rtbl_admin: Add access control around commands default tip

Mon, 06 Dec 2021 11:27:36 +0000

author
Matthew Wild <mwild1@gmail.com>
date
Mon, 06 Dec 2021 11:27:36 +0000
changeset 168
1c2b8d10ceed
parent 167
2073137bc943

rtbl_admin: Add access control around commands

plugins/rtbl_admin.lua file | annotate | diff | comparison | revisions
--- a/plugins/rtbl_admin.lua	Mon Dec 06 11:27:16 2021 +0000
+++ b/plugins/rtbl_admin.lua	Mon Dec 06 11:27:36 2021 +0000
@@ -7,7 +7,14 @@
 
 	local config = bot.config.rtbl_admin;
 
+	local permitted_affiliations = config.permitted_affiliations or { admin = true, owner = true };
+
 	bot:hook("commands/rtbl-add", function (command)
+		if config.control_room ~= (command.room and command.room.jid) then
+			return;
+		elseif not permitted_affiliations[command.sender.affiliation] then
+			return "You have insufficient permissions to use this command";
+		end
 		local reported_jid = command.param and jid.prep(command.param:match("^%S+"));
 		local hash = sha256(reported_jid, true);
 		bot.stream.pubsub(config.host, config.node):publish(
@@ -25,9 +32,15 @@
 				command:reply("RTBL entry added");
 			end
 		);
+		return true;
 	end);
 
 	bot:hook("commands/rtbl-remove", function (command)
+		if config.control_room ~= (command.room and command.room.jid) then
+			return;
+		elseif not permitted_affiliations[command.sender.affiliation] then
+			return "You have insufficient permissions to use this command";
+		end
 		local reported_jid = command.param and jid.prep(command.param:match("^%S+"));
 		local hash = sha256(reported_jid, true);
 		bot.stream.pubsub(config.host, config.node):retract(
@@ -41,5 +54,6 @@
 				command:reply("RTBL entry removed");
 			end
 		);
+		return true;
 	end);
 end

mercurial