prosody
c0eea4f6c739
teal-src/util/error.d.tl
Software / code / prosody
File
teal-src/util/error.d.tl @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 15 Aug 2022 15:25:07 +0100 |
| parent | 12626:608443cc765c |
line wrap: on
line source
local enum error_type "auth" "cancel" "continue" "modify" "wait" end local enum error_condition "bad-request" "conflict" "feature-not-implemented" "forbidden" "gone" "internal-server-error" "item-not-found" "jid-malformed" "not-acceptable" "not-allowed" "not-authorized" "policy-violation" "recipient-unavailable" "redirect" "registration-required" "remote-server-not-found" "remote-server-timeout" "resource-constraint" "service-unavailable" "subscription-required" "undefined-condition" "unexpected-request" end local record protoerror type : error_type condition : error_condition text : string code : integer end local record Error type : error_type condition : error_condition text : string code : integer context : { any : any } source : string end local type compact_registry_item = { string, string, string, string } local type compact_registry = { compact_registry_item } local type registry = { string : protoerror } local type context = { string : any } local record error_registry_wrapper source : string registry : registry new : function (string, context) : Error coerce : function (any, string) : any, Error wrap : function (Error) : Error wrap : function (string, context) : Error is_error : function (any) : boolean end local record lib record configure_opt auto_inject_traceback : boolean end new : function (protoerror, context, { string : protoerror }, string) : Error init : function (string, string, registry | compact_registry) : error_registry_wrapper init : function (string, registry | compact_registry) : error_registry_wrapper is_error : function (any) : boolean coerce : function (any, string) : any, Error from_stanza : function (table, context, string) : Error configure : function end return lib
