changeset 5099:f03f4ec859a3

mod_compat_roles: Add support for role inheritance (built-in roles only)
author Matthew Wild <mwild1@gmail.com>
date Tue, 29 Nov 2022 11:43:59 +0000
parents 817bc9873fc2
children e55d1f7a570a
files mod_compat_roles/mod_compat_roles.lua
diffstat 1 files changed, 8 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:38:28 2022 +0000
+++ b/mod_compat_roles/mod_compat_roles.lua	Tue Nov 29 11:43:59 2022 +0000
@@ -31,6 +31,12 @@
 -- permissions[host][role_name][permission_name] = is_permitted
 local permissions = {};
 
+local role_inheritance = {
+	["prosody:operator"] = "prosody:admin";
+	["prosody:admin"] = "prosody:user";
+	["prosody:user"] = "prosody:restricted";
+};
+
 local function role_may(host, role_name, permission)
 	local host_roles = permissions[host];
 	if not host_roles then
@@ -40,7 +46,8 @@
 	if not role_permissions then
 		return false;
 	end
-	return not not permissions[role_name][permission];
+	local next_role = role_inheritance[role_name];
+	return not not permissions[role_name][permission] or (next_role and role_may(host, next_role, permission));
 end
 
 function moduleapi.may(self, action, context)