changeset 4870:d8a0a8dcdc0d

mod_http_xep227: Don't require admin privileges to use import/export These APIs always operate on the current user account only. In the future we may want to have a more specific permission check though.
author Matthew Wild <mwild1@gmail.com>
date Sun, 16 Jan 2022 13:44:26 +0000
parents c3bf568e3977
children 029ae3c29683
files mod_http_xep227/mod_http_xep227.lua
diffstat 1 files changed, 0 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_xep227/mod_http_xep227.lua	Sat Jan 15 14:25:27 2022 +0000
+++ b/mod_http_xep227/mod_http_xep227.lua	Sun Jan 16 13:44:26 2022 +0000
@@ -253,8 +253,6 @@
 		if not session then
 			event.response.headers.authorization = ("Bearer realm=%q"):format(module.host.."/"..module.name);
 			return false, 401;
-		elseif session.auth_scope ~= "prosody:scope:admin" then
-			return false, 403;
 		end
 		event.session = session;
 		return true;