# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1669722239 0
# Node ID f03f4ec859a34dcfc780e8bebe25ea57f8e99587
# Parent  817bc9873fc274521d277589770a4e7b17f8dd0f
mod_compat_roles: Add support for role inheritance (built-in roles only)

diff -r 817bc9873fc2 -r f03f4ec859a3 mod_compat_roles/mod_compat_roles.lua
--- a/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:38:28 2022 +0000
+++ b/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:43:59 2022 +0000
@@ -31,6 +31,12 @@
 -- permissions[host][role_name][permission_name] = is_permitted
 local permissions = {};
 
+local role_inheritance = {
+	["prosody:operator"] = "prosody:admin";
+	["prosody:admin"] = "prosody:user";
+	["prosody:user"] = "prosody:restricted";
+};
+
 local function role_may(host, role_name, permission)
 	local host_roles = permissions[host];
 	if not host_roles then
@@ -40,7 +46,8 @@
 	if not role_permissions then
 		return false;
 	end
-	return not not permissions[role_name][permission];
+	local next_role = role_inheritance[role_name];
+	return not not permissions[role_name][permission] or (next_role and role_may(host, next_role, permission));
 end
 
 function moduleapi.may(self, action, context)