diff options
author | Matthew Wild <mwild1@gmail.com> | 2022-03-23 13:38:55 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2022-03-23 13:38:55 +0000 |
commit | cbcb57fa24650c6ac001c4c1c9ab39a61b6266eb (patch) | |
tree | 559b2a167f9f1957894c2d4234b9dbf8de9a1ada /plugins/muc/muc.lib.lua | |
parent | e950ca77ebd29994699c944ba6758bde441118cf (diff) | |
download | prosody-cbcb57fa24650c6ac001c4c1c9ab39a61b6266eb.tar.gz prosody-cbcb57fa24650c6ac001c4c1c9ab39a61b6266eb.zip |
MUC: Allow kicking users with the same affiliation as the kicker (fixes #1724)
This is allowed by XEP-0045, which states:
"A moderator SHOULD NOT be allowed to revoke moderation privileges from
someone with a higher affiliation than themselves (i.e., an unaffiliated
moderator SHOULD NOT be allowed to revoke moderation privileges from an admin
or an owner, and an admin SHOULD NOT be allowed to revoke moderation
privileges from an owner)."
Diffstat (limited to 'plugins/muc/muc.lib.lua')
-rw-r--r-- | plugins/muc/muc.lib.lua | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 9124a70f..01427dbe 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1583,15 +1583,16 @@ function room_mt:may_set_role(actor, occupant, role) return event.allowed, event.error, event.condition; end - -- Can't do anything to other owners or admins - local occupant_affiliation = self:get_affiliation(occupant.bare_jid); - if occupant_affiliation == "owner" or occupant_affiliation == "admin" then + local actor_affiliation = self:get_affiliation(actor) or "none"; + local occupant_affiliation = self:get_affiliation(occupant.bare_jid) or "none"; + + -- Can't do anything to someone with higher affiliation + if valid_affiliations[actor_affiliation] < valid_affiliations[occupant_affiliation] then return nil, "cancel", "not-allowed"; end -- If you are trying to give or take moderator role you need to be an owner or admin if occupant.role == "moderator" or role == "moderator" then - local actor_affiliation = self:get_affiliation(actor); if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then return nil, "cancel", "not-allowed"; end |