aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-06-15 12:15:01 +0100
committerMatthew Wild <mwild1@gmail.com>2022-06-15 12:15:01 +0100
commitd73714b4f426da4f9c79d5ddf0b8cb11d09e9f3f (patch)
treea25e265b60fe1a6646534ae2dde0ca73ff670a3b
parent8b384dc77fe54fc6a6c228dd5b6208d403f74216 (diff)
downloadprosody-d73714b4f426da4f9c79d5ddf0b8cb11d09e9f3f.tar.gz
prosody-d73714b4f426da4f9c79d5ddf0b8cb11d09e9f3f.zip
Switch to a new role-based authorization framework, removing is_admin()
We began moving away from simple "is this user an admin?" permission checks before 0.12, with the introduction of mod_authz_internal and the ability to dynamically change the roles of individual users. The approach in 0.12 still had various limitations however, and apart from the introduction of roles other than "admin" and the ability to pull that info from storage, not much actually changed. This new framework shakes things up a lot, though aims to maintain the same functionality and behaviour on the surface for a default Prosody configuration. That is, if you don't take advantage of any of the new features, you shouldn't notice any change. The biggest change visible to developers is that usermanager.is_admin() (and the auth provider is_admin() method) have been removed. Gone. Completely. Permission checks should now be performed using a new module API method: module:may(action_name, context) This method accepts an action name, followed by either a JID (string) or (preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g. the standard object passed to most events). It will return true if the action should be permitted, or false/nil otherwise. Modules should no longer perform permission checks based on the role name. E.g. a lot of code previously checked if the user's role was prosody:admin before permitting some action. Since many roles might now exist with similar permissions, and the permissions of prosody:admin may be redefined dynamically, it is no longer suitable to use this method for permission checks. Use module:may(). If you start an action name with ':' (recommended) then the current module's name will automatically be used as a prefix. To define a new permission, use the new module API: module:default_permission(role_name, action_name) module:default_permissions(role_name, { action_name[, action_name...] }) This grants the specified role permission to execute the named action(s) by default. This may be overridden via other mechanisms external to your module. The built-in roles that developers should use are: - prosody:user (normal user) - prosody:admin (host admin) - prosody:operator (global admin) The new prosody:operator role is intended for server-wide actions (such as shutting down Prosody). Finally, all usage of is_admin() in modules has been fixed by this commit. Some of these changes were trickier than others, but no change is expected to break existing deployments. EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's very possible nobody is using this, but if someone is then we can later update it to pull roles from LDAP somehow.
-rw-r--r--.luacheckrc3
-rw-r--r--core/moduleapi.lua63
-rw-r--r--core/sessionmanager.lua15
-rw-r--r--core/usermanager.lua6
-rw-r--r--plugins/adhoc/adhoc.lib.lua10
-rw-r--r--plugins/adhoc/mod_adhoc.lua37
-rw-r--r--plugins/mod_announce.lua6
-rw-r--r--plugins/mod_auth_ldap.lua26
-rw-r--r--plugins/mod_authz_internal.lua145
-rw-r--r--plugins/mod_disco.lua9
-rw-r--r--plugins/mod_invites_adhoc.lua38
-rw-r--r--plugins/mod_pubsub/mod_pubsub.lua4
-rw-r--r--plugins/muc/hidden.lib.lua8
-rw-r--r--plugins/muc/mod_muc.lua19
-rw-r--r--plugins/muc/persistent.lib.lua11
15 files changed, 269 insertions, 131 deletions
diff --git a/.luacheckrc b/.luacheckrc
index 6c948b17..e1bb7134 100644
--- a/.luacheckrc
+++ b/.luacheckrc
@@ -62,6 +62,8 @@ files["plugins/"] = {
"module.broadcast",
"module.context",
"module.depends",
+ "module.default_permission",
+ "module.default_permissions",
"module.fire_event",
"module.get_directory",
"module.get_host",
@@ -86,6 +88,7 @@ files["plugins/"] = {
"module.load_resource",
"module.log",
"module.log_status",
+ "module.may",
"module.measure",
"module.metric",
"module.open_store",
diff --git a/core/moduleapi.lua b/core/moduleapi.lua
index 36d82193..f0b412f3 100644
--- a/core/moduleapi.lua
+++ b/core/moduleapi.lua
@@ -19,6 +19,7 @@ local promise = require "util.promise";
local time_now = require "util.time".now;
local format = require "util.format".format;
local jid_node = require "util.jid".node;
+local jid_split = require "util.jid".split;
local jid_resource = require "util.jid".resource;
local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
@@ -601,4 +602,66 @@ function api:get_status()
return self.status_type, self.status_message, self.status_time;
end
+function api:default_permission(role_name, permission)
+ permission = permission:gsub("^:", self.name..":");
+ hosts[self.host].authz.add_default_permission(role_name, permission);
+end
+
+function api:default_permissions(role_name, permissions)
+ for _, permission in ipairs(permissions) do
+ permission = permission:gsub("^:", self.name..":");
+ self:default_permission(role_name, permission);
+ end
+end
+
+function api:may(action, context)
+ if type(context) == "string" then -- check JID permissions
+ local role;
+ local node, host = jid_split(context);
+ if host == self.host then
+ role = hosts[host].authz.get_user_role(node);
+ else
+ role = hosts[self.host].authz.get_jid_role(context);
+ end
+ if not role then
+ self:log("debug", "Access denied: JID <%s> may not %s (no role found)", context, action);
+ return false;
+ end
+ local permit = role:may(action);
+ if not permit then
+ self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name);
+ end
+ return permit;
+ end
+
+ local session = context.origin or context.session;
+ if not session then
+ error("Unable to identify actor session from context");
+ end
+ if action:byte(1) == 58 then -- action begins with ':'
+ action = self.name..action; -- prepend module name
+ end
+ if session.type == "s2sin" or (session.type == "c2s" and session.host ~= self.host) then
+ local actor_jid = context.stanza.attr.from;
+ local role = hosts[self.host].authz.get_jid_role(actor_jid);
+ if not role then
+ self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action);
+ return false;
+ end
+ local permit = role:may(action, context);
+ if not permit then
+ self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name);
+ end
+ return permit;
+ elseif session.role then
+ local permit = session.role:may(action, context);
+ if not permit then
+ self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)",
+ session.id, session.full_jid, action, session.role.name
+ );
+ end
+ return permit;
+ end
+end
+
return api;
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua
index 7f296ff1..426afa7b 100644
--- a/core/sessionmanager.lua
+++ b/core/sessionmanager.lua
@@ -123,15 +123,24 @@ local function destroy_session(session, err)
retire_session(session);
end
-local function make_authenticated(session, username, scope)
+local function make_authenticated(session, username, role_name)
username = nodeprep(username);
if not username or #username == 0 then return nil, "Invalid username"; end
session.username = username;
if session.type == "c2s_unauthed" then
session.type = "c2s_unbound";
end
- session.auth_scope = scope;
- session.log("info", "Authenticated as %s@%s", username, session.host or "(unknown)");
+
+ local role;
+ if role_name then
+ role = hosts[session.host].authz.get_role_info(role_name);
+ else
+ role = hosts[session.host].authz.get_user_default_role(username);
+ end
+ if role then
+ sessionlib.set_role(session, role);
+ end
+ session.log("info", "Authenticated as %s@%s [%s]", username, session.host or "(unknown)", role and role.name or "no role");
return true;
end
diff --git a/core/usermanager.lua b/core/usermanager.lua
index 45f104fa..970140ef 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -188,11 +188,6 @@ local function set_roles(jid, host, roles)
end
end
-local function is_admin(jid, host)
- local roles = get_roles(jid, host);
- return roles and roles["prosody:admin"];
-end
-
local function get_users_with_role(role, host)
if not hosts[host] then return false; end
if type(role) ~= "string" then return false; end
@@ -224,7 +219,6 @@ return {
get_provider = get_provider;
get_roles = get_roles;
set_roles = set_roles;
- is_admin = is_admin;
get_users_with_role = get_users_with_role;
get_jids_with_role = get_jids_with_role;
};
diff --git a/plugins/adhoc/adhoc.lib.lua b/plugins/adhoc/adhoc.lib.lua
index eb91f252..9f091e3b 100644
--- a/plugins/adhoc/adhoc.lib.lua
+++ b/plugins/adhoc/adhoc.lib.lua
@@ -23,10 +23,16 @@ end
function _M.new(name, node, handler, permission)
if not permission then
error "adhoc.new() expects a permission argument, none given"
- end
- if permission == "user" then
+ elseif permission == "user" then
error "the permission mode 'user' has been renamed 'any', please update your code"
end
+ if permission == "admin" then
+ module:default_permission("prosody:admin", "mod_adhoc:"..node);
+ permission = "check";
+ elseif permission == "global_admin" then
+ module:default_permission("prosody:operator", "mod_adhoc:"..node);
+ permission = "check";
+ end
return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = permission };
end
diff --git a/plugins/adhoc/mod_adhoc.lua b/plugins/adhoc/mod_adhoc.lua
index 9d6ff77a..c94ff24f 100644
--- a/plugins/adhoc/mod_adhoc.lua
+++ b/plugins/adhoc/mod_adhoc.lua
@@ -7,7 +7,6 @@
local it = require "util.iterators";
local st = require "util.stanza";
-local is_admin = require "core.usermanager".is_admin;
local jid_host = require "util.jid".host;
local adhoc_handle_cmd = module:require "adhoc".handle_cmd;
local xmlns_cmd = "http://jabber.org/protocol/commands";
@@ -15,18 +14,17 @@ local commands = {};
module:add_feature(xmlns_cmd);
+local function check_permissions(event, node, command)
+ return (command.permission == "check" and module:may("mod_adhoc:"..node, event))
+ or (command.permission == "local_user" and jid_host(event.stanza.attr.from) == module.host)
+ or (command.permission == "any");
+end
+
module:hook("host-disco-info-node", function (event)
local stanza, origin, reply, node = event.stanza, event.origin, event.reply, event.node;
if commands[node] then
- local from = stanza.attr.from;
- local privileged = is_admin(from, stanza.attr.to);
- local global_admin = is_admin(from);
- local hostname = jid_host(from);
local command = commands[node];
- if (command.permission == "admin" and privileged)
- or (command.permission == "global_admin" and global_admin)
- or (command.permission == "local_user" and hostname == module.host)
- or (command.permission == "any") then
+ if check_permissions(event, node, command) then
reply:tag("identity", { name = command.name,
category = "automation", type = "command-node" }):up();
reply:tag("feature", { var = xmlns_cmd }):up();
@@ -44,20 +42,13 @@ module:hook("host-disco-info-node", function (event)
end);
module:hook("host-disco-items-node", function (event)
- local stanza, reply, disco_node = event.stanza, event.reply, event.node;
+ local reply, disco_node = event.reply, event.node;
if disco_node ~= xmlns_cmd then
return;
end
- local from = stanza.attr.from;
- local admin = is_admin(from, stanza.attr.to);
- local global_admin = is_admin(from);
- local hostname = jid_host(from);
for node, command in it.sorted_pairs(commands) do
- if (command.permission == "admin" and admin)
- or (command.permission == "global_admin" and global_admin)
- or (command.permission == "local_user" and hostname == module.host)
- or (command.permission == "any") then
+ if check_permissions(event, node, command) then
reply:tag("item", { name = command.name,
node = node, jid = module:get_host() });
reply:up();
@@ -71,15 +62,9 @@ module:hook("iq-set/host/"..xmlns_cmd..":command", function (event)
local node = stanza.tags[1].attr.node
local command = commands[node];
if command then
- local from = stanza.attr.from;
- local admin = is_admin(from, stanza.attr.to);
- local global_admin = is_admin(from);
- local hostname = jid_host(from);
- if (command.permission == "admin" and not admin)
- or (command.permission == "global_admin" and not global_admin)
- or (command.permission == "local_user" and hostname ~= module.host) then
+ if not check_permissions(event, node, command) then
origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up()
- :add_child(command:cmdtag("canceled")
+ :add_child(command:cmdtag("canceled")
:tag("note", {type="error"}):text("You don't have permission to execute this command")));
return true
end
diff --git a/plugins/mod_announce.lua b/plugins/mod_announce.lua
index c742ebb8..8161d4ba 100644
--- a/plugins/mod_announce.lua
+++ b/plugins/mod_announce.lua
@@ -9,7 +9,6 @@
local st, jid = require "util.stanza", require "util.jid";
local hosts = prosody.hosts;
-local is_admin = require "core.usermanager".is_admin;
function send_to_online(message, host)
local sessions;
@@ -34,6 +33,7 @@ function send_to_online(message, host)
return c;
end
+module:default_permission("prosody:admin", ":send-announcement");
-- Old <message>-based jabberd-style announcement sending
function handle_announcement(event)
@@ -45,8 +45,8 @@ function handle_announcement(event)
return; -- Not an announcement
end
- if not is_admin(stanza.attr.from, host) then
- -- Not an admin? Not allowed!
+ if not module:may(":send-announcement", event) then
+ -- Not allowed!
module:log("warn", "Non-admin '%s' tried to send server announcement", stanza.attr.from);
return;
end
diff --git a/plugins/mod_auth_ldap.lua b/plugins/mod_auth_ldap.lua
index 4d484aaa..a3ea880c 100644
--- a/plugins/mod_auth_ldap.lua
+++ b/plugins/mod_auth_ldap.lua
@@ -1,6 +1,5 @@
-- mod_auth_ldap
-local jid_split = require "util.jid".split;
local new_sasl = require "util.sasl".new;
local lualdap = require "lualdap";
@@ -21,6 +20,13 @@ local ldap_admins = module:get_option_string("ldap_admin_filter",
module:get_option_string("ldap_admins")); -- COMPAT with mistake in documentation
local host = ldap_filter_escape(module:get_option_string("realm", module.host));
+if ldap_admins then
+ module:log("error", "The 'ldap_admin_filter' option has been deprecated, "..
+ "and will be ignored. Equivalent functionality may be added in "..
+ "the future if there is demand."
+ );
+end
+
-- Initiate connection
local ld = nil;
module.unload = function() if ld then pcall(ld, ld.close); end end
@@ -133,22 +139,4 @@ else
module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode));
end
-if ldap_admins then
- function provider.is_admin(jid)
- local username, user_host = jid_split(jid);
- if user_host ~= module.host then
- return false;
- end
- return ldap_do("search", 2, {
- base = ldap_base;
- scope = ldap_scope;
- sizelimit = 1;
- filter = ldap_admins:gsub("%$(%a+)", {
- user = ldap_filter_escape(username);
- host = host;
- });
- });
- end
-end
-
module:provides("auth", provider);
diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
index 17687959..35bc3929 100644
--- a/plugins/mod_authz_internal.lua
+++ b/plugins/mod_authz_internal.lua
@@ -1,20 +1,89 @@
local array = require "util.array";
local it = require "util.iterators";
local set = require "util.set";
-local jid_split = require "util.jid".split;
+local jid_split, jid_bare = require "util.jid".split, require "util.jid".bare;
local normalize = require "util.jid".prep;
+local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize;
local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
local host = module.host;
local role_store = module:open_store("roles");
local role_map_store = module:open_store("roles", "map");
-local admin_role = { ["prosody:admin"] = true };
+local role_methods = {};
+local role_mt = { __index = role_methods };
+
+local role_registry = {
+ ["prosody:operator"] = {
+ default = true;
+ priority = 75;
+ includes = { "prosody:admin" };
+ };
+ ["prosody:admin"] = {
+ default = true;
+ priority = 50;
+ includes = { "prosody:user" };
+ };
+ ["prosody:user"] = {
+ default = true;
+ priority = 25;
+ includes = { "prosody:restricted" };
+ };
+ ["prosody:restricted"] = {
+ default = true;
+ priority = 15;
+ };
+};
+
+-- Some processing on the role registry
+for role_name, role_info in pairs(role_registry) do
+ role_info.name = role_name;
+ role_info.includes = set.new(role_info.includes) / function (included_role_name)
+ return role_registry[included_role_name];
+ end;
+ if not role_info.permissions then
+ role_info.permissions = {};
+ end
+ setmetatable(role_info, role_mt);
+end
+
+function role_methods:may(action, context)
+ local policy = self.permissions[action];
+ if policy ~= nil then
+ return policy;
+ end
+ for inherited_role in self.includes do
+ module:log("debug", "Checking included role '%s' for %s", inherited_role.name, action);
+ policy = inherited_role:may(action, context);
+ if policy ~= nil then
+ return policy;
+ end
+ end
+ return false;
+end
+
+-- Public API
+
+local config_operator_role_set = {
+ ["prosody:operator"] = role_registry["prosody:operator"];
+};
+local config_admin_role_set = {
+ ["prosody:admin"] = role_registry["prosody:admin"];
+};
function get_user_roles(user)
- if config_admin_jids:contains(user.."@"..host) then
- return admin_role;
+ local bare_jid = user.."@"..host;
+ if config_global_admin_jids:contains(bare_jid) then
+ return config_operator_role_set;
+ elseif config_admin_jids:contains(bare_jid) then
+ return config_admin_role_set;
+ end
+ local role_names = role_store:get(user);
+ if not role_names then return {}; end
+ local roles = {};
+ for role_name in pairs(role_names) do
+ roles[role_name] = role_registry[role_name];
end
- return role_store:get(user);
+ return roles;
end
function set_user_roles(user, roles)
@@ -22,10 +91,29 @@ function set_user_roles(user, roles)
return true;
end
-function get_users_with_role(role)
- local storage_role_users = it.to_array(it.keys(role_map_store:get_all(role) or {}));
- if role == "prosody:admin" then
- local config_admin_users = config_admin_jids / function (admin_jid)
+function get_user_default_role(user)
+ local roles = get_user_roles(user);
+ if not roles then return nil; end
+ local default_role;
+ for role_name, role_info in pairs(roles) do --luacheck: ignore 213/role_name
+ if role_info.default and (not default_role or role_info.priority > default_role.priority) then
+ default_role = role_info;
+ end
+ end
+ if not default_role then return nil; end
+ return default_role;
+end
+
+function get_users_with_role(role_name)
+ local storage_role_users = it.to_array(it.keys(role_map_store:get_all(role_name) or {}));
+ local config_set;
+ if role_name == "prosody:admin" then
+ config_set = config_admin_jids;
+ elseif role_name == "prosody:operator" then
+ config_set = config_global_admin_jids;
+ end
+ if config_set then
+ local config_admin_users = config_set / function (admin_jid)
local j_node, j_host = jid_split(admin_jid);
if j_host == host then
return j_node;
@@ -36,24 +124,49 @@ function get_users_with_role(role)
return storage_role_users;
end
-function get_jid_roles(jid)
- if config_admin_jids:contains(jid) then
- return admin_role;
+function get_jid_role(jid)
+ local bare_jid = jid_bare(jid);
+ if config_global_admin_jids:contains(bare_jid) then
+ return role_registry["prosody:operator"];
+ elseif config_admin_jids:contains(bare_jid) then
+ return role_registry["prosody:admin"];
end
return nil;
end
-function set_jid_roles(jid) -- luacheck: ignore 212
+function set_jid_role(jid) -- luacheck: ignore 212
return false;
end
-function get_jids_with_role(role)
+function get_jids_with_role(role_name)
-- Fetch role users from storage
- local storage_role_jids = array.map(get_users_with_role(role), function (username)
+ local storage_role_jids = array.map(get_users_with_role(role_name), function (username)
return username.."@"..host;
end);
- if role == "prosody:admin" then
+ if role_name == "prosody:admin" then
return it.to_array(config_admin_jids + set.new(storage_role_jids));
+ elseif role_name == "prosody:operator" then
+ return it.to_array(config_global_admin_jids + set.new(storage_role_jids));
end
return storage_role_jids;
end
+
+function add_default_permission(role_name, action, policy)
+ local role = role_registry[role_name];
+ if not role then
+ module:log("warn", "Attempt to add default permission for unknown role: %s", role_name);
+ return nil, "no-such-role";
+ end
+ if role.permissions[action] == nil then
+ if policy == nil then
+ policy = true;
+ end
+ module:log("debug", "Adding permission, role '%s' may '%s': %s", role_name, action, policy and "allow" or "deny");
+ role.permissions[action] = policy;
+ end
+ return true;
+end
+
+function get_role_info(role_name)
+ return role_registry[role_name];
+end
diff --git a/plugins/mod_disco.lua b/plugins/mod_disco.lua
index 79249c52..7b3e5caf 100644
--- a/plugins/mod_disco.lua
+++ b/plugins/mod_disco.lua
@@ -8,7 +8,6 @@
local get_children = require "core.hostmanager".get_children;
local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
-local um_is_admin = require "core.usermanager".is_admin;
local jid_split = require "util.jid".split;
local jid_bare = require "util.jid".bare;
local st = require "util.stanza"
@@ -162,14 +161,16 @@ module:hook("s2s-stream-features", function (event)
end
end);
+module:default_permission("prosody:admin", ":be-discovered-admin");
+
-- Handle disco requests to user accounts
if module:get_host_type() ~= "local" then return end -- skip for components
module:hook("iq-get/bare/http://jabber.org/protocol/disco#info:query", function(event)
local origin, stanza = event.origin, event.stanza;
local node = stanza.tags[1].attr.node;
local username = jid_split(stanza.attr.to) or origin.username;
- local is_admin = um_is_admin(stanza.attr.to or origin.full_jid, module.host)
- if not stanza.attr.to or (expose_admins and is_admin) or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then
+ local target_is_admin = module:may(":be-discovered-admin", stanza.attr.to or origin.full_jid);
+ if not stanza.attr.to or (expose_admins and target_is_admin) or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then
if node and node ~= "" then
local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info', node=node});
if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account
@@ -185,7 +186,7 @@ module:hook("iq-get/bare/http://jabber.org/protocol/disco#info:query", function(
end
local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info'});
if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account
- if is_admin then
+ if target_is_admin then
reply:tag('identity', {category='account', type='admin'}):up();
elseif prosody.hosts[module.host].users.name == "anonymous" then
reply:tag('identity', {category='account', type='anonymous'}):up();
diff --git a/plugins/mod_invites_adhoc.lua b/plugins/mod_invites_adhoc.lua
index bd6f0c2e..04c74461 100644
--- a/plugins/mod_invites_adhoc.lua
+++ b/plugins/mod_invites_adhoc.lua
@@ -2,7 +2,6 @@
local dataforms = require "util.dataforms";
local datetime = require "util.datetime";
local split_jid = require "util.jid".split;
-local usermanager = require "core.usermanager";
local new_adhoc = module:require("adhoc").new;
@@ -13,8 +12,7 @@ local allow_user_invites = module:get_option_boolean("allow_user_invites", false
-- on the server, use the option above instead.
local allow_contact_invites = module:get_option_boolean("allow_contact_invites", true);
-local allow_user_invite_roles = module:get_option_set("allow_user_invites_by_roles");
-local deny_user_invite_roles = module:get_option_set("deny_user_invites_by_roles");
+module:default_permission(allow_user_invites and "prosody:user" or "prosody:admin", ":invite-users");
local invites;
if prosody.shutdown then -- COMPAT hack to detect prosodyctl
@@ -42,36 +40,8 @@ local invite_result_form = dataforms.new({
-- This is for checking if the specified JID may create invites
-- that allow people to register accounts on this host.
-local function may_invite_new_users(jid)
- if usermanager.get_roles then
- local user_roles = usermanager.get_roles(jid, module.host);
- if not user_roles then
- -- User has no roles we can check, just return default
- return allow_user_invites;
- end
-
- if user_roles["prosody:admin"] then
- return true;
- end
- if allow_user_invite_roles then
- for allowed_role in allow_user_invite_roles do
- if user_roles[allowed_role] then
- return true;
- end
- end
- end
- if deny_user_invite_roles then
- for denied_role in deny_user_invite_roles do
- if user_roles[denied_role] then
- return false;
- end
- end
- end
- elseif usermanager.is_admin(jid, module.host) then -- COMPAT w/0.11
- return true; -- Admins may always create invitations
- end
- -- No role matches, so whatever the default is
- return allow_user_invites;
+local function may_invite_new_users(context)
+ return module:may(":invite-users", context);
end
module:depends("adhoc");
@@ -91,7 +61,7 @@ module:provides("adhoc", new_adhoc("Create new contact invite", "urn:xmpp:invite
};
};
end
- local invite = invites.create_contact(username, may_invite_new_users(data.from), {
+ local invite = invites.create_contact(username, may_invite_new_users(data), {
source = data.from
});
--TODO: check errors
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index ef31f326..f51e8fe4 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -1,7 +1,6 @@
local pubsub = require "util.pubsub";
local st = require "util.stanza";
local jid_bare = require "util.jid".bare;
-local usermanager = require "core.usermanager";
local new_id = require "util.id".medium;
local storagemanager = require "core.storagemanager";
local xtemplate = require "util.xtemplate";
@@ -177,9 +176,10 @@ module:hook("host-disco-items", function (event)
end);
local admin_aff = module:get_option_string("default_admin_affiliation", "owner");
+module:default_permission("prosody:admin", ":service-admin");
local function get_affiliation(jid)
local bare_jid = jid_bare(jid);
- if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then
+ if bare_jid == module.host or module:may(":service-admin", bare_jid) then
return admin_aff;
end
end
diff --git a/plugins/muc/hidden.lib.lua b/plugins/muc/hidden.lib.lua
index 153df21a..087fa102 100644
--- a/plugins/muc/hidden.lib.lua
+++ b/plugins/muc/hidden.lib.lua
@@ -8,7 +8,7 @@
--
local restrict_public = not module:get_option_boolean("muc_room_allow_public", true);
-local um_is_admin = require "core.usermanager".is_admin;
+module:default_permission(restrict_public and "prosody:admin" or "prosody:user", ":create-public-room");
local function get_hidden(room)
return room._data.hidden;
@@ -22,8 +22,8 @@ local function set_hidden(room, hidden)
end
module:hook("muc-config-form", function(event)
- if restrict_public and not um_is_admin(event.actor, module.host) then
- -- Don't show option if public rooms are restricted and user is not admin of this host
+ if not module:may(":create-public-room", event.actor) then
+ -- Hide config option if this user is not allowed to create public rooms
return;
end
table.insert(event.form, {
@@ -36,7 +36,7 @@ module:hook("muc-config-form", function(event)
end, 100-9);
module:hook("muc-config-submitted/muc#roomconfig_publicroom", function(event)
- if restrict_public and not um_is_admin(event.actor, module.host) then
+ if not module:may(":create-public-room", event.actor) then
return; -- Not allowed
end
if set_hidden(event.room, not event.value) then
diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua
index 5873b1a2..08be3586 100644
--- a/plugins/muc/mod_muc.lua
+++ b/plugins/muc/mod_muc.lua
@@ -100,7 +100,6 @@ local jid_prep = require "util.jid".prep;
local jid_bare = require "util.jid".bare;
local st = require "util.stanza";
local cache = require "util.cache";
-local um_is_admin = require "core.usermanager".is_admin;
module:require "muc/config_form_sections";
@@ -111,21 +110,23 @@ module:depends "muc_unique"
module:require "muc/hats";
module:require "muc/lock";
-local function is_admin(jid)
- return um_is_admin(jid, module.host);
-end
+module:default_permissions("prosody:admin", {
+ ":automatic-ownership";
+ ":create-room";
+ ":recreate-destroyed-room";
+});
if module:get_option_boolean("component_admins_as_room_owners", true) then
-- Monkey patch to make server admins room owners
local _get_affiliation = room_mt.get_affiliation;
function room_mt:get_affiliation(jid)
- if is_admin(jid) then return "owner"; end
+ if module:may(":automatic-ownership", jid) then return "owner"; end
return _get_affiliation(self, jid);
end
local _set_affiliation = room_mt.set_affiliation;
function room_mt:set_affiliation(actor, jid, affiliation, reason, data)
- if affiliation ~= "owner" and is_admin(jid) then return nil, "modify", "not-acceptable"; end
+ if affiliation ~= "owner" and module:may(":automatic-ownership", jid) then return nil, "modify", "not-acceptable"; end
return _set_affiliation(self, actor, jid, affiliation, reason, data);
end
end
@@ -412,6 +413,8 @@ if module:get_option_boolean("muc_tombstones", true) then
end, -10);
end
+module:default_permission("prosody:admin", ":create-room");
+
do
local restrict_room_creation = module:get_option("restrict_room_creation");
if restrict_room_creation == true then
@@ -422,7 +425,7 @@ do
module:hook("muc-room-pre-create", function(event)
local origin, stanza = event.origin, event.stanza;
local user_jid = stanza.attr.from;
- if not is_admin(user_jid) and not (
+ if not module:may(":create-room", event) and not (
restrict_room_creation == "local" and
select(2, jid_split(user_jid)) == host_suffix
) then
@@ -465,7 +468,7 @@ for event_name, method in pairs {
if room and room._data.destroyed then
if room._data.locked < os.time()
- or (is_admin(stanza.attr.from) and stanza.name == "presence" and stanza.attr.type == nil) then
+ or (module:may(":recreate-destroyed-room", event) and stanza.name == "presence" and stanza.attr.type == nil) then
-- Allow the room to be recreated by admin or after time has passed
delete_room(room);
room = nil;
diff --git a/plugins/muc/persistent.lib.lua b/plugins/muc/persistent.lib.lua
index c3b16ea4..4c753921 100644
--- a/plugins/muc/persistent.lib.lua
+++ b/plugins/muc/persistent.lib.lua
@@ -8,7 +8,10 @@
--
local restrict_persistent = not module:get_option_boolean("muc_room_allow_persistent", true);
-local um_is_admin = require "core.usermanager".is_admin;
+module:default_permission(
+ restrict_persistent and "prosody:admin" or "prosody:user",
+ ":create-persistent-room"
+);
local function get_persistent(room)
return room._data.persistent;
@@ -22,8 +25,8 @@ local function set_persistent(room, persistent)
end
module:hook("muc-config-form", function(event)
- if restrict_persistent and not um_is_admin(event.actor, module.host) then
- -- Don't show option if hidden rooms are restricted and user is not admin of this host
+ if not module:may(":create-persistent-room", event.actor) then
+ -- Hide config option if this user is not allowed to create persistent rooms
return;
end
table.insert(event.form, {
@@ -36,7 +39,7 @@ module:hook("muc-config-form", function(event)
end, 100-5);
module:hook("muc-config-submitted/muc#roomconfig_persistentroom", function(event)
- if restrict_persistent and not um_is_admin(event.actor, module.host) then
+ if not module:may(":create-persistent-room", event.actor) then
return; -- Not allowed
end
if set_persistent(event.room, event.value) then