From 879cb1672f99d2fc859cfd2809eeab9d33e9f35e Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 13 Jan 2025 11:50:03 +0100
Subject: mod_authz_internal: Make host considered the parent configurable

This bestows the role specified by the 'host_user_role' setting onto
users of that host. For simplicity, only a single host can be specified.

Making it configurable allows for setups where VirtualHost and related
Components may be siblings instead of having a subdomain relationship.

For setups with many VirtualHosts sharing a single Component, the
'server_user_role' setting is more appropriate. Even more complicated
setups would have to resort to mod_firewall or similar.
---
 plugins/mod_authz_internal.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
index 6006b447..7a06c904 100644
--- a/plugins/mod_authz_internal.lua
+++ b/plugins/mod_authz_internal.lua
@@ -8,7 +8,7 @@ local roles = require "prosody.util.roles";
 local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize;
 local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
 local host = module.host;
-local host_suffix = host:gsub("^[^%.]+%.", "");
+local host_suffix = module:get_option_string("parent_host", (host:gsub("^[^%.]+%.", "")));
 
 local hosts = prosody.hosts;
 local is_anon_host = module:get_option_string("authentication") == "anonymous";
-- 
cgit v1.2.3