prosody
f299e570a0fe
core/usermanager.lua
Software / code / prosody
Comparison
core/usermanager.lua @ 12648:f299e570a0fe
mod_authz_internal: Use util.roles, some API changes and config support
This commit was too awkward to split (hg record didn't like it), so:
- Switch to the new util.roles lib to provide a consistent representation of
a role object.
- Change API method from get_role_info() to get_role_by_name() (touches
sessionmanager and usermanager)
- Change get_roles() to get_user_roles(), take a username instead of a JID
This is more consistent with all other usermanager API methods.
- Support configuration of custom roles and permissions via the config file
(to be documented).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 19 Jul 2022 18:02:02 +0100 |
| parent | 12646:3f38f4735c7a |
| child | 12653:e4a412a54462 |
comparison
equal
deleted
inserted
replaced
| 12647:a661292d074a | 12648:f299e570a0fe |
|---|---|
| 8 | 8 |
| 9 local modulemanager = require "core.modulemanager"; | 9 local modulemanager = require "core.modulemanager"; |
| 10 local log = require "util.logger".init("usermanager"); | 10 local log = require "util.logger".init("usermanager"); |
| 11 local type = type; | 11 local type = type; |
| 12 local it = require "util.iterators"; | 12 local it = require "util.iterators"; |
| 13 local jid_bare = require "util.jid".bare; | |
| 14 local jid_split = require "util.jid".split; | |
| 15 local jid_prep = require "util.jid".prep; | 13 local jid_prep = require "util.jid".prep; |
| 16 local config = require "core.configmanager"; | 14 local config = require "core.configmanager"; |
| 17 local sasl_new = require "util.sasl".new; | 15 local sasl_new = require "util.sasl".new; |
| 18 local storagemanager = require "core.storagemanager"; | 16 local storagemanager = require "core.storagemanager"; |
| 19 local set = require "util.set"; | 17 local set = require "util.set"; |
| 148 | 146 |
| 149 local function get_provider(host) | 147 local function get_provider(host) |
| 150 return hosts[host].users; | 148 return hosts[host].users; |
| 151 end | 149 end |
| 152 | 150 |
| 153 local function get_roles(jid, host) | 151 -- Returns a map of { [role_name] = role, ... } that a user is allowed to assume |
| 154 if host and not hosts[host] then return false; end | 152 local function get_user_roles(user, host) |
| 155 if type(jid) ~= "string" then return false; end | 153 if host and not hosts[host] then return false; end |
| 156 | 154 if type(user) ~= "string" then return false; end |
| 157 jid = jid_bare(jid); | 155 |
| 158 host = host or "*"; | 156 host = host or "*"; |
| 159 | 157 |
| 160 local actor_user, actor_host = jid_split(jid); | 158 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
| 161 local roles; | 159 return authz_provider.get_user_roles(user); |
| 162 | 160 end |
| 163 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; | 161 |
| 164 | 162 local function get_user_default_role(user, host) |
| 165 if actor_user and actor_host == host then -- Local user | 163 if host and not hosts[host] then return false; end |
| 166 roles = authz_provider.get_user_roles(actor_user); | 164 if type(user) ~= "string" then return false; end |
| 167 else -- Remote user/JID | 165 |
| 168 roles = authz_provider.get_jid_roles(jid); | 166 host = host or "*"; |
| 167 | |
| 168 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; | |
| 169 return authz_provider.get_user_default_role(user); | |
| 170 end | |
| 171 | |
| 172 -- Accepts a set of role names which the user is allowed to assume | |
| 173 local function set_user_roles(user, host, roles) | |
| 174 if host and not hosts[host] then return false; end | |
| 175 if type(user) ~= "string" then return false; end | |
| 176 | |
| 177 host = host or "*"; | |
| 178 | |
| 179 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; | |
| 180 local ok, err = authz_provider.set_user_roles(user, roles); | |
| 181 if ok then | |
| 182 prosody.events.fire_event("user-roles-changed", { | |
| 183 username = user, host = host | |
| 184 }); | |
| 169 end | 185 end |
| 170 | 186 return ok, err; |
| 171 return roles; | 187 end |
| 172 end | 188 |
| 173 | 189 local function get_jid_role(jid, host) |
| 174 local function set_roles(jid, host, roles) | 190 host = host or "*"; |
| 175 if host and not hosts[host] then return false; end | 191 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
| 176 if type(jid) ~= "string" then return false; end | 192 return authz_provider.get_jid_role(jid); |
| 177 | 193 end |
| 178 jid = jid_bare(jid); | 194 |
| 179 host = host or "*"; | 195 local function set_jid_role(jid, host, role_name) |
| 180 | 196 host = host or "*"; |
| 181 local actor_user, actor_host = jid_split(jid); | 197 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
| 182 | 198 return authz_provider.set_jid_role(jid, role_name) |
| 183 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; | |
| 184 if actor_user and actor_host == host then -- Local user | |
| 185 local ok, err = authz_provider.set_user_roles(actor_user, roles); | |
| 186 if ok then | |
| 187 prosody.events.fire_event("user-roles-changed", { | |
| 188 username = actor_user, host = actor_host | |
| 189 }); | |
| 190 end | |
| 191 return ok, err; | |
| 192 else -- Remote entity | |
| 193 return authz_provider.set_jid_roles(jid, roles) | |
| 194 end | |
| 195 end | 199 end |
| 196 | 200 |
| 197 local function get_users_with_role(role, host) | 201 local function get_users_with_role(role, host) |
| 198 if not hosts[host] then return false; end | 202 if not hosts[host] then return false; end |
| 199 if type(role) ~= "string" then return false; end | 203 if type(role) ~= "string" then return false; end |
| 207 | 211 |
| 208 host = host or "*"; | 212 host = host or "*"; |
| 209 | 213 |
| 210 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; | 214 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
| 211 return authz_provider.get_jids_with_role(role); | 215 return authz_provider.get_jids_with_role(role); |
| 216 end | |
| 217 | |
| 218 local function get_role_by_name(role_name, host) | |
| 219 if host and not hosts[host] then return false; end | |
| 220 if type(role_name) ~= "string" then return false; end | |
| 221 | |
| 222 host = host or "*"; | |
| 223 | |
| 224 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; | |
| 225 return authz_provider.get_role_by_name(role_name); | |
| 212 end | 226 end |
| 213 | 227 |
| 214 return { | 228 return { |
| 215 new_null_provider = new_null_provider; | 229 new_null_provider = new_null_provider; |
| 216 initialize_host = initialize_host; | 230 initialize_host = initialize_host; |
| 222 create_user = create_user; | 236 create_user = create_user; |
| 223 delete_user = delete_user; | 237 delete_user = delete_user; |
| 224 users = users; | 238 users = users; |
| 225 get_sasl_handler = get_sasl_handler; | 239 get_sasl_handler = get_sasl_handler; |
| 226 get_provider = get_provider; | 240 get_provider = get_provider; |
| 227 get_roles = get_roles; | 241 get_user_default_role = get_user_default_role; |
| 228 set_roles = set_roles; | 242 get_user_roles = get_user_roles; |
| 243 set_user_roles = set_user_roles; | |
| 229 get_users_with_role = get_users_with_role; | 244 get_users_with_role = get_users_with_role; |
| 245 get_jid_role = get_jid_role; | |
| 246 set_jid_role = set_jid_role; | |
| 230 get_jids_with_role = get_jids_with_role; | 247 get_jids_with_role = get_jids_with_role; |
| 248 get_role_by_name = get_role_by_name; | |
| 231 }; | 249 }; |
