mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
Add example api_permisions: definition to config template
Also expand default config to have rule for admin oauth
This commit is contained in:
parent
7606be93d5
commit
ce42b6be01
@ -524,6 +524,40 @@ access_rules:
|
||||
## - ip: "XXX.XXX.XXX.XXX/32"
|
||||
## - allow
|
||||
|
||||
## ===============
|
||||
## API PERMISSIONS
|
||||
## ===============
|
||||
##
|
||||
## This section allows you to define who and using what method
|
||||
## can execute commands offered by ejabberd.
|
||||
##
|
||||
## By default "console commands" section allow executing all commands
|
||||
## issued using ejabberdctl command, and "admin access" section allows
|
||||
## users in admin acl to execute all commands except start and stop
|
||||
## with any available access method (ejabberdctl, http-api, xmlrpc
|
||||
## depending what is enabled on server).
|
||||
##
|
||||
## Remember to not remove "console commands" section when doing modifications
|
||||
## or ejabberdctl will not be able to execute commands!
|
||||
##
|
||||
##
|
||||
## api_permissions:
|
||||
## "console commands":
|
||||
## from:
|
||||
## - ejabberd_ctl
|
||||
## who: all
|
||||
## what: "*"
|
||||
## "admin access":
|
||||
## who:
|
||||
## - admin
|
||||
## - oauth:
|
||||
## - scope: "ejabberd:admin"
|
||||
## - admin
|
||||
## what:
|
||||
## - "*"
|
||||
## - "!stop"
|
||||
## - "!start"
|
||||
|
||||
## By default the frequency of account registrations from the same IP
|
||||
## is limited to 1 account every 10 minutes. To disable, specify: infinity
|
||||
## registration_timeout: 600
|
||||
|
@ -237,7 +237,8 @@ get_definitions(#state{definitions = Defs, fragments_generators = Gens} = State)
|
||||
{all, none}}},
|
||||
{<<"admin access">>,
|
||||
{[],
|
||||
[{acl, admin}],
|
||||
[{acl,{acl,admin}},
|
||||
{oauth,[<<"ejabberd:admin">>],[{acl,{acl,admin}}]}],
|
||||
{all, [start, stop]}}}],
|
||||
NDefs = case Defs of
|
||||
none ->
|
||||
|
Loading…
Reference in New Issue
Block a user