aboutsummaryrefslogtreecommitdiffstats
path: root/CONTRIBUTING
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-08-12 16:21:57 +0100
committerMatthew Wild <mwild1@gmail.com>2022-08-12 16:21:57 +0100
commit7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c (patch)
tree989f7098e5f31def0e51f4c6d4a673a73b5d7265 /CONTRIBUTING
parentbd2b2af7b736d9ef13be1228432443592fbaf6cd (diff)
downloadprosody-7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c.tar.gz
prosody-7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c.zip
usermanager: Remove concept of global authz provider
Rationale: - Removes a bunch of code! - We don't have many cases where an actor is not bound to one of our hosts - A notable exception is the admin shell, but if we ever attempt to lock those sessions down, there is a load of other work that also has to be done. And it's not clear if we would need a global authz provider for that anyway. - Removes an extra edge case from the necessary mental model for operators - Sessions that aren't bound to a host generally are anonymous or have an alternative auth model (such as by IP addres). - With the encapsulation now provided by util.roles, ad-hoc "detached roles" can still be created anyway by code that needs them.
Diffstat (limited to 'CONTRIBUTING')
0 files changed, 0 insertions, 0 deletions