Software / code / prosody
Changeset
13524:cfc42ed3892c
mod_pubsub: Check new role framework for node creation privileges
This enables granting regular users permission to create nodes via the
new roles framework. Previously this required either making everyone an
admin or writing a custom mod_pubsub variant with different permission
details.
Previous default behavior of only allowing creation by admin is kept as
to not give out unexpected permissions on upgrade, but could be
reevaluated at a later time.
Fixes #1324
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 13 Oct 2024 13:03:08 +0200 |
| parents | 13523:365212120b82 |
| children | 13525:0f7e7311eebf |
| files | plugins/mod_pubsub/mod_pubsub.lua |
| diffstat | 1 files changed, 14 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_pubsub/mod_pubsub.lua Sat Sep 28 12:38:42 2024 -0700 +++ b/plugins/mod_pubsub/mod_pubsub.lua Sun Oct 13 13:03:08 2024 +0200 @@ -190,10 +190,22 @@ end); local admin_aff = module:get_option_enum("default_admin_affiliation", "owner", "publisher", "member", "outcast", "none"); + module:default_permission("prosody:admin", ":service-admin"); -local function get_affiliation(jid) +module:default_permission("prosody:admin", ":create-node"); + +local function get_affiliation(jid, _, action) local bare_jid = jid_bare(jid); - if bare_jid == module.host or module:may(":service-admin", bare_jid) then + if bare_jid == module.host then + -- The host itself (i.e. local modules) is treated as an admin. + -- Check this first as to avoid sendig a host JID to :may() + return admin_aff; + end + if action == "create" and module:may(":create-node", bare_jid) then + -- Only one affiliation is allowed to create nodes by default + return "owner"; + end + if module:may(":service-admin", bare_jid) then return admin_aff; end end
