prosody
a314f5bff9f0
plugins/muc/mod_muc.lua
Software / code / prosody
Comparison
plugins/muc/mod_muc.lua @ 12731:a314f5bff9f0
mod_muc: Better map restrict_room_creation to role permissions (behaviour change)
With this change and 427dd01f0864, room creation is now effectively restricted
to parent-host users by default. This is a better default than previous
Prosody versions (where room creation was not restricted).
The "local" option for restrict_room_creation is no longer used (any value
other than true/false won't change the default behaviour).
restrict_room_creation = true will grant prosody:admin the ability to create
rooms.
restrict_room_creation = false disables all permission checks.
Anything between these two can be achieved using custom roles and permissions.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 29 Sep 2022 12:30:52 +0100 |
| parent | 12642:9061f9621330 |
| child | 12854:73db76cc6472 |
comparison
equal
deleted
inserted
replaced
| 12730:427dd01f0864 | 12731:a314f5bff9f0 |
|---|---|
| 411 tombstone:save(true); | 411 tombstone:save(true); |
| 412 return true; | 412 return true; |
| 413 end, -10); | 413 end, -10); |
| 414 end | 414 end |
| 415 | 415 |
| 416 module:default_permission("prosody:admin", ":create-room"); | 416 local restrict_room_creation = module:get_option("restrict_room_creation"); |
| 417 | 417 module:default_permission(restrict_room_creation == true and "prosody:admin" or "prosody:user", ":create-room"); |
| 418 do | 418 module:hook("muc-room-pre-create", function(event) |
| 419 local restrict_room_creation = module:get_option("restrict_room_creation"); | 419 local origin, stanza = event.origin, event.stanza; |
| 420 if restrict_room_creation == true then | 420 if restrict_room_creation ~= false and not module:may(":create-room", event) then |
| 421 restrict_room_creation = "admin"; | 421 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); |
| 422 end | 422 return true; |
| 423 if restrict_room_creation then | 423 end |
| 424 local host_suffix = module.host:gsub("^[^%.]+%.", ""); | 424 end); |
| 425 module:hook("muc-room-pre-create", function(event) | |
| 426 local origin, stanza = event.origin, event.stanza; | |
| 427 local user_jid = stanza.attr.from; | |
| 428 if not module:may(":create-room", event) and not ( | |
| 429 restrict_room_creation == "local" and | |
| 430 select(2, jid_split(user_jid)) == host_suffix | |
| 431 ) then | |
| 432 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); | |
| 433 return true; | |
| 434 end | |
| 435 end); | |
| 436 end | |
| 437 end | |
| 438 | 425 |
| 439 for event_name, method in pairs { | 426 for event_name, method in pairs { |
| 440 -- Normal room interactions | 427 -- Normal room interactions |
| 441 ["iq-get/bare/http://jabber.org/protocol/disco#info:query"] = "handle_disco_info_get_query" ; | 428 ["iq-get/bare/http://jabber.org/protocol/disco#info:query"] = "handle_disco_info_get_query" ; |
| 442 ["iq-get/bare/http://jabber.org/protocol/disco#items:query"] = "handle_disco_items_get_query" ; | 429 ["iq-get/bare/http://jabber.org/protocol/disco#items:query"] = "handle_disco_items_get_query" ; |
