changeset 5582:825c6fb76c48

Multiple modules: Update for split prosody:user role (prosody 082c7d856e61)
author Matthew Wild <mwild1@gmail.com>
date Thu, 29 Jun 2023 15:58:33 +0100
parents df483d9056f5
children e1422ae7e4de
files mod_client_management/mod_client_management.lua mod_compat_roles/mod_compat_roles.lua mod_invites_adhoc/mod_invites_adhoc.lua mod_restrict_xmpp/mod_restrict_xmpp.lua
diffstat 4 files changed, 29 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/mod_client_management/mod_client_management.lua	Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_client_management/mod_client_management.lua	Thu Jun 29 15:58:33 2023 +0100
@@ -10,8 +10,8 @@
 
 local strict = module:get_option_boolean("enforce_client_ids", false);
 
-module:default_permission("prosody:user", ":list-clients");
-module:default_permission("prosody:user", ":manage-clients");
+module:default_permission("prosody:registered", ":list-clients");
+module:default_permission("prosody:registered", ":manage-clients");
 
 local tokenauth = module:depends("tokenauth");
 local mod_fast = module:depends("sasl2_fast");
--- a/mod_compat_roles/mod_compat_roles.lua	Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_compat_roles/mod_compat_roles.lua	Thu Jun 29 15:58:33 2023 +0100
@@ -33,8 +33,12 @@
 
 local role_inheritance = {
 	["prosody:operator"] = "prosody:admin";
-	["prosody:admin"] = "prosody:user";
-	["prosody:user"] = "prosody:restricted";
+	["prosody:admin"] = "prosody:member";
+	["prosody:member"] = "prosody:registered";
+	["prosody:registered"] = "prosody:guest";
+
+	-- COMPAT
+	["prosody:user"] = "prosody:registered";
 };
 
 local function role_may(host, role_name, permission)
--- a/mod_invites_adhoc/mod_invites_adhoc.lua	Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_invites_adhoc/mod_invites_adhoc.lua	Thu Jun 29 15:58:33 2023 +0100
@@ -19,7 +19,11 @@
 
 if module.may then
 	if allow_user_invites then
-		module:default_permission("prosody:user", ":invite-new-users");
+		if require "core.features".available:contains("split-user-roles") then
+			module:default_permission("prosody:registered", ":invite-new-users");
+		else -- COMPAT
+			module:default_permission("prosody:user", ":invite-new-users");
+		end
 	end
 	if not allow_user_invite_roles:empty() or not deny_user_invite_roles:empty() then
 		return error("allow_user_invites_by_roles and deny_user_invites_by_roles are deprecated options");
--- a/mod_restrict_xmpp/mod_restrict_xmpp.lua	Wed Jun 28 21:47:22 2023 +0200
+++ b/mod_restrict_xmpp/mod_restrict_xmpp.lua	Thu Jun 29 15:58:33 2023 +0100
@@ -3,7 +3,18 @@
 local set = require "util.set";
 local st = require "util.stanza";
 
-module:default_permission("prosody:user", "xmpp:federate");
+local normal_user_role = "prosody:registered";
+local limited_user_role = "prosody:guest";
+
+local features = require "core.features";
+
+-- COMPAT
+if not features.available:contains("split-user-roles") then
+	normal_user_role = "prosody:user";
+	limited_user_role = "prosody:restricted";
+end
+
+module:default_permission(normal_user_role, "xmpp:federate");
 module:hook("route/remote", function (event)
 	if not module:may("xmpp:federate", event) then
 		if event.stanza.attr.type ~= "result" and event.stanza.attr.type ~= "error" then
@@ -93,12 +104,12 @@
 
 --module:default_permission("prosody:restricted", "xmpp:account:read");
 --module:default_permission("prosody:restricted", "xmpp:account:write");
-module:default_permission("prosody:restricted", "xmpp:account:messages:read");
-module:default_permission("prosody:restricted", "xmpp:account:messages:write");
+module:default_permission(limited_user_role, "xmpp:account:messages:read");
+module:default_permission(limited_user_role, "xmpp:account:messages:write");
 for _, property_list in ipairs({ iq_namespaces, legacy_storage_nodes, pep_nodes }) do
 	for account_property in set.new(array.collect(it.values(property_list))) do
-		module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":read");
-		module:default_permission("prosody:restricted", "xmpp:account:"..account_property..":write");
+		module:default_permission(limited_user_role, "xmpp:account:"..account_property..":read");
+		module:default_permission(limited_user_role, "xmpp:account:"..account_property..":write");
 	end
 end