Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_authz_delegate/mod_authz_delegate.lua
changeset 5299 98d5acb93439
parent 5292 f61564b522f7
equal deleted inserted replaced
5298:385346b6c81d 5299:98d5acb93439 
     1 local target_host = assert(module:get_option("authz_delegate_to"));
 
     1 local target_host = assert(module:get_option("authz_delegate_to"));
 
     2 local this_host = module:get_host();
 
     2 local this_host = module:get_host();
 
     3 
     3 
       
     4 local array = require"util.array";
 
     4 local jid_split = import("prosody.util.jid", "split");
 
     5 local jid_split = import("prosody.util.jid", "split");
 
     5 
     6 
     6 local hosts = prosody.hosts;
 
     7 local hosts = prosody.hosts;
 
     7 
     8 
     8 function get_jids_with_role(role)  --luacheck: ignore 212/role
 
     9 function get_jids_with_role(role)  --luacheck: ignore 212/role
 
    51 function set_jid_role(jid)  --luacheck: ignore 212/jid
 
    52 function set_jid_role(jid)  --luacheck: ignore 212/jid
 
    52 	-- TODO: figure out if there are actually legitimate uses for this...
 
    53 	-- TODO: figure out if there are actually legitimate uses for this...
 
    53 	return nil, "cannot set jid role on delegation target"
 
    54 	return nil, "cannot set jid role on delegation target"
 
    54 end
 
    55 end
 
    55 
    56 
       
    57 local default_permission_queue = array{};
 
       
    58 
    56 function add_default_permission(role_name, action, policy)
 
    59 function add_default_permission(role_name, action, policy)
 
    57 	return hosts[target_host].authz.add_default_permission(role_name, action, policy)
 
    60 	-- NOTE: we always record default permissions, because the delegated-to
 
       
    61 	-- host may be re-activated.
 
       
    62 	default_permission_queue:push({
 
       
    63 		role_name = role_name,
 
       
    64 		action = action,
 
       
    65 		policy = policy,
 
       
    66 	});
 
       
    67 	local target_host_object = hosts[target_host];
 
       
    68 	local authz = target_host_object and target_host_object.authz;
 
       
    69 	if not authz then
 
       
    70 		module:log("debug", "queueing add_default_permission call for later, %s is not active yet", target_host);
 
       
    71 		return;
 
       
    72 	end
 
       
    73 	return authz.add_default_permission(role_name, action, policy)
 
    58 end
 
    74 end
 
    59 
    75 
    60 function get_role_by_name(role_name)
 
    76 function get_role_by_name(role_name)
 
    61 	return hosts[target_host].authz.get_role_by_name(role_name)
 
    77 	return hosts[target_host].authz.get_role_by_name(role_name)
 
    62 end
 
    78 end
 
    63 
    79 
    64 function get_all_roles()
 
    80 function get_all_roles()
 
    65 	return hosts[target_host].authz.get_all_roles()
 
    81 	return hosts[target_host].authz.get_all_roles()
 
    66 end
 
    82 end
 
       
    83 
       
    84 module:hook_global("host-activated", function(host)
 
       
    85 	if host == target_host then
 
       
    86 		local authz = hosts[target_host].authz;
 
       
    87 		module:log("debug", "replaying %d queued permission changes", #default_permission_queue);
 
       
    88 		assert(authz);
 
       
    89 		-- replay default permission changes, if any
 
       
    90 		for i, item in ipairs(default_permission_queue) do
 
       
    91 			authz.add_default_permission(item.role_name, item.action, item.policy);
 
       
    92 		end
 
       
    93 		-- NOTE: we do not clear that array here -- in case the target_host is
 
       
    94 		-- re-activated
 
       
    95 	end
 
       
    96 end, -10000)
prosody-modules