Software /
code /
prosody
Diff
core/moduleapi.lua @ 12690:546c7e0f3f31
core.moduleapi: Check for local role-aware sessions before e.g. s2s
The condition checked for s2sin but not s2sout, so would have ignored
bidi-enabled s2sout sessions. Components as well.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 29 Aug 2022 11:47:31 +0200 |
parent | 12662:07424992d7fc |
child | 12874:b9468c8ac1d3 |
line wrap: on
line diff
--- a/core/moduleapi.lua Mon Aug 29 15:48:07 2022 +0100 +++ b/core/moduleapi.lua Mon Aug 29 11:47:31 2022 +0200 @@ -649,7 +649,15 @@ if type(session) ~= "table" then error("Unable to identify actor session from context"); end - if session.type == "s2sin" or (session.type == "c2s" and session.host ~= self.host) then + if session.role and session.type == "c2s" and session.host == self.host then + local permit = session.role:may(action, context); + if not permit then + self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)", + session.id, session.full_jid, action, session.role.name + ); + end + return permit; + else local actor_jid = context.stanza.attr.from; local role = hosts[self.host].authz.get_jid_role(actor_jid); if not role then @@ -661,14 +669,6 @@ self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name); end return permit; - elseif session.role then - local permit = session.role:may(action, context); - if not permit then - self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)", - session.id, session.full_jid, action, session.role.name - ); - end - return permit; end end