Software `/` code `/` prosody

Comparison

plugins/muc/muc.lib.lua @ 12433:3dfcdcab5446 0.12

MUC: Allow kicking users with the same affiliation as the kicker (fixes #1724) This is allowed by XEP-0045, which states: "A moderator SHOULD NOT be allowed to revoke moderation privileges from someone with a higher affiliation than themselves (i.e., an unaffiliated moderator SHOULD NOT be allowed to revoke moderation privileges from an admin or an owner, and an admin SHOULD NOT be allowed to revoke moderation privileges from an owner)."

author	Matthew Wild <mwild1@gmail.com>
date	Wed, 23 Mar 2022 13:38:55 +0000
parent	12109:83bec90a352c
child	12977:74b9e05af71e

comparison

equal deleted inserted replaced

-:95f33a006c03
+:3dfcdcab5446
 	module:fire_event("muc-pre-set-role", event);
 	if event.allowed ~= nil then
 		return event.allowed, event.error, event.condition;
 	end
-	-- Can't do anything to other owners or admins
+	local actor_affiliation = self:get_affiliation(actor) or "none";
-	local occupant_affiliation = self:get_affiliation(occupant.bare_jid);
+	local occupant_affiliation = self:get_affiliation(occupant.bare_jid) or "none";
-	if occupant_affiliation == "owner" or occupant_affiliation == "admin" then
+	-- Can't do anything to someone with higher affiliation
+	if valid_affiliations[actor_affiliation] < valid_affiliations[occupant_affiliation] then
 		return nil, "cancel", "not-allowed";
 	end
 	-- If you are trying to give or take moderator role you need to be an owner or admin
 	if occupant.role == "moderator" or role == "moderator" then
-		local actor_affiliation = self:get_affiliation(actor);
 		if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then
 			return nil, "cancel", "not-allowed";
 		end
 	end

prosody

3dfcdcab5446

plugins/muc/muc.lib.lua

Software / code / prosody

Comparison

plugins/muc/muc.lib.lua @ 12433:3dfcdcab5446 0.12

Software `/` code `/` prosody