diff options
author | Matthew Wild <mwild1@gmail.com> | 2022-08-12 16:21:57 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2022-08-12 16:21:57 +0100 |
commit | 7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c (patch) | |
tree | 989f7098e5f31def0e51f4c6d4a673a73b5d7265 /spec/inputs | |
parent | bd2b2af7b736d9ef13be1228432443592fbaf6cd (diff) | |
download | prosody-7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c.tar.gz prosody-7ccf41ebb5e7a1a21fdf5945c5dd157e40b7024c.zip |
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
Diffstat (limited to 'spec/inputs')
0 files changed, 0 insertions, 0 deletions