Matthew Wild <mwild1@gmail.com> [Fri, 12 Aug 2022 11:58:25 +0100] rev 12661
usermanager: Fix method name of global authz provider (thanks Zash)
Matthew Wild <mwild1@gmail.com> [Thu, 11 Aug 2022 16:56:59 +0100] rev 12660
usermanager: Remove obsolete function from global authz provider
Matthew Wild <mwild1@gmail.com> [Thu, 11 Aug 2022 16:47:09 +0100] rev 12659
features: Add "permissions" feature for role-auth
Matthew Wild <mwild1@gmail.com> [Mon, 01 Aug 2022 20:26:00 +0100] rev 12658
usermanager: Handle local JIDs being passed to get/set_jid_role()
There is no reasonable fallback for set_jid_role() because users may have
multiple roles, so that's an error.
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:10:47 +0200] rev 12657
core.usermanager: Add missing stub authz methods to global authz provider
Except, should we have a global authz provider at all?
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:08:07 +0200] rev 12656
moduleapi: Stricter type check for actor in permission check
Non-table but truthy values would trigger "attempt to index a foo value"
on the next line otherwise
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:07:04 +0200] rev 12655
moduleapi: Remove redundant expansion of ':' prefix in permission names
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:05:35 +0200] rev 12654
moduleapi: Distribute permissions set from global modules to all hosts
Roles and permissions will always happen in the context of a host.
Prevents error upon indexing since `hosts["*"] == nil`
Matthew Wild <mwild1@gmail.com> [Wed, 20 Jul 2022 10:52:17 +0100] rev 12653
mod_tokenauth: New API that better fits how modules are using token auth
This also updates the module to the new role API, and improves support for
scope/role selection (currently treated as the same thing, which they almost
are).
Matthew Wild <mwild1@gmail.com> [Tue, 19 Jul 2022 18:02:02 +0100] rev 12652
mod_authz_internal: Use util.roles, some API changes and config support
This commit was too awkward to split (hg record didn't like it), so:
- Switch to the new util.roles lib to provide a consistent representation of
a role object.
- Change API method from get_role_info() to get_role_by_name() (touches
sessionmanager and usermanager)
- Change get_roles() to get_user_roles(), take a username instead of a JID
This is more consistent with all other usermanager API methods.
- Support configuration of custom roles and permissions via the config file
(to be documented).