plugins/muc/members_only: Kick non-members when members-only is turned on

[prosody.git] / plugins / muc / members_only.lib.lua

diff --git a/plugins/muc/members_only.lib.lua b/plugins/muc/members_only.lib.lua
index 84a17699a8901481d37e32199c61a43ab70f73a3..90e916174837effd85106dafa62bbe349de97b8b 100644 (file)
--- a/plugins/muc/members_only.lib.lua
+++ b/plugins/muc/members_only.lib.lua
@@ -7,6 +7,8 @@
 -- COPYING file in the source package for more information.
 --
 
+local st = require "util.stanza";
+
 local muc_util = module:require "muc/util";
 local valid_roles, valid_affiliations = muc_util.valid_roles, muc_util.valid_affiliations;
 
@@ -18,6 +20,30 @@ local function set_members_only(room, members_only)
        members_only = members_only and true or nil;
        if room._data.members_only == members_only then return false; end
        room._data.members_only = members_only;
+       if members_only then
+               --[[
+               If as a result of a change in the room configuration the room type is
+               changed to members-only but there are non-members in the room,
+               the service MUST remove any non-members from the room and include a
+               status code of 322 in the presence unavailable stanzas sent to those users
+               as well as any remaining occupants.
+               ]]
+               local occupants_changed = {};
+               for nick, occupant in room:each_occupant() do
+                       local affiliation = room:get_affiliation(occupant.bare_jid);
+                       if valid_affiliations[affiliation or "none"] <= valid_affiliations.none then
+                               occupant.role = nil;
+                               room:save_occupant(occupant);
+                               occupants_changed[occupant] = true;
+                       end
+               end
+               local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"})
+                       :tag("status", {code="322"}):up();
+               for occupant in pairs(occupants_changed) do
+                       room:publicise_occupant_status(occupant, x);
+                       module:fire_event("muc-occupant-left", {room = room; nick = occupant.nick; occupant = occupant;});
+               end
+       end
        if room.save then room:save(true); end
        return true;
 end
@@ -51,13 +77,16 @@ end);
 
 -- registration required for entering members-only room
 module:hook("muc-occupant-pre-join", function(event)
-       local room, stanza = event.room, event.stanza;
-       local affiliation = room:get_affiliation(stanza.attr.from);
-       if affiliation == nil and get_members_only(event.room) then
-               local reply = st.error_reply(stanza, "auth", "registration-required"):up();
-               reply.tags[1].attr.code = "407";
-               event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
-               return true;
+       local room = event.room;
+       if get_members_only(room) then
+               local stanza = event.stanza;
+               local affiliation = room:get_affiliation(stanza.attr.from);
+               if valid_affiliations[affiliation or "none"] <= valid_affiliations.none then
+                       local reply = st.error_reply(stanza, "auth", "registration-required"):up();
+                       reply.tags[1].attr.code = "407";
+                       event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"}));
+                       return true;
+               end
        end
 end, -5);
 
@@ -65,21 +94,32 @@ end, -5);
 -- if a member without privileges to edit the member list attempts to invite another user
 -- the service SHOULD return a <forbidden/> error to the occupant
 module:hook("muc-pre-invite", function(event)
-       local room, stanza = event.room, event.stanza;
-       if get_members_only(room) and room:get_affiliation(stanza.attr.from) or "none" < valid_affiliations.admin then
-               event.origin.send(st.error_reply(stanza, "auth", "forbidden"));
-               return true;
+       local room = event.room;
+       if get_members_only(room) then
+               local stanza = event.stanza;
+               local affiliation = room:get_affiliation(stanza.attr.from);
+               if valid_affiliations[affiliation or "none"] < valid_affiliations.admin then
+                       event.origin.send(st.error_reply(stanza, "auth", "forbidden"));
+                       return true;
+               end
        end
 end);
 
 -- When an invite is sent; add an affiliation for the invitee
 module:hook("muc-invite", function(event)
-       local room, stanza = event.room, event.stanza;
-       local invitee = stanza.attr.to;
-       if get_members_only(room) and not room:get_affiliation(invitee) then
-               local from = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("invite").attr.from;
-               module:log("debug", "%s invited %s into members only room %s, granting membership", from, invitee, room.jid);
-               room:set_affiliation(from, invitee, "member", "Invited by " .. from); -- This might fail; ignore for now
+       local room = event.room;
+       if get_members_only(room) then
+               local stanza = event.stanza;
+               local invitee = stanza.attr.to;
+               local affiliation = room:get_affiliation(invitee);
+               if valid_affiliations[affiliation or "none"] <= valid_affiliations.none then
+                       local from = stanza:get_child("x", "http://jabber.org/protocol/muc#user")
+                               :get_child("invite").attr.from;
+                       module:log("debug", "%s invited %s into members only room %s, granting membership",
+                               from, invitee, room.jid);
+                       -- This might fail; ignore for now
+                       room:set_affiliation(from, invitee, "member", "Invited by " .. from);
+               end
        end
 end);