Mercurial > prosody-modules
comparison mod_restrict_xmpp/mod_restrict_xmpp.lua @ 5010:a1f49586d28a
mod_restrict_xmpp: Treat archive query as a read despite using iq-set
XEP-0313 uses iq-set to initiate a query, but unlike many other uses of
iq-set, this does not mutate anything on the server, so it should not be
treated as a write request.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 22 Aug 2022 23:51:07 +0200 |
| parents | 459a4001c1d9 |
| children | 825c6fb76c48 |
comparison
equal
deleted
inserted
replaced
| 5009:459a4001c1d9 | 5010:a1f49586d28a |
|---|---|
| 78 local data = payload.tags[1]; | 78 local data = payload.tags[1]; |
| 79 proto = data and legacy_storage_nodes[data.attr.xmlns] or "legacy-storage"; | 79 proto = data and legacy_storage_nodes[data.attr.xmlns] or "legacy-storage"; |
| 80 elseif proto == "carbons" then | 80 elseif proto == "carbons" then |
| 81 -- This allows access to live messages | 81 -- This allows access to live messages |
| 82 proto, action = "messages", "read"; | 82 proto, action = "messages", "read"; |
| 83 elseif proto == "history" then | |
| 84 action = "read"; | |
| 83 end | 85 end |
| 84 local permission_name = "xmpp:account:"..(proto and (proto..":") or "")..action; | 86 local permission_name = "xmpp:account:"..(proto and (proto..":") or "")..action; |
| 85 if not module:may(permission_name, event) then | 87 if not module:may(permission_name, event) then |
| 86 module:log("warn", "Access denied: %s ({%s}%s) for %s", permission_name, ns, payload.name, origin.full_jid or origin.id); | 88 module:log("warn", "Access denied: %s ({%s}%s) for %s", permission_name, ns, payload.name, origin.full_jid or origin.id); |
| 87 origin.send(st.error_reply(stanza, "auth", "forbidden", "You do not have permission to make this request ("..permission_name..")")); | 89 origin.send(st.error_reply(stanza, "auth", "forbidden", "You do not have permission to make this request ("..permission_name..")")); |