diff options
author | Kim Alvefur <zash@zash.se> | 2024-10-13 13:03:08 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2024-10-13 13:03:08 +0200 |
commit | eb612ac519a0f298a9697749b633596495084170 (patch) | |
tree | f4137fe0b0030a77661da8ca576355b3005bfdc5 /plugins | |
parent | 712540db35178d8654017a4d6164ab7159a06614 (diff) | |
download | prosody-eb612ac519a0f298a9697749b633596495084170.tar.gz prosody-eb612ac519a0f298a9697749b633596495084170.zip |
mod_pubsub: Check new role framework for node creation privileges
This enables granting regular users permission to create nodes via the
new roles framework. Previously this required either making everyone an
admin or writing a custom mod_pubsub variant with different permission
details.
Previous default behavior of only allowing creation by admin is kept as
to not give out unexpected permissions on upgrade, but could be
reevaluated at a later time.
Fixes #1324
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_pubsub/mod_pubsub.lua | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index 4f83088a..6efc419f 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -190,10 +190,22 @@ module:hook("host-disco-items", function (event) end); local admin_aff = module:get_option_enum("default_admin_affiliation", "owner", "publisher", "member", "outcast", "none"); + module:default_permission("prosody:admin", ":service-admin"); -local function get_affiliation(jid) +module:default_permission("prosody:admin", ":create-node"); + +local function get_affiliation(jid, _, action) local bare_jid = jid_bare(jid); - if bare_jid == module.host or module:may(":service-admin", bare_jid) then + if bare_jid == module.host then + -- The host itself (i.e. local modules) is treated as an admin. + -- Check this first as to avoid sendig a host JID to :may() + return admin_aff; + end + if action == "create" and module:may(":create-node", bare_jid) then + -- Only one affiliation is allowed to create nodes by default + return "owner"; + end + if module:may(":service-admin", bare_jid) then return admin_aff; end end |