Software /
code /
prosody
File
plugins/muc/occupant.lib.lua @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 15 Aug 2022 15:25:07 +0100 |
parent | 7086:6cc7c9da29ed |
child | 12977:74b9e05af71e |
line wrap: on
line source
local pairs = pairs; local setmetatable = setmetatable; local st = require "util.stanza"; local util = module:require "muc/util"; local function get_filtered_presence(stanza) return util.filter_muc_x(st.clone(stanza)); end local occupant_mt = {}; occupant_mt.__index = occupant_mt; local function new_occupant(bare_real_jid, nick) return setmetatable({ bare_jid = bare_real_jid; nick = nick; -- in-room jid sessions = {}; -- hash from real_jid to presence stanzas. stanzas should not be modified role = nil; jid = nil; -- Primary session }, occupant_mt); end -- Deep copy an occupant local function copy_occupant(occupant) local sessions = {}; for full_jid, presence_stanza in pairs(occupant.sessions) do -- Don't keep unavailable presences, as they'll accumulate; unless they're the primary session if presence_stanza.attr.type ~= "unavailable" or full_jid == occupant.jid then sessions[full_jid] = presence_stanza; end end return setmetatable({ bare_jid = occupant.bare_jid; nick = occupant.nick; sessions = sessions; role = occupant.role; jid = occupant.jid; }, occupant_mt); end -- finds another session to be the primary (there might not be one) function occupant_mt:choose_new_primary() for jid, pr in self:each_session() do if pr.attr.type == nil then return jid; end end return nil; end function occupant_mt:set_session(real_jid, presence_stanza, replace_primary) local pr = get_filtered_presence(presence_stanza); pr.attr.from = self.nick; pr.attr.to = real_jid; self.sessions[real_jid] = pr; if replace_primary then self.jid = real_jid; elseif self.jid == nil or (pr.attr.type == "unavailable" and self.jid == real_jid) then -- Only leave an unavailable presence as primary when there are no other options self.jid = self:choose_new_primary() or real_jid; end end function occupant_mt:remove_session(real_jid) -- Delete original session self.sessions[real_jid] = nil; if self.jid == real_jid then self.jid = self:choose_new_primary(); end end function occupant_mt:each_session() return pairs(self.sessions) end function occupant_mt:get_presence(real_jid) return self.sessions[real_jid or self.jid] end return { new = new_occupant; copy = copy_occupant; mt = occupant_mt; }