diff options
| author | Matthew Wild <mwild1@gmail.com> | 2022-09-29 12:30:52 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2022-09-29 12:30:52 +0100 |
| commit | 856a482013e3729f9d2b6b76cc8b061d327391d5 (patch) | |
| tree | 40ce66ff4f989fb86f41d881707990ca99955735 | |
| parent | 9b8c2cd1c980d5c4a9ec1c4b170e486d16ef1a15 (diff) | |
| download | prosody-856a482013e3729f9d2b6b76cc8b061d327391d5.tar.gz prosody-856a482013e3729f9d2b6b76cc8b061d327391d5.zip | |
mod_muc: Better map restrict_room_creation to role permissions (behaviour change)
With this change and 427dd01f0864, room creation is now effectively restricted
to parent-host users by default. This is a better default than previous
Prosody versions (where room creation was not restricted).
The "local" option for restrict_room_creation is no longer used (any value
other than true/false won't change the default behaviour).
restrict_room_creation = true will grant prosody:admin the ability to create
rooms.
restrict_room_creation = false disables all permission checks.
Anything between these two can be achieved using custom roles and permissions.
| -rw-r--r-- | plugins/muc/mod_muc.lua | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 08be3586..ab042d99 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -413,28 +413,15 @@ if module:get_option_boolean("muc_tombstones", true) then end, -10); end -module:default_permission("prosody:admin", ":create-room"); - -do - local restrict_room_creation = module:get_option("restrict_room_creation"); - if restrict_room_creation == true then - restrict_room_creation = "admin"; - end - if restrict_room_creation then - local host_suffix = module.host:gsub("^[^%.]+%.", ""); - module:hook("muc-room-pre-create", function(event) - local origin, stanza = event.origin, event.stanza; - local user_jid = stanza.attr.from; - if not module:may(":create-room", event) and not ( - restrict_room_creation == "local" and - select(2, jid_split(user_jid)) == host_suffix - ) then - origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); - return true; - end - end); +local restrict_room_creation = module:get_option("restrict_room_creation"); +module:default_permission(restrict_room_creation == true and "prosody:admin" or "prosody:user", ":create-room"); +module:hook("muc-room-pre-create", function(event) + local origin, stanza = event.origin, event.stanza; + if restrict_room_creation ~= false and not module:may(":create-room", event) then + origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); + return true; end -end +end); for event_name, method in pairs { -- Normal room interactions |