# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1648042735 0
# Node ID 3dfcdcab5446abb4002955880ad02162a4b900fb
# Parent  95f33a006c03a84a80e4654327273cbddd1a3c33
MUC: Allow kicking users with the same affiliation as the kicker (fixes #1724)

This is allowed by XEP-0045, which states:

"A moderator SHOULD NOT be allowed to revoke moderation privileges from
someone with a higher affiliation than themselves (i.e., an unaffiliated
moderator SHOULD NOT be allowed to revoke moderation privileges from an admin
or an owner, and an admin SHOULD NOT be allowed to revoke moderation
privileges from an owner)."

diff -r 95f33a006c03 -r 3dfcdcab5446 plugins/muc/muc.lib.lua
--- a/plugins/muc/muc.lib.lua	Wed Mar 23 15:29:01 2022 +0100
+++ b/plugins/muc/muc.lib.lua	Wed Mar 23 13:38:55 2022 +0000
@@ -1583,15 +1583,16 @@
 		return event.allowed, event.error, event.condition;
 	end
 
-	-- Can't do anything to other owners or admins
-	local occupant_affiliation = self:get_affiliation(occupant.bare_jid);
-	if occupant_affiliation == "owner" or occupant_affiliation == "admin" then
+	local actor_affiliation = self:get_affiliation(actor) or "none";
+	local occupant_affiliation = self:get_affiliation(occupant.bare_jid) or "none";
+
+	-- Can't do anything to someone with higher affiliation
+	if valid_affiliations[actor_affiliation] < valid_affiliations[occupant_affiliation] then
 		return nil, "cancel", "not-allowed";
 	end
 
 	-- If you are trying to give or take moderator role you need to be an owner or admin
 	if occupant.role == "moderator" or role == "moderator" then
-		local actor_affiliation = self:get_affiliation(actor);
 		if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then
 			return nil, "cancel", "not-allowed";
 		end