prosody-modules
746d94f37a4c
mod_privilege/mod_privilege.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_privilege/mod_privilege.lua @ 1665:746d94f37a4c

mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far)
author Goffi <goffi@goffi.org>
date Tue, 07 Apr 2015 12:47:51 +0200
parent 1664:6bdcb1418029
child 1666:0b1b4b7d5fe0
comparison
equal deleted inserted replaced
1664:6bdcb1418029 1665:746d94f37a4c
11 local set = require("util/set") 11 local set = require("util/set")
12 local st = require("util/stanza") 12 local st = require("util/stanza")
13 local roster_manager = require("core/rostermanager") 13 local roster_manager = require("core/rostermanager")
14 local user_manager = require("core/usermanager") 14 local user_manager = require("core/usermanager")
15 local hosts = prosody.hosts 15 local hosts = prosody.hosts
16 local full_sessions = prosody.full_sessions;
16 -- the folowing sets are used to forward presence stanza 17 -- the folowing sets are used to forward presence stanza
17 if not prosody._privilege_presence_man_ent then 18 if not prosody._privilege_presence_man_ent then
18 prosody._privilege_presence_man_ent = set.new() 19 prosody._privilege_presence_man_ent = set.new()
19 end 20 end
20 local presence_man_ent = prosody._privilege_presence_man_ent 21 local presence_man_ent = prosody._privilege_presence_man_ent
26 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) 27 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
27 local _ROSTER_GET_PERM = set.new({'get', 'both'}) 28 local _ROSTER_GET_PERM = set.new({'get', 'both'})
28 local _ROSTER_SET_PERM = set.new({'set', 'both'}) 29 local _ROSTER_SET_PERM = set.new({'set', 'both'})
29 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) 30 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
30 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) 31 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'})
32 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'})
31 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} 33 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE}
32 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' 34 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1'
33 local _FORWARDED_NS = 'urn:xmpp:forward:0' 35 local _FORWARDED_NS = 'urn:xmpp:forward:0'
34 36
35 37
40 42
41 privileges = module:get_option("privileged_entities", {}) 43 privileges = module:get_option("privileged_entities", {})
42 44
43 function advertise_perm(session, to_jid, perms) 45 function advertise_perm(session, to_jid, perms)
44 -- send <message/> stanza to advertise permissions 46 -- send <message/> stanza to advertise permissions
45 -- as expained in section 4.2 47 -- as expained in § 4.2
46 local message = st.message({to=to_jid}) 48 local message = st.message({to=to_jid})
47 :tag("privilege", {xmlns=_PRIV_ENT_NS}) 49 :tag("privilege", {xmlns=_PRIV_ENT_NS})
48 50
49 for _, perm in pairs({'roster', 'message', 'presence'}) do 51 for _, perm in pairs({'roster', 'message', 'presence'}) do
50 if perms[perm] then 52 if perms[perm] then
59 if perms.presence == 'managed_entity' then 61 if perms.presence == 'managed_entity' then
60 presence_man_ent:add(to_jid) 62 presence_man_ent:add(to_jid)
61 elseif perms.presence == 'roster' then 63 elseif perms.presence == 'roster' then
62 presence_man_ent:add(to_jid) -- roster imply managed_entity 64 presence_man_ent:add(to_jid) -- roster imply managed_entity
63 presence_roster:add(to_jid) 65 presence_roster:add(to_jid)
66 end
67 end
68
69 function advertise_presences(session, to_jid, perms)
70 -- send presence status for already conencted entities
71 -- as explained in § 7.1
72 for _, user_session in pairs(full_sessions) do
73 if user_session.presence then
74 if _PRESENCE_MANAGED:contains(perms.presence) then
75 local presence = st.clone(user_session.presence)
76 presence.attr.to = to_jid
77 module:log("debug", "sending current presence for "..tostring(user_session.full_jid))
78 session.send(presence)
79 end
80 end
64 end 81 end
65 end 82 end
66 83
67 function on_auth(event) 84 function on_auth(event)
68 -- Check if entity is privileged according to configuration, 85 -- Check if entity is privileged according to configuration,
97 if session.type == "component" then 114 if session.type == "component" then
98 -- we send the message stanza only for component 115 -- we send the message stanza only for component
99 -- it will be sent at first <presence/> for other entities 116 -- it will be sent at first <presence/> for other entities
100 advertise_perm(session, bare_jid, ent_priv) 117 advertise_perm(session, bare_jid, ent_priv)
101 set_presence_perm_set(bare_jid, ent_priv) 118 set_presence_perm_set(bare_jid, ent_priv)
119 advertise_presences(session, bare_jid, ent_priv)
102 end 120 end
103 end 121 end
104 122
105 session.privileges = ent_priv 123 session.privileges = ent_priv
106 end 124 end
110 -- we only advertise them to the entity 128 -- we only advertise them to the entity
111 local session, stanza = event.origin, event.stanza; 129 local session, stanza = event.origin, event.stanza;
112 if session.privileges then 130 if session.privileges then
113 advertise_perm(session, session.full_jid, session.privileges) 131 advertise_perm(session, session.full_jid, session.privileges)
114 set_presence_perm_set(session.full_jid, session.privileges) 132 set_presence_perm_set(session.full_jid, session.privileges)
133 advertise_presences(session, session.full_jid, session.privileges)
115 end 134 end
116 end 135 end
117 136
118 module:hook('authentication-success', on_auth) 137 module:hook('authentication-success', on_auth)
119 module:hook('component-authenticated', on_auth) 138 module:hook('component-authenticated', on_auth)