From c89dad559e4c6ff7d4363937c3a6d290b0e02412 Mon Sep 17 00:00:00 2001
From: z8674558 <own7000hr@gmail.com>
Date: Thu, 17 Dec 2020 10:36:51 +0900
Subject: [PATCH] feat(coap): use emqx_access_control:check_acl before pub/sub

---
 apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
index da0dade5b..b77f44244 100644
--- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
+++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
@@ -206,8 +206,13 @@ code_change(_OldVsn, State, _Extra) ->
 
 chann_subscribe(Topic, State = #state{clientid = ClientId}) ->
     ?LOG(debug, "subscribe Topic=~p", [Topic]),
-    emqx_broker:subscribe(Topic, ClientId, ?SUBOPTS),
-    emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]).
+    case emqx_access_control:check_acl(clientinfo(State), subscribe, Topic) of
+        allow ->
+            emqx_broker:subscribe(Topic, ClientId, ?SUBOPTS),
+            emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]);
+        deny  ->
+            ?LOG(warning, "subscribe to ~p by clientid ~p failed due to acl check.", [Topic, ClientId])
+    end.
 
 chann_unsubscribe(Topic, State) ->
     ?LOG(debug, "unsubscribe Topic=~p", [Topic]),
@@ -215,11 +220,17 @@ chann_unsubscribe(Topic, State) ->
     emqx_broker:unsubscribe(Topic),
     emqx_hooks:run('session.unsubscribed', [clientinfo(State), Topic, Opts]).
 
-chann_publish(Topic, Payload, #state{clientid = ClientId}) ->
+chann_publish(Topic, Payload, State = #state{clientid = ClientId}) ->
     ?LOG(debug, "publish Topic=~p, Payload=~p", [Topic, Payload]),
-    emqx_broker:publish(
-        emqx_message:set_flag(retain, false,
-            emqx_message:make(ClientId, ?QOS_0, Topic, Payload))).
+    case emqx_access_control:check_acl(clientinfo(State), publish, Topic) of
+        allow ->
+            emqx_broker:publish(
+                emqx_message:set_flag(retain, false,
+                                      emqx_message:make(ClientId, ?QOS_0, Topic, Payload)));
+        deny  ->
+            ?LOG(warning, "publish to ~p by clientid ~p failed due to acl check.", [Topic, ClientId])
+    end.
+
 
 %%--------------------------------------------------------------------
 %% Deliver