Mercurial > prosody-modules
annotate mod_adhoc/adhoc/mod_adhoc.lua @ 49:59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
| author | Florian Zeitz <florob@babelmonkeys.de> |
|---|---|
| date | Sat, 17 Oct 2009 01:37:25 +0200 |
| parents | adc9eff8adb2 |
| children | 611d16867410 |
| rev | line source |
|---|---|
| 6 | 1 -- Copyright (C) 2009 Thilo Cestonaro |
| 2 -- | |
| 3 -- This file is MIT/X11 licensed. Please see the | |
| 4 -- COPYING file in the source package for more information. | |
| 5 -- | |
| 6 | |
| 7 local st = require "util.stanza"; | |
|
43
adc9eff8adb2
mod_adhoc, mod_adhoc_cmd_admin: Show only commands they may execute to the user
Florian Zeitz <florob@babelmonkeys.de>
parents:
36
diff
changeset
|
8 local is_admin = require "core.usermanager".is_admin; |
| 6 | 9 local commands = {}; |
| 10 | |
| 11 module:add_feature("http://jabber.org/protocol/commands"); | |
| 12 | |
| 13 module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function (event) | |
| 14 local origin, stanza = event.origin, event.stanza; | |
|
43
adc9eff8adb2
mod_adhoc, mod_adhoc_cmd_admin: Show only commands they may execute to the user
Florian Zeitz <florob@babelmonkeys.de>
parents:
36
diff
changeset
|
15 local privileged = is_admin(event.stanza.attr.from); |
| 6 | 16 if stanza.attr.type == "get" and stanza.tags[1].attr.node and stanza.tags[1].attr.node == "http://jabber.org/protocol/commands" then |
| 17 reply = st.reply(stanza); | |
| 18 reply:tag("query", {xmlns="http://jabber.org/protocol/disco#items", node="http://jabber.org/protocol/commands"}) | |
| 19 for i = 1, #commands do | |
| 20 -- module:log("info", "adding command %s", commands[i].name); | |
|
43
adc9eff8adb2
mod_adhoc, mod_adhoc_cmd_admin: Show only commands they may execute to the user
Florian Zeitz <florob@babelmonkeys.de>
parents:
36
diff
changeset
|
21 if (commands[i].permission == "admin" and privileged) or (commands[i].permission == "user") then |
|
adc9eff8adb2
mod_adhoc, mod_adhoc_cmd_admin: Show only commands they may execute to the user
Florian Zeitz <florob@babelmonkeys.de>
parents:
36
diff
changeset
|
22 reply:tag("item", {name=commands[i].name, node=commands[i].node, jid=module:get_host()}); |
|
adc9eff8adb2
mod_adhoc, mod_adhoc_cmd_admin: Show only commands they may execute to the user
Florian Zeitz <florob@babelmonkeys.de>
parents:
36
diff
changeset
|
23 reply:up(); |
|
adc9eff8adb2
mod_adhoc, mod_adhoc_cmd_admin: Show only commands they may execute to the user
Florian Zeitz <florob@babelmonkeys.de>
parents:
36
diff
changeset
|
24 end |
| 6 | 25 end |
| 26 origin.send(reply); | |
| 27 return true; | |
| 28 end | |
| 29 end, 500); | |
| 30 | |
| 31 module:hook("iq/host", function (event) | |
| 32 local origin, stanza = event.origin, event.stanza; | |
| 33 if stanza.attr.type == "set" and stanza.tags[1] and stanza.tags[1].name == "command" then | |
| 34 local node = stanza.tags[1].attr.node | |
| 35 for i = 1, #commands do | |
| 36 if commands[i].node == node then | |
|
49
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
37 -- check whether user has permission to execute this command first |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
38 if commands[i].permission == "admin" and not is_admin(stanza.attr.from) then |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
39 origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up() |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
40 :add_child(commands[i]:cmdtag("canceled") |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
41 :tag("note", {type="error"}):text("You don't have permission to execute this command"))); |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
42 return true |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
43 end |
|
59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
Florian Zeitz <florob@babelmonkeys.de>
parents:
43
diff
changeset
|
44 -- User has permission now execute the command |
| 6 | 45 return commands[i].handler(commands[i], origin, stanza); |
| 46 end | |
| 47 end | |
| 48 end | |
| 49 end, 500); | |
| 50 | |
| 51 module:hook("item-added/adhoc", function (event) | |
| 52 commands[ # commands + 1] = event.item; | |
| 53 end, 500); | |
| 9 | 54 |
| 55 local _G = _G; | |
| 56 local t_remove = _G.table.remove; | |
| 57 module:hook("item-removed/adhoc", function (event) | |
| 58 for i = 1, #commands do | |
| 59 if commands[i].node == event.item.node then | |
| 60 t_remove(commands, i); | |
|
28
b9d063dd16d5
mod_adhoc, mod_adhoc_cmd_ping: Code cleanup
Florian Zeitz <florob@babelmonkeys.de>
parents:
9
diff
changeset
|
61 break; |
| 9 | 62 end |
| 63 end | |
| 64 end, 500); |