prosody
4ea7bd7325be
plugins/muc/restrict_pm.lib.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/muc/restrict_pm.lib.lua @ 13792:4ea7bd7325be 13.0

core.portmanager: Restore use of per-host 'ssl' for SNI hosts. Fixes #1915. This was an unintentional regression, as per-host 'ssl' options became valid in 0.12 when SNI support was added for direct TLS ports. While we encourage most people to use the simpler automatic certificate selection (and it seems most do, given the overlooking of this bug), there are likely always going to be use cases for manually-configured certificates. The issue was introduced in commit 7e9ebdc75ce4 which inadvertently removed the per-host option checking for SNI.
author Kim Alvefur <zash@zash.se>
date Sat, 29 Mar 2025 22:25:19 +0100
parent 13578:5fb7b9a9346f
line wrap: on
line source

-- Based on code from mod_muc_restrict_pm in prosody-modules@d82c0383106a
-- by Nicholas George <wirlaburla@worlio.com>

local st = require "prosody.util.stanza";
local muc_util = module:require "muc/util";
local valid_roles = muc_util.valid_roles;

-- COMPAT w/ prosody-modules allow_pm
local compat_map = {
	everyone = "visitor";
	participants = "participant";
	moderators = "moderator";
	members = "affiliated";
};

local function get_allow_pm(room)
	local val = room._data.allow_pm;
	return compat_map[val] or val or "visitor";
end

local function set_allow_pm(room, val)
	if get_allow_pm(room) == val then return false; end
	room._data.allow_pm = val;
	return true;
end

local function get_allow_modpm(room)
	return room._data.allow_modpm or false;
end

local function set_allow_modpm(room, val)
	if get_allow_modpm(room) == val then return false; end
	room._data.allow_modpm = val;
	return true;
end

module:hook("muc-config-form", function(event)
	local pmval = get_allow_pm(event.room);
	table.insert(event.form, {
		name = 'muc#roomconfig_allowpm';
		type = 'list-single';
		label = 'Allow private messages from';
		options = {
			{ value = 'visitor', label = 'Everyone', default = pmval == 'visitor' };
			{ value = 'participant', label = 'Participants', default = pmval == 'participant' };
			{ value = 'moderator', label = 'Moderators', default = pmval == 'moderator' };
			{ value = 'affiliated', label = "Members", default = pmval == "affiliated" };
			{ value = 'none', label = 'No one', default = pmval == 'none' };
		}
	});
	table.insert(event.form, {
		name = '{xmpp:prosody.im}muc#allow_modpm';
		type = 'boolean';
		label = 'Always allow private messages to moderators';
		value = get_allow_modpm(event.room)
	});
end);

module:hook("muc-config-submitted/muc#roomconfig_allowpm", function(event)
	if set_allow_pm(event.room, event.value) then
		event.status_codes["104"] = true;
	end
end);

module:hook("muc-config-submitted/{xmpp:prosody.im}muc#allow_modpm", function(event)
	if set_allow_modpm(event.room, event.value) then
		event.status_codes["104"] = true;
	end
end);

local who_restricted = {
	none = "in this group";
	participant = "from guests";
	moderator = "from non-moderators";
	affiliated = "from non-members";
};

module:hook("muc-private-message", function(event)
	local stanza, room = event.stanza, event.room;
	local from_occupant = room:get_occupant_by_nick(stanza.attr.from);
	local to_occupant = room:get_occupant_by_nick(stanza.attr.to);

	-- To self is always okay
	if to_occupant.bare_jid == from_occupant.bare_jid then return; end

	if get_allow_modpm(room) then
		if to_occupant and to_occupant.role == 'moderator'
		or from_occupant and from_occupant.role == "moderator" then
			return; -- Allow to/from moderators
		end
	end

	local pmval = get_allow_pm(room);

	if pmval ~= "none" then
		if pmval == "affiliated" and room:get_affiliation(from_occupant.bare_jid) then
			return; -- Allow from affiliated users
		elseif valid_roles[from_occupant.role] >= valid_roles[pmval] then
			module:log("debug", "Allowing PM: %s(%d) >= %s(%d)", from_occupant.role, valid_roles[from_occupant.role], pmval, valid_roles[pmval]);
			return; -- Allow from a permitted role
		end
	end

	local msg = ("Private messages are restricted %s"):format(who_restricted[pmval]);
	module:log("debug", "Blocking PM from %s %s: %s", from_occupant.role, stanza.attr.from, msg);

	room:route_to_occupant(
		from_occupant,
		st.error_reply(stanza, "cancel", "policy-violation", msg, room.jid)
	);
	return false;
end, 1);

return {
	get_allow_pm = get_allow_pm;
	set_allow_pm = set_allow_pm;
	get_allow_modpm = get_allow_modpm;
	set_allow_modpm = set_allow_modpm;
};