PubSub Component Authorization
Is there a configuration in Tigase or PubSub component to only allow admins to perform PubSub actions? (I.e: create new nodes)
In my config, I have set my admin as:
and I am under the impression that I would need to use the admin account to be able to create new nodes but I am able to create node even when logged in as a non-admin user.
For example, if I am logged in as notadmin@mydomain, I want to make it that I am not able to create a node by sending the following stanza to the server.
<iq type='set' from='notadmin@mydomain/app' to='pubsub.mydomain' id='create1'> <pubsub xmlns='http://jabber.org/protocol/pubsub'> <create node='princely_musings'/> </pubsub> </iq>
Please let me know if my understanding above is wrong.
My setup is Tigase Server 7.0.4 with PubSub 3.1.0.
Added by Wojciech Kapcia over 2 years ago
PubSub specification doesn't define, that only administrators should be able to create PubSub nodes, it implies, that such limitations may be imposed:
An entity may want to create a new node. Support for this feature ("create-nodes") is RECOMMENDED. However, a service MAY disallow creation of nodes based on the identity of the requesting entity, or MAY disallow node creation altogether (e.g., reserving that privilege to a service-wide administrator).
As Bartosz already said - currently such feature is not implemented. What you could do modify
tigase.pubsub.modules.NodeCreateModule implementation and include additional check (for example only JIDs defined as admins can create nodes) and then use this implementation in Tigase.
In the new 7.2.0 version it will be possible to extend default modules without without the need to make changes to original sources.
I've created task #4605 to track this functionality and added you to watcher list.