Project

General

Profile

PubsubComponent customization

Gabriel Rossetti
Added over 4 years ago

Hi all,

I need to disallow certain actions, such as node creation, deletion, and publishing, from non-admin users. I found an old forum post where the user extended the component and overrode the init() procedure. I started doing that but say that since several members are private:

  • adHocCommandsModule

  • pendingSubscriptionModule

  • presenceCollectorModule

  • presenceNotifierModule

  • publishNodeModule

I cannot do it pseudo-cleanly:

  • Extend NodeCreateModule, NodeDeleteModule, PublishItemModule, override their process(Packet packet) proceedure and inside check if the user is admin, if so call super.process(packet) if not ignore and log.

  • Extend PubSubComponent and override it's init(), inside call super.init() and then unregister anything that depends on those even transitively and then register the above and anything that needed them transitively.

I then tried to then re-implement the whole PubSubComponent class and use my versions of the modules but not being in the same package I cannot access componentConfig.setPubSubRepository() since it uses package visibility. I could I guess use the same package but this means my package hierarchy is not like I'd like it. I could also use reflection but this is not great. Another option is to copy PubSubConfig and make setPubSubRepository() protected but then I may have other issues, I have not really looked into this last option yet.

I wonder if there is a simpler way to do what I would like to do?

Thanks,

Gabriel


Replies (5)

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 4 years ago

All the PubSub node actions can be done by non-admin users over standard PubSub protocol. However, there is now way to select who can do what. You either allow full access for everybody or restrict access to admins only.

Another way is to do the PubSub actions over admin ad-hoc commands. In such a case you can use stuff like ACL in Tigase to allow certain users to execute certain admin commands.

Some of the PubSub actions are available over admin ad-hoc commands interface, some are not but I think it would be easy enough to add missing commands. The problem with ACL is that they are kind of cumbersome at the moment. Managing ACL is difficult and requires server restart. We are working on improvements here though.

Added by Gabriel Rossetti over 4 years ago

Artur Hefczyc wrote:

All the PubSub node actions can be done by non-admin users over standard PubSub protocol. However, there is now way to select who can do what. You either allow full access for everybody or restrict access to admins only.

Thanks, where can I find some doc on how to do this pls? I read the admin and user guides but I did not see anything about the above (I am not talking about the ACLs doc, I know there is a ticket on that to add documentation).

Another way is to do the PubSub actions over admin ad-hoc commands. In such a case you can use stuff like ACL in Tigase to allow certain users to execute certain admin commands.

Some of the PubSub actions are available over admin ad-hoc commands interface, some are not but I think it would be easy enough to add missing commands. The problem with ACL is that they are kind of cumbersome at the moment. Managing ACL is difficult and requires server restart. We are working on improvements here though.

Ok, thanks, good to know. At this point though I think I will try your first suggestion.

BTW, I think the links in the docs are broken, see here for example: http://docs.tigase.org/tigase-server/5.3.0/adminguide/#_generic_documents_applying_to_all_tigase_server_versions

Added by Wojciech Kapcia TigaseTeam over 4 years ago

Gabriel Rossetti wrote:

Artur Hefczyc wrote:

All the PubSub node actions can be done by non-admin users over standard PubSub protocol. However, there is now way to select who can do what. You either allow full access for everybody or restrict access to admins only.

Thanks, where can I find some doc on how to do this pls? I read the admin and user guides but I did not see anything about the above (I am not talking about the ACLs doc, I know there is a ticket on that to add documentation).

Artur was referring to XEP-0060: Publish-Subscribe and protocol defined there.

BTW, I think the links in the docs are broken, see here for example: http://docs.tigase.org/tigase-server/5.3.0/adminguide/#_generic_documents_applying_to_all_tigase_server_versions

We are aware of that, this is still work in progress as we are in a process of migrating and for the moment you can use http://www.tigase.org/admin-guide.

Added by Gabriel Rossetti over 4 years ago

Wojciech Kapcia wrote:

Gabriel Rossetti wrote:

Artur Hefczyc wrote:

All the PubSub node actions can be done by non-admin users over standard PubSub protocol. However, there is now way to select who can do what. You either allow full access for everybody or restrict access to admins only.

Thanks, where can I find some doc on how to do this pls? I read the admin and user guides but I did not see anything about the above (I am not talking about the ACLs doc, I know there is a ticket on that to add documentation).

Artur was referring to XEP-0060: Publish-Subscribe and protocol defined there.

I was referring to his:

However, there is now way to select who can do what. You either allow full access for everybody or restrict access to admins only.

I assume he was referring to: http://xmpp.org/extensions/xep-0060.html#accessmodels

So this is supported by Tigase? I tried via psi to run the create node command and it displays a non-writable form (I assume this is a psi bug?), it has "Specify the subscriber model" and "Specify the publisher model", is this how it would be done in Tigase?

BTW, I think the links in the docs are broken, see here for example: http://docs.tigase.org/tigase-server/5.3.0/adminguide/#_generic_documents_applying_to_all_tigase_server_versions

We are aware of that, this is still work in progress as we are in a process of migrating and for the moment you can use http://www.tigase.org/admin-guide.

Thanks

Added by Wojciech Kapcia TigaseTeam over 4 years ago

Gabriel Rossetti wrote:

I was referring to his:

However, there is now way to select who can do what. You either allow full access for everybody or restrict access to admins only.

I assume he was referring to: http://xmpp.org/extensions/xep-0060.html#accessmodels

So this is supported by Tigase? I tried via psi to run the create node command and it displays a non-writable form (I assume this is a psi bug?), it has "Specify the subscriber model" and "Specify the publisher model", is this how it would be done in Tigase?

Yes, it's supported by Tigase. In order to follow specs you should send stanzas directly to create node with configuration Please note options:

        <field var='pubsub#access_model'><value>open</value></field>
        <field var='pubsub#publish_model'><value>publishers</value></field>

As for the form - it's a UI for the ad-hoc command (a bit different thing from the above) and it should work - it's hard to tell why those options are disabled for you.

    (1-5/5)