# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1642340666 0
# Node ID d8a0a8dcdc0dfd3e44d15f6e0b836e14afdbe4dd
# Parent  c3bf568e3977d29efea9890bd1f6fb0396050fe2
mod_http_xep227: Don't require admin privileges to use import/export

These APIs always operate on the current user account only. In the future we
may want to have a more specific permission check though.

diff -r c3bf568e3977 -r d8a0a8dcdc0d mod_http_xep227/mod_http_xep227.lua
--- a/mod_http_xep227/mod_http_xep227.lua	Sat Jan 15 14:25:27 2022 +0000
+++ b/mod_http_xep227/mod_http_xep227.lua	Sun Jan 16 13:44:26 2022 +0000
@@ -253,8 +253,6 @@
 		if not session then
 			event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name);
 			return false, 401;
-		elseif session.auth_scope ~= "prosody:scope:admin" then
-			return false, 403;
 		end
 		event.session = session;
 		return true;