Mercurial > prosody-modules
comparison mod_authz_delegate/mod_authz_delegate.lua @ 5288:f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Wed, 29 Mar 2023 17:21:45 +0200 |
parents | |
children | 98d5acb93439 |
comparison
equal
deleted
inserted
replaced
5284:5178c13deb78 | 5288:f61564b522f7 |
---|---|
1 local target_host = assert(module:get_option("authz_delegate_to")); | |
2 local this_host = module:get_host(); | |
3 | |
4 local jid_split = import("prosody.util.jid", "split"); | |
5 | |
6 local hosts = prosody.hosts; | |
7 | |
8 function get_jids_with_role(role) --luacheck: ignore 212/role | |
9 return nil | |
10 end | |
11 | |
12 function get_user_role(user) | |
13 -- this is called where the JID belongs to the host this module is loaded on | |
14 -- that means we have to delegate that to get_jid_role with an appropriately composed JID | |
15 return hosts[target_host].authz.get_jid_role(user .. "@" .. this_host) | |
16 end | |
17 | |
18 function set_user_role(user, role_name) --luacheck: ignore 212/user 212/role_name | |
19 -- no roles for entities on this host. | |
20 return false, "cannot set user role on delegation target" | |
21 end | |
22 | |
23 function get_user_secondary_roles(user) --luacheck: ignore 212/user | |
24 -- no roles for entities on this host. | |
25 return {} | |
26 end | |
27 | |
28 function add_user_secondary_role(user, role_name) --luacheck: ignore 212/user 212/role_name | |
29 -- no roles for entities on this host. | |
30 return nil, "cannot set user role on delegation target" | |
31 end | |
32 | |
33 function remove_user_secondary_role(user, role_name) --luacheck: ignore 212/user 212/role_name | |
34 -- no roles for entities on this host. | |
35 return nil, "cannot set user role on delegation target" | |
36 end | |
37 | |
38 function user_can_assume_role(user, role_name) --luacheck: ignore 212/user 212/role_name | |
39 -- no roles for entities on this host. | |
40 return false | |
41 end | |
42 | |
43 function get_jid_role(jid) | |
44 local user, host = jid_split(jid); | |
45 if host == target_host then | |
46 return hosts[target_host].authz.get_user_role(user); | |
47 end | |
48 return hosts[target_host].authz.get_jid_role(jid); | |
49 end | |
50 | |
51 function set_jid_role(jid) --luacheck: ignore 212/jid | |
52 -- TODO: figure out if there are actually legitimate uses for this... | |
53 return nil, "cannot set jid role on delegation target" | |
54 end | |
55 | |
56 function add_default_permission(role_name, action, policy) | |
57 return hosts[target_host].authz.add_default_permission(role_name, action, policy) | |
58 end | |
59 | |
60 function get_role_by_name(role_name) | |
61 return hosts[target_host].authz.get_role_by_name(role_name) | |
62 end | |
63 | |
64 function get_all_roles() | |
65 return hosts[target_host].authz.get_all_roles() | |
66 end |