ACL for subscriptions are disabled globally

[drahnr]

Instead of disabling ACL checks for the default security plugin, all auth plugins can not filter subscriptions.

[karlp]

Can you elaborate on this please? example config, what branch/version of code you're working with?

[drahnr]

master src/read_handle_server.c line 702, the #ifdef 0 contains elaboration why it was disabled.

The issue is, while it is true for the default plugin, the subscription ACLs are never neforeced at all, no matter which plugin.

The proper solution would be to put the (disabled) checks in the default plugin, but remove the #ifdef 0 + comment from the actual call to the acl callback provided by the plugin.

[ralight]

You'll be happy to hear that version 1.5 does pass acl subscription checks to the authentication plugins.

[drahnr]

@ralight is 1.4.15 not going to receive this fix? Otherwise I have to stick with a custom patched instance.

[ralight]

@drahnr I'm afraid that 1.4.x will not get this, because it is a change in functionality rather than a fix.