Commit 3a6551c7 authored by Juliusz Chroboczek's avatar Juliusz Chroboczek

Implement "allow-tokens".

parent ac1dc77b
...@@ -111,6 +111,8 @@ following fields are allowed: ...@@ -111,6 +111,8 @@ following fields are allowed:
- `max-history-age`: the time, in seconds, during which chat history is - `max-history-age`: the time, in seconds, during which chat history is
kept (default 14400, i.e. 4 hours); kept (default 14400, i.e. 4 hours);
- `allow-recording`: if true, then recording is allowed in this group; - `allow-recording`: if true, then recording is allowed in this group;
- `allow-tokens`: if true, then ordinary users (without the "op" privilege)
are allowed to create tokens;
- `allow-anonymous`: if true, then users may connect with an empty username; - `allow-anonymous`: if true, then users may connect with an empty username;
- `allow-subgroups`: if true, then subgroups of the form `group/subgroup` - `allow-subgroups`: if true, then subgroups of the form `group/subgroup`
are automatically created when first accessed; are automatically created when first accessed;
......
...@@ -953,6 +953,9 @@ type Description struct { ...@@ -953,6 +953,9 @@ type Description struct {
// Whether recording is allowed. // Whether recording is allowed.
AllowRecording bool `json:"allow-recording,omitempty"` AllowRecording bool `json:"allow-recording,omitempty"`
// Whether creating tokens is allowed
AllowTokens bool `json:"allow-tokens,omitempty"`
// Whether subgroups are created on the fly. // Whether subgroups are created on the fly.
AllowSubgroups bool `json:"allow-subgroups,omitempty"` AllowSubgroups bool `json:"allow-subgroups,omitempty"`
...@@ -1115,22 +1118,31 @@ func (g *Group) getPasswordPermission(creds ClientCredentials) ([]string, error) ...@@ -1115,22 +1118,31 @@ func (g *Group) getPasswordPermission(creds ClientCredentials) ([]string, error)
} }
if found, good := matchClient(creds, desc.Op); found { if found, good := matchClient(creds, desc.Op); found {
if good { if good {
p := []string{"op", "present", "token"}
if desc.AllowRecording { if desc.AllowRecording {
return []string{"op", "present", "record"}, nil p = append(p, "record")
} }
return []string{"op", "present"}, nil return p, nil
} }
return nil, ErrNotAuthorised return nil, ErrNotAuthorised
} }
if found, good := matchClient(creds, desc.Presenter); found { if found, good := matchClient(creds, desc.Presenter); found {
if good { if good {
return []string{"present"}, nil p := []string{"present"}
if desc.AllowTokens {
p = append(p, "token")
}
return p, nil
} }
return nil, ErrNotAuthorised return nil, ErrNotAuthorised
} }
if found, good := matchClient(creds, desc.Other); found { if found, good := matchClient(creds, desc.Other); found {
if good { if good {
return nil, nil p := []string{}
if desc.AllowTokens {
p = append(p, "token")
}
return p, nil
} }
return nil, ErrNotAuthorised return nil, ErrNotAuthorised
} }
......
...@@ -128,7 +128,7 @@ type credPerm struct { ...@@ -128,7 +128,7 @@ type credPerm struct {
var goodClients = []credPerm{ var goodClients = []credPerm{
{ {
ClientCredentials{Username: &jch, Password: "topsecret"}, ClientCredentials{Username: &jch, Password: "topsecret"},
[]string{"op", "present"}, []string{"op", "present", "token"},
}, },
{ {
ClientCredentials{Username: &john, Password: "secret"}, ClientCredentials{Username: &john, Password: "secret"},
...@@ -140,11 +140,11 @@ var goodClients = []credPerm{ ...@@ -140,11 +140,11 @@ var goodClients = []credPerm{
}, },
{ {
ClientCredentials{Username: &james, Password: "secret3"}, ClientCredentials{Username: &james, Password: "secret3"},
nil, []string{},
}, },
{ {
ClientCredentials{Username: &paul, Password: "secret3"}, ClientCredentials{Username: &paul, Password: "secret3"},
nil, []string{},
}, },
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment