mod_mam: Don't let outcasts access MUC archive

XEP-0313 says: "A MUC archive MUST check that the user requesting the
archive has the right to enter it at the time of the query [...].  In
the case of open MUC rooms, the MUC archives can generally be accessed
by any users [...] who do not have an affiliation of 'outcast'".

diff --git a/src/mod_mam.erl b/src/mod_mam.erl
index 62f333555b215afea4a6e3daf8284c18a330bbc7..a83c1a647328ca7f16f26f13ed5643152728ec31 100644 (file)
--- a/src/mod_mam.erl
+++ b/src/mod_mam.erl
@@ -529,11 +529,8 @@ process_iq(LServer, #jid{luser = LUser} = From, To, IQ, SubEl, Fs, MsgType) ->
                            With, limit_max(RSM, NS), IQ, MsgType)
     end.
 
-muc_process_iq(#iq{lang = Lang, sub_el = SubEl} = IQ,
-              #state{config = #config{members_only = MembersOnly}} = MUCState,
-              From, To, Fs) ->
-    case not MembersOnly orelse
-       mod_muc_room:is_occupant_or_admin(From, MUCState) of
+muc_process_iq(#iq{lang = Lang, sub_el = SubEl} = IQ, MUCState, From, To, Fs) ->
+    case may_enter_room(From, MUCState) of
        true ->
            LServer = MUCState#state.server_host,
            Role = mod_muc_room:get_role(From, MUCState),
@@ -714,6 +711,12 @@ is_resent(Pkt, LServer) ->
            false
     end.
 
+may_enter_room(From,
+              #state{config = #config{members_only = false}} = MUCState) ->
+    mod_muc_room:get_affiliation(From, MUCState) /= outcast;
+may_enter_room(From, MUCState) ->
+    mod_muc_room:is_occupant_or_admin(From, MUCState).
+
 store_msg(C2SState, Pkt, LUser, LServer, Peer, Dir) ->
     Prefs = get_prefs(LUser, LServer),
     case should_archive_peer(C2SState, Prefs, Peer) of