mod_authz_internal

Usage

mod_authz_internal provides roles that determine access to certain functions based on internal information sourced from the config file and stored account information.

Configuration

-- Select authorization provider
authorization = "internal"

admins = {
    "admin@example.org",
    "other-admin@example.org",
}

default_user_role = "prosody:registered"
host_user_role = "prosody:registered"
server_user_role = nil
public_user_role = nil

custom_roles = {}
add_permissions = {}
remove_permissions = {}

Role defaults

On VirtualHosts

default_user_role specifies the role assigned to users who don’t have a role set in storage. Defaults to "prosody:registered" when anonymous authentication is used. Defaults to "prosody:registered" on hosts with other authentication configured.

On Components

host_user_role determines the role assigned to users from the parent domain of Components. Defaults to "prosody:registered".

server_user_role determines the role assigned to users from hosts other than the parent domain. Defaults to no role.

public_user_role determines the role assigned to users from hosts not covered by the above settings, including remote servers. Defaults to no role.

Custom Roles

Custom role definitions are declared with the custom_roles setting.

Example:

custom_roles = {
    -- a list of cusom roles
    {
        -- properties
        name = "my-custom-role";
        priority = 20;
        inherits = { "proosdy:registered" };
    };
    {
        -- properties
        name = "my-other-custom-role";
        priority = 25;
        inherits = { "my-custom-role" };
    };
    -- and so on
}