From: Mickael Remond <mremond@process-one.net>
Date: Fri, 8 Apr 2016 10:55:35 +0000 (+0200)
Subject: Add TODO to improve ACL
X-Git-Tag: 16.04~32^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1dbdd58b1ba0be7fea1101ca5660e72146016520;p=ejabberd

Add TODO to improve ACL
---

diff --git a/test/acl_test.exs b/test/acl_test.exs
index 603b4bc4b..1b1035bc6 100644
--- a/test/acl_test.exs
+++ b/test/acl_test.exs
@@ -79,12 +79,15 @@ defmodule ACLTest do
     assert :acl.match_rule(:global, :value_rule_1, :jid.from_string("admin@domain1")) == 10
 
     # If we have no match, :deny is still the default value
-    # TODO maybe we should have a match rule which allow passing custom default value ?
+    # => TODO maybe we should have a match rule which allow passing custom default value ?
     assert :acl.match_rule(:global, :value_rule_1, :jid.from_string("user@otherdomain")) == :deny
   end
 
 
-  # At the moment IP and user rules to no go well together:
+  # At the moment IP and user rules to no go well together: There is
+  # no way to combine IP and user restrictions.
+  # => TODO we need to implement access rules that implement both and will deny the access
+  # if either IP or user returns deny
   test "mixing IP and user access rules" do
     :acl.add(:global, :user_acl_1, {:user, "test1"})
     :acl.add(:global, :ip_acl_1, {:ip, "127.0.0.0/24"})