Software /
code /
prosody-modules
Comparison
mod_restrict_xmpp/mod_restrict_xmpp.lua @ 5676:62c6e17a5e9d
Merge
author | Stephen Paul Weber <singpolyma@singpolyma.net> |
---|---|
date | Mon, 18 Sep 2023 08:24:19 -0500 |
parent | 5582:825c6fb76c48 |
child | 5770:111e970213a0 |
comparison
equal
deleted
inserted
replaced
5675:eade7ff9f52c | 5676:62c6e17a5e9d |
---|---|
1 local array = require "util.array"; | 1 local array = require "util.array"; |
2 local it = require "util.iterators"; | 2 local it = require "util.iterators"; |
3 local set = require "util.set"; | 3 local set = require "util.set"; |
4 local st = require "util.stanza"; | 4 local st = require "util.stanza"; |
5 | 5 |
6 module:default_permission("prosody:user", "xmpp:federate"); | 6 local normal_user_role = "prosody:registered"; |
7 local limited_user_role = "prosody:guest"; | |
8 | |
9 local features = require "core.features"; | |
10 | |
11 -- COMPAT | |
12 if not features.available:contains("split-user-roles") then | |
13 normal_user_role = "prosody:user"; | |
14 limited_user_role = "prosody:restricted"; | |
15 end | |
16 | |
17 module:default_permission(normal_user_role, "xmpp:federate"); | |
7 module:hook("route/remote", function (event) | 18 module:hook("route/remote", function (event) |
8 if not module:may("xmpp:federate", event) then | 19 if not module:may("xmpp:federate", event) then |
9 if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then | 20 if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then |
10 module:log("warn", "Access denied: xmpp:federate for %s -> %s", event.stanza.attr.from, event.stanza.attr.to); | 21 module:log("warn", "Access denied: xmpp:federate for %s -> %s", event.stanza.attr.from, event.stanza.attr.to); |
11 local reply = st.error_reply(event.stanza, "auth", "forbidden"); | 22 local reply = st.error_reply(event.stanza, "auth", "forbidden"); |
91 end | 102 end |
92 end); | 103 end); |
93 | 104 |
94 --module:default_permission("prosody:restricted", "xmpp:account:read"); | 105 --module:default_permission("prosody:restricted", "xmpp:account:read"); |
95 --module:default_permission("prosody:restricted", "xmpp:account:write"); | 106 --module:default_permission("prosody:restricted", "xmpp:account:write"); |
96 module:default_permission("prosody:restricted", "xmpp:account:messages:read"); | 107 module:default_permission(limited_user_role, "xmpp:account:messages:read"); |
97 module:default_permission("prosody:restricted", "xmpp:account:messages:write"); | 108 module:default_permission(limited_user_role, "xmpp:account:messages:write"); |
98 for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do | 109 for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do |
99 for account_property in set.new(array.collect(it.values(property_list))) do | 110 for account_property in set.new(array.collect(it.values(property_list))) do |
100 module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":read"); | 111 module:default_permission(limited_user_role, "xmpp:account:"..account_property..":read"); |
101 module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":write"); | 112 module:default_permission(limited_user_role, "xmpp:account:"..account_property..":write"); |
102 end | 113 end |
103 end | 114 end |
104 | 115 |
105 module:default_permission("prosody:restricted", "xmpp:account:presence:write"); | 116 module:default_permission("prosody:restricted", "xmpp:account:presence:write"); |
106 module:hook("pre-presence/bare", function (event) | 117 module:hook("pre-presence/bare", function (event) |