mod_http_xep227: Don't require admin privileges to use import/export
These APIs always operate on the current user account only. In the future we
may want to have a more specific permission check though.
--- a/mod_http_xep227/mod_http_xep227.lua Sat Jan 15 14:25:27 2022 +0000
+++ b/mod_http_xep227/mod_http_xep227.lua Sun Jan 16 13:44:26 2022 +0000
@@ -253,8 +253,6 @@
if not session then
event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name);
return false, 401;
- elseif session.auth_scope ~= "prosody:scope:admin" then
- return false, 403;
end
event.session = session;
return true;