Software /
code /
prosody
Comparison
core/usermanager.lua @ 12662:07424992d7fc
mod_authz_internal, and more: New iteration of role API
These changes to the API (hopefully the last) introduce a cleaner separation
between the user's primary (default) role, and their secondary (optional)
roles.
To keep the code sane and reduce complexity, a data migration is needed for
people using stored roles in 0.12. This can be performed with
prosodyctl mod_authz_internal migrate <host>
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 17 Aug 2022 16:38:53 +0100 |
parent | 12659:c0eea4f6c739 |
child | 12663:cf88f6b03942 |
comparison
equal
deleted
inserted
replaced
12661:1c391c17a907 | 12662:07424992d7fc |
---|---|
35 end | 35 end |
36 | 36 |
37 local fallback_authz_provider = { | 37 local fallback_authz_provider = { |
38 get_user_roles = function (user) end; --luacheck: ignore 212/user | 38 get_user_roles = function (user) end; --luacheck: ignore 212/user |
39 get_jids_with_role = function (role) end; --luacheck: ignore 212 | 39 get_jids_with_role = function (role) end; --luacheck: ignore 212 |
40 set_user_roles = function (user, roles) end; -- luacheck: ignore 212 | 40 |
41 set_jid_roles = function (jid, roles) end; -- luacheck: ignore 212 | 41 get_user_role = function (user) end; -- luacheck: ignore 212 |
42 | 42 set_user_role = function (user, roles) end; -- luacheck: ignore 212 |
43 get_user_default_role = function (user) end; -- luacheck: ignore 212 | 43 |
44 add_user_secondary_role = function (user, host, role_name) end; --luacheck: ignore 212 | |
45 remove_user_secondary_role = function (user, host, role_name) end; --luacheck: ignore 212 | |
46 | |
47 get_jid_role = function (jid) end; -- luacheck: ignore 212 | |
48 set_jid_role = function (jid, role) end; -- luacheck: ignore 212 | |
49 | |
44 get_users_with_role = function (role_name) end; -- luacheck: ignore 212 | 50 get_users_with_role = function (role_name) end; -- luacheck: ignore 212 |
45 get_jid_role = function (jid) end; -- luacheck: ignore 212 | |
46 set_jid_role = function (jid) end; -- luacheck: ignore 212 | |
47 add_default_permission = function (role_name, action, policy) end; -- luacheck: ignore 212 | 51 add_default_permission = function (role_name, action, policy) end; -- luacheck: ignore 212 |
48 get_role_by_name = function (role_name) end; -- luacheck: ignore 212 | 52 get_role_by_name = function (role_name) end; -- luacheck: ignore 212 |
49 }; | 53 }; |
50 | 54 |
51 local provider_mt = { __index = new_null_provider() }; | 55 local provider_mt = { __index = new_null_provider() }; |
138 | 142 |
139 local function get_provider(host) | 143 local function get_provider(host) |
140 return hosts[host].users; | 144 return hosts[host].users; |
141 end | 145 end |
142 | 146 |
143 -- Returns a map of { [role_name] = role, ... } that a user is allowed to assume | 147 local function get_user_role(user, host) |
144 local function get_user_roles(user, host) | 148 if host and not hosts[host] then return false; end |
145 if host and not hosts[host] then return false; end | 149 if type(user) ~= "string" then return false; end |
146 if type(user) ~= "string" then return false; end | 150 |
147 | 151 return hosts[host].authz.get_user_role(user); |
148 return hosts[host].authz.get_user_roles(user); | 152 end |
149 end | 153 |
150 | 154 local function set_user_role(user, host, role_name) |
151 local function get_user_default_role(user, host) | 155 if host and not hosts[host] then return false; end |
152 if host and not hosts[host] then return false; end | 156 if type(user) ~= "string" then return false; end |
153 if type(user) ~= "string" then return false; end | 157 |
154 | 158 local role, err = hosts[host].authz.set_user_role(user, role_name); |
155 return hosts[host].authz.get_user_default_role(user); | 159 if role then |
156 end | 160 prosody.events.fire_event("user-role-changed", { |
157 | 161 username = user, host = host, role = role; |
158 -- Accepts a set of role names which the user is allowed to assume | 162 }); |
159 local function set_user_roles(user, host, roles) | 163 end |
160 if host and not hosts[host] then return false; end | 164 return role, err; |
161 if type(user) ~= "string" then return false; end | 165 end |
162 | 166 |
163 local ok, err = hosts[host].authz.set_user_roles(user, roles); | 167 local function add_user_secondary_role(user, host, role_name) |
168 if host and not hosts[host] then return false; end | |
169 if type(user) ~= "string" then return false; end | |
170 | |
171 local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); | |
172 if role then | |
173 prosody.events.fire_event("user-role-added", { | |
174 username = user, host = host, role = role; | |
175 }); | |
176 end | |
177 return role, err; | |
178 end | |
179 | |
180 local function remove_user_secondary_role(user, host, role_name) | |
181 if host and not hosts[host] then return false; end | |
182 if type(user) ~= "string" then return false; end | |
183 | |
184 local ok, err = hosts[host].authz.remove_user_secondary_role(user, role_name); | |
164 if ok then | 185 if ok then |
165 prosody.events.fire_event("user-roles-changed", { | 186 prosody.events.fire_event("user-role-removed", { |
166 username = user, host = host | 187 username = user, host = host, role_name = role_name; |
167 }); | 188 }); |
168 end | 189 end |
169 return ok, err; | 190 return ok, err; |
191 end | |
192 | |
193 local function get_user_secondary_roles(user, host) | |
194 if host and not hosts[host] then return false; end | |
195 if type(user) ~= "string" then return false; end | |
196 | |
197 return hosts[host].authz.get_user_secondary_roles(user); | |
170 end | 198 end |
171 | 199 |
172 local function get_jid_role(jid, host) | 200 local function get_jid_role(jid, host) |
173 local jid_node, jid_host = jid_split(jid); | 201 local jid_node, jid_host = jid_split(jid); |
174 if host == jid_host and jid_node then | 202 if host == jid_host and jid_node then |
175 return hosts[host].authz.get_user_default_role(jid_node); | 203 return hosts[host].authz.get_user_role(jid_node); |
176 end | 204 end |
177 return hosts[host].authz.get_jid_role(jid); | 205 return hosts[host].authz.get_jid_role(jid); |
178 end | 206 end |
179 | 207 |
180 local function set_jid_role(jid, host, role_name) | 208 local function set_jid_role(jid, host, role_name) |
228 create_user = create_user; | 256 create_user = create_user; |
229 delete_user = delete_user; | 257 delete_user = delete_user; |
230 users = users; | 258 users = users; |
231 get_sasl_handler = get_sasl_handler; | 259 get_sasl_handler = get_sasl_handler; |
232 get_provider = get_provider; | 260 get_provider = get_provider; |
233 get_user_default_role = get_user_default_role; | 261 get_user_role = get_user_role; |
234 get_user_roles = get_user_roles; | 262 set_user_role = set_user_role; |
235 set_user_roles = set_user_roles; | 263 add_user_secondary_role = add_user_secondary_role; |
264 remove_user_secondary_role = remove_user_secondary_role; | |
265 get_user_secondary_roles = get_user_secondary_roles; | |
236 get_users_with_role = get_users_with_role; | 266 get_users_with_role = get_users_with_role; |
237 get_jid_role = get_jid_role; | 267 get_jid_role = get_jid_role; |
238 set_jid_role = set_jid_role; | 268 set_jid_role = set_jid_role; |
239 get_jids_with_role = get_jids_with_role; | 269 get_jids_with_role = get_jids_with_role; |
240 get_role_by_name = get_role_by_name; | 270 get_role_by_name = get_role_by_name; |