Comparison

mod_restrict_xmpp/mod_restrict_xmpp.lua @ 5676:62c6e17a5e9d

Merge
author Stephen Paul Weber <singpolyma@singpolyma.net>
date Mon, 18 Sep 2023 08:24:19 -0500
parent 5582:825c6fb76c48
child 5770:111e970213a0
comparison
equal deleted inserted replaced
5675:eade7ff9f52c 5676:62c6e17a5e9d
1 local array = require "util.array"; 1 local array = require "util.array";
2 local it = require "util.iterators"; 2 local it = require "util.iterators";
3 local set = require "util.set"; 3 local set = require "util.set";
4 local st = require "util.stanza"; 4 local st = require "util.stanza";
5 5
6 module:default_permission("prosody:user", "xmpp:federate"); 6 local normal_user_role = "prosody:registered";
7 local limited_user_role = "prosody:guest";
8
9 local features = require "core.features";
10
11 -- COMPAT
12 if not features.available:contains("split-user-roles") then
13 normal_user_role = "prosody:user";
14 limited_user_role = "prosody:restricted";
15 end
16
17 module:default_permission(normal_user_role, "xmpp:federate");
7 module:hook("route/remote", function (event) 18 module:hook("route/remote", function (event)
8 if not module:may("xmpp:federate", event) then 19 if not module:may("xmpp:federate", event) then
9 if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then 20 if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then
10 module:log("warn", "Access denied: xmpp:federate for %s -> %s", event.stanza.attr.from, event.stanza.attr.to); 21 module:log("warn", "Access denied: xmpp:federate for %s -> %s", event.stanza.attr.from, event.stanza.attr.to);
11 local reply = st.error_reply(event.stanza, "auth", "forbidden"); 22 local reply = st.error_reply(event.stanza, "auth", "forbidden");
91 end 102 end
92 end); 103 end);
93 104
94 --module:default_permission("prosody:restricted", "xmpp:account:read"); 105 --module:default_permission("prosody:restricted", "xmpp:account:read");
95 --module:default_permission("prosody:restricted", "xmpp:account:write"); 106 --module:default_permission("prosody:restricted", "xmpp:account:write");
96 module:default_permission("prosody:restricted", "xmpp:account:messages:read"); 107 module:default_permission(limited_user_role, "xmpp:account:messages:read");
97 module:default_permission("prosody:restricted", "xmpp:account:messages:write"); 108 module:default_permission(limited_user_role, "xmpp:account:messages:write");
98 for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do 109 for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do
99 for account_property in set.new(array.collect(it.values(property_list))) do 110 for account_property in set.new(array.collect(it.values(property_list))) do
100 module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":read"); 111 module:default_permission(limited_user_role, "xmpp:account:"..account_property..":read");
101 module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":write"); 112 module:default_permission(limited_user_role, "xmpp:account:"..account_property..":write");
102 end 113 end
103 end 114 end
104 115
105 module:default_permission("prosody:restricted", "xmpp:account:presence:write"); 116 module:default_permission("prosody:restricted", "xmpp:account:presence:write");
106 module:hook("pre-presence/bare", function (event) 117 module:hook("pre-presence/bare", function (event)