aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordaurnimator <quae@daurnimator.com>2014-03-31 14:45:42 -0400
committerdaurnimator <quae@daurnimator.com>2014-03-31 14:45:42 -0400
commitb4fe6a7f30c62cec91442d4f2abcb904d30ad6b1 (patch)
tree481d5a9e30ecbc5e3eaa1568f29e7143036516a1
parent65805c61067e1e7bd907e1026c7e129368c2c645 (diff)
downloadprosody-b4fe6a7f30c62cec91442d4f2abcb904d30ad6b1.tar.gz
prosody-b4fe6a7f30c62cec91442d4f2abcb904d30ad6b1.zip
plugins/muc/muc.lib: restrict invitations in members only rooms to admins
-rw-r--r--plugins/muc/muc.lib.lua11
1 files changed, 11 insertions, 0 deletions
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua
index d6ba68f9..c8881178 100644
--- a/plugins/muc/muc.lib.lua
+++ b/plugins/muc/muc.lib.lua
@@ -1204,6 +1204,17 @@ module:hook("muc-pre-invite", function(event)
end
end);
+-- Invitation privileges in members-only rooms SHOULD be restricted to room admins;
+-- if a member without privileges to edit the member list attempts to invite another user
+-- the service SHOULD return a <forbidden/> error to the occupant
+module:hook("muc-pre-invite", function(event)
+ local room, stanza = event.room, event.stanza;
+ if room:get_members_only() and valid_affiliations[room:get_affiliation(stanza.attr.from) or "none"] < valid_affiliations.admin then
+ event.origin.send(st.error_reply(stanza, "auth", "forbidden"));
+ return true;
+ end
+end);
+
function room_mt:handle_mediated_invite(origin, stanza)
local payload = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("invite");
local invitee = jid_prep(payload.attr.to);