mix: Implement access control for channel creation
Oh, and create the messages node on room creation
This commit is contained in:
parent
8f26efc94d
commit
08fd566334
@ -22,7 +22,7 @@ local persistent_channel_data = module:open_store("mix_data", "keyval");
|
|||||||
-- Configuration
|
-- Configuration
|
||||||
local default_channel_description = module:get_option("default_description", "A MIX channel for chatting");
|
local default_channel_description = module:get_option("default_description", "A MIX channel for chatting");
|
||||||
local default_channel_name = module:get_option("default_name", "MIX channel");
|
local default_channel_name = module:get_option("default_name", "MIX channel");
|
||||||
local restrict_local_channel_creation = module:get_option("restrict_local_channels", true);
|
local restrict_channel_creation = module:get_option("restrict_local_channels", "local");
|
||||||
|
|
||||||
module:depends("disco");
|
module:depends("disco");
|
||||||
-- module:depends("mam"); TODO: Once message sending works
|
-- module:depends("mam"); TODO: Once message sending works
|
||||||
@ -185,6 +185,24 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(eve
|
|||||||
return true;
|
return true;
|
||||||
end);
|
end);
|
||||||
|
|
||||||
|
function can_create_channels(user)
|
||||||
|
-- Returns true when the jid is allowed to create MIX channels. False otherwise.
|
||||||
|
if restrict_channel_creation == "local" then
|
||||||
|
-- NOTE: Taken from plugins/muc/mod_muc.lua
|
||||||
|
local host_suffix = host:gsub("^[^%.]+%.", "");
|
||||||
|
module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(user), host_suffix);
|
||||||
|
|
||||||
|
if jid.host(user) == host_suffix then
|
||||||
|
return true;
|
||||||
|
else
|
||||||
|
return false;
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- TODO: Handle also true/"admin" (See mod_muc)
|
||||||
|
return true;
|
||||||
|
end
|
||||||
|
|
||||||
module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
|
module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
|
||||||
module:log("debug", "IQ-GET host disco#info");
|
module:log("debug", "IQ-GET host disco#info");
|
||||||
|
|
||||||
@ -196,15 +214,9 @@ module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(
|
|||||||
:tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up()
|
:tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up()
|
||||||
:tag("feature", { var = mix_core_xmlns }):up();
|
:tag("feature", { var = mix_core_xmlns }):up();
|
||||||
|
|
||||||
-- TODO: This should also check for admin and an array
|
if can_create_channels(stanza.attr.from) then
|
||||||
if restrict_channel_creation == "local" then
|
|
||||||
-- NOTE: Taken from plugins/muc/mod_muc.lua
|
|
||||||
local host_suffix = host:gsub("^[^%.]+%.", "");
|
|
||||||
module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(stanza.attr.from), host_suffix);
|
|
||||||
if jid.host(stanza.attr.from) == host_suffix then
|
|
||||||
reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
|
reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
|
||||||
end
|
end
|
||||||
end
|
|
||||||
end);
|
end);
|
||||||
|
|
||||||
module:hook("iq-get/bare/http://jabber.org/protocol/disco#info:query", function(event)
|
module:hook("iq-get/bare/http://jabber.org/protocol/disco#info:query", function(event)
|
||||||
@ -409,6 +421,7 @@ function create_channel(node, creator, adhoc)
|
|||||||
channel:publish_info(srv);
|
channel:publish_info(srv);
|
||||||
-- TODO: This seems bad
|
-- TODO: This seems bad
|
||||||
srv:create("urn:xmpp:mix:nodes:participants", true, { ["access_model"] = "open"});
|
srv:create("urn:xmpp:mix:nodes:participants", true, { ["access_model"] = "open"});
|
||||||
|
srv:create("urn:xmpp:mix:nodes:messages", true, { ["access_model"] = "open"});
|
||||||
table.insert(channels, channel);
|
table.insert(channels, channel);
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -417,6 +430,12 @@ module:hook("iq-set/host/"..mix_core_xmlns..":create", function(event)
|
|||||||
local origin, stanza = event.origin, event.stanza;
|
local origin, stanza = event.origin, event.stanza;
|
||||||
local from = jid.bare(stanza.attr.from);
|
local from = jid.bare(stanza.attr.from);
|
||||||
|
|
||||||
|
-- Check permissions
|
||||||
|
if not can_create_channels(from) then
|
||||||
|
origin.send(st.error_reply(stanza, "cancel", "forbidden", "Not authorized to create channels"));
|
||||||
|
return;
|
||||||
|
end
|
||||||
|
|
||||||
local create = stanza:get_child("create", mix_core_xmlns);
|
local create = stanza:get_child("create", mix_core_xmlns);
|
||||||
local node;
|
local node;
|
||||||
if create.attr.channel ~= nil then
|
if create.attr.channel ~= nil then
|
||||||
@ -465,7 +484,7 @@ module:hook("iq-set/host/"..mix_core_xmlns..":destroy", function(event)
|
|||||||
origin.send(channel_not_found(stanza));
|
origin.send(channel_not_found(stanza));
|
||||||
return;
|
return;
|
||||||
end
|
end
|
||||||
-- TODO: Check permissions
|
-- TODO: Check permissions: can_create_channels and maybe compare to the contact JIDs
|
||||||
|
|
||||||
-- Remove all registered nodes
|
-- Remove all registered nodes
|
||||||
local srv = pep.get_pep_service(node);
|
local srv = pep.get_pep_service(node);
|
||||||
|
Loading…
Reference in New Issue
Block a user