aboutsummaryrefslogtreecommitdiffstats
path: root/core/moduleapi.lua
diff options
context:
space:
mode:
Diffstat (limited to 'core/moduleapi.lua')
-rw-r--r--core/moduleapi.lua18
1 files changed, 9 insertions, 9 deletions
diff --git a/core/moduleapi.lua b/core/moduleapi.lua
index 73ce4911..fd54500d 100644
--- a/core/moduleapi.lua
+++ b/core/moduleapi.lua
@@ -649,7 +649,15 @@ function api:may(action, context)
if type(session) ~= "table" then
error("Unable to identify actor session from context");
end
- if session.type == "s2sin" or (session.type == "c2s" and session.host ~= self.host) then
+ if session.role and session.type == "c2s" and session.host == self.host then
+ local permit = session.role:may(action, context);
+ if not permit then
+ self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)",
+ session.id, session.full_jid, action, session.role.name
+ );
+ end
+ return permit;
+ else
local actor_jid = context.stanza.attr.from;
local role = hosts[self.host].authz.get_jid_role(actor_jid);
if not role then
@@ -661,14 +669,6 @@ function api:may(action, context)
self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name);
end
return permit;
- elseif session.role then
- local permit = session.role:may(action, context);
- if not permit then
- self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)",
- session.id, session.full_jid, action, session.role.name
- );
- end
- return permit;
end
end