Software / code / prosody-modules
Changeset
4870:d8a0a8dcdc0d
mod_http_xep227: Don't require admin privileges to use import/export
These APIs always operate on the current user account only. In the future we
may want to have a more specific permission check though.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 16 Jan 2022 13:44:26 +0000 |
| parents | 4869:c3bf568e3977 |
| children | 4871:029ae3c29683 |
| files | mod_http_xep227/mod_http_xep227.lua |
| diffstat | 1 files changed, 0 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_xep227/mod_http_xep227.lua Sat Jan 15 14:25:27 2022 +0000 +++ b/mod_http_xep227/mod_http_xep227.lua Sun Jan 16 13:44:26 2022 +0000 @@ -253,8 +253,6 @@ if not session then event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name); return false, 401; - elseif session.auth_scope ~= "prosody:scope:admin" then - return false, 403; end event.session = session; return true;
