aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2023-11-07 11:53:57 +0000
committerMatthew Wild <mwild1@gmail.com>2023-11-07 11:53:57 +0000
commit1d1e2cdd9c7ad081106928018aeb97223354ec05 (patch)
tree86cfea49bb40e38663f9f14192bb1e020275c97a
parent836b370fa8d6fc04347a33642cedaa918d00f464 (diff)
downloadprosody-1d1e2cdd9c7ad081106928018aeb97223354ec05.tar.gz
prosody-1d1e2cdd9c7ad081106928018aeb97223354ec05.zip
moduleapi: may(): Support explicit actor_jid in context object
-rw-r--r--core/moduleapi.lua42
1 files changed, 24 insertions, 18 deletions
diff --git a/core/moduleapi.lua b/core/moduleapi.lua
index 8710b243..09776fc1 100644
--- a/core/moduleapi.lua
+++ b/core/moduleapi.lua
@@ -715,29 +715,35 @@ function api:may(action, context, peek)
if action:byte(1) == 58 then -- action begins with ':'
action = self.name..action; -- prepend module name
end
- if type(context) == "string" then -- check JID permissions
- local role;
- local node, host = jid_split(context);
- if host == self.host then
- role = hosts[host].authz.get_user_role(node);
- else
- role = hosts[self.host].authz.get_jid_role(context);
- end
- if not role then
- if not peek then
- self:log("debug", "Access denied: JID <%s> may not %s (no role found)", context, action);
+
+ do
+ -- JID-based actor
+ local actor_jid = type(context) == "string" and context or context.actor_jid;
+ if actor_jid then -- check JID permissions
+ local role;
+ local node, host = jid_split(actor_jid);
+ if host == self.host then
+ role = hosts[host].authz.get_user_role(node);
+ else
+ role = hosts[self.host].authz.get_jid_role(actor_jid);
end
- return false;
- end
- local permit = role:may(action);
- if not permit then
- if not peek then
- self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name);
+ if not role then
+ if not peek then
+ self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action);
+ end
+ return false;
end
+ local permit = role:may(action);
+ if not permit then
+ if not peek then
+ self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name);
+ end
+ end
+ return permit;
end
- return permit;
end
+ -- Session-based actor
local session = context.origin or context.session;
if type(session) ~= "table" then
error("Unable to identify actor session from context");