Software /
code /
prosody-modules
Diff
mod_http_admin_api/mod_http_admin_api.lua @ 5008:bd63feda3704
Merge role-auth
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 22 Aug 2022 15:39:02 +0100 |
parent | 5005:d68348323406 |
child | 5283:cc89c97befe7 |
line wrap: on
line diff
--- a/mod_http_admin_api/mod_http_admin_api.lua Tue Aug 16 13:10:39 2022 +0200 +++ b/mod_http_admin_api/mod_http_admin_api.lua Mon Aug 22 15:39:02 2022 +0100 @@ -1,5 +1,6 @@ local usermanager = require "core.usermanager"; +local it = require "util.iterators"; local json = require "util.json"; local st = require "util.stanza"; local array = require "util.array"; @@ -33,25 +34,24 @@ end if auth_type == "Bearer" then - local token_info = tokens.get_token_info(auth_data); - if not token_info or not token_info.session then - return false; - end - return token_info.session; + return tokens.get_token_session(auth_data); end return nil; end +module:default_permission("prosody:admin", ":access-admin-api"); + function check_auth(routes) local function check_request_auth(event) local session = check_credentials(event.request); if not session then event.response.headers.authorization = www_authenticate_header; return false, 401; - elseif session.auth_scope ~= "prosody:scope:admin" then + end + event.session = session; + if not module:may(":access-admin-api", event) then return false, 403; end - event.session = session; return true; end @@ -179,21 +179,24 @@ end end - local roles = nil; - if usermanager.get_roles then - local roles_map = usermanager.get_roles(username.."@"..module.host, module.host) - roles = array() - if roles_map then - for role in pairs(roles_map) do - roles:push(role) - end + local primary_role, secondary_roles, legacy_roles; + if usermanager.get_user_role then + primary_role = usermanager.get_user_role(username, module.host); + secondary_roles = array.collect(it.keys(usermanager.get_user_secondary_roles(username, module.host))); + elseif usermanager.get_user_roles then -- COMPAT w/0.12 + legacy_roles = array(); + local roles_map = usermanager.get_user_roles(username, module.host); + for role_name in pairs(roles_map) do + legacy_roles:push(role_name); end end return { username = username; display_name = display_name; - roles = roles; + role = primary_role and primary_role.name or nil; + secondary_roles = secondary_roles; + roles = legacy_roles; -- COMPAT w/0.12 }; end @@ -309,7 +312,7 @@ }; -- Online sessions do - local user_sessions = hosts[module.host].sessions[username]; + local user_sessions = prosody.hosts[module.host].sessions[username]; if user_sessions then user_sessions = user_sessions.sessions end @@ -415,8 +418,18 @@ end end - if new_user.roles then - if not usermanager.set_roles then + if new_user.role then + if not usermanager.set_user_role then + return 500, "feature-not-implemented"; + end + if not usermanager.set_user_role(username, module.host, new_user.role) then + module:log("error", "failed to set role %s for %s", new_user.role, username); + return 500; + end + end + + if new_user.roles then -- COMPAT w/0.12 + if not usermanager.set_user_roles then return 500, "feature-not-implemented" end @@ -425,7 +438,7 @@ backend_roles[role] = true; end local jid = username.."@"..module.host; - if not usermanager.set_roles(jid, module.host, backend_roles) then + if not usermanager.set_user_roles(username, module.host, backend_roles) then module:log("error", "failed to set roles %q for %s", backend_roles, jid) return 500 end