Software /
code /
prosody
Changeset
12730:427dd01f0864
mod_authz_internal: Allow configuring role of local-server/parent-host users
'host_user_role' is the default role of users who have JIDs on the "parent"
host (i.e. jabber.org users on conference.jabber.org). Defaults to
'prosody:user'.
'server_user_roles' is the default role of users who have JIDs on any active
host on the current Prosody instance. Default to nil (no role).
This finally allows better permissions splitting between host and server
users, which has previously been done (e.g. in MUC) with options like
'restrict_room_creation' and 'muc_room_allow_persistent'. Using roles makes
these permissions a lot more flexible, and easier for developers to integrate.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 29 Sep 2022 12:10:14 +0100 |
parents | 12729:73a45ba6e3f1 |
children | 12731:a314f5bff9f0 |
files | plugins/mod_authz_internal.lua |
diffstat | 1 files changed, 17 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_authz_internal.lua Wed Sep 28 17:47:00 2022 +0100 +++ b/plugins/mod_authz_internal.lua Thu Sep 29 12:10:14 2022 +0100 @@ -1,13 +1,22 @@ local array = require "util.array"; local it = require "util.iterators"; local set = require "util.set"; -local jid_split, jid_bare = require "util.jid".split, require "util.jid".bare; +local jid_split, jid_bare, jid_host = import("util.jid", "split", "bare", "host"); local normalize = require "util.jid".prep; local roles = require "util.roles"; local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize; local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; local host = module.host; +local host_suffix = host:gsub("^[^%.]+%.", ""); + +local hosts = prosody.hosts; +local is_component = hosts[host].type == "component"; +local host_user_role, server_user_role; +if is_component then + host_user_role = module:get_option_string("host_user_role", "prosody:user"); + server_user_role = module:get_option_string("server_user_role"); +end local role_store = module:open_store("account_roles"); local role_map_store = module:open_store("account_roles", "map"); @@ -225,6 +234,13 @@ return role_registry["prosody:operator"]; elseif config_admin_jids:contains(bare_jid) then return role_registry["prosody:admin"]; + elseif is_component then + local user_host = jid_host(bare_jid); + if host_user_role and user_host == host_suffix then + return role_registry[host_user_role]; + elseif server_user_role and hosts[user_host] then + return role_registry[server_user_role]; + end end return nil; end