1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 16:45:58 +01:00

Implement "allow-tokens".

This commit is contained in:
Juliusz Chroboczek 2023-04-03 20:09:22 +02:00
parent ac1dc77b30
commit 3a6551c733
3 changed files with 21 additions and 7 deletions

2
README
View file

@ -111,6 +111,8 @@ following fields are allowed:
- `max-history-age`: the time, in seconds, during which chat history is - `max-history-age`: the time, in seconds, during which chat history is
kept (default 14400, i.e. 4 hours); kept (default 14400, i.e. 4 hours);
- `allow-recording`: if true, then recording is allowed in this group; - `allow-recording`: if true, then recording is allowed in this group;
- `allow-tokens`: if true, then ordinary users (without the "op" privilege)
are allowed to create tokens;
- `allow-anonymous`: if true, then users may connect with an empty username; - `allow-anonymous`: if true, then users may connect with an empty username;
- `allow-subgroups`: if true, then subgroups of the form `group/subgroup` - `allow-subgroups`: if true, then subgroups of the form `group/subgroup`
are automatically created when first accessed; are automatically created when first accessed;

View file

@ -953,6 +953,9 @@ type Description struct {
// Whether recording is allowed. // Whether recording is allowed.
AllowRecording bool `json:"allow-recording,omitempty"` AllowRecording bool `json:"allow-recording,omitempty"`
// Whether creating tokens is allowed
AllowTokens bool `json:"allow-tokens,omitempty"`
// Whether subgroups are created on the fly. // Whether subgroups are created on the fly.
AllowSubgroups bool `json:"allow-subgroups,omitempty"` AllowSubgroups bool `json:"allow-subgroups,omitempty"`
@ -1115,22 +1118,31 @@ func (g *Group) getPasswordPermission(creds ClientCredentials) ([]string, error)
} }
if found, good := matchClient(creds, desc.Op); found { if found, good := matchClient(creds, desc.Op); found {
if good { if good {
p := []string{"op", "present", "token"}
if desc.AllowRecording { if desc.AllowRecording {
return []string{"op", "present", "record"}, nil p = append(p, "record")
} }
return []string{"op", "present"}, nil return p, nil
} }
return nil, ErrNotAuthorised return nil, ErrNotAuthorised
} }
if found, good := matchClient(creds, desc.Presenter); found { if found, good := matchClient(creds, desc.Presenter); found {
if good { if good {
return []string{"present"}, nil p := []string{"present"}
if desc.AllowTokens {
p = append(p, "token")
}
return p, nil
} }
return nil, ErrNotAuthorised return nil, ErrNotAuthorised
} }
if found, good := matchClient(creds, desc.Other); found { if found, good := matchClient(creds, desc.Other); found {
if good { if good {
return nil, nil p := []string{}
if desc.AllowTokens {
p = append(p, "token")
}
return p, nil
} }
return nil, ErrNotAuthorised return nil, ErrNotAuthorised
} }

View file

@ -128,7 +128,7 @@ type credPerm struct {
var goodClients = []credPerm{ var goodClients = []credPerm{
{ {
ClientCredentials{Username: &jch, Password: "topsecret"}, ClientCredentials{Username: &jch, Password: "topsecret"},
[]string{"op", "present"}, []string{"op", "present", "token"},
}, },
{ {
ClientCredentials{Username: &john, Password: "secret"}, ClientCredentials{Username: &john, Password: "secret"},
@ -140,11 +140,11 @@ var goodClients = []credPerm{
}, },
{ {
ClientCredentials{Username: &james, Password: "secret3"}, ClientCredentials{Username: &james, Password: "secret3"},
nil, []string{},
}, },
{ {
ClientCredentials{Username: &paul, Password: "secret3"}, ClientCredentials{Username: &paul, Password: "secret3"},
nil, []string{},
}, },
} }