prosody
427dd01f0864
plugins/mod_authz_internal.lua
Software / code / prosody
Comparison
plugins/mod_authz_internal.lua @ 12730:427dd01f0864
mod_authz_internal: Allow configuring role of local-server/parent-host users
'host_user_role' is the default role of users who have JIDs on the "parent"
host (i.e. jabber.org users on conference.jabber.org). Defaults to
'prosody:user'.
'server_user_roles' is the default role of users who have JIDs on any active
host on the current Prosody instance. Default to nil (no role).
This finally allows better permissions splitting between host and server
users, which has previously been done (e.g. in MUC) with options like
'restrict_room_creation' and 'muc_room_allow_persistent'. Using roles makes
these permissions a lot more flexible, and easier for developers to integrate.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 29 Sep 2022 12:10:14 +0100 |
| parent | 12663:cf88f6b03942 |
| child | 12733:2167e1639aab |
comparison
equal
deleted
inserted
replaced
| 12729:73a45ba6e3f1 | 12730:427dd01f0864 |
|---|---|
| 1 local array = require "util.array"; | 1 local array = require "util.array"; |
| 2 local it = require "util.iterators"; | 2 local it = require "util.iterators"; |
| 3 local set = require "util.set"; | 3 local set = require "util.set"; |
| 4 local jid_split, jid_bare = require "util.jid".split, require "util.jid".bare; | 4 local jid_split, jid_bare, jid_host = import("util.jid", "split", "bare", "host"); |
| 5 local normalize = require "util.jid".prep; | 5 local normalize = require "util.jid".prep; |
| 6 local roles = require "util.roles"; | 6 local roles = require "util.roles"; |
| 7 | 7 |
| 8 local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize; | 8 local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize; |
| 9 local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; | 9 local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; |
| 10 local host = module.host; | 10 local host = module.host; |
| 11 local host_suffix = host:gsub("^[^%.]+%.", ""); | |
| 12 | |
| 13 local hosts = prosody.hosts; | |
| 14 local is_component = hosts[host].type == "component"; | |
| 15 local host_user_role, server_user_role; | |
| 16 if is_component then | |
| 17 host_user_role = module:get_option_string("host_user_role", "prosody:user"); | |
| 18 server_user_role = module:get_option_string("server_user_role"); | |
| 19 end | |
| 11 | 20 |
| 12 local role_store = module:open_store("account_roles"); | 21 local role_store = module:open_store("account_roles"); |
| 13 local role_map_store = module:open_store("account_roles", "map"); | 22 local role_map_store = module:open_store("account_roles", "map"); |
| 14 | 23 |
| 15 local role_registry = {}; | 24 local role_registry = {}; |
| 223 local bare_jid = jid_bare(jid); | 232 local bare_jid = jid_bare(jid); |
| 224 if config_global_admin_jids:contains(bare_jid) then | 233 if config_global_admin_jids:contains(bare_jid) then |
| 225 return role_registry["prosody:operator"]; | 234 return role_registry["prosody:operator"]; |
| 226 elseif config_admin_jids:contains(bare_jid) then | 235 elseif config_admin_jids:contains(bare_jid) then |
| 227 return role_registry["prosody:admin"]; | 236 return role_registry["prosody:admin"]; |
| 237 elseif is_component then | |
| 238 local user_host = jid_host(bare_jid); | |
| 239 if host_user_role and user_host == host_suffix then | |
| 240 return role_registry[host_user_role]; | |
| 241 elseif server_user_role and hosts[user_host] then | |
| 242 return role_registry[server_user_role]; | |
| 243 end | |
| 228 end | 244 end |
| 229 return nil; | 245 return nil; |
| 230 end | 246 end |
| 231 | 247 |
| 232 function set_jid_role(jid, role_name) -- luacheck: ignore 212 | 248 function set_jid_role(jid, role_name) -- luacheck: ignore 212 |
