mod_authz_internal

Usage

mod_authz_internal provides roles that determine access to certain functions based on internal information sourced from the config file and stored account information.

Configuration

-- Select authorization provider
authorization = "internal"

admins = {
    "admin@example.org",
    "other-admin@example.org",
}

default_user_role = "prosody:registered"
host_user_role = "prosody:registered"
server_user_role = nil
public_user_role = nil

custom_roles = {}
add_permissions = {}
remove_permissions = {}

Role defaults

On VirtualHosts

default_user_role specifies the role assigned to users who don’t have a role set in storage. Defaults to "prosody:registered" when anonymous authentication is used. Defaults to "prosody:registered" on hosts with other authentication configured.

On Components

host_user_role determines the role assigned to users from the parent domain of Components. Defaults to "prosody:registered".

server_user_role determines the role assigned to users from hosts other than the parent domain. Defaults to "prosody:guest".

public_user_role determines the role assigned to users from hosts not covered by the above settings, including remote servers. Defaults to "prosody:guest".

Custom Roles

Custom role definitions are declared with the custom_roles setting.

Example:

custom_roles = {
    -- a list of cusom roles
    {
        -- properties
        name = "my-custom-role";
        priority = 20;
        inherits = { "proosdy:registered" };
    };
    {
        -- properties
        name = "my-other-custom-role";
        priority = 25;
        inherits = { "my-custom-role" };
    };
    -- and so on
}