prosody
9061f9621330
spec/scansion/muc_members_only_change.scs

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

spec/scansion/muc_members_only_change.scs @ 12642:9061f9621330

Switch to a new role-based authorization framework, removing is_admin() We began moving away from simple "is this user an admin?" permission checks before 0.12, with the introduction of mod_authz_internal and the ability to dynamically change the roles of individual users. The approach in 0.12 still had various limitations however, and apart from the introduction of roles other than "admin" and the ability to pull that info from storage, not much actually changed. This new framework shakes things up a lot, though aims to maintain the same functionality and behaviour on the surface for a default Prosody configuration. That is, if you don't take advantage of any of the new features, you shouldn't notice any change. The biggest change visible to developers is that usermanager.is_admin() (and the auth provider is_admin() method) have been removed. Gone. Completely. Permission checks should now be performed using a new module API method: module:may(action_name, context) This method accepts an action name, followed by either a JID (string) or (preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g. the standard object passed to most events). It will return true if the action should be permitted, or false/nil otherwise. Modules should no longer perform permission checks based on the role name. E.g. a lot of code previously checked if the user's role was prosody:admin before permitting some action. Since many roles might now exist with similar permissions, and the permissions of prosody:admin may be redefined dynamically, it is no longer suitable to use this method for permission checks. Use module:may(). If you start an action name with ':' (recommended) then the current module's name will automatically be used as a prefix. To define a new permission, use the new module API: module:default_permission(role_name, action_name) module:default_permissions(role_name, { action_name[, action_name...] }) This grants the specified role permission to execute the named action(s) by default. This may be overridden via other mechanisms external to your module. The built-in roles that developers should use are: - prosody:user (normal user) - prosody:admin (host admin) - prosody:operator (global admin) The new prosody:operator role is intended for server-wide actions (such as shutting down Prosody). Finally, all usage of is_admin() in modules has been fixed by this commit. Some of these changes were trickier than others, but no change is expected to break existing deployments. EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's very possible nobody is using this, but if someone is then we can later update it to pull roles from LDAP somehow.
author Matthew Wild <mwild1@gmail.com>
date Wed, 15 Jun 2022 12:15:01 +0100
parent 10515:35bf3b80480f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
9714
34c48eed4650 spec/scansion: Fix test names of tests added in 0d97768b0ea9
Matthew Wild <mwild1@gmail.com>
parents: 9712
diff changeset
1 # MUC: Members-only rooms kick members who lose affiliation
9712
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 [Client] Romeo
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 jid: user@localhost
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 password: password
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 [Client] Juliet
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 jid: user2@localhost
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 password: password
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 -----
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 Romeo connects
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 Romeo sends:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 <presence to="room@conference.localhost/Romeo">
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 <x xmlns="http://jabber.org/protocol/muc"/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 </presence>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 <presence from='room@conference.localhost/Romeo'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 <x xmlns='http://jabber.org/protocol/muc#user'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 <status code='201'/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 <item jid="${Romeo's full JID}" affiliation='owner' role='moderator'/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 <status code='110'/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 </x>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 </presence>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 <message type='groupchat' from='room@conference.localhost'><subject/></message>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 # Submit config form, set the room to members-only
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 Romeo sends:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 <iq id='config1' to='room@conference.localhost' type='set'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 <query xmlns='http://jabber.org/protocol/muc#owner'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 <x xmlns='jabber:x:data' type='submit'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 <field var='FORM_TYPE'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 <value>http://jabber.org/protocol/muc#roomconfig</value>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 </field>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 <field var='muc#roomconfig_membersonly'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 <value>1</value>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 </field>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 </x>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 </query>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 </iq>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 <iq id="config1" from="room@conference.localhost" type="result">
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 </iq>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 # Romeo adds Juliet to the member list
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 Romeo sends:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 <iq id='member1' to='room@conference.localhost' type='set'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 <query xmlns='http://jabber.org/protocol/muc#admin'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 <item affiliation='member' jid="${Juliet's JID}" />
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 </query>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 </iq>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 <message from='room@conference.localhost'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 <x xmlns='http://jabber.org/protocol/muc#user'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 <item jid="${Juliet's JID}" affiliation='member' />
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 </x>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 </message>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 <iq from='room@conference.localhost' id='member1' type='result'/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 # Juliet connects, and joins the room
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 Juliet connects
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 Juliet sends:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 <presence to="room@conference.localhost/Juliet">
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 <x xmlns="http://jabber.org/protocol/muc"/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 </presence>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 Juliet receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 <presence from="room@conference.localhost/Romeo" />
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 Juliet receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 <presence from="room@conference.localhost/Juliet" />
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 Juliet receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 <message type='groupchat' from='room@conference.localhost'><subject/></message>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 <presence from="room@conference.localhost/Juliet" />
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 # Romeo removes Juliet's membership status
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 Romeo sends:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 <iq id='member2' to='room@conference.localhost' type='set'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 <query xmlns='http://jabber.org/protocol/muc#admin'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 <item affiliation='none' jid="${Juliet's JID}" />
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 </query>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 </iq>
10515
35bf3b80480f scansion: Trim trailing whitespace in tests
Kim Alvefur <zash@zash.se>
parents: 9714
diff changeset
97
9712
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 # As a non-member, Juliet must now be removed from the room
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 <presence type='unavailable' from='room@conference.localhost/Juliet'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 <x xmlns='http://jabber.org/protocol/muc#user'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 <status code='321'/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 <item role='none' jid="${Juliet's full JID}" affiliation='none'>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 <actor nick='Romeo' jid="${Romeo's full JID}"/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 </item>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 </x>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 </presence>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 Romeo receives:
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 <iq id='member2' type='result'/>
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 Romeo disconnects
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113
0d97768b0ea9 spec/scansion: Add tests for members-only rooms
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 Juliet disconnects