Mercurial > prosody-modules
comparison mod_adhoc_cmd_admin/mod_adhoc_cmd_admin.lua @ 49:59f490390528
mod_adhoc, mod_adhoc_cmd_admin: Check permissions in one place for all commands
| author | Florian Zeitz <florob@babelmonkeys.de> |
|---|---|
| date | Sat, 17 Oct 2009 01:37:25 +0200 |
| parents | 7fbaf590dc12 |
| children | e839b4453387 |
comparison
equal
deleted
inserted
replaced
| 48:7fbaf590dc12 | 49:59f490390528 |
|---|---|
| 37 { name = "max_items", type = "list-single", label = "Maximum number of users", | 37 { name = "max_items", type = "list-single", label = "Maximum number of users", |
| 38 value = { "25", "50", "75", "100", "150", "200", "all" } }; | 38 value = { "25", "50", "75", "100", "150", "200", "all" } }; |
| 39 }; | 39 }; |
| 40 | 40 |
| 41 function add_user_command_handler(item, origin, stanza) | 41 function add_user_command_handler(item, origin, stanza) |
| 42 if not is_admin(stanza.attr.from) then | |
| 43 module:log("warn", "Non-admin %s tried to add a user", tostring(jid.bare(stanza.attr.from))); | |
| 44 origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to add a user"):up() | |
| 45 :add_child(item:cmdtag("canceled") | |
| 46 :tag("note", {type="error"}):text("You don't have permission to add a user"))); | |
| 47 return true; | |
| 48 end | |
| 49 if stanza.tags[1].attr.sessionid and sessions[stanza.tags[1].attr.sessionid] then | 42 if stanza.tags[1].attr.sessionid and sessions[stanza.tags[1].attr.sessionid] then |
| 50 if stanza.tags[1].attr.action == "cancel" then | 43 if stanza.tags[1].attr.action == "cancel" then |
| 51 origin.send(st.reply(stanza):add_child(item:cmdtag("canceled", stanza.tags[1].attr.sessionid))); | 44 origin.send(st.reply(stanza):add_child(item:cmdtag("canceled", stanza.tags[1].attr.sessionid))); |
| 52 sessions[stanza.tags[1].attr.sessionid] = nil; | 45 sessions[stanza.tags[1].attr.sessionid] = nil; |
| 53 return true; | 46 return true; |
| 94 end | 87 end |
| 95 return true; | 88 return true; |
| 96 end | 89 end |
| 97 | 90 |
| 98 function get_online_users_command_handler(item, origin, stanza) | 91 function get_online_users_command_handler(item, origin, stanza) |
| 99 if not is_admin(stanza.attr.from) then | |
| 100 origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to request a list of online users"):up() | |
| 101 :add_child(item:cmdtag("canceled") | |
| 102 :tag("note", {type="error"}):text("You don't have permission to request a list of online users"))); | |
| 103 return true; | |
| 104 end | |
| 105 if stanza.tags[1].attr.sessionid and sessions[stanza.tags[1].attr.sessionid] then | 92 if stanza.tags[1].attr.sessionid and sessions[stanza.tags[1].attr.sessionid] then |
| 106 if stanza.tags[1].attr.action == "cancel" then | 93 if stanza.tags[1].attr.action == "cancel" then |
| 107 origin.send(st.reply(stanza):add_child(item:cmdtag("canceled", stanza.tags[1].attr.sessionid))); | 94 origin.send(st.reply(stanza):add_child(item:cmdtag("canceled", stanza.tags[1].attr.sessionid))); |
| 108 sessions[stanza.tags[1].attr.sessionid] = nil; | 95 sessions[stanza.tags[1].attr.sessionid] = nil; |
| 109 return true; | 96 return true; |