Changeset

6198:8936b9fbedfd

plugins/muc/muc.lib: restrict invitations in members only rooms to admins
author daurnimator <quae@daurnimator.com>
date Mon, 31 Mar 2014 14:45:42 -0400
parents 6197:1ee4d8953544
children 6199:fa858cd913b1
files plugins/muc/muc.lib.lua
diffstat 1 files changed, 11 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/muc/muc.lib.lua	Mon Mar 31 14:44:52 2014 -0400
+++ b/plugins/muc/muc.lib.lua	Mon Mar 31 14:45:42 2014 -0400
@@ -1204,6 +1204,17 @@
 	end
 end);
 
+-- Invitation privileges in members-only rooms SHOULD be restricted to room admins;
+-- if a member without privileges to edit the member list attempts to invite another user
+-- the service SHOULD return a <forbidden/> error to the occupant
+module:hook("muc-pre-invite", function(event)
+	local room, stanza = event.room, event.stanza;
+	if room:get_members_only() and valid_affiliations[room:get_affiliation(stanza.attr.from) or "none"] < valid_affiliations.admin then
+		event.origin.send(st.error_reply(stanza, "auth", "forbidden"));
+		return true;
+	end
+end);
+
 function room_mt:handle_mediated_invite(origin, stanza)
 	local payload = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("invite");
 	local invitee = jid_prep(payload.attr.to);