| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This communicates the accepted values in case the config diverges from
them. Note that older documentation used an "admin" value behaving like
an alias to true, but this is no longer handled. Should it?
|
|
|
|
| |
Because it makes sense and improves feedback via logging
|
| |
|
|
|
|
|
|
|
| |
Many of these fall into a few categories:
- util.cache size, must be >= 1
- byte or item counts that logically can't be negative
- port numbers that should be in 1..0xffff
|
|
|
|
| |
Improves readability ("1 day" vs 86400) and centralizes validation.
|
|
|
|
|
|
|
| |
This gives us more granular control over different types of user account.
Accounts registered by IBR get assigned prosody:registered by default, while
accounts provisioned by an admin (e.g. via prosodyctl shell) will receive
prosody:member by default.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change)
With this change and 427dd01f0864, room creation is now effectively restricted
to parent-host users by default. This is a better default than previous
Prosody versions (where room creation was not restricted).
The "local" option for restrict_room_creation is no longer used (any value
other than true/false won't change the default behaviour).
restrict_room_creation = true will grant prosody:admin the ability to create
rooms.
restrict_room_creation = false disables all permission checks.
Anything between these two can be achieved using custom roles and permissions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We began moving away from simple "is this user an admin?" permission checks
before 0.12, with the introduction of mod_authz_internal and the ability to
dynamically change the roles of individual users.
The approach in 0.12 still had various limitations however, and apart from
the introduction of roles other than "admin" and the ability to pull that info
from storage, not much actually changed.
This new framework shakes things up a lot, though aims to maintain the same
functionality and behaviour on the surface for a default Prosody
configuration. That is, if you don't take advantage of any of the new
features, you shouldn't notice any change.
The biggest change visible to developers is that usermanager.is_admin() (and
the auth provider is_admin() method) have been removed. Gone. Completely.
Permission checks should now be performed using a new module API method:
module:may(action_name, context)
This method accepts an action name, followed by either a JID (string) or
(preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g.
the standard object passed to most events). It will return true if the action
should be permitted, or false/nil otherwise.
Modules should no longer perform permission checks based on the role name.
E.g. a lot of code previously checked if the user's role was prosody:admin
before permitting some action. Since many roles might now exist with similar
permissions, and the permissions of prosody:admin may be redefined
dynamically, it is no longer suitable to use this method for permission
checks. Use module:may().
If you start an action name with ':' (recommended) then the current module's
name will automatically be used as a prefix.
To define a new permission, use the new module API:
module:default_permission(role_name, action_name)
module:default_permissions(role_name, { action_name[, action_name...] })
This grants the specified role permission to execute the named action(s) by
default. This may be overridden via other mechanisms external to your module.
The built-in roles that developers should use are:
- prosody:user (normal user)
- prosody:admin (host admin)
- prosody:operator (global admin)
The new prosody:operator role is intended for server-wide actions (such as
shutting down Prosody).
Finally, all usage of is_admin() in modules has been fixed by this commit.
Some of these changes were trickier than others, but no change is expected to
break existing deployments.
EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's
very possible nobody is using this, but if someone is then we can later update
it to pull roles from LDAP somehow.
|
| |
|
| |
|
|
|
|
| |
Should help inform on whether the cache size should be increased.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Behavior with turning empty name into localpart was originally introduced
in 711eb5bf94b4
This has caused some problems for clients, making it difficult to
differentiate between a room actually named like the localpart from a
room without a name.
Breaking:
The function signature of the :get_name() method changes from always
returning a string to optional string.
|
|
|
|
|
|
|
|
|
|
| |
This gives service admins a way to set an arbitrary affiliation in any
room. Enables various administrative use cases such as room ownership
reassignment or recovery.
Reduces the need for the admins-as-owners feature, as this can be used
by admins to make themselves owner in any room when needed, instead of
being owners all the time.
|
|
|
|
|
|
|
|
| |
Based on the currently-deferred XEP-0317. The protocol differs
a little (because XEP-0317 is incomplete), therefore currently
we use a custom namespace.
The plan is to update and finish XEP-0317.
|
|\ |
|
| |
| |
| |
| | |
#1174)
|
| |
| |
| |
| | |
A room that doesn't exist can't return an error, can it?
|
| |
| |
| |
| | |
an occupant JID
|
| |
| |
| |
| | |
This should prevent any MUCs with invalid JID (according to current normalization routine)
|
| |
| |
| |
| | |
Committed by Zash
|
|/ |
|
| |
|
|
|
|
| |
as per XEP-0045
|
|
|
|
|
|
| |
XEP-0045 registration provides examples of registering a nickname
and various other details. This also allows modules to store arbitrary
private data about an affiliated entity.
|
| |
|
|
|
|
|
| |
When a room exists in the DB but cannot be loaded (e.g. due to max_rooms
or a pre-restore handler) restore_room()/get_room_from_jid() returns false.
|
| |
|
|
|
|
|
| |
Otherwise this just updates the timestamp, which is probably the
opposite of what the user wanted
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
each_room
|
| |
|
|
|
|
|
|
|
| |
Lock expiry -> Reset
Admin wants to join -> Reset
Still locked -> cancel, gone
Don't return error in response to an error
|
| |
|
| |
|
|
|
|
|
| |
List discussion here:
https://mail.jabber.org/pipermail/standards/2018-July/035228.html
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
destroyed
|
| |
|