Mon, 06 Dec 2021 11:27:36 +0000
rtbl_admin: Add access control around commands
165 | 1 | local verse = require "verse"; |
2 | local jid = require "util.jid"; | |
3 | local sha256 = require "util.hashes".sha256; | |
4 | ||
5 | function riddim.plugins.rtbl_admin(bot) | |
6 | bot.stream:add_plugin("pubsub"); | |
7 | ||
8 | local config = bot.config.rtbl_admin; | |
9 | ||
168
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
10 | local permitted_affiliations = config.permitted_affiliations or { admin = true, owner = true }; |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
11 | |
165 | 12 | bot:hook("commands/rtbl-add", function (command) |
168
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
13 | if config.control_room ~= (command.room and command.room.jid) then |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
14 | return; |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
15 | elseif not permitted_affiliations[command.sender.affiliation] then |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
16 | return "You have insufficient permissions to use this command"; |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
17 | end |
165 | 18 | local reported_jid = command.param and jid.prep(command.param:match("^%S+")); |
19 | local hash = sha256(reported_jid, true); | |
20 | bot.stream.pubsub(config.host, config.node):publish( | |
21 | hash, -- item id | |
22 | nil, -- options (not implemented anyway) | |
23 | -- <report xmlns="urn:xmpp:reporting:1" reason="urn:xmpp:reporting:abuse"/> | |
24 | verse.stanza("report", { | |
25 | xmlns = "urn:xmpp:reporting:1"; | |
166
95b668d73ff9
rtbl_admin: Fix reason string (abuse is defined to be the most generic)
Matthew Wild <mwild1@gmail.com>
parents:
165
diff
changeset
|
26 | reason = "urn:xmpp:reporting:abuse"; }), |
165 | 27 | function (success) -- callback |
28 | if not success then | |
29 | command:reply("Failed to update RTBL"); | |
30 | return; | |
31 | end | |
32 | command:reply("RTBL entry added"); | |
33 | end | |
34 | ); | |
168
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
35 | return true; |
165 | 36 | end); |
37 | ||
38 | bot:hook("commands/rtbl-remove", function (command) | |
168
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
39 | if config.control_room ~= (command.room and command.room.jid) then |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
40 | return; |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
41 | elseif not permitted_affiliations[command.sender.affiliation] then |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
42 | return "You have insufficient permissions to use this command"; |
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
43 | end |
165 | 44 | local reported_jid = command.param and jid.prep(command.param:match("^%S+")); |
45 | local hash = sha256(reported_jid, true); | |
46 | bot.stream.pubsub(config.host, config.node):retract( | |
47 | hash, -- item id | |
167
2073137bc943
rtbl_admin: Notify subscribers on item removal (requires verse 98dc1750584d)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
48 | true, -- notify subscribers |
165 | 49 | function (success) -- callback |
50 | if not success then | |
51 | command:reply("Failed to update RTBL"); | |
52 | return; | |
53 | end | |
54 | command:reply("RTBL entry removed"); | |
55 | end | |
56 | ); | |
168
1c2b8d10ceed
rtbl_admin: Add access control around commands
Matthew Wild <mwild1@gmail.com>
parents:
167
diff
changeset
|
57 | return true; |
165 | 58 | end); |
59 | end |