--- a/mod_client_management/mod_client_management.lua Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_client_management/mod_client_management.lua Thu Jun 29 15:58:33 2023 +0100
@@ -10,8 +10,8 @@
local strict = module:get_option_boolean("enforce_client_ids", false);
-module:default_permission("prosody:user", ":list-clients");
-module:default_permission("prosody:user", ":manage-clients");
+module:default_permission("prosody:registered", ":list-clients");
+module:default_permission("prosody:registered", ":manage-clients");
local tokenauth = module:depends("tokenauth");
local mod_fast = module:depends("sasl2_fast");
--- a/mod_compat_roles/mod_compat_roles.lua Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_compat_roles/mod_compat_roles.lua Thu Jun 29 15:58:33 2023 +0100
@@ -33,8 +33,12 @@
local role_inheritance = {
["prosody:operator"] = "prosody:admin";
- ["prosody:admin"] = "prosody:user";
- ["prosody:user"] = "prosody:restricted";
+ ["prosody:admin"] = "prosody:member";
+ ["prosody:member"] = "prosody:registered";
+ ["prosody:registered"] = "prosody:guest";
+
+ -- COMPAT
+ ["prosody:user"] = "prosody:registered";
};
local function role_may(host, role_name, permission)
--- a/mod_invites_adhoc/mod_invites_adhoc.lua Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_invites_adhoc/mod_invites_adhoc.lua Thu Jun 29 15:58:33 2023 +0100
@@ -19,7 +19,11 @@
if module.may then
if allow_user_invites then
- module:default_permission("prosody:user", ":invite-new-users");
+ if require "core.features".available:contains("split-user-roles") then
+ module:default_permission("prosody:registered", ":invite-new-users");
+ else -- COMPAT
+ module:default_permission("prosody:user", ":invite-new-users");
+ end
end
if not allow_user_invite_roles:empty() or not deny_user_invite_roles:empty() then
return error("allow_user_invites_by_roles and deny_user_invites_by_roles are deprecated options");
--- a/mod_restrict_xmpp/mod_restrict_xmpp.lua Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_restrict_xmpp/mod_restrict_xmpp.lua Thu Jun 29 15:58:33 2023 +0100
@@ -3,7 +3,18 @@
local set = require "util.set";
local st = require "util.stanza";
-module:default_permission("prosody:user", "xmpp:federate");
+local normal_user_role = "prosody:registered";
+local limited_user_role = "prosody:guest";
+
+local features = require "core.features";
+
+-- COMPAT
+if not features.available:contains("split-user-roles") then
+ normal_user_role = "prosody:user";
+ limited_user_role = "prosody:restricted";
+end
+
+module:default_permission(normal_user_role, "xmpp:federate");
module:hook("route/remote", function (event)
if not module:may("xmpp:federate", event) then
if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then
@@ -93,12 +104,12 @@
--module:default_permission("prosody:restricted", "xmpp:account:read");
--module:default_permission("prosody:restricted", "xmpp:account:write");
-module:default_permission("prosody:restricted", "xmpp:account:messages:read");
-module:default_permission("prosody:restricted", "xmpp:account:messages:write");
+module:default_permission(limited_user_role, "xmpp:account:messages:read");
+module:default_permission(limited_user_role, "xmpp:account:messages:write");
for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do
for account_property in set.new(array.collect(it.values(property_list))) do
- module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":read");
- module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":write");
+ module:default_permission(limited_user_role, "xmpp:account:"..account_property..":read");
+ module:default_permission(limited_user_role, "xmpp:account:"..account_property..":write");
end
end