all_acl_rules_matches2([], _Data, _Host) ->
true.
+any_acl_rules_matches([], _Data, _Host) ->
+ false;
+any_acl_rules_matches([Rule|Tail], Data, Host) ->
+ case acl_rule_matches(Rule, Data, Host) of
+ true ->
+ true;
+ false ->
+ any_acl_rules_matches(Tail, Data, Host)
+ end.
+
-spec acl_rule_matches(aclspec(), any(), global|binary()) -> boolean().
acl_rule_matches(all, _Data, _Host) ->
acl_rule_matches({acl, Name}, Data, Host) ->
ACLs = get_aclspecs(Name, Host),
RawACLs = lists:map(fun(#acl{aclspec = R}) -> R end, ACLs),
- all_acl_rules_matches(RawACLs, Data, Host);
+ any_acl_rules_matches(RawACLs, Data, Host);
acl_rule_matches({ip, {Net, Mask}}, #{ip := {IP, _Port}}, _Host) ->
is_ip_match(IP, Net, Mask);
acl_rule_matches({ip, {Net, Mask}}, #{ip := IP}, _Host) ->
test "access rule match with user part ACL" do
:acl.add(:global, :basic_acl_1, {:user, "test1"})
+ :acl.add(:global, :basic_acl_1, {:user, "test2"})
:acl.add_access(:global, :basic_rule_1, [{:allow, [{:acl, :basic_acl_1}]}])
# JID can only be passes as jid record.
# => TODO: Support passing JID as binary.
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain1")) == :allow
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain2")) == :allow
+ assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test2@domain1")) == :allow
+ assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test2@domain2")) == :allow
# We match on user part only for local domain. As an implicit rule remote domain are not matched
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@otherdomain")) == :deny
+ assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test2@otherdomain")) == :deny
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test11@domain1")) == :deny
:acl.add(:global, :basic_acl_2, {:user, {"test2", "domain1"}})