Update NodeViewAcl + items gathering to support 'local' access model

Author: Lloyd Watkin

src/main/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/NodeThreadsGet.java

@@ -39,7 +39,7 @@ public NodeThreadsGet(BlockingQueue<Packet> outQueue,
 		setChannelManager(channelManager);
 		setOutQueue(outQueue);
 	}
-	
+
 	@Override
 	public void process(Element elm, JID actorJID, IQ reqIQ, Element rsm)
 			throws Exception {
@@ -48,7 +48,7 @@ public void process(Element elm, JID actorJID, IQ reqIQ, Element rsm)
 		this.actor = actorJID;
 		this.resultSetManagement = rsm;
 		this.max = MAX_THREADS_TO_RETURN;
-		
+
 		if (actor == null) {
 			actor = request.getFrom();
 		}
@@ -77,13 +77,14 @@ private void addRsmElement() throws NodeStoreException {
 		Element rsm = pubsubEl.addElement("set", NS_RSM);
 		rsm.addElement("first", NS_RSM).setText(firstItem);
 		rsm.addElement("last", NS_RSM).setText(lastItem);
-		
+
 		Integer nodeThreadCount = channelManager.countNodeThreads(node);
 		rsm.addElement("count", NS_RSM).setText(nodeThreadCount.toString());
 	}
 
 	private void getNodeThreads() throws NodeStoreException, DocumentException {
-		ResultSet<NodeThread> nodeThreads = channelManager.getNodeThreads(node, afterId, max);
+		ResultSet<NodeThread> nodeThreads = channelManager.getNodeThreads(node,
+				afterId, max);
 		this.response = IQ.createResultIQ(request);
 		Element pubsubEl = response.getElement().addElement("pubsub",
 				JabberPubsub.NAMESPACE_URI);
@@ -92,8 +93,8 @@ private void getNodeThreads() throws NodeStoreException, DocumentException {
 			Element threadEl = pubsubEl.addElement("thread");
 			threadEl.addAttribute("node", node);
 			threadEl.addAttribute("id", nodeThread.getId());
-			threadEl.addAttribute("updated", Conf.formatDate(
-					nodeThread.getUpdated()));
+			threadEl.addAttribute("updated",
+					Conf.formatDate(nodeThread.getUpdated()));
 			ResultSet<NodeItem> items = nodeThread.getItems();
 			for (NodeItem item : items) {
 				Element entry = xmlReader.read(
@@ -122,15 +123,16 @@ private boolean isValidStanza() throws NodeStoreException {
 		}
 		return true;
 	}
-	
-	private AccessModels getNodeAccessModel(Map<String, String> nodeConfiguration) {
+
+	private AccessModels getNodeAccessModel(
+			Map<String, String> nodeConfiguration) {
 		if (!nodeConfiguration.containsKey(AccessModel.FIELD_NAME)) {
 			return AccessModels.authorize;
 		}
 		return AccessModels.createFromString(nodeConfiguration
 				.get(AccessModel.FIELD_NAME));
 	}
-	
+
 	private boolean userCanViewNode() throws NodeStoreException {
 		NodeSubscription nodeSubscription = channelManager.getUserSubscription(
 				node, actor);
@@ -144,19 +146,21 @@ private boolean userCanViewNode() throws NodeStoreException {
 			subscription = nodeSubscription.getSubscription();
 		}
 		NodeViewAcl nodeViewAcl = new NodeViewAcl();
-		Map<String, String> nodeConfiguration = channelManager.getNodeConf(node);
-		
-		if (nodeViewAcl.canViewNode(node, affiliation, subscription, 
-				getNodeAccessModel(nodeConfiguration))) {
+		Map<String, String> nodeConfiguration = channelManager
+				.getNodeConf(node);
+
+		if (nodeViewAcl.canViewNode(node, affiliation, subscription,
+				getNodeAccessModel(nodeConfiguration),
+				channelManager.isLocalJID(actor))) {
 			return true;
 		}
-		
+
 		NodeAclRefuseReason reason = nodeViewAcl.getReason();
 		createExtendedErrorReply(reason.getType(), reason.getCondition(),
 				reason.getAdditionalErrorElement());
 		return false;
 	}
-	
+
 	private boolean parseRsmElement() throws NodeStoreException {
 		if (resultSetManagement == null) {
 			return true;
@@ -176,7 +180,7 @@ private boolean parseRsmElement() throws NodeStoreException {
 		}
 		return true;
 	}
-	
+
 	@Override
 	public boolean accept(Element elm) {
 		return elm.getName().equals("threads");

src/main/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/RepliesGet.java

@@ -212,7 +212,7 @@ private boolean userCanViewNode() throws NodeStoreException {
 		}
 		if (true == getNodeViewAcl().canViewNode(node,
 				possibleExistingAffiliation, possibleExistingSubscription,
-				getNodeAccessModel())) {
+				getNodeAccessModel(), channelManager.isLocalJID(actor))) {
 			return true;
 		}
 		NodeAclRefuseReason reason = getNodeViewAcl().getReason();

src/main/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/ThreadGet.java

@@ -220,7 +220,7 @@ private boolean userCanViewNode() throws NodeStoreException {
 		}
 		if (true == getNodeViewAcl().canViewNode(node,
 				possibleExistingAffiliation, possibleExistingSubscription,
-				getNodeAccessModel())) {
+				getNodeAccessModel(), channelManager.isLocalJID(actor))) {
 			return true;
 		}
 		NodeAclRefuseReason reason = getNodeViewAcl().getReason();

src/main/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/items/UserItemsGet.java

@@ -48,7 +48,6 @@ public class UserItemsGet implements PubSubElementProcessor {
 	private SAXReader xmlReader;
 	private Element entry;
 	private IQ requestIq;
-	private JID fetchersJid;
 	private IQ reply;
 	private Element resultSetManagement;
 	private Element element;
@@ -60,6 +59,8 @@ public class UserItemsGet implements PubSubElementProcessor {
 
 	private int rsmEntriesCount;
 
+	private JID actor;
+
 	public UserItemsGet(BlockingQueue<Packet> outQueue,
 			ChannelManager channelManager) {
 		this.outQueue = outQueue;
@@ -104,7 +105,10 @@ public void process(Element elm, JID actorJID, IQ reqIQ, Element rsm)
 			isCached = channelManager.isCachedNode(node);
 		}
 
-		fetchersJid = requestIq.getFrom();
+		this.actor = actorJID;
+		if (null == this.actor) {
+			this.actor = requestIq.getFrom();
+		}
 
 		if (!channelManager.isLocalNode(node) && !isCached) {
 			logger.debug("Node " + node
@@ -121,10 +125,6 @@ public void process(Element elm, JID actorJID, IQ reqIQ, Element rsm)
 				return;
 			}
 
-			if (actorJID != null) {
-				fetchersJid = actorJID;
-			}
-
 			if (!userCanViewNode()) {
 				outQueue.put(reply);
 				return;
@@ -278,9 +278,9 @@ private void getItems() throws Exception {
 
 	private boolean userCanViewNode() throws NodeStoreException {
 		NodeSubscription nodeSubscription = channelManager.getUserSubscription(
-				node, fetchersJid);
+				node, actor);
 		NodeAffiliation nodeAffiliation = channelManager.getUserAffiliation(
-				node, fetchersJid);
+				node, actor);
 
 		Affiliations possibleExistingAffiliation = Affiliations.none;
 		Subscriptions possibleExistingSubscription = Subscriptions.none;
@@ -295,7 +295,7 @@ private boolean userCanViewNode() throws NodeStoreException {
 		}
 		if (getNodeViewAcl().canViewNode(node,
 				possibleExistingAffiliation, possibleExistingSubscription,
-				getNodeAccessModel())) {
+				getNodeAccessModel(), channelManager.isLocalJID(actor))) {
 			return true;
 		}
 		NodeAclRefuseReason reason = getNodeViewAcl().getReason();

src/main/java/org/buddycloud/channelserver/pubsub/accessmodel/AccessModels.java

@@ -2,7 +2,7 @@
 
 public enum AccessModels {
 
-	authorize, open, presence, roster, whitelist;
+	authorize, open, presence, roster, whitelist, local;
 
 	public static AccessModels createFromString(String asString) {
 
@@ -16,6 +16,8 @@ public static AccessModels createFromString(String asString) {
 			return roster;
 		} else if ("whitelist".equals(asString)) {
 			return whitelist;
+		} else if ("local".equals(asString)) {
+			return local;
 		}
 		return authorize;
 	}

src/main/java/org/buddycloud/channelserver/utils/node/NodeViewAcl.java

@@ -20,9 +20,9 @@ public class NodeViewAcl {
 	private NodeAclRefuseReason reasonForRefusal;
 
 	public boolean canViewNode(String node, Affiliations affilliation,
-			Subscriptions subscription, AccessModels accessModel) {
+			Subscriptions subscription, AccessModels accessModel, boolean isLocalUser) {
 		LOGGER.trace("Being asked for access to " + node + " with properties "
-				+ affilliation + " :: " + subscription + " :: " + accessModel);
+				+ affilliation + " :: " + subscription + " :: " + accessModel + " :: local user (" + String.valueOf(isLocalUser) + ")");
 		reasonForRefusal = null;
 
 		if (Affiliations.outcast.toString().equals(affilliation.toString())) {
@@ -37,6 +37,11 @@ public boolean canViewNode(String node, Affiliations affilliation,
 			return privateChannelAcl(node, subscription, affilliation);
 		} else if (accessModel.toString().equals(AccessModels.whitelist.toString())) {
             return whitelistAcl(node, subscription, affilliation);
+        } else if (accessModel.toString().equals(AccessModels.local.toString())) {
+        	if (true == isLocalUser) {
+        		return openChannelAcl(node, subscription, affilliation); 
+        	}
+        	return privateChannelAcl(node, subscription, affilliation);
         }
 		throw new InvalidParameterException(INVALID_ACCESS_MODEL);
 	}

src/test/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/RepliesGetTest.java

@@ -88,7 +88,8 @@ public void setUp() throws Exception {
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 	}
 
 	@Test
@@ -158,7 +159,8 @@ public void testUserWhoCantAccessChannelGetsPermissionErrorStanzaReply()
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		NodeAclRefuseReason refusalReason = new NodeAclRefuseReason(
 				PacketError.Type.auth, PacketError.Condition.forbidden,
 				"pending-subscription");

src/test/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/ThreadGetTest.java

@@ -88,7 +88,8 @@ public void setUp() throws Exception {
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 	}
 
 	@Test
@@ -158,7 +159,8 @@ public void testUserWhoCantAccessChannelGetsPermissionErrorStanzaReply()
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		NodeAclRefuseReason refusalReason = new NodeAclRefuseReason(
 				PacketError.Type.auth, PacketError.Condition.forbidden,
 				"pending-subscription");

src/test/java/org/buddycloud/channelserver/packetprocessor/iq/namespace/pubsub/get/items/UserItemsGetTest.java

@@ -152,7 +152,8 @@ public void testSubscriptionIncompatibleWithItemRetrievalReturnsExpectedStanza()
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		NodeAclRefuseReason refusalReason = new NodeAclRefuseReason(
 				PacketError.Type.auth, PacketError.Condition.forbidden,
 				"pending-subscription");
@@ -203,7 +204,8 @@ public void testStandardNodeWithNoItemsReturnsNoItems() throws Exception {
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		itemsGet.setNodeViewAcl(nodeViewAclMock);
 
 		itemsGet.process(element, jid, request, null);
@@ -250,7 +252,8 @@ public void testSubscriptionsNodeWithNoItemsReturnsNoItems()
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		itemsGet.setNodeViewAcl(nodeViewAclMock);
 
 		itemsGet.process(element, jid, request, null);
@@ -308,7 +311,8 @@ public void testUnparsableNodeEntryIsIgnoredInItemsResponse()
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		itemsGet.setNodeViewAcl(nodeViewAclMock);
 
 		itemsGet.process(element, jid, request, null);
@@ -364,7 +368,8 @@ public void testPostsNodeReturnsItemsAsExpected() throws Exception {
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		itemsGet.setNodeViewAcl(nodeViewAclMock);
 
 		itemsGet.process(element, jid, request, null);
@@ -455,7 +460,8 @@ public void testSubscriberThatHasNoSubscribersDoesNotCauseError()
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		itemsGet.setNodeViewAcl(nodeViewAclMock);
 
 		itemsGet.process(element, jid, request, null);
@@ -536,7 +542,8 @@ public void testSubscriptionsNodeReturnsItemsAsExpected() throws Exception {
 				.canViewNode(Mockito.anyString(),
 						Mockito.any(Affiliations.class),
 						Mockito.any(Subscriptions.class),
-						Mockito.any(AccessModels.class));
+						Mockito.any(AccessModels.class),
+						Mockito.anyBoolean());
 		itemsGet.setNodeViewAcl(nodeViewAclMock);
 
 		itemsGet.process(element, jid, request, null);

src/test/java/org/buddycloud/channelserver/utils/node/NodeViewAclTest.java

@@ -24,8 +24,10 @@ public class NodeViewAclTest extends TestCase {
 	public void testPassingInvalidAccessModelThrowsException() {
 
 		try {
-			/*acl.canViewNode(node, Affiliations.member,
-					Subscriptions.none, "invalid-access-model");*/
+			/*
+			 * acl.canViewNode(node, Affiliations.member, Subscriptions.none,
+			 * "invalid-access-model");
+			 */
 		} catch (Exception e) {
 			assertSame(InvalidParameterException.class, e.getClass());
 			return;
@@ -198,11 +200,32 @@ public void testNoAffiliationOnSubscribedNodeRefusesItemRetrieval() {
 				PacketError.Type.auth, PacketError.Condition.not_authorized);
 	}
 
+	@Test
+	public void testLocalUserCanViewNodeWithLocalAccessModel() {
+		checkForAllowedAccess(Affiliations.none, Subscriptions.none,
+				AccessModels.local, true);
+	}
+
+	@Test
+	public void testRemoteUserCantViewNodeWithLocalAccessModel() {
+		checkForBlockedAccess(Affiliations.none, Subscriptions.none,
+				AccessModels.local, false, NodeViewAcl.CLOSED_NODE,
+				PacketError.Type.auth, PacketError.Condition.forbidden);
+	}
+
 	private void checkForBlockedAccess(Affiliations affiliation,
 			Subscriptions subscription, AccessModels accessModel,
 			String additionalError, Type type, Condition condition) {
-		assertFalse(acl.canViewNode(node, affiliation,
-				subscription, accessModel));
+		checkForBlockedAccess(affiliation, subscription, accessModel, true,
+				additionalError, type, condition);
+	}
+
+	private void checkForBlockedAccess(Affiliations affiliation,
+			Subscriptions subscription, AccessModels accessModel,
+			boolean isLocalUser, String additionalError, Type type,
+			Condition condition) {
+		assertFalse(acl.canViewNode(node, affiliation, subscription,
+				accessModel, isLocalUser));
 		assertEquals(type, acl.getReason().getType());
 		assertEquals(condition, acl.getReason().getCondition());
 		assertEquals(additionalError, acl.getReason()
@@ -211,8 +234,14 @@ private void checkForBlockedAccess(Affiliations affiliation,
 
 	private void checkForAllowedAccess(Affiliations affiliation,
 			Subscriptions subscription, AccessModels accessModel) {
-		assertTrue(acl.canViewNode(node, affiliation,
-				subscription, accessModel));
+		checkForAllowedAccess(affiliation, subscription, accessModel, true);
+	}
+
+	private void checkForAllowedAccess(Affiliations affiliation,
+			Subscriptions subscription, AccessModels accessModel,
+			boolean isLocalUser) {
+		assertTrue(acl.canViewNode(node, affiliation, subscription,
+				accessModel, isLocalUser));
 		assertNull(acl.getReason());
 	}
 }