Software /
code /
prosody
Comparison
plugins/mod_admin_shell.lua @ 12668:5d85de8b0723
mod_admin_shell: Update with new role management commands and help text
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 18 Aug 2022 16:46:07 +0100 |
parent | 12660:e8f57970ced5 |
child | 12670:4a00c8811ea8 |
comparison
equal
deleted
inserted
replaced
12667:0278987b8687 | 12668:5d85de8b0723 |
---|---|
269 print [[host:list() - List the currently-activated hosts]] | 269 print [[host:list() - List the currently-activated hosts]] |
270 elseif section == "user" then | 270 elseif section == "user" then |
271 print [[user:create(jid, password, roles) - Create the specified user account]] | 271 print [[user:create(jid, password, roles) - Create the specified user account]] |
272 print [[user:password(jid, password) - Set the password for the specified user account]] | 272 print [[user:password(jid, password) - Set the password for the specified user account]] |
273 print [[user:roles(jid, host) - Show current roles for an user]] | 273 print [[user:roles(jid, host) - Show current roles for an user]] |
274 print [[user:setroles(jid, host, roles) - Set roles for an user (see 'help roles')]] | 274 print [[user:setrole(jid, host, role) - Set primary role of a user (see 'help roles')]] |
275 print [[user:addrole(jid, host, role) - Add a secondary role to a user]] | |
276 print [[user:delrole(jid, host, role) - Remove a secondary role from a user]] | |
275 print [[user:delete(jid) - Permanently remove the specified user account]] | 277 print [[user:delete(jid) - Permanently remove the specified user account]] |
276 print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] | 278 print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] |
277 elseif section == "roles" then | 279 elseif section == "roles" then |
278 print [[Roles may grant access or restrict users from certain operations]] | 280 print [[Roles may grant access or restrict users from certain operations]] |
279 print [[Built-in roles are:]] | 281 print [[Built-in roles are:]] |
280 print [[ prosody:admin - Administrator]] | 282 print [[ prosody:user - Normal user (default)]] |
281 print [[ (empty set) - Normal user]] | 283 print [[ prosody:admin - Host administrator]] |
284 print [[ prosody:operator - Server administrator]] | |
282 print [[]] | 285 print [[]] |
283 print [[The canonical role format looks like: { ["example:role"] = true }]] | 286 print [[Roles can be assigned using the user management commands (see 'help user').]] |
284 print [[For convenience, the following formats are also accepted:]] | |
285 print [["admin" - short for "prosody:admin", the normal admin status (like the admins config option)]] | |
286 print [["example:role" - short for {["example:role"]=true}]] | |
287 print [[{"example:role"} - short for {["example:role"]=true}]] | |
288 elseif section == "muc" then | 287 elseif section == "muc" then |
289 -- TODO `muc:room():foo()` commands | 288 -- TODO `muc:room():foo()` commands |
290 print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]] | 289 print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]] |
291 print [[muc:list(host) - List rooms on the specified MUC component]] | 290 print [[muc:list(host) - List rooms on the specified MUC component]] |
292 print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]] | 291 print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]] |
1381 return true, c.." rooms"; | 1380 return true, c.." rooms"; |
1382 end | 1381 end |
1383 | 1382 |
1384 local um = require"core.usermanager"; | 1383 local um = require"core.usermanager"; |
1385 | 1384 |
1386 local function coerce_roles(roles) | |
1387 if roles == "admin" then roles = "prosody:admin"; end | |
1388 if type(roles) == "string" then roles = { [roles] = true }; end | |
1389 if roles[1] then for i, role in ipairs(roles) do roles[role], roles[i] = true, nil; end end | |
1390 return roles; | |
1391 end | |
1392 | |
1393 def_env.user = {}; | 1385 def_env.user = {}; |
1394 function def_env.user:create(jid, password, roles) | 1386 function def_env.user:create(jid, password, role) |
1395 local username, host = jid_split(jid); | 1387 local username, host = jid_split(jid); |
1396 if not prosody.hosts[host] then | 1388 if not prosody.hosts[host] then |
1397 return nil, "No such host: "..host; | 1389 return nil, "No such host: "..host; |
1398 elseif um.user_exists(username, host) then | 1390 elseif um.user_exists(username, host) then |
1399 return nil, "User exists"; | 1391 return nil, "User exists"; |
1400 end | 1392 end |
1401 local ok, err = um.create_user(username, password, host); | 1393 local ok, err = um.create_user(username, password, host); |
1402 if ok then | 1394 if ok then |
1403 if ok and roles then | 1395 if ok and role then |
1404 roles = coerce_roles(roles); | 1396 local role_ok, rerr = um.set_user_role(jid, host, role); |
1405 local roles_ok, rerr = um.set_roles(jid, host, roles); | 1397 if not role_ok then return nil, "User created, but could not set role: " .. tostring(rerr); end |
1406 if not roles_ok then return nil, "User created, but could not set roles: " .. tostring(rerr); end | |
1407 end | 1398 end |
1408 return true, "User created"; | 1399 return true, "User created"; |
1409 else | 1400 else |
1410 return nil, "Could not create user: "..err; | 1401 return nil, "Could not create user: "..err; |
1411 end | 1402 end |
1439 else | 1430 else |
1440 return nil, "Could not change password for user: "..err; | 1431 return nil, "Could not change password for user: "..err; |
1441 end | 1432 end |
1442 end | 1433 end |
1443 | 1434 |
1444 function def_env.user:roles(jid, host, new_roles) | 1435 function def_env.user:role(jid, host) |
1445 if new_roles or type(host) == "table" then | |
1446 return nil, "Use user:setroles(jid, host, roles) to change user roles"; | |
1447 end | |
1448 local username, userhost = jid_split(jid); | 1436 local username, userhost = jid_split(jid); |
1449 if host == nil then host = userhost; end | 1437 if host == nil then host = userhost; end |
1450 if host ~= "*" and not prosody.hosts[host] then | 1438 if not prosody.hosts[host] then |
1451 return nil, "No such host: "..host; | 1439 return nil, "No such host: "..host; |
1452 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then | 1440 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then |
1453 return nil, "No such user"; | 1441 return nil, "No such user"; |
1454 end | 1442 end |
1455 local roles = um.get_roles(jid, host); | 1443 |
1456 if not roles then return true, "No roles"; end | 1444 local primary_role = um.get_user_role(username, host); |
1457 local count = 0; | 1445 local secondary_roles = um.get_user_secondary_roles(username, host); |
1458 local print = self.session.print; | 1446 |
1459 for role in pairs(roles) do | 1447 print(primary_role and primary_role.name or "<none>"); |
1448 | |
1449 local count = primary_role and 1 or 0; | |
1450 for role_name in pairs(secondary_roles or {}) do | |
1460 count = count + 1; | 1451 count = count + 1; |
1461 print(role); | 1452 print(role_name.." (secondary)"); |
1462 end | 1453 end |
1454 | |
1463 return true, count == 1 and "1 role" or count.." roles"; | 1455 return true, count == 1 and "1 role" or count.." roles"; |
1464 end | 1456 end |
1465 def_env.user.showroles = def_env.user.roles; -- COMPAT | 1457 def_env.user.roles = def_env.user.role; |
1466 | 1458 |
1467 -- user:roles("someone@example.com", "example.com", {"prosody:admin"}) | 1459 -- user:setrole("someone@example.com", "example.com", "prosody:admin") |
1468 -- user:roles("someone@example.com", {"prosody:admin"}) | 1460 -- user:setrole("someone@example.com", "prosody:admin") |
1469 function def_env.user:setroles(jid, host, new_roles) | 1461 function def_env.user:setrole(jid, host, new_role) |
1470 local username, userhost = jid_split(jid); | 1462 local username, userhost = jid_split(jid); |
1471 if new_roles == nil then host, new_roles = userhost, host; end | 1463 if new_role == nil then host, new_role = userhost, host; end |
1472 if host ~= "*" and not prosody.hosts[host] then | 1464 if not prosody.hosts[host] then |
1473 return nil, "No such host: "..host; | 1465 return nil, "No such host: "..host; |
1474 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then | 1466 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then |
1475 return nil, "No such user"; | 1467 return nil, "No such user"; |
1476 end | 1468 end |
1477 if host == "*" then host = nil; end | 1469 return um.set_user_role(username, host, new_role); |
1478 return um.set_roles(jid, host, coerce_roles(new_roles)); | 1470 end |
1471 | |
1472 function def_env.user:addrole(jid, host, new_role) | |
1473 local username, userhost = jid_split(jid); | |
1474 if new_role == nil then host, new_role = userhost, host; end | |
1475 if not prosody.hosts[host] then | |
1476 return nil, "No such host: "..host; | |
1477 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then | |
1478 return nil, "No such user"; | |
1479 end | |
1480 return um.add_user_secondary_role(username, host, new_role); | |
1481 end | |
1482 | |
1483 function def_env.user:delrole(jid, host, role_name) | |
1484 local username, userhost = jid_split(jid); | |
1485 if role_name == nil then host, role_name = userhost, host; end | |
1486 if not prosody.hosts[host] then | |
1487 return nil, "No such host: "..host; | |
1488 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then | |
1489 return nil, "No such user"; | |
1490 end | |
1491 return um.remove_user_secondary_role(username, host, role_name); | |
1479 end | 1492 end |
1480 | 1493 |
1481 -- TODO switch to table view, include roles | 1494 -- TODO switch to table view, include roles |
1482 function def_env.user:list(host, pat) | 1495 function def_env.user:list(host, pat) |
1483 if not host then | 1496 if not host then |