Mercurial > prosody-modules
diff mod_privilege/mod_privilege.lua @ 1658:1146cb4493a9
mod_privilege: roster get permission implemented
author | Goffi <goffi@goffi.org> |
---|---|
date | Tue, 31 Mar 2015 17:27:13 +0200 |
parents | 7116bc76663b |
children | 495a093798eb |
line wrap: on
line diff
--- a/mod_privilege/mod_privilege.lua Fri Mar 27 13:26:28 2015 +0100 +++ b/mod_privilege/mod_privilege.lua Tue Mar 31 17:27:13 2015 +0200 @@ -1,18 +1,30 @@ +-- XEP-0356 (Privileged Entity) +-- Copyright (C) 2015 Jérôme Poisson +-- +-- This module is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. + + local jid = require("util/jid") local set = require("util/set") local st = require("util/stanza") +local roster_manager = require("core/rostermanager") + local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) +local _ROSTER_GET_PERM = set.new({'get', 'both'}) +local _ROSTER_SET_PERM = set.new({'set', 'both'}) local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' -module:log("info", "Loading privileged entity module "); + +module:log("debug", "Loading privileged entity module "); + +--> Permissions management <-- privileges = module:get_option("privileged_entities", {}) -module:log("warn", "Connection, HOST="..tostring(module:get_host()).." ("..tostring(module:get_host_type())..")") - function advertise_perm(to_jid, perms) -- send <message/> stanza to advertise permissions -- as expained in section 4.2 @@ -34,7 +46,6 @@ local session = event.session local bare_jid = jid.join(session.username, session.host) - module:log("info", "======>>> on_auth, type="..tostring(event.session.type)..", jid="..tostring(bare_jid)); local ent_priv = privileges[bare_jid] if ent_priv ~= nil then @@ -64,3 +75,45 @@ module:hook('authentication-success', on_auth) module:hook('component-authenticated', on_auth) + + +--> roster permission <-- + +module:hook("iq-get/bare/jabber:iq:roster:query", function(event) + local session, stanza = event.origin, event.stanza; + if not stanza.attr.to then + -- we don't want stanzas addressed to /self + return; + end + + if session.privileges and _ROSTER_GET_PERM:contains(session.privileges.roster) then + module:log("debug", "Roster get from allowed privileged entity received") + -- following code is adapted from mod_remote_roster + local node, host = jid.split(stanza.attr.to); + local roster = roster_manager.load_roster(node, host); + + local reply = st.reply(stanza):query("jabber:iq:roster"); + for entity_jid, item in pairs(roster) do + if entity_jid and entity_jid ~= "pending" then + local node, host = jid.split(entity_jid); + reply:tag("item", { + jid = entity_jid, + subscription = item.subscription, + ask = item.ask, + name = item.name, + }); + for group in pairs(item.groups) do + reply:tag("group"):text(group):up(); + end + reply:up(); -- move out from item + end + end + session.send(reply); + else + module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission") + session.send(st.error_reply(stanza, 'auth', 'forbidden')) + end + + return true + +end);