Comparison

plugins/mod_admin_shell.lua @ 12668:5d85de8b0723

mod_admin_shell: Update with new role management commands and help text
author Matthew Wild <mwild1@gmail.com>
date Thu, 18 Aug 2022 16:46:07 +0100
parent 12660:e8f57970ced5
child 12670:4a00c8811ea8
comparison
equal deleted inserted replaced
12667:0278987b8687 12668:5d85de8b0723
269 print [[host:list() - List the currently-activated hosts]] 269 print [[host:list() - List the currently-activated hosts]]
270 elseif section == "user" then 270 elseif section == "user" then
271 print [[user:create(jid, password, roles) - Create the specified user account]] 271 print [[user:create(jid, password, roles) - Create the specified user account]]
272 print [[user:password(jid, password) - Set the password for the specified user account]] 272 print [[user:password(jid, password) - Set the password for the specified user account]]
273 print [[user:roles(jid, host) - Show current roles for an user]] 273 print [[user:roles(jid, host) - Show current roles for an user]]
274 print [[user:setroles(jid, host, roles) - Set roles for an user (see 'help roles')]] 274 print [[user:setrole(jid, host, role) - Set primary role of a user (see 'help roles')]]
275 print [[user:addrole(jid, host, role) - Add a secondary role to a user]]
276 print [[user:delrole(jid, host, role) - Remove a secondary role from a user]]
275 print [[user:delete(jid) - Permanently remove the specified user account]] 277 print [[user:delete(jid) - Permanently remove the specified user account]]
276 print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] 278 print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]]
277 elseif section == "roles" then 279 elseif section == "roles" then
278 print [[Roles may grant access or restrict users from certain operations]] 280 print [[Roles may grant access or restrict users from certain operations]]
279 print [[Built-in roles are:]] 281 print [[Built-in roles are:]]
280 print [[ prosody:admin - Administrator]] 282 print [[ prosody:user - Normal user (default)]]
281 print [[ (empty set) - Normal user]] 283 print [[ prosody:admin - Host administrator]]
284 print [[ prosody:operator - Server administrator]]
282 print [[]] 285 print [[]]
283 print [[The canonical role format looks like: { ["example:role"] = true }]] 286 print [[Roles can be assigned using the user management commands (see 'help user').]]
284 print [[For convenience, the following formats are also accepted:]]
285 print [["admin" - short for "prosody:admin", the normal admin status (like the admins config option)]]
286 print [["example:role" - short for {["example:role"]=true}]]
287 print [[{"example:role"} - short for {["example:role"]=true}]]
288 elseif section == "muc" then 287 elseif section == "muc" then
289 -- TODO `muc:room():foo()` commands 288 -- TODO `muc:room():foo()` commands
290 print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]] 289 print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]]
291 print [[muc:list(host) - List rooms on the specified MUC component]] 290 print [[muc:list(host) - List rooms on the specified MUC component]]
292 print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]] 291 print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]]
1381 return true, c.." rooms"; 1380 return true, c.." rooms";
1382 end 1381 end
1383 1382
1384 local um = require"core.usermanager"; 1383 local um = require"core.usermanager";
1385 1384
1386 local function coerce_roles(roles)
1387 if roles == "admin" then roles = "prosody:admin"; end
1388 if type(roles) == "string" then roles = { [roles] = true }; end
1389 if roles[1] then for i, role in ipairs(roles) do roles[role], roles[i] = true, nil; end end
1390 return roles;
1391 end
1392
1393 def_env.user = {}; 1385 def_env.user = {};
1394 function def_env.user:create(jid, password, roles) 1386 function def_env.user:create(jid, password, role)
1395 local username, host = jid_split(jid); 1387 local username, host = jid_split(jid);
1396 if not prosody.hosts[host] then 1388 if not prosody.hosts[host] then
1397 return nil, "No such host: "..host; 1389 return nil, "No such host: "..host;
1398 elseif um.user_exists(username, host) then 1390 elseif um.user_exists(username, host) then
1399 return nil, "User exists"; 1391 return nil, "User exists";
1400 end 1392 end
1401 local ok, err = um.create_user(username, password, host); 1393 local ok, err = um.create_user(username, password, host);
1402 if ok then 1394 if ok then
1403 if ok and roles then 1395 if ok and role then
1404 roles = coerce_roles(roles); 1396 local role_ok, rerr = um.set_user_role(jid, host, role);
1405 local roles_ok, rerr = um.set_roles(jid, host, roles); 1397 if not role_ok then return nil, "User created, but could not set role: " .. tostring(rerr); end
1406 if not roles_ok then return nil, "User created, but could not set roles: " .. tostring(rerr); end
1407 end 1398 end
1408 return true, "User created"; 1399 return true, "User created";
1409 else 1400 else
1410 return nil, "Could not create user: "..err; 1401 return nil, "Could not create user: "..err;
1411 end 1402 end
1439 else 1430 else
1440 return nil, "Could not change password for user: "..err; 1431 return nil, "Could not change password for user: "..err;
1441 end 1432 end
1442 end 1433 end
1443 1434
1444 function def_env.user:roles(jid, host, new_roles) 1435 function def_env.user:role(jid, host)
1445 if new_roles or type(host) == "table" then
1446 return nil, "Use user:setroles(jid, host, roles) to change user roles";
1447 end
1448 local username, userhost = jid_split(jid); 1436 local username, userhost = jid_split(jid);
1449 if host == nil then host = userhost; end 1437 if host == nil then host = userhost; end
1450 if host ~= "*" and not prosody.hosts[host] then 1438 if not prosody.hosts[host] then
1451 return nil, "No such host: "..host; 1439 return nil, "No such host: "..host;
1452 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then 1440 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1453 return nil, "No such user"; 1441 return nil, "No such user";
1454 end 1442 end
1455 local roles = um.get_roles(jid, host); 1443
1456 if not roles then return true, "No roles"; end 1444 local primary_role = um.get_user_role(username, host);
1457 local count = 0; 1445 local secondary_roles = um.get_user_secondary_roles(username, host);
1458 local print = self.session.print; 1446
1459 for role in pairs(roles) do 1447 print(primary_role and primary_role.name or "<none>");
1448
1449 local count = primary_role and 1 or 0;
1450 for role_name in pairs(secondary_roles or {}) do
1460 count = count + 1; 1451 count = count + 1;
1461 print(role); 1452 print(role_name.." (secondary)");
1462 end 1453 end
1454
1463 return true, count == 1 and "1 role" or count.." roles"; 1455 return true, count == 1 and "1 role" or count.." roles";
1464 end 1456 end
1465 def_env.user.showroles = def_env.user.roles; -- COMPAT 1457 def_env.user.roles = def_env.user.role;
1466 1458
1467 -- user:roles("someone@example.com", "example.com", {"prosody:admin"}) 1459 -- user:setrole("someone@example.com", "example.com", "prosody:admin")
1468 -- user:roles("someone@example.com", {"prosody:admin"}) 1460 -- user:setrole("someone@example.com", "prosody:admin")
1469 function def_env.user:setroles(jid, host, new_roles) 1461 function def_env.user:setrole(jid, host, new_role)
1470 local username, userhost = jid_split(jid); 1462 local username, userhost = jid_split(jid);
1471 if new_roles == nil then host, new_roles = userhost, host; end 1463 if new_role == nil then host, new_role = userhost, host; end
1472 if host ~= "*" and not prosody.hosts[host] then 1464 if not prosody.hosts[host] then
1473 return nil, "No such host: "..host; 1465 return nil, "No such host: "..host;
1474 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then 1466 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1475 return nil, "No such user"; 1467 return nil, "No such user";
1476 end 1468 end
1477 if host == "*" then host = nil; end 1469 return um.set_user_role(username, host, new_role);
1478 return um.set_roles(jid, host, coerce_roles(new_roles)); 1470 end
1471
1472 function def_env.user:addrole(jid, host, new_role)
1473 local username, userhost = jid_split(jid);
1474 if new_role == nil then host, new_role = userhost, host; end
1475 if not prosody.hosts[host] then
1476 return nil, "No such host: "..host;
1477 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1478 return nil, "No such user";
1479 end
1480 return um.add_user_secondary_role(username, host, new_role);
1481 end
1482
1483 function def_env.user:delrole(jid, host, role_name)
1484 local username, userhost = jid_split(jid);
1485 if role_name == nil then host, role_name = userhost, host; end
1486 if not prosody.hosts[host] then
1487 return nil, "No such host: "..host;
1488 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1489 return nil, "No such user";
1490 end
1491 return um.remove_user_secondary_role(username, host, role_name);
1479 end 1492 end
1480 1493
1481 -- TODO switch to table view, include roles 1494 -- TODO switch to table view, include roles
1482 function def_env.user:list(host, pat) 1495 function def_env.user:list(host, pat)
1483 if not host then 1496 if not host then