aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2024-10-13 13:03:08 +0200
committerKim Alvefur <zash@zash.se>2024-10-13 13:03:08 +0200
commiteb612ac519a0f298a9697749b633596495084170 (patch)
treef4137fe0b0030a77661da8ca576355b3005bfdc5 /plugins
parent712540db35178d8654017a4d6164ab7159a06614 (diff)
downloadprosody-eb612ac519a0f298a9697749b633596495084170.tar.gz
prosody-eb612ac519a0f298a9697749b633596495084170.zip
mod_pubsub: Check new role framework for node creation privileges
This enables granting regular users permission to create nodes via the new roles framework. Previously this required either making everyone an admin or writing a custom mod_pubsub variant with different permission details. Previous default behavior of only allowing creation by admin is kept as to not give out unexpected permissions on upgrade, but could be reevaluated at a later time. Fixes #1324
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_pubsub/mod_pubsub.lua16
1 files changed, 14 insertions, 2 deletions
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index 4f83088a..6efc419f 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -190,10 +190,22 @@ module:hook("host-disco-items", function (event)
end);
local admin_aff = module:get_option_enum("default_admin_affiliation", "owner", "publisher", "member", "outcast", "none");
+
module:default_permission("prosody:admin", ":service-admin");
-local function get_affiliation(jid)
+module:default_permission("prosody:admin", ":create-node");
+
+local function get_affiliation(jid, _, action)
local bare_jid = jid_bare(jid);
- if bare_jid == module.host or module:may(":service-admin", bare_jid) then
+ if bare_jid == module.host then
+ -- The host itself (i.e. local modules) is treated as an admin.
+ -- Check this first as to avoid sendig a host JID to :may()
+ return admin_aff;
+ end
+ if action == "create" and module:may(":create-node", bare_jid) then
+ -- Only one affiliation is allowed to create nodes by default
+ return "owner";
+ end
+ if module:may(":service-admin", bare_jid) then
return admin_aff;
end
end