prosody
72f431b4dc2c
plugins/mod_admin_shell.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_admin_shell.lua @ 12674:72f431b4dc2c

Merge role-auth->trunk
author Matthew Wild <mwild1@gmail.com>
date Mon, 22 Aug 2022 13:53:35 +0100
parent 12672:c8f59ce7d3cf
child 12675:db8c795ca81a
comparison
equal deleted inserted replaced
12639:6d9ee0a3eb4b 12674:72f431b4dc2c
266 elseif section == "host" then 266 elseif section == "host" then
267 print [[host:activate(hostname) - Activates the specified host]] 267 print [[host:activate(hostname) - Activates the specified host]]
268 print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]] 268 print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]]
269 print [[host:list() - List the currently-activated hosts]] 269 print [[host:list() - List the currently-activated hosts]]
270 elseif section == "user" then 270 elseif section == "user" then
271 print [[user:create(jid, password, roles) - Create the specified user account]] 271 print [[user:create(jid, password, role) - Create the specified user account]]
272 print [[user:password(jid, password) - Set the password for the specified user account]] 272 print [[user:password(jid, password) - Set the password for the specified user account]]
273 print [[user:roles(jid, host) - Show current roles for an user]] 273 print [[user:roles(jid, host) - Show current roles for an user]]
274 print [[user:setroles(jid, host, roles) - Set roles for an user (see 'help roles')]] 274 print [[user:setrole(jid, host, role) - Set primary role of a user (see 'help roles')]]
275 print [[user:addrole(jid, host, role) - Add a secondary role to a user]]
276 print [[user:delrole(jid, host, role) - Remove a secondary role from a user]]
275 print [[user:delete(jid) - Permanently remove the specified user account]] 277 print [[user:delete(jid) - Permanently remove the specified user account]]
276 print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] 278 print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]]
277 elseif section == "roles" then 279 elseif section == "roles" then
278 print [[Roles may grant access or restrict users from certain operations]] 280 print [[Roles may grant access or restrict users from certain operations]]
279 print [[Built-in roles are:]] 281 print [[Built-in roles are:]]
280 print [[ prosody:admin - Administrator]] 282 print [[ prosody:user - Normal user (default)]]
281 print [[ (empty set) - Normal user]] 283 print [[ prosody:admin - Host administrator]]
284 print [[ prosody:operator - Server administrator]]
282 print [[]] 285 print [[]]
283 print [[The canonical role format looks like: { ["example:role"] = true }]] 286 print [[Roles can be assigned using the user management commands (see 'help user').]]
284 print [[For convenience, the following formats are also accepted:]]
285 print [["admin" - short for "prosody:admin", the normal admin status (like the admins config option)]]
286 print [["example:role" - short for {["example:role"]=true}]]
287 print [[{"example:role"} - short for {["example:role"]=true}]]
288 elseif section == "muc" then 287 elseif section == "muc" then
289 -- TODO `muc:room():foo()` commands 288 -- TODO `muc:room():foo()` commands
290 print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]] 289 print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]]
291 print [[muc:list(host) - List rooms on the specified MUC component]] 290 print [[muc:list(host) - List rooms on the specified MUC component]]
292 print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]] 291 print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]]
941 else 940 else
942 return "Completed"; 941 return "Completed";
943 end 942 end
944 end 943 end
945 }; 944 };
945 role = {
946 title = "Role";
947 description = "Session role";
948 width = 20;
949 key = "role";
950 mapper = function(role)
951 return role.name;
952 end;
953 }
946 }; 954 };
947 955
948 local function get_colspec(colspec, default) 956 local function get_colspec(colspec, default)
949 if type(colspec) == "string" then colspec = array(colspec:gmatch("%S+")); end 957 if type(colspec) == "string" then colspec = array(colspec:gmatch("%S+")); end
950 local columns = {}; 958 local columns = {};
961 return columns; 969 return columns;
962 end 970 end
963 971
964 function def_env.c2s:show(match_jid, colspec) 972 function def_env.c2s:show(match_jid, colspec)
965 local print = self.session.print; 973 local print = self.session.print;
966 local columns = get_colspec(colspec, { "id"; "jid"; "ipv"; "status"; "secure"; "smacks"; "csi" }); 974 local columns = get_colspec(colspec, { "id"; "jid"; "role"; "ipv"; "status"; "secure"; "smacks"; "csi" });
967 local row = format_table(columns, self.session.width); 975 local row = format_table(columns, self.session.width);
968 976
969 local function match(session) 977 local function match(session)
970 local jid = get_jid(session) 978 local jid = get_jid(session)
971 return (not match_jid) or jid == match_jid; 979 return (not match_jid) or jid == match_jid;
1372 return true, c.." rooms"; 1380 return true, c.." rooms";
1373 end 1381 end
1374 1382
1375 local um = require"core.usermanager"; 1383 local um = require"core.usermanager";
1376 1384
1377 local function coerce_roles(roles)
1378 if roles == "admin" then roles = "prosody:admin"; end
1379 if type(roles) == "string" then roles = { [roles] = true }; end
1380 if roles[1] then for i, role in ipairs(roles) do roles[role], roles[i] = true, nil; end end
1381 return roles;
1382 end
1383
1384 def_env.user = {}; 1385 def_env.user = {};
1385 function def_env.user:create(jid, password, roles) 1386 function def_env.user:create(jid, password, role)
1386 local username, host = jid_split(jid); 1387 local username, host = jid_split(jid);
1387 if not prosody.hosts[host] then 1388 if not prosody.hosts[host] then
1388 return nil, "No such host: "..host; 1389 return nil, "No such host: "..host;
1389 elseif um.user_exists(username, host) then 1390 elseif um.user_exists(username, host) then
1390 return nil, "User exists"; 1391 return nil, "User exists";
1391 end 1392 end
1392 local ok, err = um.create_user(username, password, host); 1393 local ok, err = um.create_user(username, nil, host);
1393 if ok then 1394 if not ok then
1394 if ok and roles then
1395 roles = coerce_roles(roles);
1396 local roles_ok, rerr = um.set_roles(jid, host, roles);
1397 if not roles_ok then return nil, "User created, but could not set roles: " .. tostring(rerr); end
1398 end
1399 return true, "User created";
1400 else
1401 return nil, "Could not create user: "..err; 1395 return nil, "Could not create user: "..err;
1402 end 1396 end
1397
1398 if role then
1399 local role_ok, rerr = um.set_user_role(jid, host, role);
1400 if not role_ok then
1401 return nil, "Could not set role: " .. tostring(rerr);
1402 end
1403 end
1404
1405 local ok, err = um.set_password(username, password, host, nil);
1406 if not ok then
1407 return nil, "Could not set password for user: "..err;
1408 end
1409
1410 return true, "User created";
1403 end 1411 end
1404 1412
1405 function def_env.user:delete(jid) 1413 function def_env.user:delete(jid)
1406 local username, host = jid_split(jid); 1414 local username, host = jid_split(jid);
1407 if not prosody.hosts[host] then 1415 if not prosody.hosts[host] then
1430 else 1438 else
1431 return nil, "Could not change password for user: "..err; 1439 return nil, "Could not change password for user: "..err;
1432 end 1440 end
1433 end 1441 end
1434 1442
1435 function def_env.user:roles(jid, host, new_roles) 1443 function def_env.user:role(jid, host)
1436 if new_roles or type(host) == "table" then
1437 return nil, "Use user:setroles(jid, host, roles) to change user roles";
1438 end
1439 local username, userhost = jid_split(jid); 1444 local username, userhost = jid_split(jid);
1440 if host == nil then host = userhost; end 1445 if host == nil then host = userhost; end
1441 if host ~= "*" and not prosody.hosts[host] then 1446 if not prosody.hosts[host] then
1442 return nil, "No such host: "..host; 1447 return nil, "No such host: "..host;
1443 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then 1448 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1444 return nil, "No such user"; 1449 return nil, "No such user";
1445 end 1450 end
1446 local roles = um.get_roles(jid, host); 1451
1447 if not roles then return true, "No roles"; end 1452 local primary_role = um.get_user_role(username, host);
1448 local count = 0; 1453 local secondary_roles = um.get_user_secondary_roles(username, host);
1449 local print = self.session.print; 1454
1450 for role in pairs(roles) do 1455 print(primary_role and primary_role.name or "<none>");
1456
1457 local count = primary_role and 1 or 0;
1458 for role_name in pairs(secondary_roles or {}) do
1451 count = count + 1; 1459 count = count + 1;
1452 print(role); 1460 print(role_name.." (secondary)");
1453 end 1461 end
1462
1454 return true, count == 1 and "1 role" or count.." roles"; 1463 return true, count == 1 and "1 role" or count.." roles";
1455 end 1464 end
1456 def_env.user.showroles = def_env.user.roles; -- COMPAT 1465 def_env.user.roles = def_env.user.role;
1457 1466
1458 -- user:roles("someone@example.com", "example.com", {"prosody:admin"}) 1467 -- user:setrole("someone@example.com", "example.com", "prosody:admin")
1459 -- user:roles("someone@example.com", {"prosody:admin"}) 1468 -- user:setrole("someone@example.com", "prosody:admin")
1460 function def_env.user:setroles(jid, host, new_roles) 1469 function def_env.user:setrole(jid, host, new_role)
1461 local username, userhost = jid_split(jid); 1470 local username, userhost = jid_split(jid);
1462 if new_roles == nil then host, new_roles = userhost, host; end 1471 if new_role == nil then host, new_role = userhost, host; end
1463 if host ~= "*" and not prosody.hosts[host] then 1472 if not prosody.hosts[host] then
1464 return nil, "No such host: "..host; 1473 return nil, "No such host: "..host;
1465 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then 1474 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1466 return nil, "No such user"; 1475 return nil, "No such user";
1467 end 1476 end
1468 if host == "*" then host = nil; end 1477 return um.set_user_role(username, host, new_role);
1469 return um.set_roles(jid, host, coerce_roles(new_roles)); 1478 end
1479
1480 function def_env.user:addrole(jid, host, new_role)
1481 local username, userhost = jid_split(jid);
1482 if new_role == nil then host, new_role = userhost, host; end
1483 if not prosody.hosts[host] then
1484 return nil, "No such host: "..host;
1485 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1486 return nil, "No such user";
1487 end
1488 return um.add_user_secondary_role(username, host, new_role);
1489 end
1490
1491 function def_env.user:delrole(jid, host, role_name)
1492 local username, userhost = jid_split(jid);
1493 if role_name == nil then host, role_name = userhost, host; end
1494 if not prosody.hosts[host] then
1495 return nil, "No such host: "..host;
1496 elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
1497 return nil, "No such user";
1498 end
1499 return um.remove_user_secondary_role(username, host, role_name);
1470 end 1500 end
1471 1501
1472 -- TODO switch to table view, include roles 1502 -- TODO switch to table view, include roles
1473 function def_env.user:list(host, pat) 1503 function def_env.user:list(host, pat)
1474 if not host then 1504 if not host then