
94 end |
|
95 |
|
96 function service:add_subscription(node, actor, jid, options) |
|
97 -- Access checking |
|
98 local cap; |
|
99 if actor == true or jid == actor or self:jids_equal(actor, jid) then |
|
100 cap = "subscribe"; |
|
101 else |
|
102 cap = "subscribe_other"; |
|
103 end |
|
104 if not self:may(node, actor, cap) then |
|
105 return false, "forbidden"; |
|
106 end |
|
107 if not self:may(node, jid, "be_subscribed") then |
|
108 return false, "forbidden"; |
|
109 end |
|
110 -- |
|
111 local node_obj = self.nodes[node]; |
|
112 if not node_obj then |
|
113 if not self.config.autocreate_on_subscribe then |
|
114 return false, "item-not-found"; |
|
115 else |
|
116 local ok, err = self:create(node, true); |
|
117 if not ok then |
|
118 return ok, err; |
|
119 end |
|
120 node_obj = self.nodes[node]; |
|
121 end |
|
122 end |
|
123 node_obj.subscribers[jid] = options or true; |
|
124 local normal_jid = self.config.normalize_jid(jid); |
|
125 local subs = self.subscriptions[normal_jid]; |
|
126 if subs then |
|
127 if not subs[jid] then |
|
128 subs[jid] = { [node] = true }; |
|
129 else |
|
130 subs[jid][node] = true; |
|
131 end |
|
132 else |
|
133 self.subscriptions[normal_jid] = { [jid] = { [node] = true } }; |
|
134 end |
|
135 self.events.fire_event("subscription-added", { node = node, jid = jid, normalized_jid = normal_jid, options = options }); |
|
136 return true; |
|
137 end |
|
138 |
|
139 function service:remove_subscription(node, actor, jid) |
|
140 -- Access checking |
|
141 local cap; |
|
142 if actor == true or jid == actor or self:jids_equal(actor, jid) then |
|
143 cap = "unsubscribe"; |
|
144 else |
|
145 cap = "unsubscribe_other"; |
|
146 end |
|
147 if not self:may(node, actor, cap) then |
|
148 return false, "forbidden"; |
|
149 end |
|
150 if not self:may(node, jid, "be_unsubscribed") then |
|
151 return false, "forbidden"; |
|
152 end |
|
153 -- |
|
154 local node_obj = self.nodes[node]; |
|
155 if not node_obj then |
|
156 return false, "item-not-found"; |
|
157 end |
|
158 if not node_obj.subscribers[jid] then |
|
159 return false, "not-subscribed"; |
|
160 end |
|
161 node_obj.subscribers[jid] = nil; |
|
162 local normal_jid = self.config.normalize_jid(jid); |
|
163 local subs = self.subscriptions[normal_jid]; |
|
164 if subs then |
|
165 local jid_subs = subs[jid]; |
|
166 if jid_subs then |
|
167 jid_subs[node] = nil; |
|
168 if next(jid_subs) == nil then |
|
169 subs[jid] = nil; |
|
170 end |
|
171 end |
|
172 if next(subs) == nil then |
|
173 self.subscriptions[normal_jid] = nil; |
|
174 end |
|
175 end |
|
176 self.events.fire_event("subscription-removed", { node = node, jid = jid, normalized_jid = normal_jid }); |
|
177 return true; |
|
178 end |
|
179 |
|
180 function service:remove_all_subscriptions(actor, jid) |
|
181 local normal_jid = self.config.normalize_jid(jid); |
|
182 local subs = self.subscriptions[normal_jid] |
|
183 subs = subs and subs[jid]; |
|
184 if subs then |
|
185 for node in pairs(subs) do |
|
186 self:remove_subscription(node, true, jid); |
|
187 end |
|
188 end |
|
189 return true; |
|
190 end |
|
191 |
|
192 function service:get_subscription(node, actor, jid) |
|
193 -- Access checking |
|
194 local cap; |
|
195 if actor == true or jid == actor or self:jids_equal(actor, jid) then |
|
196 cap = "get_subscription"; |
|
197 else |
|
198 cap = "get_subscription_other"; |
|
199 end |
|
200 if not self:may(node, actor, cap) then |
|
201 return false, "forbidden"; |
|
202 end |
|
203 -- |
|
204 local node_obj = self.nodes[node]; |
|
205 if not node_obj then |
|
206 return false, "item-not-found"; |
|
207 end |
|
208 return true, node_obj.subscribers[jid]; |
|
209 end |
|
210 |
|
211 function service:create(node, actor, options) |
|
212 -- Access checking |
|
213 if not self:may(node, actor, "create") then |
|
214 return false, "forbidden"; |
|
215 end |
|
216 -- |
|
217 if self.nodes[node] then |
|
218 return false, "conflict"; |
|
219 end |
|
220 |
|
221 self.nodes[node] = { |
|
222 name = node; |
|
223 subscribers = {}; |
|
224 config = setmetatable(options or {}, {__index=self.node_defaults}); |
|
225 affiliations = {}; |
|
226 }; |
|
227 self.data[node] = self.config.itemstore(self.nodes[node].config, node); |
|
228 self.events.fire_event("node-created", { node = node, actor = actor }); |
|
229 local ok, err = self:set_affiliation(node, true, actor, "owner"); |
|
230 if not ok then |
|
231 self.nodes[node] = nil; |
|
232 self.data[node] = nil; |
|
233 end |
|
234 return ok, err; |
|
235 end |
|
236 |
|
237 function service:delete(node, actor) |
|
238 -- Access checking |
|
239 if not self:may(node, actor, "delete") then |
|
240 return false, "forbidden"; |
|
241 end |
|
242 -- |
|
243 local node_obj = self.nodes[node]; |
|
244 if not node_obj then |
|
245 return false, "item-not-found"; |
|
246 end |
|
247 self.nodes[node] = nil; |
|
248 if self.data[node] and self.data[node].clear then |
|
249 self.data[node]:clear(); |
|
250 end |
|
251 self.data[node] = nil; |
|
252 self.events.fire_event("node-deleted", { node = node, actor = actor }); |
|
253 self.config.broadcaster("delete", node, node_obj.subscribers); |
|
254 return true; |
|
255 end |
|
256 |
|
257 function service:publish(node, actor, id, item) |
|
258 -- Access checking |
|
259 if not self:may(node, actor, "publish") then |
|
260 return false, "forbidden"; |
|
261 end |
|
262 -- |
|
263 local node_obj = self.nodes[node]; |
|
264 if not node_obj then |
|
265 if not self.config.autocreate_on_publish then |
|
266 return false, "item-not-found"; |
|
267 end |
|
268 local ok, err = self:create(node, true); |
|
269 if not ok then |
|
270 return ok, err; |
|
271 end |
|
272 node_obj = self.nodes[node]; |
|
273 end |
|
274 local node_data = self.data[node]; |
|
275 local ok = node_data:set(id, item); |
|
276 if not ok then |
|
277 return nil, "internal-server-error"; |
|
278 end |
|
279 if type(ok) == "string" then id = ok; end |
|
280 self.events.fire_event("item-published", { node = node, actor = actor, id = id, item = item }); |
|
281 self.config.broadcaster("items", node, node_obj.subscribers, item, actor); |
|
282 return true; |
|
283 end |
|
284 |
|
285 function service:retract(node, actor, id, retract) |
|
286 -- Access checking |
|
287 if not self:may(node, actor, "retract") then |
|
288 return false, "forbidden"; |
|
289 end |
|
290 -- |
|
291 local node_obj = self.nodes[node]; |
|
292 if (not node_obj) or (not self.data[node]:get(id)) then |
|
293 return false, "item-not-found"; |
|
294 end |
|
295 local ok = self.data[node]:set(id, nil); |
|
296 if not ok then |
|
297 return nil, "internal-server-error"; |
|
298 end |
|
299 self.events.fire_event("item-retracted", { node = node, actor = actor, id = id }); |
|
300 if retract then |
|
301 self.config.broadcaster("items", node, node_obj.subscribers, retract); |
|
302 end |
|
303 return true |
|
304 end |
|
305 |
|
306 function service:purge(node, actor, notify) |
|
307 -- Access checking |
|
308 if not self:may(node, actor, "retract") then |
|
309 return false, "forbidden"; |
|
310 end |
|
311 -- |
|
312 local node_obj = self.nodes[node]; |
|
313 if not node_obj then |
|
314 return false, "item-not-found"; |
|
315 end |
|
316 if self.data[node] and self.data[node].clear then |
|
317 self.data[node]:clear() |
|
318 else |
|
319 self.data[node] = self.config.itemstore(self.nodes[node].config, node); |
|
320 end |
|
321 self.events.fire_event("node-purged", { node = node, actor = actor }); |
|
322 if notify then |
|
323 self.config.broadcaster("purge", node, node_obj.subscribers); |
|
324 end |
|
325 return true |
|
326 end |
|
327 |
|
328 function service:get_items(node, actor, id) |
|
329 -- Access checking |
|
330 if not self:may(node, actor, "get_items") then |
|
331 return false, "forbidden"; |
|
332 end |
|
333 -- |
|
334 local node_obj = self.nodes[node]; |
|
335 if not node_obj then |
|
336 return false, "item-not-found"; |
|
337 end |
|
338 if id then -- Restrict results to a single specific item |
|
339 local with_id = self.data[node]:get(id); |
|
340 if not with_id then |
|
341 return false, "item-not-found"; |
|
342 end |
|
343 return true, { id, [id] = with_id }; |
|
344 else |
|
345 local data = {} |
|
346 for key, value in self.data[node]:items() do |
|
347 data[#data+1] = key; |
|
348 data[key] = value; |
|
349 end |
|
350 return true, data; |
|
351 end |
|
352 end |
|
353 |
|
354 function service:get_nodes(actor) |
|
355 -- Access checking |
|
356 if not self:may(nil, actor, "get_nodes") then |
|
357 return false, "forbidden"; |
|
358 end |
|
359 -- |
|
360 return true, self.nodes; |
|
361 end |
|
362 |
|
363 function service:get_subscriptions(node, actor, jid) |
|
364 -- Access checking |
|
365 local cap; |
|
366 if actor == true or jid == actor or self:jids_equal(actor, jid) then |
|
367 cap = "get_subscriptions"; |
|
368 else |
|
369 cap = "get_subscriptions_other"; |
|
370 end |
|
371 if not self:may(node, actor, cap) then |
|
372 return false, "forbidden"; |
|
373 end |
|
374 -- |
|
375 local node_obj; |
|
376 if node then |
|
377 node_obj = self.nodes[node]; |
|
378 if not node_obj then |
|
379 return false, "item-not-found"; |
|
380 end |
|
381 end |
|
382 local normal_jid = self.config.normalize_jid(jid); |
|
383 local subs = self.subscriptions[normal_jid]; |
|
384 -- We return the subscription object from the node to save |
|
385 -- a get_subscription() call for each node. |
|
386 local ret = {}; |
|
387 if subs then |
|
388 for subscribed_jid, subscribed_nodes in pairs(subs) do |
|
389 if node then -- Return only subscriptions to this node |
|
390 if subscribed_nodes[node] then |
|
391 ret[#ret+1] = { |
|
392 node = node; |
|
393 jid = subscribed_jid; |
|
394 subscription = node_obj.subscribers[subscribed_jid]; |
|
395 }; |
|
396 end |
|
397 else -- Return subscriptions to all nodes |
|
398 local nodes = self.nodes; |
|
399 for subscribed_node in pairs(subscribed_nodes) do |
|
400 ret[#ret+1] = { |
|
401 node = subscribed_node; |
|
402 jid = subscribed_jid; |
|
403 subscription = nodes[subscribed_node].subscribers[subscribed_jid]; |
|
404 }; |
|
405 end |
|
406 end |
|
407 end |
|
408 end |
|
409 return true, ret; |
|
410 end |
|
411 |
|
412 -- Access models only affect 'none' affiliation caps, service/default access level... |
|
413 function service:set_node_capabilities(node, actor, capabilities) |
|
414 -- Access checking |
|
415 if not self:may(node, actor, "configure") then |
|
416 return false, "forbidden"; |
|
417 end |
|
418 -- |
|
419 local node_obj = self.nodes[node]; |
|
420 if not node_obj then |
|
421 return false, "item-not-found"; |
|
422 end |
|
423 node_obj.capabilities = capabilities; |
|
424 return true; |
|
425 end |
|
426 |
|
427 function service:set_node_config(node, actor, new_config) |
|
428 if not self:may(node, actor, "configure") then |
|
429 return false, "forbidden"; |
|
430 end |
|
431 |
|
432 local node_obj = self.nodes[node]; |
|
433 if not node_obj then |
|
434 return false, "item-not-found"; |
|
435 end |
|
436 |
|
437 for k,v in pairs(new_config) do |
|
438 node_obj.config[k] = v; |
|
439 end |
|
440 local new_data = self.config.itemstore(self.nodes[node].config, node); |
|
441 for key, value in self.data[node]:items() do |
|
442 new_data:set(key, value); |
|
443 end |
|
444 self.data[node] = new_data; |
|
445 return true; |
|
446 end |
|
447 |
|
448 return { |
|
449 new = new; |
|
450 }; |
|