New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACL check fails for HipChat chat rooms #766
Comments
I've run into the same issue myself. Have you found a good workaround yet? |
Did someone find a workaround for the issue? |
Wondering about this as well. How does one extract a room occupant's real JID? |
I believe the proper fix is to create a HipChatPerson instead of relying on XMPPIdentifier for HipChat, this way, the proper approach can be used without impacting XMPP module. The issue appears to be that XMPPPerson sets aclattr to XMPPIdentifier.person, which does'nt return a JID, so when ACL comparison is made, it's comparing JID == .person. Quick fix is to remove the aclattrb = XMPPIdentity.person definition in the class. But not sure what impact it will have on XMPP module. Hack for me (using hipchat only) was to just remove the check in acls.py for aclattrib, so it always defaults to JID. |
With new version, seeing ACL checks failing for MUC rooms. Seems to be due to aclattr being added to xmpp backend and being used in get_acl_usr method. XMPPIdentifier.person that is used for aclattr doesn't match the "msg.frm.person" object used later. Not exactly sure how to fix this without potentially breaking things. Can take a look at it again in more depth if no one gets to issue.
aclattr is getting set in backend/xmpp.py:
class XMPPPerson(XMPPIdentifier, Person):
aclattr = XMPPIdentifier.person
And used in core_plugins/acls.py:
def get_acl_usr(msg):
if hasattr(msg.frm, u'aclattr'): # if the identity requires a special field to be used for acl
return msg.frm.aclattr
return msg.frm.person # default
016-05-26 05:52:12,846 DEBUG errbot.errBot *** frm = 201511_test_room@conf.hipchat.com/Test User
2016-05-26 05:52:12,846 DEBUG errbot.errBot *** username = 201511_test_room@conf.hipchat.com/Test User
2016-05-26 05:52:12,846 DEBUG errbot.errBot *** text = !test command host
2016-05-26 05:52:12,846 DEBUG errbot.plugins.ACLS Check test_command for ACLs.
2016-05-26 05:52:12,846 DEBUG errbot.plugins.ACLS ACL frm: 201587_core_infrastructure@conf.hipchat.com/Roman Forkosh
2016-05-26 05:52:12,849 INFO errbot.plugins.ACLS Matching ACL {'allowusers': ('201511_test_room@conf.hipchat.com/Test User')} against username 201511_test_room@conf.hipchat.com for command test_client:test_command
The text was updated successfully, but these errors were encountered: