Mercurial > prosody-modules

changeset 5098:817bc9873fc2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_compat_roles: Fix permission checks/roles to be per-host as intended
author Matthew Wild <mwild1@gmail.com>
date Tue, 29 Nov 2022 11:38:28 +0000
parents d414fa8b37dc
children f03f4ec859a3
files mod_compat_roles/mod_compat_roles.lua
diffstat 1 files changed, 9 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:37:58 2022 +0000
+++ b/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:38:28 2022 +0000
@@ -28,11 +28,15 @@
 	return get_jid_role_name(username.."@"..host, host);
 end
 
--- permissions[host][permission_name] = permitted_role_name
+-- permissions[host][role_name][permission_name] = is_permitted
 local permissions = {};
 
-local function role_may(role_name, permission)
-	local role_permissions = permissions[role_name];
+local function role_may(host, role_name, permission)
+	local host_roles = permissions[host];
+	if not host_roles then
+		return false;
+	end
+	local role_permissions = host_roles[role_name];
 	if not role_permissions then
 		return false;
 	end
@@ -56,7 +60,7 @@
 			return false;
 		end
 
-		local permit = role_may(role, action);
+		local permit = role_may(self.host, role, action);
 		if not permit then
 			self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", context, action, role.name);
 		end
@@ -74,7 +78,7 @@
 			self:log("debug", "Access denied: JID <%s> may not %s (no role found)", actor_jid, action);
 			return false;
 		end
-		local permit = role_may(role_name, action, context);
+		local permit = role_may(self.host, role_name, action, context);
 		if not permit then
 			self:log("debug", "Access denied: JID <%s> may not %s (not permitted by role %s)", actor_jid, action, role_name);
 		end