prosody-modules
84997bc3f92e
mod_firewall/README.markdown
Software / code / prosody-modules
Comparison
mod_firewall/README.markdown @ 5002:84997bc3f92e
mod_firewall: Update for role-auth (backwards compatible)
Probably worth investigating mod_compat_roles in the future.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 11 Aug 2022 17:04:53 +0100 |
| parent | 4967:1e8381f0d0a8 |
| child | 5234:f6c71d9d6dc0 |
comparison
equal
deleted
inserted
replaced
| 5001:cb19cb1c03d6 | 5002:84997bc3f92e |
|---|---|
| 433 # Rule to bounce messages from senders not in the roster who haven't been sent directed presence | 433 # Rule to bounce messages from senders not in the roster who haven't been sent directed presence |
| 434 NOT IN ROSTER? | 434 NOT IN ROSTER? |
| 435 NOT SENT DIRECTED PRESENCE TO SENDER? | 435 NOT SENT DIRECTED PRESENCE TO SENDER? |
| 436 BOUNCE=service-unavailable | 436 BOUNCE=service-unavailable |
| 437 | 437 |
| 438 ### Permissions | |
| 439 | |
| 440 Rules can consult Prosody's internal role and permissions system to check whether a certain action may | |
| 441 be performed. The acting entity, their role, and appropriate context is automatically inferred. All you | |
| 442 need to do is provide the identifier of the permission that should be checked. | |
| 443 | |
| 444 Condition Description | |
| 445 ----------------------- -------------------------------------------------------------------- | |
| 446 `MAY=permission` Checks whether 'permission' is allowed in the current context. | |
| 447 | |
| 448 As with all other conditions, `MAY` can be combined with `NOT` to negate the result of the check. | |
| 449 | |
| 450 Example, blocking outgoing stanzas from users with roles that do not allow the 'xmpp:federate' permission: | |
| 451 | |
| 452 ``` | |
| 453 ::deliver_remote | |
| 454 MAY NOT: xmpp:federate | |
| 455 BOUNCE=policy-violation (You are not allowed access to the federation) | |
| 456 ``` | |
| 457 | |
| 458 ### Roles | |
| 459 | |
| 460 Condition Matches | |
| 461 ---------------- ------------------------------------------------------------------------------------- | |
| 462 `TO ROLE` When the recipient JID of the stanza has the named role | |
| 463 `FROM ROLE` When the sender JID of the stanza has the named role | |
| 464 | |
| 465 **Note:** In most cases, you should avoid checking for specific roles, and instead check for | |
| 466 permissions granted by those roles (using the 'MAY' condition). | |
| 467 | |
| 438 ### Admins | 468 ### Admins |
| 469 | |
| 470 **Deprecated:** These conditions should no longer be used. Prefer 'MAY', 'TO ROLE' or 'FROM ROLE'. | |
| 439 | 471 |
| 440 Prosody allows certain JIDs to be declared as administrators of a host, component or the whole server. | 472 Prosody allows certain JIDs to be declared as administrators of a host, component or the whole server. |
| 441 | 473 |
| 442 Condition Matches | 474 Condition Matches |
| 443 ---------------- ------------------------------------------------------------------------------------- | 475 ---------------- ------------------------------------------------------------------------------------- |
