From 3a6551c7335886321ee00dc2ad31a2ed702513fb Mon Sep 17 00:00:00 2001 From: Juliusz Chroboczek Date: Mon, 3 Apr 2023 20:09:22 +0200 Subject: [PATCH] Implement "allow-tokens". --- README | 2 ++ group/group.go | 20 ++++++++++++++++---- group/group_test.go | 6 +++--- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/README b/README index ffb18cd..b82bb60 100644 --- a/README +++ b/README @@ -111,6 +111,8 @@ following fields are allowed: - `max-history-age`: the time, in seconds, during which chat history is kept (default 14400, i.e. 4 hours); - `allow-recording`: if true, then recording is allowed in this group; + - `allow-tokens`: if true, then ordinary users (without the "op" privilege) + are allowed to create tokens; - `allow-anonymous`: if true, then users may connect with an empty username; - `allow-subgroups`: if true, then subgroups of the form `group/subgroup` are automatically created when first accessed; diff --git a/group/group.go b/group/group.go index 7d6e8d2..f9a3e22 100644 --- a/group/group.go +++ b/group/group.go @@ -953,6 +953,9 @@ type Description struct { // Whether recording is allowed. AllowRecording bool `json:"allow-recording,omitempty"` + // Whether creating tokens is allowed + AllowTokens bool `json:"allow-tokens,omitempty"` + // Whether subgroups are created on the fly. AllowSubgroups bool `json:"allow-subgroups,omitempty"` @@ -1115,22 +1118,31 @@ func (g *Group) getPasswordPermission(creds ClientCredentials) ([]string, error) } if found, good := matchClient(creds, desc.Op); found { if good { + p := []string{"op", "present", "token"} if desc.AllowRecording { - return []string{"op", "present", "record"}, nil + p = append(p, "record") } - return []string{"op", "present"}, nil + return p, nil } return nil, ErrNotAuthorised } if found, good := matchClient(creds, desc.Presenter); found { if good { - return []string{"present"}, nil + p := []string{"present"} + if desc.AllowTokens { + p = append(p, "token") + } + return p, nil } return nil, ErrNotAuthorised } if found, good := matchClient(creds, desc.Other); found { if good { - return nil, nil + p := []string{} + if desc.AllowTokens { + p = append(p, "token") + } + return p, nil } return nil, ErrNotAuthorised } diff --git a/group/group_test.go b/group/group_test.go index 7be200b..678a517 100644 --- a/group/group_test.go +++ b/group/group_test.go @@ -128,7 +128,7 @@ type credPerm struct { var goodClients = []credPerm{ { ClientCredentials{Username: &jch, Password: "topsecret"}, - []string{"op", "present"}, + []string{"op", "present", "token"}, }, { ClientCredentials{Username: &john, Password: "secret"}, @@ -140,11 +140,11 @@ var goodClients = []credPerm{ }, { ClientCredentials{Username: &james, Password: "secret3"}, - nil, + []string{}, }, { ClientCredentials{Username: &paul, Password: "secret3"}, - nil, + []string{}, }, }