From 1f437623ad987328bcd6ca34b551f14415985b32 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Mon, 27 Jan 2020 21:54:59 +0000
Subject: usermanager, mod_authz_internal: Move admin-checking functionality
 into a module. Fixes #517 (ish).

Note: Removes the ability for mod_auth_* providers to determine user admin status. Such
modules will need to have their is_admin methods ported to be a mod_authz_* provider.
---
 plugins/mod_authz_internal.lua | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 plugins/mod_authz_internal.lua

(limited to 'plugins/mod_authz_internal.lua')

diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
new file mode 100644
index 00000000..41b8d9f0
--- /dev/null
+++ b/plugins/mod_authz_internal.lua
@@ -0,0 +1,16 @@
+local normalize = require "util.jid".prep;
+local admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
+local host = module.host;
+
+local admin_role = { ["prosody:admin"] = true };
+
+function get_user_roles(user)
+	return get_jid_roles(user.."@"..host);
+end
+
+function get_jid_roles(jid)
+	if admin_jids:contains(jid) then
+		return admin_role;
+	end
+	return nil;
+end
-- 
cgit v1.2.3