mirror of
https://github.com/jech/galene.git
synced 2024-11-22 16:45:58 +01:00
Implement "allow-tokens".
This commit is contained in:
parent
ac1dc77b30
commit
3a6551c733
3 changed files with 21 additions and 7 deletions
2
README
2
README
|
@ -111,6 +111,8 @@ following fields are allowed:
|
||||||
- `max-history-age`: the time, in seconds, during which chat history is
|
- `max-history-age`: the time, in seconds, during which chat history is
|
||||||
kept (default 14400, i.e. 4 hours);
|
kept (default 14400, i.e. 4 hours);
|
||||||
- `allow-recording`: if true, then recording is allowed in this group;
|
- `allow-recording`: if true, then recording is allowed in this group;
|
||||||
|
- `allow-tokens`: if true, then ordinary users (without the "op" privilege)
|
||||||
|
are allowed to create tokens;
|
||||||
- `allow-anonymous`: if true, then users may connect with an empty username;
|
- `allow-anonymous`: if true, then users may connect with an empty username;
|
||||||
- `allow-subgroups`: if true, then subgroups of the form `group/subgroup`
|
- `allow-subgroups`: if true, then subgroups of the form `group/subgroup`
|
||||||
are automatically created when first accessed;
|
are automatically created when first accessed;
|
||||||
|
|
|
@ -953,6 +953,9 @@ type Description struct {
|
||||||
// Whether recording is allowed.
|
// Whether recording is allowed.
|
||||||
AllowRecording bool `json:"allow-recording,omitempty"`
|
AllowRecording bool `json:"allow-recording,omitempty"`
|
||||||
|
|
||||||
|
// Whether creating tokens is allowed
|
||||||
|
AllowTokens bool `json:"allow-tokens,omitempty"`
|
||||||
|
|
||||||
// Whether subgroups are created on the fly.
|
// Whether subgroups are created on the fly.
|
||||||
AllowSubgroups bool `json:"allow-subgroups,omitempty"`
|
AllowSubgroups bool `json:"allow-subgroups,omitempty"`
|
||||||
|
|
||||||
|
@ -1115,22 +1118,31 @@ func (g *Group) getPasswordPermission(creds ClientCredentials) ([]string, error)
|
||||||
}
|
}
|
||||||
if found, good := matchClient(creds, desc.Op); found {
|
if found, good := matchClient(creds, desc.Op); found {
|
||||||
if good {
|
if good {
|
||||||
|
p := []string{"op", "present", "token"}
|
||||||
if desc.AllowRecording {
|
if desc.AllowRecording {
|
||||||
return []string{"op", "present", "record"}, nil
|
p = append(p, "record")
|
||||||
}
|
}
|
||||||
return []string{"op", "present"}, nil
|
return p, nil
|
||||||
}
|
}
|
||||||
return nil, ErrNotAuthorised
|
return nil, ErrNotAuthorised
|
||||||
}
|
}
|
||||||
if found, good := matchClient(creds, desc.Presenter); found {
|
if found, good := matchClient(creds, desc.Presenter); found {
|
||||||
if good {
|
if good {
|
||||||
return []string{"present"}, nil
|
p := []string{"present"}
|
||||||
|
if desc.AllowTokens {
|
||||||
|
p = append(p, "token")
|
||||||
|
}
|
||||||
|
return p, nil
|
||||||
}
|
}
|
||||||
return nil, ErrNotAuthorised
|
return nil, ErrNotAuthorised
|
||||||
}
|
}
|
||||||
if found, good := matchClient(creds, desc.Other); found {
|
if found, good := matchClient(creds, desc.Other); found {
|
||||||
if good {
|
if good {
|
||||||
return nil, nil
|
p := []string{}
|
||||||
|
if desc.AllowTokens {
|
||||||
|
p = append(p, "token")
|
||||||
|
}
|
||||||
|
return p, nil
|
||||||
}
|
}
|
||||||
return nil, ErrNotAuthorised
|
return nil, ErrNotAuthorised
|
||||||
}
|
}
|
||||||
|
|
|
@ -128,7 +128,7 @@ type credPerm struct {
|
||||||
var goodClients = []credPerm{
|
var goodClients = []credPerm{
|
||||||
{
|
{
|
||||||
ClientCredentials{Username: &jch, Password: "topsecret"},
|
ClientCredentials{Username: &jch, Password: "topsecret"},
|
||||||
[]string{"op", "present"},
|
[]string{"op", "present", "token"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ClientCredentials{Username: &john, Password: "secret"},
|
ClientCredentials{Username: &john, Password: "secret"},
|
||||||
|
@ -140,11 +140,11 @@ var goodClients = []credPerm{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ClientCredentials{Username: &james, Password: "secret3"},
|
ClientCredentials{Username: &james, Password: "secret3"},
|
||||||
nil,
|
[]string{},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ClientCredentials{Username: &paul, Password: "secret3"},
|
ClientCredentials{Username: &paul, Password: "secret3"},
|
||||||
nil,
|
[]string{},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue