prosody-modules
f03f4ec859a3
mod_compat_roles/mod_compat_roles.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_compat_roles/mod_compat_roles.lua @ 5099:f03f4ec859a3

mod_compat_roles: Add support for role inheritance (built-in roles only)
author Matthew Wild <mwild1@gmail.com>
date Tue, 29 Nov 2022 11:43:59 +0000
parent 5098:817bc9873fc2
child 5582:825c6fb76c48
comparison
equal deleted inserted replaced
5098:817bc9873fc2 5099:f03f4ec859a3
29 end 29 end
30 30
31 -- permissions[host][role_name][permission_name] = is_permitted 31 -- permissions[host][role_name][permission_name] = is_permitted
32 local permissions = {}; 32 local permissions = {};
33 33
34 local role_inheritance = {
35 ["prosody:operator"] = "prosody:admin";
36 ["prosody:admin"] = "prosody:user";
37 ["prosody:user"] = "prosody:restricted";
38 };
39
34 local function role_may(host, role_name, permission) 40 local function role_may(host, role_name, permission)
35 local host_roles = permissions[host]; 41 local host_roles = permissions[host];
36 if not host_roles then 42 if not host_roles then
37 return false; 43 return false;
38 end 44 end
39 local role_permissions = host_roles[role_name]; 45 local role_permissions = host_roles[role_name];
40 if not role_permissions then 46 if not role_permissions then
41 return false; 47 return false;
42 end 48 end
43 return not not permissions[role_name][permission]; 49 local next_role = role_inheritance[role_name];
50 return not not permissions[role_name][permission] or (next_role and role_may(host, next_role, permission));
44 end 51 end
45 52
46 function moduleapi.may(self, action, context) 53 function moduleapi.may(self, action, context)
47 if action:byte(1) == 58 then -- action begins with ':' 54 if action:byte(1) == 58 then -- action begins with ':'
48 action = self.name..action; -- prepend module name 55 action = self.name..action; -- prepend module name