diff options
| author | Matthew Wild <mwild1@gmail.com> | 2025-01-07 14:41:32 +0000 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2025-01-07 14:41:32 +0000 |
| commit | c7005840e686f06d92137a43bd6db0d6744a4482 (patch) | |
| tree | eb6b76f8ed22cf8347097484b03d71848b3c82c6 | |
| parent | 25b7ac8ececaffc63eef8c72d17d38319d8f1a74 (diff) | |
| download | prosody-c7005840e686f06d92137a43bd6db0d6744a4482.tar.gz prosody-c7005840e686f06d92137a43bd6db0d6744a4482.zip | |
mod_authz_internal: Make 'prosody:guest' default role for all unknown JIDs
This fixes an issue where e.g. remote users or even other users on the server
were unable to list MUC rooms.
We want to define a permission to list MUC rooms, but we want it to be
available to everyone by default (the traditional behaviour).
prosody:guest is the lowest role we have. I ran a quick check and it isn't
really used for anything right now that would be concerning.
It was originally designed for anonymous logins. I think it's safe to treat
remote JIDs as equivalent, since we have no trust relationship with anonymous
users either.
| -rw-r--r-- | plugins/mod_authz_internal.lua | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua index 07091a04..6006b447 100644 --- a/plugins/mod_authz_internal.lua +++ b/plugins/mod_authz_internal.lua @@ -18,8 +18,8 @@ local is_component = hosts[host].type == "component"; local host_user_role, server_user_role, public_user_role; if is_component then host_user_role = module:get_option_string("host_user_role", "prosody:registered"); - server_user_role = module:get_option_string("server_user_role"); - public_user_role = module:get_option_string("public_user_role"); + server_user_role = module:get_option_string("server_user_role", "prosody:guest"); + public_user_role = module:get_option_string("public_user_role", "prosody:guest"); end local role_store = module:open_store("account_roles"); |