Matthew Wild <mwild1@gmail.com> [Mon, 01 Aug 2022 20:26:00 +0100] rev 12658
usermanager: Handle local JIDs being passed to get/set_jid_role()
There is no reasonable fallback for set_jid_role() because users may have
multiple roles, so that's an error.
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:10:47 +0200] rev 12657
core.usermanager: Add missing stub authz methods to global authz provider
Except, should we have a global authz provider at all?
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:08:07 +0200] rev 12656
moduleapi: Stricter type check for actor in permission check
Non-table but truthy values would trigger "attempt to index a foo value"
on the next line otherwise
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:07:04 +0200] rev 12655
moduleapi: Remove redundant expansion of ':' prefix in permission names
Kim Alvefur <zash@zash.se> [Wed, 20 Jul 2022 13:05:35 +0200] rev 12654
moduleapi: Distribute permissions set from global modules to all hosts
Roles and permissions will always happen in the context of a host.
Prevents error upon indexing since `hosts["*"] == nil`
Matthew Wild <mwild1@gmail.com> [Wed, 20 Jul 2022 10:52:17 +0100] rev 12653
mod_tokenauth: New API that better fits how modules are using token auth
This also updates the module to the new role API, and improves support for
scope/role selection (currently treated as the same thing, which they almost
are).
Matthew Wild <mwild1@gmail.com> [Tue, 19 Jul 2022 18:02:02 +0100] rev 12652
mod_authz_internal: Use util.roles, some API changes and config support
This commit was too awkward to split (hg record didn't like it), so:
- Switch to the new util.roles lib to provide a consistent representation of
a role object.
- Change API method from get_role_info() to get_role_by_name() (touches
sessionmanager and usermanager)
- Change get_roles() to get_user_roles(), take a username instead of a JID
This is more consistent with all other usermanager API methods.
- Support configuration of custom roles and permissions via the config file
(to be documented).
Matthew Wild <mwild1@gmail.com> [Tue, 19 Jul 2022 17:44:26 +0100] rev 12651
util.roles: Add new utility module to consolidate role objects and methods
Matthew Wild <mwild1@gmail.com> [Tue, 12 Jul 2022 13:14:47 +0100] rev 12650
usermanager, mod_auth_*: Add get_account_info() returning creation/update time
This is useful for a number of things. For example, listing users that need to
rotate their passwords after some event. It also provides a safer way for code
to determine that a user password has changed without needing to set a handler
for the password change event (which is a more fragile approach).
Kim Alvefur <zash@zash.se> [Wed, 15 Jun 2022 23:04:17 +0200] rev 12649
core.moduleapi: Expand permission name ':' prefix earlier
Ensures it applies to the context as string case
Somehow this fixes everything