Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_muc: Better map restrict_room_creation to role permissions (behaviour change)
authorMatthew Wild <mwild1@gmail.com>
Thu, 29 Sep 2022 12:30:52 +0100
changeset 12735 a314f5bff9f0
parent 12734 427dd01f0864
child 12736 f731eda8a873
mod_muc: Better map restrict_room_creation to role permissions (behaviour change) With this change and 427dd01f0864, room creation is now effectively restricted to parent-host users by default. This is a better default than previous Prosody versions (where room creation was not restricted). The "local" option for restrict_room_creation is no longer used (any value other than true/false won't change the default behaviour). restrict_room_creation = true will grant prosody:admin the ability to create rooms. restrict_room_creation = false disables all permission checks. Anything between these two can be achieved using custom roles and permissions.
plugins/muc/mod_muc.lua file | annotate | diff | comparison | revisions 
--- a/plugins/muc/mod_muc.lua	Thu Sep 29 12:10:14 2022 +0100
+++ b/plugins/muc/mod_muc.lua	Thu Sep 29 12:30:52 2022 +0100
@@ -413,28 +413,15 @@
 	end, -10);
 end
 
-module:default_permission("prosody:admin", ":create-room");
-
-do
-	local restrict_room_creation = module:get_option("restrict_room_creation");
-	if restrict_room_creation == true then
-		restrict_room_creation = "admin";
+local restrict_room_creation = module:get_option("restrict_room_creation");
+module:default_permission(restrict_room_creation == true and "prosody:admin" or "prosody:user", ":create-room");
+module:hook("muc-room-pre-create", function(event)
+	local origin, stanza = event.origin, event.stanza;
+	if restrict_room_creation ~= false and not module:may(":create-room", event) then
+		origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host));
+		return true;
 	end
-	if restrict_room_creation then
-		local host_suffix = module.host:gsub("^[^%.]+%.", "");
-		module:hook("muc-room-pre-create", function(event)
-			local origin, stanza = event.origin, event.stanza;
-			local user_jid = stanza.attr.from;
-			if not module:may(":create-room", event) and not (
-				restrict_room_creation == "local" and
-				select(2, jid_split(user_jid)) == host_suffix
-			) then
-				origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host));
-				return true;
-			end
-		end);
-	end
-end
+end);
 
 for event_name, method in pairs {
 	-- Normal room interactions
prosody