prosody
4a8740e01813
core/moduleapi.lua
Software / code / prosody
Comparison
core/moduleapi.lua @ 12802:4a8740e01813
Merge 0.12->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 12 Dec 2022 07:10:54 +0100 |
| parent | 12690:546c7e0f3f31 |
| child | 12874:b9468c8ac1d3 |
comparison
equal
deleted
inserted
replaced
| 12801:ebd6b4d8bf04 | 12802:4a8740e01813 |
|---|---|
| 17 local errors = require "util.error"; | 17 local errors = require "util.error"; |
| 18 local promise = require "util.promise"; | 18 local promise = require "util.promise"; |
| 19 local time_now = require "util.time".now; | 19 local time_now = require "util.time".now; |
| 20 local format = require "util.format".format; | 20 local format = require "util.format".format; |
| 21 local jid_node = require "util.jid".node; | 21 local jid_node = require "util.jid".node; |
| 22 local jid_split = require "util.jid".split; | |
| 22 local jid_resource = require "util.jid".resource; | 23 local jid_resource = require "util.jid".resource; |
| 23 | 24 |
| 24 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; | 25 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; |
| 25 local error, setmetatable, type = error, setmetatable, type; | 26 local error, setmetatable, type = error, setmetatable, type; |
| 26 local ipairs, pairs, select = ipairs, pairs, select; | 27 local ipairs, pairs, select = ipairs, pairs, select; |
| 27 local tonumber, tostring = tonumber, tostring; | 28 local tonumber, tostring = tonumber, tostring; |
| 28 local require = require; | 29 local require = require; |
| 29 local pack = table.pack or require "util.table".pack; -- table.pack is only in 5.2 | 30 local pack = table.pack; |
| 30 local unpack = table.unpack or unpack; --luacheck: ignore 113 -- renamed in 5.2 | 31 local unpack = table.unpack; |
| 31 | 32 |
| 32 local prosody = prosody; | 33 local prosody = prosody; |
| 33 local hosts = prosody.hosts; | 34 local hosts = prosody.hosts; |
| 34 | 35 |
| 35 -- FIXME: This assert() is to try and catch an obscure bug (2013-04-05) | 36 -- FIXME: This assert() is to try and catch an obscure bug (2013-04-05) |
| 535 path = resolve_relative_path(self:get_directory(), path); | 536 path = resolve_relative_path(self:get_directory(), path); |
| 536 return io.open(path, mode); | 537 return io.open(path, mode); |
| 537 end | 538 end |
| 538 | 539 |
| 539 function api:open_store(name, store_type) | 540 function api:open_store(name, store_type) |
| 541 if self.host == "*" then return nil, "global-storage-not-supported"; end | |
| 540 return require"core.storagemanager".open(self.host, name or self.name, store_type); | 542 return require"core.storagemanager".open(self.host, name or self.name, store_type); |
| 541 end | 543 end |
| 542 | 544 |
| 543 function api:measure(name, stat_type, conf) | 545 function api:measure(name, stat_type, conf) |
| 544 local measure = require "core.statsmanager".measure; | 546 local measure = require "core.statsmanager".measure; |
| 599 | 601 |
| 600 function api:get_status() | 602 function api:get_status() |
| 601 return self.status_type, self.status_message, self.status_time; | 603 return self.status_type, self.status_message, self.status_time; |
| 602 end | 604 end |
| 603 | 605 |
| 606 function api:default_permission(role_name, permission) | |
| 607 permission = permission:gsub("^:", self.name..":"); | |
| 608 if self.host == "*" then | |
| 609 for _, host in pairs(hosts) do | |
| 610 if host.authz then | |
| 611 host.authz.add_default_permission(role_name, permission); | |
| 612 end | |
| 613 end | |
| 614 return | |
| 615 end | |
| 616 hosts[self.host].authz.add_default_permission(role_name, permission); | |
| 617 end | |
| 618 | |
| 619 function api:default_permissions(role_name, permissions) | |
| 620 for _, permission in ipairs(permissions) do | |
| 621 self:default_permission(role_name, permission); | |
| 622 end | |
| 623 end | |
| 624 | |
| 625 function api:may(action, context) | |
| 626 if action:byte(1) == 58 then -- action begins with ':' | |
| 627 action = self.name..action; -- prepend module name | |
| 628 end | |
| 629 if type(context) == "string" then -- check JID permissions | |
| 630 local role; | |
| 631 local node, host = jid_split(context); | |
| 632 if host == self.host then | |
| 633 role = hosts[host].authz.get_user_role(node); | |
| 634 else | |
| 635 role = hosts[self.host].authz.get_jid_role(context); | |
| 636 end | |
| 637 if not role then | |
| 638 self:log("debug", "Access denied: JID <%s> may not %s (no role found)", context, action); | |
| 639 return false; | |
| 640 end | |
| 641 local permit = role:may(action); | |
| 642 if not permit then | |
| 643 self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name); | |
| 644 end | |
| 645 return permit; | |
| 646 end | |
| 647 | |
| 648 local session = context.origin or context.session; | |
| 649 if type(session) ~= "table" then | |
| 650 error("Unable to identify actor session from context"); | |
| 651 end | |
| 652 if session.role and session.type == "c2s" and session.host == self.host then | |
| 653 local permit = session.role:may(action, context); | |
| 654 if not permit then | |
| 655 self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)", | |
| 656 session.id, session.full_jid, action, session.role.name | |
| 657 ); | |
| 658 end | |
| 659 return permit; | |
| 660 else | |
| 661 local actor_jid = context.stanza.attr.from; | |
| 662 local role = hosts[self.host].authz.get_jid_role(actor_jid); | |
| 663 if not role then | |
| 664 self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action); | |
| 665 return false; | |
| 666 end | |
| 667 local permit = role:may(action, context); | |
| 668 if not permit then | |
| 669 self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name); | |
| 670 end | |
| 671 return permit; | |
| 672 end | |
| 673 end | |
| 674 | |
| 604 return api; | 675 return api; |
