Mercurial > prosody-modules
comparison mod_privilege/mod_privilege.lua @ 1663:ca07a6ada631
mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Tue, 07 Apr 2015 12:46:34 +0200 |
| parents | d440a22fa0af |
| children | 6bdcb1418029 |
comparison
equal
deleted
inserted
replaced
| 1662:d440a22fa0af | 1663:ca07a6ada631 |
|---|---|
| 11 local set = require("util/set") | 11 local set = require("util/set") |
| 12 local st = require("util/stanza") | 12 local st = require("util/stanza") |
| 13 local roster_manager = require("core/rostermanager") | 13 local roster_manager = require("core/rostermanager") |
| 14 local user_manager = require("core/usermanager") | 14 local user_manager = require("core/usermanager") |
| 15 local hosts = prosody.hosts | 15 local hosts = prosody.hosts |
| 16 -- the folowing sets are used to forward presence stanza | |
| 17 if not prosody._privilege_presence_man_ent then | |
| 18 prosody._privilege_presence_man_ent = set.new() | |
| 19 end | |
| 20 local presence_man_ent = prosody._privilege_presence_man_ent | |
| 21 if not prosody._privilege_presence_roster then | |
| 22 prosody._privilege_presence_roster = set.new() | |
| 23 end | |
| 24 local presence_roster = prosody._privilege_presence_roster | |
| 16 | 25 |
| 17 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) | 26 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) |
| 18 local _ROSTER_GET_PERM = set.new({'get', 'both'}) | 27 local _ROSTER_GET_PERM = set.new({'get', 'both'}) |
| 19 local _ROSTER_SET_PERM = set.new({'set', 'both'}) | 28 local _ROSTER_SET_PERM = set.new({'set', 'both'}) |
| 20 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) | 29 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) |
| 24 local _FORWARDED_NS = 'urn:xmpp:forward:0' | 33 local _FORWARDED_NS = 'urn:xmpp:forward:0' |
| 25 | 34 |
| 26 | 35 |
| 27 module:log("debug", "Loading privileged entity module "); | 36 module:log("debug", "Loading privileged entity module "); |
| 28 | 37 |
| 38 | |
| 29 --> Permissions management <-- | 39 --> Permissions management <-- |
| 30 | 40 |
| 31 privileges = module:get_option("privileged_entities", {}) | 41 privileges = module:get_option("privileged_entities", {}) |
| 32 | 42 |
| 33 function advertise_perm(session, to_jid, perms) | 43 function advertise_perm(session, to_jid, perms) |
| 42 end | 52 end |
| 43 end | 53 end |
| 44 session.send(message) | 54 session.send(message) |
| 45 end | 55 end |
| 46 | 56 |
| 57 function set_presence_perm_set(to_jid, perms) | |
| 58 -- fill the global presence sets according to perms | |
| 59 if perms.presence == 'managed_entity' then | |
| 60 presence_man_ent:add(to_jid) | |
| 61 elseif perms.presence == 'roster' then | |
| 62 presence_man_ent:add(to_jid) -- roster imply managed_entity | |
| 63 presence_roster:add(to_jid) | |
| 64 end | |
| 47 end | 65 end |
| 48 | 66 |
| 49 function on_auth(event) | 67 function on_auth(event) |
| 50 -- Check if entity is privileged according to configuration, | 68 -- Check if entity is privileged according to configuration, |
| 51 -- and set session.privileges accordingly | 69 -- and set session.privileges accordingly |
| 67 if value == 'none' then | 85 if value == 'none' then |
| 68 ent_priv[perm_type] = nil | 86 ent_priv[perm_type] = nil |
| 69 end | 87 end |
| 70 end | 88 end |
| 71 end | 89 end |
| 90 -- extra checks for presence permission | |
| 91 if ent_priv.permission == 'roster' and not _ROSTER_GET_PERM:contains(session.privileges.roster) then | |
| 92 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege") | |
| 93 module:log("warn", "Setting presence permission to none") | |
| 94 end_priv.permission = nil | |
| 95 end | |
| 96 | |
| 72 if session.type == "component" then | 97 if session.type == "component" then |
| 73 -- we send the message stanza only for component | 98 -- we send the message stanza only for component |
| 74 -- it will be sent at first <presence/> for other entities | 99 -- it will be sent at first <presence/> for other entities |
| 75 advertise_perm(session, bare_jid, ent_priv) | 100 advertise_perm(session, bare_jid, ent_priv) |
| 101 set_presence_perm_set(bare_jid, ent_priv) | |
| 76 end | 102 end |
| 77 end | 103 end |
| 78 | 104 |
| 79 session.privileges = ent_priv | 105 session.privileges = ent_priv |
| 80 end | 106 end |
| 83 -- Permission are already checked at this point, | 109 -- Permission are already checked at this point, |
| 84 -- we only advertise them to the entity | 110 -- we only advertise them to the entity |
| 85 local session, stanza = event.origin, event.stanza; | 111 local session, stanza = event.origin, event.stanza; |
| 86 if session.privileges then | 112 if session.privileges then |
| 87 advertise_perm(session, session.full_jid, session.privileges) | 113 advertise_perm(session, session.full_jid, session.privileges) |
| 114 set_presence_perm_set(session.full_jid, session.privileges) | |
| 88 end | 115 end |
| 89 end | 116 end |
| 90 | 117 |
| 91 module:hook('authentication-success', on_auth) | 118 module:hook('authentication-success', on_auth) |
| 92 module:hook('component-authenticated', on_auth) | 119 module:hook('component-authenticated', on_auth) |