Annotate
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
| author |
Matthew Wild <mwild1@gmail.com> |
| date |
Fri, 12 Aug 2022 16:21:57 +0100 |
| parent |
5403:d7ecf6cd584e |
| rev |
line source |
|
5403
|
1
|
|
|
2 The Prosody project is open to contributions (see HACKERS file), but is
|
|
|
3 maintained daily by:
|
|
94
|
4
|
|
5403
|
5 - Matthew Wild (mail: matthew [at] prosody.im)
|
|
|
6 - Waqas Hussain (mail: waqas [at] prosody.im)
|
|
|
7 - Kim Alvefur (mail: zash [at] prosody.im)
|
|
|
8
|
|
|
9 You can reach us collectively by email: developers [at] prosody.im
|
|
|
10 or in realtime in the Prosody chatroom: prosody@conference.prosody.im
|
