Permalink
Browse files

fix and bump version

  • Loading branch information...
1 parent 0a4c2d6 commit 6262b1ca19421089bdcd4fbec558023df0240109 @oberstet oberstet committed Nov 8, 2016
Showing with 78 additions and 14 deletions.
  1. +1 −1 crossbar/__init__.py
  2. +6 −2 crossbar/router/observation.py
  3. +62 −11 crossbar/router/service.py
  4. +9 −0 docs/pages/ChangeLog.md
@@ -33,6 +33,6 @@
import txaio
txaio.use_twisted()
-__version__ = '16.10.0'
+__version__ = '16.10.1'
__all__ = ('__version__',)
@@ -43,9 +43,13 @@
def is_protected_uri(uri, details=None):
+ """
+ Test if the given URI is from a "protected namespace" (starting with `wamp.`
+ or `crossbar.`). Note that "trusted" clients can access all namespaces.
+ """
trusted = details and details.caller_authrole == u'trusted'
- if True or trusted:
- return uri.startswith(u'wamp.')
+ if trusted:
+ return False
else:
return uri.startswith(u'wamp.') or uri.startswith(u'crossbar.')
@@ -229,7 +229,12 @@ def registration_remove_callee(self, registration_id, callee_id, reason=None, de
)
registration = self._router._dealer._registration_map.get_observation_by_id(registration_id)
- if registration and not is_protected_uri(registration.uri, details):
+ if registration:
+ if is_protected_uri(registration.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to remove callee for protected URI "{}"'.format(registration.uri),
+ )
if callee not in registration.observers:
raise ApplicationError(
@@ -263,7 +268,12 @@ def subscription_remove_subscriber(self, subscription_id, subscriber_id, reason=
)
subscription = self._router._broker._subscription_map.get_observation_by_id(subscription_id)
- if subscription and not is_protected_uri(subscription.uri, details):
+ if subscription:
+ if is_protected_uri(subscription.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to remove subscriber for protected URI "{}"'.format(subscription.uri),
+ )
if subscriber not in subscription.observers:
raise ApplicationError(
@@ -291,7 +301,13 @@ def registration_get(self, registration_id, details=None):
"""
registration = self._router._dealer._registration_map.get_observation_by_id(registration_id)
- if registration and not is_protected_uri(registration.uri, details):
+ if registration:
+ if is_protected_uri(registration.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to get registration for protected URI "{}"'.format(registration.uri),
+ )
+
registration_details = {
u'id': registration.id,
u'created': registration.created,
@@ -319,7 +335,13 @@ def subscription_get(self, subscription_id, details=None):
"""
subscription = self._router._broker._subscription_map.get_observation_by_id(subscription_id)
- if subscription and is_protected_uri(subscription.uri, details):
+ if subscription:
+ if is_protected_uri(subscription.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to get subscription for protected URI "{}"'.format(subscription.uri),
+ )
+
subscription_details = {
u'id': subscription.id,
u'created': subscription.created,
@@ -380,7 +402,7 @@ def subscription_list(self, details=None):
subscriptions_exact = []
for subscription in subscription_map._observations_exact.values():
- if is_protected_uri(subscription.uri, details):
+ if not is_protected_uri(subscription.uri, details):
subscriptions_exact.append(subscription.id)
subscriptions_prefix = []
@@ -494,7 +516,7 @@ def subscription_lookup(self, topic, options=None, details=None):
subscription = self._router._broker._subscription_map.get_observation(topic, match)
- if subscription and is_protected_uri(subscription.uri, details):
+ if subscription and not is_protected_uri(subscription.uri, details):
return subscription.id
else:
return None
@@ -512,7 +534,13 @@ def registration_list_callees(self, registration_id, details=None):
"""
registration = self._router._dealer._registration_map.get_observation_by_id(registration_id)
- if registration and not is_protected_uri(registration.uri, details):
+ if registration:
+ if is_protected_uri(registration.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to list callees for protected URI "{}"'.format(registration.uri),
+ )
+
session_ids = []
for callee in registration.observers:
session_ids.append(callee._session_id)
@@ -536,7 +564,13 @@ def subscription_list_subscribers(self, subscription_id, details=None):
"""
subscription = self._router._broker._subscription_map.get_observation_by_id(subscription_id)
- if subscription and is_protected_uri(subscription.uri, details):
+ if subscription:
+ if is_protected_uri(subscription.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to list subscribers for protected URI "{}"'.format(subscription.uri),
+ )
+
session_ids = []
for subscriber in subscription.observers:
session_ids.append(subscriber._session_id)
@@ -560,7 +594,12 @@ def registration_count_callees(self, registration_id, details=None):
"""
registration = self._router._dealer._registration_map.get_observation_by_id(registration_id)
- if registration and not is_protected_uri(registration.uri, details):
+ if registration:
+ if is_protected_uri(registration.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to count callees for protected URI "{}"'.format(registration.uri),
+ )
return len(registration.observers)
else:
raise ApplicationError(
@@ -581,7 +620,13 @@ def subscription_count_subscribers(self, subscription_id, details=None):
"""
subscription = self._router._broker._subscription_map.get_observation_by_id(subscription_id)
- if subscription and is_protected_uri(subscription.uri, details):
+ if subscription:
+ if is_protected_uri(subscription.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to count subscribers for protected URI "{}"'.format(subscription.uri),
+ )
+
return len(subscription.observers)
else:
raise ApplicationError(
@@ -612,7 +657,13 @@ def subscription_get_events(self, subscription_id, limit=10, details=None):
subscription = self._router._broker._subscription_map.get_observation_by_id(subscription_id)
- if subscription and is_protected_uri(subscription.uri, details):
+ if subscription:
+ if is_protected_uri(subscription.uri, details):
+ raise ApplicationError(
+ ApplicationError.NOT_AUTHORIZED,
+ message=u'not authorized to retrieve event history for protected URI "{}"'.format(subscription.uri),
+ )
+
events = self._router._broker._event_store.get_events(subscription_id, limit)
if events is None:
# a return value of None in above signals that event history really
@@ -2,6 +2,15 @@ title: ChangeLog
toc: [Documentation, Programming Guide, ChangeLog]
+Crossbar 16.10.1 (2016-11-08)
+=============================
+
+Bugfixes
+--------
+
+- Fix event history (#918)
+
+
Crossbar 16.10.0 (2016-11-07)
=============================

0 comments on commit 6262b1c

Please sign in to comment.