# HG changeset patch # User Florian Zeitz # Date 1374701432 -7200 # Node ID 785da1854eb9ef4d7be5aab054297956c9637801 # Parent 91f8cd53584cd447063b439bb5477b4e11b78ca8 mod_adhoc: Add local_user permission diff -r 91f8cd53584c -r 785da1854eb9 plugins/adhoc/mod_adhoc.lua --- a/plugins/adhoc/mod_adhoc.lua Wed Jul 24 22:58:44 2013 +0200 +++ b/plugins/adhoc/mod_adhoc.lua Wed Jul 24 23:30:32 2013 +0200 @@ -9,6 +9,7 @@ local keys = require "util.iterators".keys; local array_collect = require "util.array".collect; local is_admin = require "core.usermanager".is_admin; +local jid_split = require "util.jid".split; local adhoc_handle_cmd = module:require "adhoc".handle_cmd; local xmlns_cmd = "http://jabber.org/protocol/commands"; local commands = {}; @@ -18,11 +19,14 @@ module:hook("host-disco-info-node", function (event) local stanza, origin, reply, node = event.stanza, event.origin, event.reply, event.node; if commands[node] then - local privileged = is_admin(stanza.attr.from, stanza.attr.to); - local global_admin = is_admin(stanza.attr.from); + local from = stanza.attr.from; + local privileged = is_admin(from, stanza.attr.to); + local global_admin = is_admin(from); + local username, hostname = jid_split(from); local command = commands[node]; if (command.permission == "admin" and privileged) or (command.permission == "global_admin" and global_admin) + or (command.permission == "local_user" and hostname == module.host) or (command.permission == "user") then reply:tag("identity", { name = command.name, category = "automation", type = "command-node" }):up(); @@ -45,13 +49,16 @@ return; end - local admin = is_admin(stanza.attr.from, stanza.attr.to); - local global_admin = is_admin(stanza.attr.from); + local from = stanza.attr.from; + local admin = is_admin(from, stanza.attr.to); + local global_admin = is_admin(from); + local username, hostname = jid_split(from); local nodes = array_collect(keys(commands)):sort(); for _, node in ipairs(nodes) do local command = commands[node]; if (command.permission == "admin" and admin) or (command.permission == "global_admin" and global_admin) + or (command.permission == "local_user" and hostname == module.host) or (command.permission == "user") then reply:tag("item", { name = command.name, node = node, jid = module:get_host() }); @@ -65,11 +72,15 @@ local origin, stanza = event.origin, event.stanza; if stanza.attr.type == "set" then local node = stanza.tags[1].attr.node - if commands[node] then - local admin = is_admin(stanza.attr.from, stanza.attr.to); - local global_admin = is_admin(stanza.attr.from); - if (commands[node].permission == "admin" and not admin) - or (commands[node].permission == "global_admin" and not global_admin) then + local command = commands[node]; + if command then + local from = stanza.attr.from; + local admin = is_admin(from, stanza.attr.to); + local global_admin = is_admin(from); + local username, hostname = jid_split(from); + if (command.permission == "admin" and not admin) + or (command.permission == "global_admin" and not global_admin) + or (command.permission == "local_user" and hostname ~= module.host) then origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up() :add_child(commands[node]:cmdtag("canceled") :tag("note", {type="error"}):text("You don't have permission to execute this command")));