--- a/mod_http_admin_api/mod_http_admin_api.lua Wed Jul 13 11:15:43 2022 +0100
+++ b/mod_http_admin_api/mod_http_admin_api.lua Wed Jul 13 11:18:46 2022 +0100
@@ -33,25 +33,24 @@
end
if auth_type == "Bearer" then
- local token_info = tokens.get_token_info(auth_data);
- if not token_info or not token_info.session then
- return false;
- end
- return token_info.session;
+ return tokens.get_token_session(auth_data);
end
return nil;
end
+module:default_permission("prosody:admin", ":access-admin-api");
+
function check_auth(routes)
local function check_request_auth(event)
local session = check_credentials(event.request);
if not session then
event.response.headers.authorization = www_authenticate_header;
return false, 401;
- elseif session.auth_scope ~= "prosody:scope:admin" then
+ end
+ event.session = session;
+ if not module:may(":access-admin-api", event) then
return false, 403;
end
- event.session = session;
return true;
end
@@ -179,15 +178,10 @@
end
end
- local roles = nil;
- if usermanager.get_roles then
- local roles_map = usermanager.get_roles(username.."@"..module.host, module.host)
- roles = array()
- if roles_map then
- for role in pairs(roles_map) do
- roles:push(role)
- end
- end
+ local roles = array();
+ local roles_map = usermanager.get_user_roles(username, module.host);
+ for role_name in pairs(roles_map) do
+ roles:push(role_name);
end
return {
@@ -416,7 +410,7 @@
end
if new_user.roles then
- if not usermanager.set_roles then
+ if not usermanager.set_user_roles then
return 500, "feature-not-implemented"
end
@@ -425,7 +419,7 @@
backend_roles[role] = true;
end
local jid = username.."@"..module.host;
- if not usermanager.set_roles(jid, module.host, backend_roles) then
+ if not usermanager.set_user_roles(username, module.host, backend_roles) then
module:log("error", "failed to set roles %q for %s", backend_roles, jid)
return 500
end