An AccessCommand with Access 'all', don't require auth to execute it.

SVN Revision: 2865

diff --git a/doc/guide.html b/doc/guide.html
index 972161a20a8fe81599aaeb8c709ba3b7ce47bfd4..f55b91289a0d83ae65146c0a6809011bfe055537 100644 (file)
--- a/doc/guide.html
+++ b/doc/guide.html
@@ -3556,9 +3556,8 @@ Arguments = [ {ArgumentName, ArgumentValue}, ...]
 ArgumentName = atom()
 ArgumentValue = any()
 </PRE><P>The default value is to not define any restriction: <TT>[]</TT>.
-If at least one restriction is defined, then the frontend expects 
-that authentication information is provided when executing a command.
-The authentication information is Username, Hostname and Password of a local XMPP account
+The authentication information is provided when executing a command,
+and is Username, Hostname and Password of a local XMPP account
 that has permission to execute the corresponding command.
 This means that the account must be registered in the local ejabberd,
 because the information will be verified.

diff --git a/doc/guide.tex b/doc/guide.tex
index 8f848adcc6352be0ca699ca1579904c84a9611d2..6431e8d5977ff632eec3e4785899ccaa481beb18 100644 (file)
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -4529,9 +4529,8 @@ ArgumentValue = any()
 \end{verbatim}
 
 The default value is to not define any restriction: \term{[]}.
-If at least one restriction is defined, then the frontend expects 
-that authentication information is provided when executing a command.
-The authentication information is Username, Hostname and Password of a local XMPP account
+The authentication information is provided when executing a command,
+and is Username, Hostname and Password of a local XMPP account
 that has permission to execute the corresponding command.
 This means that the account must be registered in the local ejabberd,
 because the information will be verified.

diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl
index b3e9bd692088a5b31289f02200e8c01c12aacaa3..1988f08356c8d329700a66c17764e15a7a4a2439 100644 (file)
--- a/src/ejabberd_commands.erl
+++ b/src/ejabberd_commands.erl
@@ -356,15 +356,14 @@ get_tags_commands() ->
 %% @doc Check access is allowed to that command.
 %% At least one AccessCommand must be satisfied.
 %% It may throw {error, Error} where:
-%% Error = account_unprivileged | invalid_account_data | no_auth_provided
+%% Error = account_unprivileged | invalid_account_data
 check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
     ok;
 check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
-    {ok, User, Server} = check_auth(Auth),
     AccessCommandsAllowed =
        lists:filter(
          fun({Access, Commands, ArgumentRestrictions}) ->
-                 case check_access(Access, User, Server) of
+                 case check_access(Access, Auth) of
                      true ->
                          check_access_command(Commands, Command, ArgumentRestrictions,
                                               Method, Arguments);
@@ -379,7 +378,7 @@ check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
     end.
 
 check_auth(noauth) ->
-    throw({error, no_auth_provided});
+    no_auth_provided;
 check_auth({User, Server, Password}) ->
     %% Check the account exists and password is valid
     AccountPass = ejabberd_auth:get_password_s(User, Server),
@@ -394,7 +393,10 @@ get_md5(AccountPass) ->
     lists:flatten([io_lib:format("~.16B", [X])
                   || X <- binary_to_list(crypto:md5(AccountPass))]).
 
-check_access(Access, User, Server) ->
+check_access(all, _) ->
+    true;
+check_access(Access, Auth) ->
+    {ok, User, Server} = check_auth(Auth),
     %% Check this user has access permission
     case acl:match_rule(Server, Access, jlib:make_jid(User, Server, "")) of
        allow -> true;