prosody
113ce2ac73a2
core/moduleapi.lua
Software / code / prosody
Comparison
core/moduleapi.lua @ 13309:113ce2ac73a2
moduleapi: may(): Support explicit actor_jid in context object
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 07 Nov 2023 11:53:57 +0000 |
| parent | 13237:59c3d775c7fa |
| child | 13360:6037b7a2131c |
comparison
equal
deleted
inserted
replaced
| 13308:d539cb48c6e9 | 13309:113ce2ac73a2 |
|---|---|
| 713 | 713 |
| 714 function api:may(action, context, peek) | 714 function api:may(action, context, peek) |
| 715 if action:byte(1) == 58 then -- action begins with ':' | 715 if action:byte(1) == 58 then -- action begins with ':' |
| 716 action = self.name..action; -- prepend module name | 716 action = self.name..action; -- prepend module name |
| 717 end | 717 end |
| 718 if type(context) == "string" then -- check JID permissions | 718 |
| 719 local role; | 719 do |
| 720 local node, host = jid_split(context); | 720 -- JID-based actor |
| 721 if host == self.host then | 721 local actor_jid = type(context) == "string" and context or context.actor_jid; |
| 722 role = hosts[host].authz.get_user_role(node); | 722 if actor_jid then -- check JID permissions |
| 723 else | 723 local role; |
| 724 role = hosts[self.host].authz.get_jid_role(context); | 724 local node, host = jid_split(actor_jid); |
| 725 end | 725 if host == self.host then |
| 726 if not role then | 726 role = hosts[host].authz.get_user_role(node); |
| 727 if not peek then | 727 else |
| 728 self:log("debug", "Access denied: JID <%s> may not %s (no role found)", context, action); | 728 role = hosts[self.host].authz.get_jid_role(actor_jid); |
| 729 end | 729 end |
| 730 return false; | 730 if not role then |
| 731 end | 731 if not peek then |
| 732 local permit = role:may(action); | 732 self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action); |
| 733 if not permit then | 733 end |
| 734 if not peek then | 734 return false; |
| 735 self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name); | 735 end |
| 736 end | 736 local permit = role:may(action); |
| 737 end | 737 if not permit then |
| 738 return permit; | 738 if not peek then |
| 739 end | 739 self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name); |
| 740 | 740 end |
| 741 end | |
| 742 return permit; | |
| 743 end | |
| 744 end | |
| 745 | |
| 746 -- Session-based actor | |
| 741 local session = context.origin or context.session; | 747 local session = context.origin or context.session; |
| 742 if type(session) ~= "table" then | 748 if type(session) ~= "table" then |
| 743 error("Unable to identify actor session from context"); | 749 error("Unable to identify actor session from context"); |
| 744 end | 750 end |
| 745 if session.type == "c2s" and session.host == self.host then | 751 if session.type == "c2s" and session.host == self.host then |
