--- a/mod_adhoc/adhoc/mod_adhoc.lua Sat Oct 17 01:36:25 2009 +0200
+++ b/mod_adhoc/adhoc/mod_adhoc.lua Sat Oct 17 01:37:25 2009 +0200
@@ -34,6 +34,14 @@
local node = stanza.tags[1].attr.node
for i = 1, #commands do
if commands[i].node == node then
+ -- check whether user has permission to execute this command first
+ if commands[i].permission == "admin" and not is_admin(stanza.attr.from) then
+ origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up()
+ :add_child(commands[i]:cmdtag("canceled")
+ :tag("note", {type="error"}):text("You don't have permission to execute this command")));
+ return true
+ end
+ -- User has permission now execute the command
return commands[i].handler(commands[i], origin, stanza);
end
end
--- a/mod_adhoc_cmd_admin/mod_adhoc_cmd_admin.lua Sat Oct 17 01:36:25 2009 +0200
+++ b/mod_adhoc_cmd_admin/mod_adhoc_cmd_admin.lua Sat Oct 17 01:37:25 2009 +0200
@@ -39,13 +39,6 @@
};
function add_user_command_handler(item, origin, stanza)
- if not is_admin(stanza.attr.from) then
- module:log("warn", "Non-admin %s tried to add a user", tostring(jid.bare(stanza.attr.from)));
- origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to add a user"):up()
- :add_child(item:cmdtag("canceled")
- :tag("note", {type="error"}):text("You don't have permission to add a user")));
- return true;
- end
if stanza.tags[1].attr.sessionid and sessions[stanza.tags[1].attr.sessionid] then
if stanza.tags[1].attr.action == "cancel" then
origin.send(st.reply(stanza):add_child(item:cmdtag("canceled", stanza.tags[1].attr.sessionid)));
@@ -96,12 +89,6 @@
end
function get_online_users_command_handler(item, origin, stanza)
- if not is_admin(stanza.attr.from) then
- origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to request a list of online users"):up()
- :add_child(item:cmdtag("canceled")
- :tag("note", {type="error"}):text("You don't have permission to request a list of online users")));
- return true;
- end
if stanza.tags[1].attr.sessionid and sessions[stanza.tags[1].attr.sessionid] then
if stanza.tags[1].attr.action == "cancel" then
origin.send(st.reply(stanza):add_child(item:cmdtag("canceled", stanza.tags[1].attr.sessionid)));