# HG changeset patch # User Matthew Wild # Date 1736260892 0 # Node ID fdb2e0568cf8e036e9e5fc065fc51ed141fbea6d # Parent c8a387912a334f5470975ad6adcc4e0d8ffc77b8 mod_authz_internal: Make 'prosody:guest' default role for all unknown JIDs This fixes an issue where e.g. remote users or even other users on the server were unable to list MUC rooms. We want to define a permission to list MUC rooms, but we want it to be available to everyone by default (the traditional behaviour). prosody:guest is the lowest role we have. I ran a quick check and it isn't really used for anything right now that would be concerning. It was originally designed for anonymous logins. I think it's safe to treat remote JIDs as equivalent, since we have no trust relationship with anonymous users either. diff -r c8a387912a33 -r fdb2e0568cf8 plugins/mod_authz_internal.lua --- a/plugins/mod_authz_internal.lua Tue Jan 07 14:27:34 2025 +0000 +++ b/plugins/mod_authz_internal.lua Tue Jan 07 14:41:32 2025 +0000 @@ -18,8 +18,8 @@ local host_user_role, server_user_role, public_user_role; if is_component then host_user_role = module:get_option_string("host_user_role", "prosody:registered"); - server_user_role = module:get_option_string("server_user_role"); - public_user_role = module:get_option_string("public_user_role"); + server_user_role = module:get_option_string("server_user_role", "prosody:guest"); + public_user_role = module:get_option_string("public_user_role", "prosody:guest"); end local role_store = module:open_store("account_roles");