aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGES1
-rw-r--r--plugins/mod_http_file_share.lua4
2 files changed, 4 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 68900215..db16128b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -51,6 +51,7 @@ TRUNK
- mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy
- Moved all modules into the Lua namespace `prosody.`
- Forwarded header from RFC 7239 supported, disabled by default
+- mod_http_file_share now uses roles framework, affecting access from e.g. components
## Removed
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index a1c725f8..6df9e3c3 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -47,6 +47,8 @@ local create_jwt, verify_jwt = require"prosody.util.jwt".init("HS256", secret, s
local access = module:get_option_set(module.name .. "_access", {});
+module:default_permission("prosody:registered", ":upload");
+
if not external_base_url then
module:depends("http");
end
@@ -136,7 +138,7 @@ end
function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
local uploader_host = jid.host(uploader);
- if not ((access:empty() and prosody.hosts[uploader_host]) or access:contains(uploader) or access:contains(uploader_host)) then
+ if not (module:may(":upload", uploader) or access:contains(uploader) or access:contains(uploader_host)) then
return false, upload_errors.new("access");
end