Mercurial > prosody-wiki
comparison mod_privilege.wiki @ 512:cfef30b64777
added page for mod_privilege
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 09 Apr 2015 12:05:58 +0200 |
| parents | |
| children | 5812db271428 |
comparison
equal
deleted
inserted
replaced
| 511:9cf5a22e30a1 | 512:cfef30b64777 |
|---|---|
| 1 #summary XEP-0356 (Privileged Entity) implementation | |
| 2 #labels Stage-Alpha | |
| 3 | |
| 4 = Introduction = | |
| 5 | |
| 6 Privileged Entity is an extension which allows entity/component to have privileged access to server (set/get roster, send message on behalf of server, access presence informations). It can be used to build services independenlty of server (e.g.: PEP service). | |
| 7 | |
| 8 = Details = | |
| 9 | |
| 10 You can have all the details by reading the [http://xmpp.org/extensions/xep-0356.html XEP-0356]. If you use if with a component, you need to patch core/mod_component.lua to fire a new signal. To do it, copy the following patch in a, for example, /tmp/component.patch file: | |
| 11 {{{ | |
| 12 diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua | |
| 13 --- a/plugins/mod_component.lua | |
| 14 +++ b/plugins/mod_component.lua | |
| 15 @@ -85,6 +85,7 @@ | |
| 16 session.type = "component"; | |
| 17 module:log("info", "External component successfully authenticated"); | |
| 18 session.send(st.stanza("handshake")); | |
| 19 + module:fire_event("component-authenticated", { session = session }); | |
| 20 | |
| 21 return true; | |
| 22 end | |
| 23 }}} | |
| 24 | |
| 25 Then, at the root of prosody, enter: | |
| 26 | |
| 27 {{{patch -p1 < /tmp/component.patch}}} | |
| 28 | |
| 29 = Usage = | |
| 30 | |
| 31 To use the module, like usual add *"privilege"* to your modules_enabled, then specify privileged entities like that: | |
| 32 | |
| 33 {{{ | |
| 34 privileged_entities = { | |
| 35 ["romeo@montaigu.lit"] = { | |
| 36 roster = "get"; | |
| 37 presence = "managed_entity"; | |
| 38 }, | |
| 39 ["juliet@capulet.lit"] = { | |
| 40 roster = "both"; | |
| 41 message = "outgoing"; | |
| 42 presence = "roster"; | |
| 43 }, | |
| 44 } | |
| 45 }}} | |
| 46 | |
| 47 Here _romeo@montaigu.lit_ can *get* roster of anybody on the server, and will *have presence for any user* of the server, while _juliet@capulet.lit_ can *get* and *set* a roster, *send messages* on the behalf of the server, and *access presence of anybody* (not only people on the server, but also people in rosters of users of the server). | |
| 48 | |
| 49 */!\ Be extra careful when you give a permission to an entity/component, it's a powerful access, only do it if you absoly trust the component/entity, and you know where the software is coming from* | |
| 50 | |
| 51 = Configuration = | |
| 52 All the permissions give access to all accounts of the servers. | |
| 53 == roster == | |
| 54 ||none _(default)_||No access to rosters|| | |
| 55 ||get||Allow *read* access to rosters|| | |
| 56 ||set||Allow *write* access to rosters|| | |
| 57 ||both||Allow "*read* and *write* access to rosters|| | |
| 58 | |
| 59 == message == | |
| 60 ||none _(default)_||Can't send message from server|| | |
| 61 ||outgoing||Allow to send message on behalf of server (from bare jids)|| | |
| 62 | |
| 63 == presence == | |
| 64 ||none _(default)_||Do not have extra presence information|| | |
| 65 ||managed_entity||Receive presence stanzas (except subscriptions) from server users|| | |
| 66 ||roster||Receive all presence stanzas (except subsciptions) from server users and people in their rosters|| | |
| 67 | |
| 68 = Compatibility = | |
| 69 ||0.9||Need a patched core/mod_component.lua (see above)|| | |
| 70 | |
| 71 = Note = | |
| 72 This module is often used with (TODO) mod_delegation (c.f. XEP for more details) |