diff options
| author | Matthew Wild <mwild1@gmail.com> | 2022-09-29 12:10:14 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2022-09-29 12:10:14 +0100 |
| commit | 9b8c2cd1c980d5c4a9ec1c4b170e486d16ef1a15 (patch) | |
| tree | f685992ec38bb0029cf4fcbe5fb3e3e845ae4377 /plugins | |
| parent | 4dc941fa5370d86a0338587feb321693bcdabc9b (diff) | |
| download | prosody-9b8c2cd1c980d5c4a9ec1c4b170e486d16ef1a15.tar.gz prosody-9b8c2cd1c980d5c4a9ec1c4b170e486d16ef1a15.zip | |
mod_authz_internal: Allow configuring role of local-server/parent-host users
'host_user_role' is the default role of users who have JIDs on the "parent"
host (i.e. jabber.org users on conference.jabber.org). Defaults to
'prosody:user'.
'server_user_roles' is the default role of users who have JIDs on any active
host on the current Prosody instance. Default to nil (no role).
This finally allows better permissions splitting between host and server
users, which has previously been done (e.g. in MUC) with options like
'restrict_room_creation' and 'muc_room_allow_persistent'. Using roles makes
these permissions a lot more flexible, and easier for developers to integrate.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mod_authz_internal.lua | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua index 4f88b176..f7995cdd 100644 --- a/plugins/mod_authz_internal.lua +++ b/plugins/mod_authz_internal.lua @@ -1,13 +1,22 @@ local array = require "util.array"; local it = require "util.iterators"; local set = require "util.set"; -local jid_split, jid_bare = require "util.jid".split, require "util.jid".bare; +local jid_split, jid_bare, jid_host = import("util.jid", "split", "bare", "host"); local normalize = require "util.jid".prep; local roles = require "util.roles"; local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize; local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; local host = module.host; +local host_suffix = host:gsub("^[^%.]+%.", ""); + +local hosts = prosody.hosts; +local is_component = hosts[host].type == "component"; +local host_user_role, server_user_role; +if is_component then + host_user_role = module:get_option_string("host_user_role", "prosody:user"); + server_user_role = module:get_option_string("server_user_role"); +end local role_store = module:open_store("account_roles"); local role_map_store = module:open_store("account_roles", "map"); @@ -225,6 +234,13 @@ function get_jid_role(jid) return role_registry["prosody:operator"]; elseif config_admin_jids:contains(bare_jid) then return role_registry["prosody:admin"]; + elseif is_component then + local user_host = jid_host(bare_jid); + if host_user_role and user_host == host_suffix then + return role_registry[host_user_role]; + elseif server_user_role and hosts[user_host] then + return role_registry[server_user_role]; + end end return nil; end |