512
|
1 #summary XEP-0356 (Privileged Entity) implementation |
|
2 #labels Stage-Alpha |
|
3 |
|
4 = Introduction = |
|
5 |
|
6 Privileged Entity is an extension which allows entity/component to have privileged access to server (set/get roster, send message on behalf of server, access presence informations). It can be used to build services independenlty of server (e.g.: PEP service). |
|
7 |
|
8 = Details = |
|
9 |
|
10 You can have all the details by reading the [http://xmpp.org/extensions/xep-0356.html XEP-0356]. If you use if with a component, you need to patch core/mod_component.lua to fire a new signal. To do it, copy the following patch in a, for example, /tmp/component.patch file: |
|
11 {{{ |
|
12 diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua |
|
13 --- a/plugins/mod_component.lua |
|
14 +++ b/plugins/mod_component.lua |
|
15 @@ -85,6 +85,7 @@ |
|
16 session.type = "component"; |
|
17 module:log("info", "External component successfully authenticated"); |
|
18 session.send(st.stanza("handshake")); |
|
19 + module:fire_event("component-authenticated", { session = session }); |
|
20 |
|
21 return true; |
|
22 end |
|
23 }}} |
|
24 |
|
25 Then, at the root of prosody, enter: |
|
26 |
|
27 {{{patch -p1 < /tmp/component.patch}}} |
|
28 |
|
29 = Usage = |
|
30 |
|
31 To use the module, like usual add *"privilege"* to your modules_enabled, then specify privileged entities like that: |
|
32 |
|
33 {{{ |
|
34 privileged_entities = { |
|
35 ["romeo@montaigu.lit"] = { |
|
36 roster = "get"; |
|
37 presence = "managed_entity"; |
|
38 }, |
|
39 ["juliet@capulet.lit"] = { |
|
40 roster = "both"; |
|
41 message = "outgoing"; |
|
42 presence = "roster"; |
|
43 }, |
|
44 } |
|
45 }}} |
|
46 |
|
47 Here _romeo@montaigu.lit_ can *get* roster of anybody on the server, and will *have presence for any user* of the server, while _juliet@capulet.lit_ can *get* and *set* a roster, *send messages* on the behalf of the server, and *access presence of anybody* (not only people on the server, but also people in rosters of users of the server). |
|
48 |
|
49 */!\ Be extra careful when you give a permission to an entity/component, it's a powerful access, only do it if you absoly trust the component/entity, and you know where the software is coming from* |
|
50 |
|
51 = Configuration = |
|
52 All the permissions give access to all accounts of the servers. |
|
53 == roster == |
|
54 ||none _(default)_||No access to rosters|| |
|
55 ||get||Allow *read* access to rosters|| |
|
56 ||set||Allow *write* access to rosters|| |
|
57 ||both||Allow "*read* and *write* access to rosters|| |
|
58 |
|
59 == message == |
|
60 ||none _(default)_||Can't send message from server|| |
|
61 ||outgoing||Allow to send message on behalf of server (from bare jids)|| |
|
62 |
|
63 == presence == |
|
64 ||none _(default)_||Do not have extra presence information|| |
|
65 ||managed_entity||Receive presence stanzas (except subscriptions) from server users|| |
|
66 ||roster||Receive all presence stanzas (except subsciptions) from server users and people in their rosters|| |
|
67 |
|
68 = Compatibility = |
|
69 ||0.9||Need a patched core/mod_component.lua (see above)|| |
|
70 |
|
71 = Note = |
|
72 This module is often used with (TODO) mod_delegation (c.f. XEP for more details) |