File

usermanager: Remove concept of global authz provider Rationale: - Removes a bunch of code! - We don't have many cases where an actor is not bound to one of our hosts - A notable exception is the admin shell, but if we ever attempt to lock those sessions down, there is a load of other work that also has to be done. And it's not clear if we would need a global authz provider for that anyway. - Removes an extra edge case from the necessary mental model for operators - Sessions that aren't bound to a host generally are anonymous or have an alternative auth model (such as by IP addres). - With the encapsulation now provided by util.roles, ad-hoc "detached roles" can still be created anyway by code that needs them.

This file documents the structure of the roster object.

table roster {
  [string bare_jid] = roster_item
}

table roster_item {
  string subscription = "none" | "to" | "from" | "both"
  string name = Opaque string set by client. (optional)
  set groups = a set of opaque strings set by the client
  boolean ask = nil | "subscribe" - a value of true indicates subscription is pending
}

The roster is available as
 hosts[host].sessions[username].roster
and a copy is made to session.roster for all sessions.

All modifications to a roster should be done through the rostermanager.