<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
  <channel>
    <link>http://hg.omfa.de/prosody-hg/</link>
    <language>en-us</language>

    <title>prosody-hg: plugins/mod_auth_ldap.lua history</title>
    <description>plugins/mod_auth_ldap.lua revision history</description>
    <item>
    <title>mod_auth_ldap: Use enum option method</title>
    <link>http://hg.omfa.de/prosody-hg/log/71c28b36923f/plugins/mod_auth_ldap.lua</link>
    <description><![CDATA[mod_auth_ldap: Use enum option method]]></description>
    <author>&#75;&#105;&#109;&#32;&#65;&#108;&#118;&#101;&#102;&#117;&#114;&#32;&#60;&#122;&#97;&#115;&#104;&#64;&#122;&#97;&#115;&#104;&#46;&#115;&#101;&#62;</author>
    <pubDate>Tue, 18 Jul 2023 12:31:29 +0200</pubDate>
</item>
<item>
    <title>plugins: Prefix module imports with prosody namespace</title>
    <link>http://hg.omfa.de/prosody-hg/log/74b9e05af71e/plugins/mod_auth_ldap.lua</link>
    <description><![CDATA[plugins: Prefix module imports with prosody namespace]]></description>
    <author>&#75;&#105;&#109;&#32;&#65;&#108;&#118;&#101;&#102;&#117;&#114;&#32;&#60;&#122;&#97;&#115;&#104;&#64;&#122;&#97;&#115;&#104;&#46;&#115;&#101;&#62;</author>
    <pubDate>Fri, 24 Mar 2023 13:15:28 +0100</pubDate>
</item>
<item>
    <title>Switch to a new role-based authorization framework, removing is_admin()</title>
    <link>http://hg.omfa.de/prosody-hg/log/9061f9621330/plugins/mod_auth_ldap.lua</link>
    <description><![CDATA[Switch to a new role-based authorization framework, removing is_admin()<br/>
<br/>
We began moving away from simple &quot;is this user an admin?&quot; permission checks<br/>
before 0.12, with the introduction of mod_authz_internal and the ability to<br/>
dynamically change the roles of individual users.<br/>
<br/>
The approach in 0.12 still had various limitations however, and apart from<br/>
the introduction of roles other than &quot;admin&quot; and the ability to pull that info<br/>
from storage, not much actually changed.<br/>
<br/>
This new framework shakes things up a lot, though aims to maintain the same<br/>
functionality and behaviour on the surface for a default Prosody<br/>
configuration. That is, if you don't take advantage of any of the new<br/>
features, you shouldn't notice any change.<br/>
<br/>
The biggest change visible to developers is that usermanager.is_admin() (and<br/>
the auth provider is_admin() method) have been removed. Gone. Completely.<br/>
<br/>
Permission checks should now be performed using a new module API method:<br/>
<br/>
  module:may(action_name, context)<br/>
<br/>
This method accepts an action name, followed by either a JID (string) or<br/>
(preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g.<br/>
the standard object passed to most events). It will return true if the action<br/>
should be permitted, or false/nil otherwise.<br/>
<br/>
Modules should no longer perform permission checks based on the role name.<br/>
E.g. a lot of code previously checked if the user's role was prosody:admin<br/>
before permitting some action. Since many roles might now exist with similar<br/>
permissions, and the permissions of prosody:admin may be redefined<br/>
dynamically, it is no longer suitable to use this method for permission<br/>
checks. Use module:may().<br/>
<br/>
If you start an action name with ':' (recommended) then the current module's<br/>
name will automatically be used as a prefix.<br/>
<br/>
To define a new permission, use the new module API:<br/>
<br/>
  module:default_permission(role_name, action_name)<br/>
  module:default_permissions(role_name, { action_name[, action_name...] })<br/>
<br/>
This grants the specified role permission to execute the named action(s) by<br/>
default. This may be overridden via other mechanisms external to your module.<br/>
<br/>
The built-in roles that developers should use are:<br/>
<br/>
 - prosody:user (normal user)<br/>
 - prosody:admin (host admin)<br/>
 - prosody:operator (global admin)<br/>
<br/>
The new prosody:operator role is intended for server-wide actions (such as<br/>
shutting down Prosody).<br/>
<br/>
Finally, all usage of is_admin() in modules has been fixed by this commit.<br/>
Some of these changes were trickier than others, but no change is expected to<br/>
break existing deployments.<br/>
<br/>
EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's<br/>
very possible nobody is using this, but if someone is then we can later update<br/>
it to pull roles from LDAP somehow.]]></description>
    <author>&#77;&#97;&#116;&#116;&#104;&#101;&#119;&#32;&#87;&#105;&#108;&#100;&#32;&#60;&#109;&#119;&#105;&#108;&#100;&#49;&#64;&#103;&#109;&#97;&#105;&#108;&#46;&#99;&#111;&#109;&#62;</author>
    <pubDate>Wed, 15 Jun 2022 12:15:01 +0100</pubDate>
</item>
<item>
    <title>mod_auth_ldap: Import from prosody-modules rev f52452911187</title>
    <link>http://hg.omfa.de/prosody-hg/log/a37bf4497280/plugins/mod_auth_ldap.lua</link>
    <description><![CDATA[mod_auth_ldap: Import from prosody-modules rev f52452911187]]></description>
    <author>&#75;&#105;&#109;&#32;&#65;&#108;&#118;&#101;&#102;&#117;&#114;&#32;&#60;&#122;&#97;&#115;&#104;&#64;&#122;&#97;&#115;&#104;&#46;&#115;&#101;&#62;</author>
    <pubDate>Tue, 05 Oct 2021 17:25:01 +0200</pubDate>
</item>

  </channel>
</rss>
