Mercurial > prosody-modules

comparison mod_http_xep227/mod_http_xep227.lua @ 4870:d8a0a8dcdc0d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_xep227: Don't require admin privileges to use import/export These APIs always operate on the current user account only. In the future we may want to have a more specific permission check though.
author Matthew Wild <mwild1@gmail.com>
date Sun, 16 Jan 2022 13:44:26 +0000
parents c3bf568e3977
children 029ae3c29683
comparison
equal deleted inserted replaced
4869:c3bf568e3977 4870:d8a0a8dcdc0d
251 local function check_request_auth(event) 251 local function check_request_auth(event)
252 local session = check_credentials(event.request); 252 local session = check_credentials(event.request);
253 if not session then 253 if not session then
254 event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name); 254 event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name);
255 return false, 401; 255 return false, 401;
256 elseif session.auth_scope ~= "prosody:scope:admin" then
257 return false, 403;
258 end 256 end
259 event.session = session; 257 event.session = session;
260 return true; 258 return true;
261 end 259 end
262 260