From df20900907530138ceed92cc195c350b464c0de4 Mon Sep 17 00:00:00 2001 From: Florian Zeitz Date: Wed, 24 Jul 2013 23:30:32 +0200 Subject: mod_adhoc: Add local_user permission --- plugins/adhoc/mod_adhoc.lua | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'plugins/adhoc') diff --git a/plugins/adhoc/mod_adhoc.lua b/plugins/adhoc/mod_adhoc.lua index 683d5870..f3e7f520 100644 --- a/plugins/adhoc/mod_adhoc.lua +++ b/plugins/adhoc/mod_adhoc.lua @@ -9,6 +9,7 @@ local st = require "util.stanza"; local keys = require "util.iterators".keys; local array_collect = require "util.array".collect; local is_admin = require "core.usermanager".is_admin; +local jid_split = require "util.jid".split; local adhoc_handle_cmd = module:require "adhoc".handle_cmd; local xmlns_cmd = "http://jabber.org/protocol/commands"; local commands = {}; @@ -18,11 +19,14 @@ module:add_feature(xmlns_cmd); module:hook("host-disco-info-node", function (event) local stanza, origin, reply, node = event.stanza, event.origin, event.reply, event.node; if commands[node] then - local privileged = is_admin(stanza.attr.from, stanza.attr.to); - local global_admin = is_admin(stanza.attr.from); + local from = stanza.attr.from; + local privileged = is_admin(from, stanza.attr.to); + local global_admin = is_admin(from); + local username, hostname = jid_split(from); local command = commands[node]; if (command.permission == "admin" and privileged) or (command.permission == "global_admin" and global_admin) + or (command.permission == "local_user" and hostname == module.host) or (command.permission == "user") then reply:tag("identity", { name = command.name, category = "automation", type = "command-node" }):up(); @@ -45,13 +49,16 @@ module:hook("host-disco-items-node", function (event) return; end - local admin = is_admin(stanza.attr.from, stanza.attr.to); - local global_admin = is_admin(stanza.attr.from); + local from = stanza.attr.from; + local admin = is_admin(from, stanza.attr.to); + local global_admin = is_admin(from); + local username, hostname = jid_split(from); local nodes = array_collect(keys(commands)):sort(); for _, node in ipairs(nodes) do local command = commands[node]; if (command.permission == "admin" and admin) or (command.permission == "global_admin" and global_admin) + or (command.permission == "local_user" and hostname == module.host) or (command.permission == "user") then reply:tag("item", { name = command.name, node = node, jid = module:get_host() }); @@ -65,11 +72,15 @@ module:hook("iq/host/"..xmlns_cmd..":command", function (event) local origin, stanza = event.origin, event.stanza; if stanza.attr.type == "set" then local node = stanza.tags[1].attr.node - if commands[node] then - local admin = is_admin(stanza.attr.from, stanza.attr.to); - local global_admin = is_admin(stanza.attr.from); - if (commands[node].permission == "admin" and not admin) - or (commands[node].permission == "global_admin" and not global_admin) then + local command = commands[node]; + if command then + local from = stanza.attr.from; + local admin = is_admin(from, stanza.attr.to); + local global_admin = is_admin(from); + local username, hostname = jid_split(from); + if (command.permission == "admin" and not admin) + or (command.permission == "global_admin" and not global_admin) + or (command.permission == "local_user" and hostname ~= module.host) then origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up() :add_child(commands[node]:cmdtag("canceled") :tag("note", {type="error"}):text("You don't have permission to execute this command"))); -- cgit v1.2.3