prosody
9061f9621330
plugins/muc/mod_muc.lua
Software / code / prosody
Comparison
plugins/muc/mod_muc.lua @ 12642:9061f9621330
Switch to a new role-based authorization framework, removing is_admin()
We began moving away from simple "is this user an admin?" permission checks
before 0.12, with the introduction of mod_authz_internal and the ability to
dynamically change the roles of individual users.
The approach in 0.12 still had various limitations however, and apart from
the introduction of roles other than "admin" and the ability to pull that info
from storage, not much actually changed.
This new framework shakes things up a lot, though aims to maintain the same
functionality and behaviour on the surface for a default Prosody
configuration. That is, if you don't take advantage of any of the new
features, you shouldn't notice any change.
The biggest change visible to developers is that usermanager.is_admin() (and
the auth provider is_admin() method) have been removed. Gone. Completely.
Permission checks should now be performed using a new module API method:
module:may(action_name, context)
This method accepts an action name, followed by either a JID (string) or
(preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g.
the standard object passed to most events). It will return true if the action
should be permitted, or false/nil otherwise.
Modules should no longer perform permission checks based on the role name.
E.g. a lot of code previously checked if the user's role was prosody:admin
before permitting some action. Since many roles might now exist with similar
permissions, and the permissions of prosody:admin may be redefined
dynamically, it is no longer suitable to use this method for permission
checks. Use module:may().
If you start an action name with ':' (recommended) then the current module's
name will automatically be used as a prefix.
To define a new permission, use the new module API:
module:default_permission(role_name, action_name)
module:default_permissions(role_name, { action_name[, action_name...] })
This grants the specified role permission to execute the named action(s) by
default. This may be overridden via other mechanisms external to your module.
The built-in roles that developers should use are:
- prosody:user (normal user)
- prosody:admin (host admin)
- prosody:operator (global admin)
The new prosody:operator role is intended for server-wide actions (such as
shutting down Prosody).
Finally, all usage of is_admin() in modules has been fixed by this commit.
Some of these changes were trickier than others, but no change is expected to
break existing deployments.
EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's
very possible nobody is using this, but if someone is then we can later update
it to pull roles from LDAP somehow.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 15 Jun 2022 12:15:01 +0100 |
| parent | 12108:e9882c4c397f |
| child | 12731:a314f5bff9f0 |
comparison
equal
deleted
inserted
replaced
| 12641:e9865b0cfb89 | 12642:9061f9621330 |
|---|---|
| 98 local jid_split = require "util.jid".split; | 98 local jid_split = require "util.jid".split; |
| 99 local jid_prep = require "util.jid".prep; | 99 local jid_prep = require "util.jid".prep; |
| 100 local jid_bare = require "util.jid".bare; | 100 local jid_bare = require "util.jid".bare; |
| 101 local st = require "util.stanza"; | 101 local st = require "util.stanza"; |
| 102 local cache = require "util.cache"; | 102 local cache = require "util.cache"; |
| 103 local um_is_admin = require "core.usermanager".is_admin; | |
| 104 | 103 |
| 105 module:require "muc/config_form_sections"; | 104 module:require "muc/config_form_sections"; |
| 106 | 105 |
| 107 module:depends("disco"); | 106 module:depends("disco"); |
| 108 module:add_identity("conference", "text", module:get_option_string("name", "Prosody Chatrooms")); | 107 module:add_identity("conference", "text", module:get_option_string("name", "Prosody Chatrooms")); |
| 109 module:add_feature("http://jabber.org/protocol/muc"); | 108 module:add_feature("http://jabber.org/protocol/muc"); |
| 110 module:depends "muc_unique" | 109 module:depends "muc_unique" |
| 111 module:require "muc/hats"; | 110 module:require "muc/hats"; |
| 112 module:require "muc/lock"; | 111 module:require "muc/lock"; |
| 113 | 112 |
| 114 local function is_admin(jid) | 113 module:default_permissions("prosody:admin", { |
| 115 return um_is_admin(jid, module.host); | 114 ":automatic-ownership"; |
| 116 end | 115 ":create-room"; |
| 116 ":recreate-destroyed-room"; | |
| 117 }); | |
| 117 | 118 |
| 118 if module:get_option_boolean("component_admins_as_room_owners", true) then | 119 if module:get_option_boolean("component_admins_as_room_owners", true) then |
| 119 -- Monkey patch to make server admins room owners | 120 -- Monkey patch to make server admins room owners |
| 120 local _get_affiliation = room_mt.get_affiliation; | 121 local _get_affiliation = room_mt.get_affiliation; |
| 121 function room_mt:get_affiliation(jid) | 122 function room_mt:get_affiliation(jid) |
| 122 if is_admin(jid) then return "owner"; end | 123 if module:may(":automatic-ownership", jid) then return "owner"; end |
| 123 return _get_affiliation(self, jid); | 124 return _get_affiliation(self, jid); |
| 124 end | 125 end |
| 125 | 126 |
| 126 local _set_affiliation = room_mt.set_affiliation; | 127 local _set_affiliation = room_mt.set_affiliation; |
| 127 function room_mt:set_affiliation(actor, jid, affiliation, reason, data) | 128 function room_mt:set_affiliation(actor, jid, affiliation, reason, data) |
| 128 if affiliation ~= "owner" and is_admin(jid) then return nil, "modify", "not-acceptable"; end | 129 if affiliation ~= "owner" and module:may(":automatic-ownership", jid) then return nil, "modify", "not-acceptable"; end |
| 129 return _set_affiliation(self, actor, jid, affiliation, reason, data); | 130 return _set_affiliation(self, actor, jid, affiliation, reason, data); |
| 130 end | 131 end |
| 131 end | 132 end |
| 132 | 133 |
| 133 local persistent_rooms_storage = module:open_store("persistent"); | 134 local persistent_rooms_storage = module:open_store("persistent"); |
| 410 tombstone:save(true); | 411 tombstone:save(true); |
| 411 return true; | 412 return true; |
| 412 end, -10); | 413 end, -10); |
| 413 end | 414 end |
| 414 | 415 |
| 416 module:default_permission("prosody:admin", ":create-room"); | |
| 417 | |
| 415 do | 418 do |
| 416 local restrict_room_creation = module:get_option("restrict_room_creation"); | 419 local restrict_room_creation = module:get_option("restrict_room_creation"); |
| 417 if restrict_room_creation == true then | 420 if restrict_room_creation == true then |
| 418 restrict_room_creation = "admin"; | 421 restrict_room_creation = "admin"; |
| 419 end | 422 end |
| 420 if restrict_room_creation then | 423 if restrict_room_creation then |
| 421 local host_suffix = module.host:gsub("^[^%.]+%.", ""); | 424 local host_suffix = module.host:gsub("^[^%.]+%.", ""); |
| 422 module:hook("muc-room-pre-create", function(event) | 425 module:hook("muc-room-pre-create", function(event) |
| 423 local origin, stanza = event.origin, event.stanza; | 426 local origin, stanza = event.origin, event.stanza; |
| 424 local user_jid = stanza.attr.from; | 427 local user_jid = stanza.attr.from; |
| 425 if not is_admin(user_jid) and not ( | 428 if not module:may(":create-room", event) and not ( |
| 426 restrict_room_creation == "local" and | 429 restrict_room_creation == "local" and |
| 427 select(2, jid_split(user_jid)) == host_suffix | 430 select(2, jid_split(user_jid)) == host_suffix |
| 428 ) then | 431 ) then |
| 429 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); | 432 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); |
| 430 return true; | 433 return true; |
| 463 local room_jid = jid_bare(stanza.attr.to); | 466 local room_jid = jid_bare(stanza.attr.to); |
| 464 local room = get_room_from_jid(room_jid); | 467 local room = get_room_from_jid(room_jid); |
| 465 | 468 |
| 466 if room and room._data.destroyed then | 469 if room and room._data.destroyed then |
| 467 if room._data.locked < os.time() | 470 if room._data.locked < os.time() |
| 468 or (is_admin(stanza.attr.from) and stanza.name == "presence" and stanza.attr.type == nil) then | 471 or (module:may(":recreate-destroyed-room", event) and stanza.name == "presence" and stanza.attr.type == nil) then |
| 469 -- Allow the room to be recreated by admin or after time has passed | 472 -- Allow the room to be recreated by admin or after time has passed |
| 470 delete_room(room); | 473 delete_room(room); |
| 471 room = nil; | 474 room = nil; |
| 472 else | 475 else |
| 473 if stanza.attr.type ~= "error" then | 476 if stanza.attr.type ~= "error" then |
