Mercurial > prosody-modules
annotate mod_muc_config_restrict/mod_muc_config_restrict.lua @ 5256:44f7edd4f845
mod_http_oauth2: Reject non-local hosts in more code paths
We're not issuing tokens for users on remote hosts, we can't even
authenticate them since they're remote. Thus the host is always the
local module.host so no need to pass around the host in most cases or
use it for anything but enforcing the same host.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 16 Mar 2023 17:52:10 +0100 |
parents | ed7431fd3b47 |
children |
rev | line source |
---|---|
1014
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local is_admin = require "core.usermanager".is_admin; |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local t_remove = table.remove; |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local restricted_options = module:get_option_set("muc_config_restricted", {})._items; |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 function handle_config_submit(event) |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local stanza = event.stanza; |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 if is_admin(stanza.attr.from, module.host) then return; end -- Don't restrict admins |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local fields = event.fields; |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 for option in restricted_options do |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 fields[option] = nil; -- Like it was never there |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 end |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 end |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 function handle_config_request(event) |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if is_admin(event.actor, module.host) then return; end -- Don't restrict admins |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local form = event.form; |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 for i = #form, 1, -1 do |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 if restricted_options[form[i].name] then |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 t_remove(form, i); |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 end |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 module:hook("muc-config-submitted", handle_config_submit); |
ed7431fd3b47
mod_muc_config_restrict: Allow restricting specific options in the MUC config form to service admins
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 module:hook("muc-config-form", handle_config_request); |