From d6c811dd70cb2e7a9fe7f3d2247a2eb3160a91f7 Mon Sep 17 00:00:00 2001
From: marian <marian@acf43c95-373e-0410-b603-e72c3f656dc1>
Date: Fri, 12 Nov 2010 16:10:41 +0000
Subject: [PATCH] Use all resource.subscribe message parameters when checking
 event subscription authorization.

git-svn-id: http://yate.null.ro/svn/yate/trunk@3810 acf43c95-373e-0410-b603-e72c3f656dc1
---
 conf.d/subscription.conf.sample |  3 +--
 modules/server/subscription.cpp | 17 +++++++----------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/conf.d/subscription.conf.sample b/conf.d/subscription.conf.sample
index 0ec827c3..38ab088e 100644
--- a/conf.d/subscription.conf.sample
+++ b/conf.d/subscription.conf.sample
@@ -7,9 +7,8 @@
 
 ; user_event_auth: string: Database query used to authenticate specific event
 ;  (other then presence) subscriptions e.g. SIP 'dialog' or 'message-summary'
-; The operation parameter is the event name
 ;user_event_auth=SELECT * FROM subscriptions WHERE notifier='${notifier}' AND \
-;subscriber='${subscriber}' AND operation='${operation}'
+;subscriber='${subscriber}' AND event='${event}'
 
 ; user_roster_load_all: string: Database query used to load all users' roster when starting
 ; If not set user rosters will be loaded when needed
diff --git a/modules/server/subscription.cpp b/modules/server/subscription.cpp
index d1019aad..1aaee6b6 100644
--- a/modules/server/subscription.cpp
+++ b/modules/server/subscription.cpp
@@ -469,7 +469,8 @@ public:
     // Handle 'resource.subscribe' messages with (un)subscribe operation
     bool handleResSubscribe(bool sub, const String& subscriber, const String& notifier,
 	Message& msg);
-    bool askDB(const String& subscriber, const String& notifier, const String& oper);
+    // Query database for event subscription authorization
+    bool askDB(const NamedList& params);
     // Retrieve an event notifier
     // Valid objects are returned with reference counter increased
     EventUser* getEventUser(bool create, const String& notifier, const String& oper);
@@ -1751,7 +1752,7 @@ bool SubscriptionModule::handleResSubscribe(const String& event, const String& s
 	event.c_str(),subscriber.c_str(),notifier.c_str(),oper.c_str());
     if (oper != "subscribe")
 	return removeEventUserContact(notifier,subscriber,event);
-    if (!askDB(notifier,subscriber,event)) {
+    if (!askDB(msg)) {
 	// Remove subscriber if no longer allowed
 	removeEventUserContact(notifier,subscriber,event);
 	return false;
@@ -1839,15 +1840,11 @@ bool SubscriptionModule::removeEventUserContact(const String& user, const String
     }
     return true;
 }
-    
-bool SubscriptionModule::askDB(const String& subscriber, const String& notifier,
-    const String& oper)
+
+// Query database for event subscription authorization
+bool SubscriptionModule::askDB(const NamedList& params)
 {
-    NamedList nl("");
-    nl.setParam("subscriber",subscriber);
-    nl.setParam("notifier",notifier);
-    nl.setParam("operation",oper);
-    Message* m = buildDb(m_account,m_userEventQuery,nl);
+    Message* m = buildDb(m_account,m_userEventQuery,params);
     if (!m)
 	return false;
     m = queryDb(m);