Changeset

9095:5639dc1a3f85

util.pubsub: Add initial support for configurable access models
author Kim Alvefur <zash@zash.se>
date Sat, 04 Aug 2018 03:38:20 +0200
parents 9094:05979ae1e38a
children 9096:7de4eec02ece
files util/pubsub.lua
diffstat 1 files changed, 17 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/util/pubsub.lua	Fri Aug 03 22:55:28 2018 +0200
+++ b/util/pubsub.lua	Sat Aug 04 03:38:20 2018 +0200
@@ -16,6 +16,7 @@
 local default_node_config = {
 	["persist_items"] = false;
 	["max_items"] = 20;
+	["access_model"] = "open";
 };
 local default_node_config_mt = { __index = default_node_config };
 
@@ -82,13 +83,13 @@
 	local node_aff = node_obj and (node_obj.affiliations[actor]
 	              or node_obj.affiliations[self.config.normalize_jid(actor)]);
 	local service_aff = self.affiliations[actor]
-	                 or self.config.get_affiliation(actor, node, action)
-	                 or "none";
+	                 or self.config.get_affiliation(actor, node, action);
+	local default_aff = self:get_default_affiliation(node, actor) or "none";
 
 	-- Check if node allows/forbids it
 	local node_capabilities = node_obj and node_obj.capabilities;
 	if node_capabilities then
-		local caps = node_capabilities[node_aff or service_aff];
+		local caps = node_capabilities[node_aff or service_aff or default_aff];
 		if caps then
 			local can = caps[action];
 			if can ~= nil then
@@ -99,7 +100,7 @@
 
 	-- Check service-wide capabilities instead
 	local service_capabilities = self.config.capabilities;
-	local caps = service_capabilities[node_aff or service_aff];
+	local caps = service_capabilities[node_aff or service_aff or default_aff];
 	if caps then
 		local can = caps[action];
 		if can ~= nil then
@@ -110,6 +111,18 @@
 	return false;
 end
 
+function service:get_default_affiliation(node, actor, action) -- luacheck: ignore 212
+	local node_obj = self.nodes[node];
+	local access_model = node_obj and node_obj.config.access_model
+		or self.config.node_defaults.access_model;
+
+	if access_model == "open" then
+		return "subscriber";
+	elseif access_model == "whitelist" then
+		return "none";
+	end
+end
+
 function service:set_affiliation(node, actor, jid, affiliation)
 	-- Access checking
 	if not self:may(node, actor, "set_affiliation") then