25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00

Add example api_permisions: definition to config template

Also expand default config to have rule for admin oauth
This commit is contained in:
Paweł Chmielowski 2017-01-13 16:53:48 +01:00
parent 7606be93d5
commit ce42b6be01
2 changed files with 36 additions and 1 deletions

View File

@ -524,6 +524,40 @@ access_rules:
## - ip: "XXX.XXX.XXX.XXX/32"
## - allow
## ===============
## API PERMISSIONS
## ===============
##
## This section allows you to define who and using what method
## can execute commands offered by ejabberd.
##
## By default "console commands" section allow executing all commands
## issued using ejabberdctl command, and "admin access" section allows
## users in admin acl to execute all commands except start and stop
## with any available access method (ejabberdctl, http-api, xmlrpc
## depending what is enabled on server).
##
## Remember to not remove "console commands" section when doing modifications
## or ejabberdctl will not be able to execute commands!
##
##
## api_permissions:
## "console commands":
## from:
## - ejabberd_ctl
## who: all
## what: "*"
## "admin access":
## who:
## - admin
## - oauth:
## - scope: "ejabberd:admin"
## - admin
## what:
## - "*"
## - "!stop"
## - "!start"
## By default the frequency of account registrations from the same IP
## is limited to 1 account every 10 minutes. To disable, specify: infinity
## registration_timeout: 600

View File

@ -237,7 +237,8 @@ get_definitions(#state{definitions = Defs, fragments_generators = Gens} = State)
{all, none}}},
{<<"admin access">>,
{[],
[{acl, admin}],
[{acl,{acl,admin}},
{oauth,[<<"ejabberd:admin">>],[{acl,{acl,admin}}]}],
{all, [start, stop]}}}],
NDefs = case Defs of
none ->