Implement "allow-tokens".

3a6551c7 · Juliusz Chroboczek · ac1dc77b · 3a6551c7 · 3a6551c7 · 3a6551c7
Commit 3a6551c7 authored Apr 03, 2023 by Juliusz Chroboczek
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 7 deletions

README README +2 -0

group/group.go group/group.go +16 -4

group/group_test.go group/group_test.go +3 -3

No files found.
--- a/README
+++ b/README
@@ -111,6 +111,8 @@ following fields are allowed:
 - `max-history-age`: the time, in seconds, during which chat history is
   kept (default 14400, i.e. 4 hours);
 - `allow-recording`: if true, then recording is allowed in this group;
+ - `allow-tokens`: if true, then ordinary users (without the "op" privilege)
+   are allowed to create tokens;
 - `allow-anonymous`: if true, then users may connect with an empty username;
 - `allow-subgroups`: if true, then subgroups of the form `group/subgroup`
   are automatically created when first accessed;

--- a/group/group.go
+++ b/group/group.go
@@ -953,6 +953,9 @@ type Description struct {
 	// Whether recording is allowed.
 	AllowRecording bool `json:"allow-recording,omitempty"`
+	// Whether creating tokens is allowed
+	AllowTokens bool `json:"allow-tokens,omitempty"`
 	// Whether subgroups are created on the fly.
 	AllowSubgroups bool `json:"allow-subgroups,omitempty"`
@@ -1115,22 +1118,31 @@ func (g *Group) getPasswordPermission(creds ClientCredentials) ([]string, error)
 	}
 	if found, good := matchClient(creds, desc.Op); found {
 		if good {
+			p := []string{"op", "present", "token"}
 			if desc.AllowRecording {
-				return []string{"op", "present", "record"}, nil
+				p = append(p, "record")
 			}
-			return []string{"op", "present"}, nil
+			return p, nil
 		}
 		return nil, ErrNotAuthorised
 	}
 	if found, good := matchClient(creds, desc.Presenter); found {
 		if good {
-			return []string{"present"}, nil
+			p := []string{"present"}
+			if desc.AllowTokens {
+				p = append(p, "token")
+			}
+			return p, nil
 		}
 		return nil, ErrNotAuthorised
 	}
 	if found, good := matchClient(creds, desc.Other); found {
 		if good {
-			return nil, nil
+			p := []string{}
+			if desc.AllowTokens {
+				p = append(p, "token")
+			}
+			return p, nil
 		}
 		return nil, ErrNotAuthorised
 	}

--- a/group/group_test.go
+++ b/group/group_test.go
@@ -128,7 +128,7 @@ type credPerm struct {
 var goodClients = []credPerm{
 	{
 		ClientCredentials{Username: &jch, Password: "topsecret"},
-		[]string{"op", "present"},
+		[]string{"op", "present", "token"},
 	},
 	{
 		ClientCredentials{Username: &john, Password: "secret"},
@@ -140,11 +140,11 @@ var goodClients = []credPerm{
 	},
 	{
 		ClientCredentials{Username: &james, Password: "secret3"},
-		nil,
+		[]string{},
 	},
 	{
 		ClientCredentials{Username: &paul, Password: "secret3"},
-		nil,
+		[]string{},
 	},
 }