Mercurial > prosody-modules
comparison mod_privilege/mod_privilege.lua @ 1665:746d94f37a4c
mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far)
author | Goffi <goffi@goffi.org> |
---|---|
date | Tue, 07 Apr 2015 12:47:51 +0200 |
parents | 6bdcb1418029 |
children | 0b1b4b7d5fe0 |
comparison
equal
deleted
inserted
replaced
1664:6bdcb1418029 | 1665:746d94f37a4c |
---|---|
11 local set = require("util/set") | 11 local set = require("util/set") |
12 local st = require("util/stanza") | 12 local st = require("util/stanza") |
13 local roster_manager = require("core/rostermanager") | 13 local roster_manager = require("core/rostermanager") |
14 local user_manager = require("core/usermanager") | 14 local user_manager = require("core/usermanager") |
15 local hosts = prosody.hosts | 15 local hosts = prosody.hosts |
16 local full_sessions = prosody.full_sessions; | |
16 -- the folowing sets are used to forward presence stanza | 17 -- the folowing sets are used to forward presence stanza |
17 if not prosody._privilege_presence_man_ent then | 18 if not prosody._privilege_presence_man_ent then |
18 prosody._privilege_presence_man_ent = set.new() | 19 prosody._privilege_presence_man_ent = set.new() |
19 end | 20 end |
20 local presence_man_ent = prosody._privilege_presence_man_ent | 21 local presence_man_ent = prosody._privilege_presence_man_ent |
26 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) | 27 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) |
27 local _ROSTER_GET_PERM = set.new({'get', 'both'}) | 28 local _ROSTER_GET_PERM = set.new({'get', 'both'}) |
28 local _ROSTER_SET_PERM = set.new({'set', 'both'}) | 29 local _ROSTER_SET_PERM = set.new({'set', 'both'}) |
29 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) | 30 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) |
30 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) | 31 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) |
32 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'}) | |
31 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} | 33 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} |
32 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' | 34 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' |
33 local _FORWARDED_NS = 'urn:xmpp:forward:0' | 35 local _FORWARDED_NS = 'urn:xmpp:forward:0' |
34 | 36 |
35 | 37 |
40 | 42 |
41 privileges = module:get_option("privileged_entities", {}) | 43 privileges = module:get_option("privileged_entities", {}) |
42 | 44 |
43 function advertise_perm(session, to_jid, perms) | 45 function advertise_perm(session, to_jid, perms) |
44 -- send <message/> stanza to advertise permissions | 46 -- send <message/> stanza to advertise permissions |
45 -- as expained in section 4.2 | 47 -- as expained in § 4.2 |
46 local message = st.message({to=to_jid}) | 48 local message = st.message({to=to_jid}) |
47 :tag("privilege", {xmlns=_PRIV_ENT_NS}) | 49 :tag("privilege", {xmlns=_PRIV_ENT_NS}) |
48 | 50 |
49 for _, perm in pairs({'roster', 'message', 'presence'}) do | 51 for _, perm in pairs({'roster', 'message', 'presence'}) do |
50 if perms[perm] then | 52 if perms[perm] then |
59 if perms.presence == 'managed_entity' then | 61 if perms.presence == 'managed_entity' then |
60 presence_man_ent:add(to_jid) | 62 presence_man_ent:add(to_jid) |
61 elseif perms.presence == 'roster' then | 63 elseif perms.presence == 'roster' then |
62 presence_man_ent:add(to_jid) -- roster imply managed_entity | 64 presence_man_ent:add(to_jid) -- roster imply managed_entity |
63 presence_roster:add(to_jid) | 65 presence_roster:add(to_jid) |
66 end | |
67 end | |
68 | |
69 function advertise_presences(session, to_jid, perms) | |
70 -- send presence status for already conencted entities | |
71 -- as explained in § 7.1 | |
72 for _, user_session in pairs(full_sessions) do | |
73 if user_session.presence then | |
74 if _PRESENCE_MANAGED:contains(perms.presence) then | |
75 local presence = st.clone(user_session.presence) | |
76 presence.attr.to = to_jid | |
77 module:log("debug", "sending current presence for "..tostring(user_session.full_jid)) | |
78 session.send(presence) | |
79 end | |
80 end | |
64 end | 81 end |
65 end | 82 end |
66 | 83 |
67 function on_auth(event) | 84 function on_auth(event) |
68 -- Check if entity is privileged according to configuration, | 85 -- Check if entity is privileged according to configuration, |
97 if session.type == "component" then | 114 if session.type == "component" then |
98 -- we send the message stanza only for component | 115 -- we send the message stanza only for component |
99 -- it will be sent at first <presence/> for other entities | 116 -- it will be sent at first <presence/> for other entities |
100 advertise_perm(session, bare_jid, ent_priv) | 117 advertise_perm(session, bare_jid, ent_priv) |
101 set_presence_perm_set(bare_jid, ent_priv) | 118 set_presence_perm_set(bare_jid, ent_priv) |
119 advertise_presences(session, bare_jid, ent_priv) | |
102 end | 120 end |
103 end | 121 end |
104 | 122 |
105 session.privileges = ent_priv | 123 session.privileges = ent_priv |
106 end | 124 end |
110 -- we only advertise them to the entity | 128 -- we only advertise them to the entity |
111 local session, stanza = event.origin, event.stanza; | 129 local session, stanza = event.origin, event.stanza; |
112 if session.privileges then | 130 if session.privileges then |
113 advertise_perm(session, session.full_jid, session.privileges) | 131 advertise_perm(session, session.full_jid, session.privileges) |
114 set_presence_perm_set(session.full_jid, session.privileges) | 132 set_presence_perm_set(session.full_jid, session.privileges) |
133 advertise_presences(session, session.full_jid, session.privileges) | |
115 end | 134 end |
116 end | 135 end |
117 | 136 |
118 module:hook('authentication-success', on_auth) | 137 module:hook('authentication-success', on_auth) |
119 module:hook('component-authenticated', on_auth) | 138 module:hook('component-authenticated', on_auth) |