prosody-modules
1661f6a74141
mod_authz_delegate/mod_authz_delegate.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_authz_delegate/mod_authz_delegate.lua @ 6296:1661f6a74141

Multible community modules: Update Readme diff --git a/mod_admin_blocklist/README.md b/mod_admin_blocklist/README.md --- a/mod_admin_blocklist/README.md +++ b/mod_admin_blocklist/README.md @@ -24,8 +24,9 @@ admin_blocklist_roles = { "prosody:opera # Compatibility Prosody-Version Status - --------------- ------ - trunk* Works - 0.12 Works + -------------- ------ + trunk* Works + 13 Works + 0.12 Works -*as of 2024-12-21 + *as of 2025-06-13 diff --git a/mod_audit/README.md b/mod_audit/README.md --- a/mod_audit/README.md +++ b/mod_audit/README.md @@ -52,6 +52,7 @@ prosodyctl mod_audit user@example.com # Compatibilty -Requires Prosody **trunk** as of 2025-02-11. - -Does not work with Prosody 0.12 or earlier. + Prosody-Version Status + ----- ------ + 13 Works + 0.12 Does not work diff --git a/mod_csi_grace_period/README.md b/mod_csi_grace_period/README.md --- a/mod_csi_grace_period/README.md +++ b/mod_csi_grace_period/README.md @@ -16,9 +16,9 @@ pocket is not the best use of radio time Works with [mod_csi_simple][doc:modules:mod_csi_simple] which is included with Prosody. - ------- -------------- - trunk* Works - 0.12 Works - ------- -------------- + ------- ------- + trunk* Works + 13 Works + 0.12 Works -*as of 2024-10-22 + *as of 2025-06-13 diff --git a/mod_http_upload_external/README.md b/mod_http_upload_external/README.md --- a/mod_http_upload_external/README.md +++ b/mod_http_upload_external/README.md @@ -19,7 +19,6 @@ Implementations * [PHP implementation](https://hg.prosody.im/prosody-modules/raw-file/tip/mod_http_upload_external/share.php) * [Python3+Flask implementation](https://github.com/horazont/xmpp-http-upload) * [Go implementation, Prosody Filer](https://github.com/ThomasLeister/prosody-filer) -* [Go implementation, HMAC File Server](https://github.com/PlusOne/hmac-file-server) * [Perl implementation for nginx](https://github.com/weiss/ngx_http_upload) * [Rust implementation](https://gitlab.com/nyovaya/xmpp-http-upload) @@ -88,9 +87,10 @@ Compatibility ============= Prosody-Version Status - ---------------- -------------------- - trunk Works as of 24-12-12 - 0.12 Works + ---------------- -------------------- + trunk Works as of 25-06-13 + 13 Works + 0.12 Works Implementation ============== diff --git a/mod_muc_moderation/README.md b/mod_muc_moderation/README.md --- a/mod_muc_moderation/README.md +++ b/mod_muc_moderation/README.md @@ -27,10 +27,11 @@ modules_enabled = { # Compatibility - ------- --------------- - trunk Works^[as of 2024-10-22] - 0.12 Works - ------- --------------- + ------- --------------- + trunk Works^[as of 2025-06-13] + 13 Works + 0.12 Works + ------- --------------- ## XEP version diff --git a/mod_s2s_idle_timeout/README.md b/mod_s2s_idle_timeout/README.md --- a/mod_s2s_idle_timeout/README.md +++ b/mod_s2s_idle_timeout/README.md @@ -25,9 +25,10 @@ Compatibility ============= Prosody Version Status - ----------------- ----------- - trunk[^1] Works - 0.12 Works - ----------------- ----------- + ----------------- ----------- + trunk[^1] Works + 13 Works + 0.12 Works + ----------------- ----------- -[^1]: as of 2024-10-22 +[^1]: as of 2025-06-13 diff --git a/mod_s2s_keepalive/README.md b/mod_s2s_keepalive/README.md --- a/mod_s2s_keepalive/README.md +++ b/mod_s2s_keepalive/README.md @@ -34,9 +34,10 @@ Compatibility ============= Prosody Version Status - ----------------- ----------- - trunk[^1] Works - 0.12 Works - ----------------- ----------- + ----------------- ----------- + trunk[^1] Works + 13 Works + 0.12 Works + ----------------- ----------- -[^1]: as of 2024-11-11 +[^1]: as of 2025-06-13
author Menel <menel@snikket.de>
date Fri, 13 Jun 2025 09:53:41 +0200
parent 5295:98d5acb93439
line wrap: on
line source

local target_host = assert(module:get_option("authz_delegate_to"));
local this_host = module:get_host();

local array = require"util.array";
local jid_split = import("prosody.util.jid", "split");

local hosts = prosody.hosts;

function get_jids_with_role(role)  --luacheck: ignore 212/role
	return nil
end

function get_user_role(user)
	-- this is called where the JID belongs to the host this module is loaded on
	-- that means we have to delegate that to get_jid_role with an appropriately composed JID
	return hosts[target_host].authz.get_jid_role(user .. "@" .. this_host)
end

function set_user_role(user, role_name)  --luacheck: ignore 212/user 212/role_name
	-- no roles for entities on this host.
	return false, "cannot set user role on delegation target"
end

function get_user_secondary_roles(user)  --luacheck: ignore 212/user
	-- no roles for entities on this host.
	return {}
end

function add_user_secondary_role(user, role_name)  --luacheck: ignore 212/user 212/role_name
	-- no roles for entities on this host.
	return nil, "cannot set user role on delegation target"
end

function remove_user_secondary_role(user, role_name)  --luacheck: ignore 212/user 212/role_name
	-- no roles for entities on this host.
	return nil, "cannot set user role on delegation target"
end

function user_can_assume_role(user, role_name)  --luacheck: ignore 212/user 212/role_name
	-- no roles for entities on this host.
	return false
end

function get_jid_role(jid)
	local user, host = jid_split(jid);
	if host == target_host then
		return hosts[target_host].authz.get_user_role(user);
	end
	return hosts[target_host].authz.get_jid_role(jid);
end

function set_jid_role(jid)  --luacheck: ignore 212/jid
	-- TODO: figure out if there are actually legitimate uses for this...
	return nil, "cannot set jid role on delegation target"
end

local default_permission_queue = array{};

function add_default_permission(role_name, action, policy)
	-- NOTE: we always record default permissions, because the delegated-to
	-- host may be re-activated.
	default_permission_queue:push({
		role_name = role_name,
		action = action,
		policy = policy,
	});
	local target_host_object = hosts[target_host];
	local authz = target_host_object and target_host_object.authz;
	if not authz then
		module:log("debug", "queueing add_default_permission call for later, %s is not active yet", target_host);
		return;
	end
	return authz.add_default_permission(role_name, action, policy)
end

function get_role_by_name(role_name)
	return hosts[target_host].authz.get_role_by_name(role_name)
end

function get_all_roles()
	return hosts[target_host].authz.get_all_roles()
end

module:hook_global("host-activated", function(host)
	if host == target_host then
		local authz = hosts[target_host].authz;
		module:log("debug", "replaying %d queued permission changes", #default_permission_queue);
		assert(authz);
		-- replay default permission changes, if any
		for i, item in ipairs(default_permission_queue) do
			authz.add_default_permission(item.role_name, item.action, item.policy);
		end
		-- NOTE: we do not clear that array here -- in case the target_host is
		-- re-activated
	end
end, -10000)