# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1730463045 -3600
# Node ID 67288253d9a2c69eff05a25937ea336bd83e536f
# Parent  3dc3781d02cd0743c003d21a5506a84ac4583979
mod_admin_shell: Reject attempt to add or remove roles for unrelated hosts

The three-argument version seems to be a left-over from 0.12

diff -r 3dc3781d02cd -r 67288253d9a2 plugins/mod_admin_shell.lua
--- a/plugins/mod_admin_shell.lua	Fri Nov 01 13:08:35 2024 +0100
+++ b/plugins/mod_admin_shell.lua	Fri Nov 01 13:10:45 2024 +0100
@@ -1785,6 +1785,8 @@
 		return nil, "No such host: "..host;
 	elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
 		return nil, "No such user";
+	elseif userhost ~= host then
+		return nil, "Can't add roles outside users own host"
 	end
 	return um.add_user_secondary_role(username, host, new_role);
 end
@@ -1797,6 +1799,8 @@
 		return nil, "No such host: "..host;
 	elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
 		return nil, "No such user";
+	elseif userhost ~= host then
+		return nil, "Can't remove roles outside users own host"
 	end
 	return um.remove_user_secondary_role(username, host, role_name);
 end