Software /
code /
prosody-modules
Comparison
mod_firewall/README.markdown @ 5002:84997bc3f92e
mod_firewall: Update for role-auth (backwards compatible)
Probably worth investigating mod_compat_roles in the future.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 11 Aug 2022 17:04:53 +0100 |
parent | 4967:1e8381f0d0a8 |
child | 5234:f6c71d9d6dc0 |
comparison
equal
deleted
inserted
replaced
5001:cb19cb1c03d6 | 5002:84997bc3f92e |
---|---|
433 # Rule to bounce messages from senders not in the roster who haven't been sent directed presence | 433 # Rule to bounce messages from senders not in the roster who haven't been sent directed presence |
434 NOT IN ROSTER? | 434 NOT IN ROSTER? |
435 NOT SENT DIRECTED PRESENCE TO SENDER? | 435 NOT SENT DIRECTED PRESENCE TO SENDER? |
436 BOUNCE=service-unavailable | 436 BOUNCE=service-unavailable |
437 | 437 |
438 ### Permissions | |
439 | |
440 Rules can consult Prosody's internal role and permissions system to check whether a certain action may | |
441 be performed. The acting entity, their role, and appropriate context is automatically inferred. All you | |
442 need to do is provide the identifier of the permission that should be checked. | |
443 | |
444 Condition Description | |
445 ----------------------- -------------------------------------------------------------------- | |
446 `MAY=permission` Checks whether 'permission' is allowed in the current context. | |
447 | |
448 As with all other conditions, `MAY` can be combined with `NOT` to negate the result of the check. | |
449 | |
450 Example, blocking outgoing stanzas from users with roles that do not allow the 'xmpp:federate' permission: | |
451 | |
452 ``` | |
453 ::deliver_remote | |
454 MAY NOT: xmpp:federate | |
455 BOUNCE=policy-violation (You are not allowed access to the federation) | |
456 ``` | |
457 | |
458 ### Roles | |
459 | |
460 Condition Matches | |
461 ---------------- ------------------------------------------------------------------------------------- | |
462 `TO ROLE` When the recipient JID of the stanza has the named role | |
463 `FROM ROLE` When the sender JID of the stanza has the named role | |
464 | |
465 **Note:** In most cases, you should avoid checking for specific roles, and instead check for | |
466 permissions granted by those roles (using the 'MAY' condition). | |
467 | |
438 ### Admins | 468 ### Admins |
469 | |
470 **Deprecated:** These conditions should no longer be used. Prefer 'MAY', 'TO ROLE' or 'FROM ROLE'. | |
439 | 471 |
440 Prosody allows certain JIDs to be declared as administrators of a host, component or the whole server. | 472 Prosody allows certain JIDs to be declared as administrators of a host, component or the whole server. |
441 | 473 |
442 Condition Matches | 474 Condition Matches |
443 ---------------- ------------------------------------------------------------------------------------- | 475 ---------------- ------------------------------------------------------------------------------------- |