Mercurial > prosody-modules
annotate mod_readonly/mod_readonly.lua @ 5424:b45d9a81b3da
mod_http_oauth2: Revert role selector, going to try something else
Back out f2c7bb3af600
Allowing only a single role to be encoded into the grant takes away the
possibility of having multiple roles in the grant, one of which is
selected when issuing an access token. It also takes away the ability to
have zero roles granted, which could be useful e.g. when you only need
OIDC scopes.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 07 May 2023 19:40:57 +0200 |
| parents | 7776c9dc5f37 |
| children |
| rev | line source |
|---|---|
|
750
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local stores = module:get_option("readonly_stores", { |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 vcard = { "vcard-temp", "vCard" }; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 }); |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local namespaces = {}; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 for name, namespace in pairs(stores) do |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 namespaces[table.concat(namespace, ":")] = name; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 end |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
3270
7776c9dc5f37
mod_readonly: Simplify iq handling by hooking on iq-set/ instead of iq/.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
750
diff
changeset
|
12 local function prevent_write(event) |
|
750
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local stanza = event.stanza; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local xmlns_and_tag = stanza.tags[1].attr.xmlns..":"..stanza.tags[1].name; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local store_name = namespaces[xmlns_and_tag]; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if store_name then |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 module:log("warn", "Preventing modification of %s store by %s", store_name, stanza.attr.from); |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 event.origin.send(st.error_reply(stanza, "cancel", "not-allowed", store_name.." data is read-only")); |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 return true; -- Block stanza |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 for namespace in pairs(namespaces) do |
|
3270
7776c9dc5f37
mod_readonly: Simplify iq handling by hooking on iq-set/ instead of iq/.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
750
diff
changeset
|
24 module:hook("iq-set/bare/"..namespace, prevent_write, 200); |
|
750
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end |