Mercurial > prosody-modules
changeset 5582:825c6fb76c48
Multiple modules: Update for split prosody:user role (prosody 082c7d856e61)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 29 Jun 2023 15:58:33 +0100 |
parents | df483d9056f5 |
children | e1422ae7e4de |
files | mod_client_management/mod_client_management.lua mod_compat_roles/mod_compat_roles.lua mod_invites_adhoc/mod_invites_adhoc.lua mod_restrict_xmpp/mod_restrict_xmpp.lua |
diffstat | 4 files changed, 29 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_client_management/mod_client_management.lua Wed Jun 28 21:47:22 2023 +0200 +++ b/mod_client_management/mod_client_management.lua Thu Jun 29 15:58:33 2023 +0100 @@ -10,8 +10,8 @@ local strict = module:get_option_boolean("enforce_client_ids", false); -module:default_permission("prosody:user", ":list-clients"); -module:default_permission("prosody:user", ":manage-clients"); +module:default_permission("prosody:registered", ":list-clients"); +module:default_permission("prosody:registered", ":manage-clients"); local tokenauth = module:depends("tokenauth"); local mod_fast = module:depends("sasl2_fast");
--- a/mod_compat_roles/mod_compat_roles.lua Wed Jun 28 21:47:22 2023 +0200 +++ b/mod_compat_roles/mod_compat_roles.lua Thu Jun 29 15:58:33 2023 +0100 @@ -33,8 +33,12 @@ local role_inheritance = { ["prosody:operator"] = "prosody:admin"; - ["prosody:admin"] = "prosody:user"; - ["prosody:user"] = "prosody:restricted"; + ["prosody:admin"] = "prosody:member"; + ["prosody:member"] = "prosody:registered"; + ["prosody:registered"] = "prosody:guest"; + + -- COMPAT + ["prosody:user"] = "prosody:registered"; }; local function role_may(host, role_name, permission)
--- a/mod_invites_adhoc/mod_invites_adhoc.lua Wed Jun 28 21:47:22 2023 +0200 +++ b/mod_invites_adhoc/mod_invites_adhoc.lua Thu Jun 29 15:58:33 2023 +0100 @@ -19,7 +19,11 @@ if module.may then if allow_user_invites then - module:default_permission("prosody:user", ":invite-new-users"); + if require "core.features".available:contains("split-user-roles") then + module:default_permission("prosody:registered", ":invite-new-users"); + else -- COMPAT + module:default_permission("prosody:user", ":invite-new-users"); + end end if not allow_user_invite_roles:empty() or not deny_user_invite_roles:empty() then return error("allow_user_invites_by_roles and deny_user_invites_by_roles are deprecated options");
--- a/mod_restrict_xmpp/mod_restrict_xmpp.lua Wed Jun 28 21:47:22 2023 +0200 +++ b/mod_restrict_xmpp/mod_restrict_xmpp.lua Thu Jun 29 15:58:33 2023 +0100 @@ -3,7 +3,18 @@ local set = require "util.set"; local st = require "util.stanza"; -module:default_permission("prosody:user", "xmpp:federate"); +local normal_user_role = "prosody:registered"; +local limited_user_role = "prosody:guest"; + +local features = require "core.features"; + +-- COMPAT +if not features.available:contains("split-user-roles") then + normal_user_role = "prosody:user"; + limited_user_role = "prosody:restricted"; +end + +module:default_permission(normal_user_role, "xmpp:federate"); module:hook("route/remote", function (event) if not module:may("xmpp:federate", event) then if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then @@ -93,12 +104,12 @@ --module:default_permission("prosody:restricted", "xmpp:account:read"); --module:default_permission("prosody:restricted", "xmpp:account:write"); -module:default_permission("prosody:restricted", "xmpp:account:messages:read"); -module:default_permission("prosody:restricted", "xmpp:account:messages:write"); +module:default_permission(limited_user_role, "xmpp:account:messages:read"); +module:default_permission(limited_user_role, "xmpp:account:messages:write"); for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do for account_property in set.new(array.collect(it.values(property_list))) do - module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":read"); - module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":write"); + module:default_permission(limited_user_role, "xmpp:account:"..account_property..":read"); + module:default_permission(limited_user_role, "xmpp:account:"..account_property..":write"); end end