Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_xep227: Don't require admin privileges to use import/export
authorMatthew Wild <mwild1@gmail.com>
Sun, 16 Jan 2022 13:44:26 +0000
changeset 4874 d8a0a8dcdc0d
parent 4873 c3bf568e3977
child 4875 029ae3c29683
mod_http_xep227: Don't require admin privileges to use import/export These APIs always operate on the current user account only. In the future we may want to have a more specific permission check though.
mod_http_xep227/mod_http_xep227.lua file | annotate | diff | comparison | revisions 
--- a/mod_http_xep227/mod_http_xep227.lua	Sat Jan 15 14:25:27 2022 +0000
+++ b/mod_http_xep227/mod_http_xep227.lua	Sun Jan 16 13:44:26 2022 +0000
@@ -253,8 +253,6 @@
 		if not session then
 			event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name);
 			return false, 401;
-		elseif session.auth_scope ~= "prosody:scope:admin" then
-			return false, 403;
 		end
 		event.session = session;
 		return true;
prosody-modules