Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core.moduleapi: Check for local role-aware sessions before e.g. s2s
authorKim Alvefur <zash@zash.se>
Mon, 29 Aug 2022 11:47:31 +0200
changeset 12694 546c7e0f3f31
parent 12693 1bc2220cd6ec
child 12695 90d90b540b6b
core.moduleapi: Check for local role-aware sessions before e.g. s2s The condition checked for s2sin but not s2sout, so would have ignored bidi-enabled s2sout sessions. Components as well.
core/moduleapi.lua file | annotate | diff | comparison | revisions 
--- a/core/moduleapi.lua	Mon Aug 29 15:48:07 2022 +0100
+++ b/core/moduleapi.lua	Mon Aug 29 11:47:31 2022 +0200
@@ -649,7 +649,15 @@
 	if type(session) ~= "table" then
 		error("Unable to identify actor session from context");
 	end
-	if session.type == "s2sin" or (session.type == "c2s" and session.host ~= self.host) then
+	if session.role and session.type == "c2s" and session.host == self.host then
+		local permit = session.role:may(action, context);
+		if not permit then
+			self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)",
+				session.id, session.full_jid, action, session.role.name
+			);
+		end
+		return permit;
+	else
 		local actor_jid = context.stanza.attr.from;
 		local role = hosts[self.host].authz.get_jid_role(actor_jid);
 		if not role then
@@ -661,14 +669,6 @@
 			self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role.name);
 		end
 		return permit;
-	elseif session.role then
-		local permit = session.role:may(action, context);
-		if not permit then
-			self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)",
-				session.id, session.full_jid, action, session.role.name
-			);
-		end
-		return permit;
 	end
 end
prosody