From 41f95284684c1f7e6e749aa0bc815b389706c8b2 Mon Sep 17 00:00:00 2001
From: or-else <or.else@gmail.com>
Date: Fri, 13 Mar 2020 09:48:18 +0300
Subject: [PATCH] fix for #378

---
 server/store/store.go | 10 +++++++++-
 server/topic.go       | 22 ++++++++++++++--------
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/server/store/store.go b/server/store/store.go
index e5f359431..d2eb43222 100644
--- a/server/store/store.go
+++ b/server/store/store.go
@@ -350,7 +350,15 @@ func (UsersObjMapper) FindSubs(id types.Uid, required, optional []string) ([]typ
 	if err != nil {
 		return nil, err
 	}
-	return append(usubs, tsubs...), nil
+
+	allSubs := append(usubs, tsubs...)
+	for i, _ := range allSubs {
+		// Indicate that the returned access modes are not 'N', but rather undefined.
+		allSubs[i].ModeGiven = types.ModeUnset
+		allSubs[i].ModeWant = types.ModeUnset
+	}
+
+	return allSubs, nil
 }
 
 // GetTopics load a list of user's subscriptions with Public field copied to subscription
diff --git a/server/topic.go b/server/topic.go
index 8f2475587..7abaec437 100644
--- a/server/topic.go
+++ b/server/topic.go
@@ -1670,8 +1670,7 @@ func (t *Topic) replyGetSub(sess *Session, asUid types.Uid, authLevel auth.Level
 							return errors.New("attempt to search by restricted tags")
 						}
 
-						// FIXME: normal FindSub should not return suspended users and topics.
-						// Only root should be able to find them.
+						// FIXME: allow root to find suspended users and topics.
 						subs, err = store.Users.FindSubs(asUid, req, opt)
 						if err != nil {
 							sess.queueOut(decodeStoreError(err, id, t.original(asUid), now, nil))
@@ -1819,13 +1818,20 @@ func (t *Topic) replyGetSub(sess *Session, asUid types.Uid, authLevel auth.Level
 					mts.Acs.Mode = (sub.ModeGiven & sub.ModeWant).String()
 					mts.Acs.Want = sub.ModeWant.String()
 					mts.Acs.Given = sub.ModeGiven.String()
-				} else if defacs := sub.GetDefaultAccess(); defacs != nil {
+				} else {
 					// Topic 'fnd'
-					switch authLevel {
-					case auth.LevelAnon:
-						mts.Acs.Mode = defacs.Anon.String()
-					case auth.LevelAuth, auth.LevelRoot:
-						mts.Acs.Mode = defacs.Auth.String()
+					// sub.ModeXXX may be defined by the plugin.
+					if sub.ModeGiven.IsDefined() && sub.ModeWant.IsDefined() {
+						mts.Acs.Mode = (sub.ModeGiven & sub.ModeWant).String()
+						mts.Acs.Want = sub.ModeWant.String()
+						mts.Acs.Given = sub.ModeGiven.String()
+					} else if defacs := sub.GetDefaultAccess(); defacs != nil {
+						switch authLevel {
+						case auth.LevelAnon:
+							mts.Acs.Mode = defacs.Anon.String()
+						case auth.LevelAuth, auth.LevelRoot:
+							mts.Acs.Mode = defacs.Auth.String()
+						}
 					}
 				}