# HG changeset patch # User Matthew Wild # Date 1699358037 0 # Node ID 113ce2ac73a2be23860810ad2402c929394d9055 # Parent d539cb48c6e933e62a9ce0eca1d604f64a955db7 moduleapi: may(): Support explicit actor_jid in context object diff -r d539cb48c6e9 -r 113ce2ac73a2 core/moduleapi.lua --- a/core/moduleapi.lua Tue Nov 07 11:50:59 2023 +0000 +++ b/core/moduleapi.lua Tue Nov 07 11:53:57 2023 +0000 @@ -715,29 +715,35 @@ if action:byte(1) == 58 then -- action begins with ':' action = self.name..action; -- prepend module name end - if type(context) == "string" then -- check JID permissions - local role; - local node, host = jid_split(context); - if host == self.host then - role = hosts[host].authz.get_user_role(node); - else - role = hosts[self.host].authz.get_jid_role(context); + + do + -- JID-based actor + local actor_jid = type(context) == "string" and context or context.actor_jid; + if actor_jid then -- check JID permissions + local role; + local node, host = jid_split(actor_jid); + if host == self.host then + role = hosts[host].authz.get_user_role(node); + else + role = hosts[self.host].authz.get_jid_role(actor_jid); + end + if not role then + if not peek then + self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action); + end + return false; + end + local permit = role:may(action); + if not permit then + if not peek then + self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name); + end + end + return permit; end - if not role then - if not peek then - self:log("debug", "Access denied: JID <%s> may not %s (no role found)", context, action); - end - return false; - end - local permit = role:may(action); - if not permit then - if not peek then - self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name); - end - end - return permit; end + -- Session-based actor local session = context.origin or context.session; if type(session) ~= "table" then error("Unable to identify actor session from context");