mix: Implement access control for channel creation

Oh, and create the messages node on room creation

mod_mix/mod_mix.lua

@@ -22,7 +22,7 @@ local persistent_channel_data = module:open_store("mix_data", "keyval");
 -- Configuration
 local default_channel_description = module:get_option("default_description", "A MIX channel for chatting");
 local default_channel_name = module:get_option("default_name", "MIX channel");
-local restrict_local_channel_creation = module:get_option("restrict_local_channels", true);
+local restrict_channel_creation = module:get_option("restrict_local_channels", "local");
 
 module:depends("disco");
 -- module:depends("mam"); TODO: Once message sending works
@@ -185,6 +185,24 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(eve
     return true;
 end);
 
+function can_create_channels(user)
+    -- Returns true when the jid is allowed to create MIX channels. False otherwise.
+    if restrict_channel_creation == "local" then
+        -- NOTE: Taken from plugins/muc/mod_muc.lua
+        local host_suffix = host:gsub("^[^%.]+%.", "");
+        module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(user), host_suffix);
+        
+        if jid.host(user) == host_suffix then
+            return true;
+        else
+            return false;
+        end
+    end
+
+    -- TODO: Handle also true/"admin" (See mod_muc)
+    return true;
+end
+
 module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
     module:log("debug", "IQ-GET host disco#info");
     
@@ -196,14 +214,8 @@ module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(
                         :tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up()
                         :tag("feature", { var = mix_core_xmlns }):up();
 
-    -- TODO: This should also check for admin and an array
+    if can_create_channels(stanza.attr.from) then
-    if restrict_channel_creation == "local" then
+        reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
-        -- NOTE: Taken from plugins/muc/mod_muc.lua
-        local host_suffix = host:gsub("^[^%.]+%.", "");
-        module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(stanza.attr.from), host_suffix);
-        if jid.host(stanza.attr.from) == host_suffix then 
-            reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
-        end
     end
 end);
 
@@ -409,6 +421,7 @@ function create_channel(node, creator, adhoc)
     channel:publish_info(srv);
     -- TODO: This seems bad
     srv:create("urn:xmpp:mix:nodes:participants", true, { ["access_model"] = "open"});
+    srv:create("urn:xmpp:mix:nodes:messages", true, { ["access_model"] = "open"});
     table.insert(channels, channel);
 end
 
@@ -417,6 +430,12 @@ module:hook("iq-set/host/"..mix_core_xmlns..":create", function(event)
     local origin, stanza = event.origin, event.stanza;
     local from = jid.bare(stanza.attr.from);
 
+    -- Check permissions
+    if not can_create_channels(from) then
+        origin.send(st.error_reply(stanza, "cancel", "forbidden", "Not authorized to create channels"));
+        return;
+    end
+
     local create = stanza:get_child("create", mix_core_xmlns);
     local node;
     if create.attr.channel ~= nil then
@@ -465,7 +484,7 @@ module:hook("iq-set/host/"..mix_core_xmlns..":destroy", function(event)
         origin.send(channel_not_found(stanza));
         return;
     end
-    -- TODO: Check permissions
+    -- TODO: Check permissions: can_create_channels and maybe compare to the contact JIDs
     
     -- Remove all registered nodes
     local srv = pep.get_pep_service(node);