Source

iredapd / plugins / sql_alias_access_policy.py

Diff from to

plugins/sql_alias_access_policy.py

 import logging
 from web import sqlquote
 from libs import SMTP_ACTIONS
+from libs import MAILLIST_POLICY_PUBLIC
+from libs import MAILLIST_POLICY_DOMAIN
+from libs import MAILLIST_POLICY_SUBDOMAIN
+from libs import MAILLIST_POLICY_MEMBERSONLY
+from libs import MAILLIST_POLICY_ALLOWEDONLY
+from libs import MAILLIST_POLICY_MEMBERSANDMODERATORSONLY
+from libs import MAILLIST_ACCESS_POLICIES
 
-REQUIRE_LOCAL_SENDER = False
-REQUIRE_LOCAL_RECIPIENT = True
 
-# Policies. MUST be defined in lower case.
-POLICY_PUBLIC = 'public'
-POLICY_DOMAIN = 'domain'
-POLICY_SUBDOMAIN = 'subdomain'
-POLICY_MEMBERSONLY = 'membersonly'
-POLICY_MODERATORSONLY = 'moderatorsonly'
-POLICY_ALLOWEDONLY = 'allowedonly'      # Same as @POLICY_MODERATORSONLY
-POLICY_MEMBERSANDMODERATORSONLY = 'membersandmoderatorsonly'
-
-def restriction(dbConn, senderReceiver, smtp_session_data, **kargs):
+def restriction(**kwargs):
+    conn = kwargs['conn']
+    sender = kwargs['sender']
+    recipient = kwargs['recipient']
+    recipient_domain = kwargs['recipient_domain']
 
     sql = '''SELECT accesspolicy, goto, moderators
             FROM alias
                 AND domain=%s
                 AND active=1
             LIMIT 1
-    ''' % (sqlquote(senderReceiver.get('recipient')),
-           sqlquote(senderReceiver.get('recipient_domain')),
-          )
+    ''' % (sqlquote(recipient), sqlquote(recipient_domain))
     logging.debug('SQL: %s' % sql)
 
-    dbConn.execute(sql)
-    sqlRecord = dbConn.fetchone()
-    logging.debug('SQL Record: %s' % str(sqlRecord))
+    conn.execute(sql)
+    sql_record = conn.fetchone()
+    logging.debug('SQL Record: %s' % str(sql_record))
 
     # Recipient account doesn't exist.
-    if sqlRecord is None:
+    if sql_record is None:
         return 'DUNNO (Not mail alias)'
 
-    policy = str(sqlRecord[0]).lower()
+    policy = str(sql_record[0]).lower()
 
-    members = [str(v.lower()) for v in str(sqlRecord[1]).split(',')]
-    moderators = [str(v.lower()) for v in str(sqlRecord[2]).split(',')]
+    # Log access policy and description
+    logging.debug('%s -> %s, access policy: %s (%s)' % (
+        sender, recipient, policy,
+        MAILLIST_ACCESS_POLICIES.get(policy, 'no description'))
+    )
+
+    members = [str(v.lower()) for v in str(sql_record[1]).split(',')]
+    moderators = [str(v.lower()) for v in str(sql_record[2]).split(',')]
 
     logging.debug('policy: %s' % policy)
     logging.debug('members: %s' % ', '.join(members))
     if not len(policy) > 0:
         return 'DUNNO (No access policy)'
 
-    if policy == POLICY_PUBLIC:
+    if policy == MAILLIST_POLICY_PUBLIC:
         # Return if no access policy available or policy is @POLICY_PUBLIC.
         return 'DUNNO'
-    elif policy == POLICY_DOMAIN:
+    elif policy == MAILLIST_POLICY_DOMAIN:
         # Bypass all users under the same domain.
         if senderReceiver['sender_domain'] == senderReceiver['recipient_domain']:
             return 'DUNNO'
         else:
             return SMTP_ACTIONS['reject']
-    elif policy == POLICY_SUBDOMAIN:
+    elif policy == MAILLIST_POLICY_SUBDOMAIN:
         # Bypass all users under the same domain or sub domains.
         if senderReceiver['sender'].endswith(senderReceiver['recipient_domain']) or \
            senderReceiver['sender'].endswith('.' + senderReceiver['recipient_domain']):
             return 'DUNNO'
         else:
             return SMTP_ACTIONS['reject']
-    elif policy == POLICY_MEMBERSONLY:
+    elif policy == MAILLIST_POLICY_MEMBERSONLY:
         # Bypass all members.
         if senderReceiver['sender'] in members:
             return 'DUNNO'
         else:
             return SMTP_ACTIONS['reject']
-    elif policy == POLICY_MODERATORSONLY or policy == POLICY_ALLOWEDONLY:
+    elif policy == MAILLIST_POLICY_ALLOWEDONLY:
         # Bypass all moderators.
         if senderReceiver['sender'] in moderators:
             return 'DUNNO'
         else:
             return SMTP_ACTIONS['reject']
-    elif policy == POLICY_MEMBERSANDMODERATORSONLY:
+    elif policy == MAILLIST_POLICY_MEMBERSANDMODERATORSONLY:
         # Bypass both members and moderators.
         if senderReceiver['sender'] in members or senderReceiver['sender'] in moderators:
             return 'DUNNO'