aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/usermanager.lua24
-rw-r--r--plugins/mod_authz_internal.lua36
2 files changed, 57 insertions, 3 deletions
diff --git a/core/usermanager.lua b/core/usermanager.lua
index b51833cc..55faa0c9 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -9,6 +9,7 @@
local modulemanager = require "core.modulemanager";
local log = require "util.logger".init("usermanager");
local type = type;
+local it = require "util.iterators";
local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local jid_prep = require "util.jid".prep;
@@ -49,6 +50,10 @@ local global_authz_provider = {
return admin_role;
end
end;
+ get_jids_with_role = function (role)
+ if role ~= "prosody:admin" then return {}; end
+ return it.to_array(global_admins);
+ end;
};
local provider_mt = { __index = new_null_provider() };
@@ -180,6 +185,23 @@ local function is_admin(jid, host)
return roles and roles["prosody:admin"];
end
+local function get_users_with_role(role, host)
+ if not hosts[host] then return false; end
+ if type(role) ~= "string" then return false; end
+
+ return hosts[host].authz.get_users_with_role(role);
+end
+
+local function get_jids_with_role(role, host)
+ if host and not hosts[host] then return false; end
+ if type(role) ~= "string" then return false; end
+
+ host = host or "*";
+
+ local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider;
+ return authz_provider.get_jids_with_role(role);
+end
+
return {
new_null_provider = new_null_provider;
initialize_host = initialize_host;
@@ -195,4 +217,6 @@ return {
get_roles = get_roles;
set_roles = set_roles;
is_admin = is_admin;
+ get_users_with_role = get_users_with_role;
+ get_jids_with_role = get_jids_with_role;
};
diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
index 55dd49e7..17687959 100644
--- a/plugins/mod_authz_internal.lua
+++ b/plugins/mod_authz_internal.lua
@@ -1,12 +1,17 @@
+local array = require "util.array";
+local it = require "util.iterators";
+local set = require "util.set";
+local jid_split = require "util.jid".split;
local normalize = require "util.jid".prep;
-local admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
+local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
local host = module.host;
local role_store = module:open_store("roles");
+local role_map_store = module:open_store("roles", "map");
local admin_role = { ["prosody:admin"] = true };
function get_user_roles(user)
- if admin_jids:contains(user.."@"..host) then
+ if config_admin_jids:contains(user.."@"..host) then
return admin_role;
end
return role_store:get(user);
@@ -17,8 +22,22 @@ function set_user_roles(user, roles)
return true;
end
+function get_users_with_role(role)
+ local storage_role_users = it.to_array(it.keys(role_map_store:get_all(role) or {}));
+ if role == "prosody:admin" then
+ local config_admin_users = config_admin_jids / function (admin_jid)
+ local j_node, j_host = jid_split(admin_jid);
+ if j_host == host then
+ return j_node;
+ end
+ end;
+ return it.to_array(config_admin_users + set.new(storage_role_users));
+ end
+ return storage_role_users;
+end
+
function get_jid_roles(jid)
- if admin_jids:contains(jid) then
+ if config_admin_jids:contains(jid) then
return admin_role;
end
return nil;
@@ -27,3 +46,14 @@ end
function set_jid_roles(jid) -- luacheck: ignore 212
return false;
end
+
+function get_jids_with_role(role)
+ -- Fetch role users from storage
+ local storage_role_jids = array.map(get_users_with_role(role), function (username)
+ return username.."@"..host;
+ end);
+ if role == "prosody:admin" then
+ return it.to_array(config_admin_jids + set.new(storage_role_jids));
+ end
+ return storage_role_jids;
+end