mod_pubsub: Check new role framework for node creation privileges

This enables granting regular users permission to create nodes via the new roles framework. Previously this required either making everyone an admin or writing a custom mod_pubsub variant with different permission details. Previous default behavior of only allowing creation by admin is kept as to not give out unexpected permissions on upgrade, but could be reevaluated at a later time. Fixes #1324
2025-04-01 20:27:39 +03:00 · 2024-10-13 13:03:08 +02:00 · 2024-10-13 13:03:08 +02:00 · eb612ac519
commit eb612ac519
parent 712540db35
1 changed files with 14 additions and 2 deletions
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@ -190,10 +190,22 @@ module:hook("host-disco-items", function (event)
 end);

 local admin_aff = module:get_option_enum("default_admin_affiliation", "owner", "publisher", "member", "outcast", "none");
+
 module:default_permission("prosody:admin", ":service-admin");
-local function get_affiliation(jid)
+module:default_permission("prosody:admin", ":create-node");
+
+local function get_affiliation(jid, _, action)
 	local bare_jid = jid_bare(jid);
-	if bare_jid == module.host or module:may(":service-admin", bare_jid) then
+	if bare_jid == module.host then
+		-- The host itself (i.e. local modules) is treated as an admin.
+		-- Check this first as to avoid sendig a host JID to :may()
+		return admin_aff;
+	end
+	if action == "create" and module:may(":create-node", bare_jid) then
+		-- Only one affiliation is allowed to create nodes by default
+		return "owner";
+	end
+	if module:may(":service-admin", bare_jid) then
 		return admin_aff;
 	end
 end