mod_pep: Implement 'roster' (group) access_model

Allows e.g. restricting your vcard4 to only family or similar. Notes: This does not include roster groups in the configuration form, so the client will have to get them from the actual roster.
2025-04-03 05:07:42 +03:00 · 2023-12-03 23:19:27 +01:00 · 2023-12-03 23:19:27 +01:00 · 83ee7e5739
commit 83ee7e5739
parent 5ef6234248
4 changed files with 26 additions and 2 deletions
--- a/1
+++ b/1
@ -67,6 +67,7 @@ TRUNK
 - When mod_smacks is enabled, s2s connections not responding to ack requests are closed.
 - Arguments to `prosodyctl shell` that start with ':' are now turned into method calls
 - Support for Type=notify and notify-reload systemd service type added
+- Support for the roster *group* access_model in mod_pep

 ## Removed

--- a/plugins/mod_pep.lua
+++ b/plugins/mod_pep.lua
@ -5,7 +5,7 @@ local jid_join = require "prosody.util.jid".join;
 local set_new = require "prosody.util.set".new;
 local st = require "prosody.util.stanza";
 local calculate_hash = require "prosody.util.caps".calculate_hash;
-local is_contact_subscribed = require "prosody.core.rostermanager".is_contact_subscribed;
+local rostermanager = require "prosody.core.rostermanager";
 local cache = require "prosody.util.cache";
 local set = require "prosody.util.set";
 local new_id = require "prosody.util.id".medium;
@ -16,6 +16,8 @@ local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
 local xmlns_pubsub_event = "http://jabber.org/protocol/pubsub#event";
 local xmlns_pubsub_owner = "http://jabber.org/protocol/pubsub#owner";

+local is_contact_subscribed = rostermanager.is_contact_subscribed;
+
 local lib_pubsub = module:require "pubsub";

 local empty_set = set_new();
@ -84,6 +86,7 @@ function check_node_config(node, actor, new_config) -- luacheck: ignore 212/node
 		return false;
 	end
 	if new_config["access_model"] ~= "presence"
+	and new_config["access_model"] ~= "roster"
 	and new_config["access_model"] ~= "whitelist"
 	and new_config["access_model"] ~= "open" then
 		return false;
@ -256,6 +259,20 @@ function get_pep_service(username)
 				end
 				return "outcast";
 			end;
+			roster = function (jid, node)
+				jid = jid_bare(jid);
+				local allowed_groups = set_new(node.config.roster_groups_allowed);
+				local roster = rostermanager.load_roster(username, host);
+				if not roster[jid] then
+					return "outcast";
+				end
+				for group in pairs(roster[jid].groups) do
+					if allowed_groups:contains(group) then
+						return "member";
+					end
+				end
+				return "outcast";
+			end;
 		};

 		jid = user_bare;
--- a/plugins/mod_pubsub/pubsub.lib.lua
+++ b/plugins/mod_pubsub/pubsub.lib.lua
@ -109,6 +109,12 @@ local node_config_form = dataform {
 			"whitelist",
 		};
 	};
+	{
+		type = "list-multi"; -- TODO some way to inject options
+		name = "roster_groups_allowed";
+		var = "pubsub#roster_groups_allowed";
+		label = "Roster groups allowed to subscribe";
+	};
 	{
 		type = "list-single";
 		name = "publish_model";
--- a/util/pubsub.lua
+++ b/util/pubsub.lua
@ -263,7 +263,7 @@ function service:get_default_affiliation(node, actor) --> affiliation
 	if self.config.access_models then
 		local check = self.config.access_models[access_model];
 		if check then
-			local aff = check(actor);
+			local aff = check(actor, node_obj);
 			if aff then
 				return aff;
 			end