Diff

mod_adhoc/adhoc/mod_adhoc.lua @ 93:611d16867410

mod_adhoc: Check for global and host admins
author Florian Zeitz <florob@babelmonkeys.de>
date Sat, 14 Nov 2009 18:44:54 +0100
parent 49:59f490390528
child 109:9b63fd1196c0
line wrap: on
line diff
--- a/mod_adhoc/adhoc/mod_adhoc.lua	Fri Nov 13 21:01:24 2009 +0100
+++ b/mod_adhoc/adhoc/mod_adhoc.lua	Sat Nov 14 18:44:54 2009 +0100
@@ -12,7 +12,7 @@
 
 module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function (event)
     local origin, stanza = event.origin, event.stanza;
-    local privileged = is_admin(event.stanza.attr.from);
+    local privileged = is_admin(event.stanza.attr.from) or is_admin(stanza.attr.from, stanza.attr.to); -- TODO: Is this correct, or should is_admin be changed?
     if stanza.attr.type == "get" and stanza.tags[1].attr.node and stanza.tags[1].attr.node == "http://jabber.org/protocol/commands" then
 		reply = st.reply(stanza);
 		reply:tag("query", {xmlns="http://jabber.org/protocol/disco#items", node="http://jabber.org/protocol/commands"})
@@ -32,19 +32,20 @@
     local origin, stanza = event.origin, event.stanza;
     if stanza.attr.type == "set" and stanza.tags[1] and stanza.tags[1].name == "command" then 
         local node = stanza.tags[1].attr.node
-		for i = 1, #commands do
-			if commands[i].node == node then
-				-- check whether user has permission to execute this command first
-				if commands[i].permission == "admin" and not is_admin(stanza.attr.from) then
-					origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up()
-						:add_child(commands[i]:cmdtag("canceled")
-							:tag("note", {type="error"}):text("You don't have permission to execute this command")));
-					return true
-				end
-				-- User has permission now execute the command
-				return commands[i].handler(commands[i], origin, stanza);
+	local privileged = is_admin(event.stanza.attr.from) or is_admin(stanza.attr.from, stanza.attr.to); -- TODO: Is this correct, or should is_admin be changed?
+	for i = 1, #commands do
+		if commands[i].node == node then
+			-- check whether user has permission to execute this command first
+			if commands[i].permission == "admin" and not privileged then
+				origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up()
+					:add_child(commands[i]:cmdtag("canceled")
+						:tag("note", {type="error"}):text("You don't have permission to execute this command")));
+				return true
 			end
+			-- User has permission now execute the command
+			return commands[i].handler(commands[i], origin, stanza);
 		end
+	end
     end 
 end, 500);