mix: Implement access control for channel creation
Oh, and create the messages node on room creation
This commit is contained in:
parent
8f26efc94d
commit
08fd566334
@ -22,7 +22,7 @@ local persistent_channel_data = module:open_store("mix_data", "keyval");
|
||||
-- Configuration
|
||||
local default_channel_description = module:get_option("default_description", "A MIX channel for chatting");
|
||||
local default_channel_name = module:get_option("default_name", "MIX channel");
|
||||
local restrict_local_channel_creation = module:get_option("restrict_local_channels", true);
|
||||
local restrict_channel_creation = module:get_option("restrict_local_channels", "local");
|
||||
|
||||
module:depends("disco");
|
||||
-- module:depends("mam"); TODO: Once message sending works
|
||||
@ -185,6 +185,24 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(eve
|
||||
return true;
|
||||
end);
|
||||
|
||||
function can_create_channels(user)
|
||||
-- Returns true when the jid is allowed to create MIX channels. False otherwise.
|
||||
if restrict_channel_creation == "local" then
|
||||
-- NOTE: Taken from plugins/muc/mod_muc.lua
|
||||
local host_suffix = host:gsub("^[^%.]+%.", "");
|
||||
module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(user), host_suffix);
|
||||
|
||||
if jid.host(user) == host_suffix then
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
end
|
||||
end
|
||||
|
||||
-- TODO: Handle also true/"admin" (See mod_muc)
|
||||
return true;
|
||||
end
|
||||
|
||||
module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
|
||||
module:log("debug", "IQ-GET host disco#info");
|
||||
|
||||
@ -196,14 +214,8 @@ module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(
|
||||
:tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up()
|
||||
:tag("feature", { var = mix_core_xmlns }):up();
|
||||
|
||||
-- TODO: This should also check for admin and an array
|
||||
if restrict_channel_creation == "local" then
|
||||
-- NOTE: Taken from plugins/muc/mod_muc.lua
|
||||
local host_suffix = host:gsub("^[^%.]+%.", "");
|
||||
module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(stanza.attr.from), host_suffix);
|
||||
if jid.host(stanza.attr.from) == host_suffix then
|
||||
reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
|
||||
end
|
||||
if can_create_channels(stanza.attr.from) then
|
||||
reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
|
||||
end
|
||||
end);
|
||||
|
||||
@ -409,6 +421,7 @@ function create_channel(node, creator, adhoc)
|
||||
channel:publish_info(srv);
|
||||
-- TODO: This seems bad
|
||||
srv:create("urn:xmpp:mix:nodes:participants", true, { ["access_model"] = "open"});
|
||||
srv:create("urn:xmpp:mix:nodes:messages", true, { ["access_model"] = "open"});
|
||||
table.insert(channels, channel);
|
||||
end
|
||||
|
||||
@ -417,6 +430,12 @@ module:hook("iq-set/host/"..mix_core_xmlns..":create", function(event)
|
||||
local origin, stanza = event.origin, event.stanza;
|
||||
local from = jid.bare(stanza.attr.from);
|
||||
|
||||
-- Check permissions
|
||||
if not can_create_channels(from) then
|
||||
origin.send(st.error_reply(stanza, "cancel", "forbidden", "Not authorized to create channels"));
|
||||
return;
|
||||
end
|
||||
|
||||
local create = stanza:get_child("create", mix_core_xmlns);
|
||||
local node;
|
||||
if create.attr.channel ~= nil then
|
||||
@ -465,7 +484,7 @@ module:hook("iq-set/host/"..mix_core_xmlns..":destroy", function(event)
|
||||
origin.send(channel_not_found(stanza));
|
||||
return;
|
||||
end
|
||||
-- TODO: Check permissions
|
||||
-- TODO: Check permissions: can_create_channels and maybe compare to the contact JIDs
|
||||
|
||||
-- Remove all registered nodes
|
||||
local srv = pep.get_pep_service(node);
|
||||
|
Loading…
Reference in New Issue
Block a user