# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1669721908 0
# Node ID 817bc9873fc274521d277589770a4e7b17f8dd0f
# Parent  d414fa8b37dc994f1a055b5a0161f05066257257
mod_compat_roles: Fix permission checks/roles to be per-host as intended

diff -r d414fa8b37dc -r 817bc9873fc2 mod_compat_roles/mod_compat_roles.lua
--- a/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:37:58 2022 +0000
+++ b/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:38:28 2022 +0000
@@ -28,11 +28,15 @@
 	return get_jid_role_name(username.."@"..host, host);
 end
 
--- permissions[host][permission_name] = permitted_role_name
+-- permissions[host][role_name][permission_name] = is_permitted
 local permissions = {};
 
-local function role_may(role_name, permission)
-	local role_permissions = permissions[role_name];
+local function role_may(host, role_name, permission)
+	local host_roles = permissions[host];
+	if not host_roles then
+		return false;
+	end
+	local role_permissions = host_roles[role_name];
 	if not role_permissions then
 		return false;
 	end
@@ -56,7 +60,7 @@
 			return false;
 		end
 
-		local permit = role_may(role, action);
+		local permit = role_may(self.host, role, action);
 		if not permit then
 			self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name);
 		end
@@ -74,7 +78,7 @@
 			self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action);
 			return false;
 		end
-		local permit = role_may(role_name, action, context);
+		local permit = role_may(self.host, role_name, action, context);
 		if not permit then
 			self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role_name);
 		end