# HG changeset patch # User Matthew Wild # Date 1669721908 0 # Node ID 817bc9873fc274521d277589770a4e7b17f8dd0f # Parent d414fa8b37dc994f1a055b5a0161f05066257257 mod_compat_roles: Fix permission checks/roles to be per-host as intended diff -r d414fa8b37dc -r 817bc9873fc2 mod_compat_roles/mod_compat_roles.lua --- a/mod_compat_roles/mod_compat_roles.lua Tue Nov 29 11:37:58 2022 +0000 +++ b/mod_compat_roles/mod_compat_roles.lua Tue Nov 29 11:38:28 2022 +0000 @@ -28,11 +28,15 @@ return get_jid_role_name(username.."@"..host, host); end --- permissions[host][permission_name] = permitted_role_name +-- permissions[host][role_name][permission_name] = is_permitted local permissions = {}; -local function role_may(role_name, permission) - local role_permissions = permissions[role_name]; +local function role_may(host, role_name, permission) + local host_roles = permissions[host]; + if not host_roles then + return false; + end + local role_permissions = host_roles[role_name]; if not role_permissions then return false; end @@ -56,7 +60,7 @@ return false; end - local permit = role_may(role, action); + local permit = role_may(self.host, role, action); if not permit then self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name); end @@ -74,7 +78,7 @@ self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action); return false; end - local permit = role_may(role_name, action, context); + local permit = role_may(self.host, role_name, action, context); if not permit then self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role_name); end