diff options
-rw-r--r-- | core/usermanager.lua | 24 | ||||
-rw-r--r-- | plugins/mod_authz_internal.lua | 36 |
2 files changed, 57 insertions, 3 deletions
diff --git a/core/usermanager.lua b/core/usermanager.lua index b51833cc..55faa0c9 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -9,6 +9,7 @@ local modulemanager = require "core.modulemanager"; local log = require "util.logger".init("usermanager"); local type = type; +local it = require "util.iterators"; local jid_bare = require "util.jid".bare; local jid_split = require "util.jid".split; local jid_prep = require "util.jid".prep; @@ -49,6 +50,10 @@ local global_authz_provider = { return admin_role; end end; + get_jids_with_role = function (role) + if role ~= "prosody:admin" then return {}; end + return it.to_array(global_admins); + end; }; local provider_mt = { __index = new_null_provider() }; @@ -180,6 +185,23 @@ local function is_admin(jid, host) return roles and roles["prosody:admin"]; end +local function get_users_with_role(role, host) + if not hosts[host] then return false; end + if type(role) ~= "string" then return false; end + + return hosts[host].authz.get_users_with_role(role); +end + +local function get_jids_with_role(role, host) + if host and not hosts[host] then return false; end + if type(role) ~= "string" then return false; end + + host = host or "*"; + + local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; + return authz_provider.get_jids_with_role(role); +end + return { new_null_provider = new_null_provider; initialize_host = initialize_host; @@ -195,4 +217,6 @@ return { get_roles = get_roles; set_roles = set_roles; is_admin = is_admin; + get_users_with_role = get_users_with_role; + get_jids_with_role = get_jids_with_role; }; diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua index 55dd49e7..17687959 100644 --- a/plugins/mod_authz_internal.lua +++ b/plugins/mod_authz_internal.lua @@ -1,12 +1,17 @@ +local array = require "util.array"; +local it = require "util.iterators"; +local set = require "util.set"; +local jid_split = require "util.jid".split; local normalize = require "util.jid".prep; -local admin_jids = module:get_option_inherited_set("admins", {}) / normalize; +local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; local host = module.host; local role_store = module:open_store("roles"); +local role_map_store = module:open_store("roles", "map"); local admin_role = { ["prosody:admin"] = true }; function get_user_roles(user) - if admin_jids:contains(user.."@"..host) then + if config_admin_jids:contains(user.."@"..host) then return admin_role; end return role_store:get(user); @@ -17,8 +22,22 @@ function set_user_roles(user, roles) return true; end +function get_users_with_role(role) + local storage_role_users = it.to_array(it.keys(role_map_store:get_all(role) or {})); + if role == "prosody:admin" then + local config_admin_users = config_admin_jids / function (admin_jid) + local j_node, j_host = jid_split(admin_jid); + if j_host == host then + return j_node; + end + end; + return it.to_array(config_admin_users + set.new(storage_role_users)); + end + return storage_role_users; +end + function get_jid_roles(jid) - if admin_jids:contains(jid) then + if config_admin_jids:contains(jid) then return admin_role; end return nil; @@ -27,3 +46,14 @@ end function set_jid_roles(jid) -- luacheck: ignore 212 return false; end + +function get_jids_with_role(role) + -- Fetch role users from storage + local storage_role_jids = array.map(get_users_with_role(role), function (username) + return username.."@"..host; + end); + if role == "prosody:admin" then + return it.to_array(config_admin_jids + set.new(storage_role_jids)); + end + return storage_role_jids; +end |