diff options
author | Matthew Wild <mwild1@gmail.com> | 2023-11-07 11:53:57 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2023-11-07 11:53:57 +0000 |
commit | 1d1e2cdd9c7ad081106928018aeb97223354ec05 (patch) | |
tree | 86cfea49bb40e38663f9f14192bb1e020275c97a /core/moduleapi.lua | |
parent | 836b370fa8d6fc04347a33642cedaa918d00f464 (diff) | |
download | prosody-1d1e2cdd9c7ad081106928018aeb97223354ec05.tar.gz prosody-1d1e2cdd9c7ad081106928018aeb97223354ec05.zip |
moduleapi: may(): Support explicit actor_jid in context object
Diffstat (limited to 'core/moduleapi.lua')
-rw-r--r-- | core/moduleapi.lua | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 8710b243..09776fc1 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -715,29 +715,35 @@ function api:may(action, context, peek) if action:byte(1) == 58 then -- action begins with ':' action = self.name..action; -- prepend module name end - if type(context) == "string" then -- check JID permissions - local role; - local node, host = jid_split(context); - if host == self.host then - role = hosts[host].authz.get_user_role(node); - else - role = hosts[self.host].authz.get_jid_role(context); - end - if not role then - if not peek then - self:log("debug", "Access denied: JID <%s> may not %s (no role found)", context, action); + + do + -- JID-based actor + local actor_jid = type(context) == "string" and context or context.actor_jid; + if actor_jid then -- check JID permissions + local role; + local node, host = jid_split(actor_jid); + if host == self.host then + role = hosts[host].authz.get_user_role(node); + else + role = hosts[self.host].authz.get_jid_role(actor_jid); end - return false; - end - local permit = role:may(action); - if not permit then - if not peek then - self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name); + if not role then + if not peek then + self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action); + end + return false; end + local permit = role:may(action); + if not permit then + if not peek then + self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name); + end + end + return permit; end - return permit; end + -- Session-based actor local session = context.origin or context.session; if type(session) ~= "table" then error("Unable to identify actor session from context"); |