Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_authz_internal: Allow configuring role of local-server/parent-host users
authorMatthew Wild <mwild1@gmail.com>
Thu, 29 Sep 2022 12:10:14 +0100
changeset 12734 427dd01f0864
parent 12733 73a45ba6e3f1
child 12735 a314f5bff9f0
mod_authz_internal: Allow configuring role of local-server/parent-host users 'host_user_role' is the default role of users who have JIDs on the "parent" host (i.e. jabber.org users on conference.jabber.org). Defaults to 'prosody:user'. 'server_user_roles' is the default role of users who have JIDs on any active host on the current Prosody instance. Default to nil (no role). This finally allows better permissions splitting between host and server users, which has previously been done (e.g. in MUC) with options like 'restrict_room_creation' and 'muc_room_allow_persistent'. Using roles makes these permissions a lot more flexible, and easier for developers to integrate.
plugins/mod_authz_internal.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_authz_internal.lua	Wed Sep 28 17:47:00 2022 +0100
+++ b/plugins/mod_authz_internal.lua	Thu Sep 29 12:10:14 2022 +0100
@@ -1,13 +1,22 @@
 local array = require "util.array";
 local it = require "util.iterators";
 local set = require "util.set";
-local jid_split, jid_bare = require "util.jid".split, require "util.jid".bare;
+local jid_split, jid_bare, jid_host = import("util.jid", "split", "bare", "host");
 local normalize = require "util.jid".prep;
 local roles = require "util.roles";
 
 local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize;
 local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
 local host = module.host;
+local host_suffix = host:gsub("^[^%.]+%.", "");
+
+local hosts = prosody.hosts;
+local is_component = hosts[host].type == "component";
+local host_user_role, server_user_role;
+if is_component then
+	host_user_role = module:get_option_string("host_user_role", "prosody:user");
+	server_user_role = module:get_option_string("server_user_role");
+end
 
 local role_store = module:open_store("account_roles");
 local role_map_store = module:open_store("account_roles", "map");
@@ -225,6 +234,13 @@
 		return role_registry["prosody:operator"];
 	elseif config_admin_jids:contains(bare_jid) then
 		return role_registry["prosody:admin"];
+	elseif is_component then
+		local user_host = jid_host(bare_jid);
+		if host_user_role and user_host == host_suffix then
+			return role_registry[host_user_role];
+		elseif server_user_role and hosts[user_host] then
+			return role_registry[server_user_role];
+		end
 	end
 	return nil;
 end
prosody