diff options
| author | Badlop <badlop@process-one.net> | 2013-12-04 14:55:21 +0100 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2013-12-04 14:57:44 +0100 |
| commit | 5a1300bc7019c603a777b173bd62cc309d74da8d (patch) | |
| tree | 8bcd2fba2c8e1a4f9a5baa6270158654e104d4b4 /doc | |
| parent | bind values for get_parentnodes_tree (diff) | |
Add access rule to mod_roster (EJAB-72)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guide.tex | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/guide.tex b/doc/guide.tex index 4d3b2b4ff..468faf009 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -4039,6 +4039,13 @@ Options: This option is disabled by default. Important: if you use \modsharedroster{} or \modsharedrosterldap{}, you must disable this option. + \titem{access} \ind{options!access} + This option can be configured to specify rules to restrict roster management. + If a rule returns `deny' on the requested user name, + that user cannot modify his personal roster: + not add/remove/modify contacts, + or subscribe/unsubscribe presence. + By default there aren't restrictions. \end{description} This example configuration enables Roster Versioning with storage of current id: @@ -4051,6 +4058,24 @@ modules: ... \end{verbatim} +With this example configuration, only admins can manage their rosters; +everybody else cannot modify the roster: +\begin{verbatim} +acl: + admin: + user: + - "sarah": "example.org" +access: + roster: + admin: allow + +modules: + ... + mod_roster: + access: roster + ... +\end{verbatim} + \makesubsection{modservicelog}{\modservicelog{}} \ind{modules!\modservicelog{}}\ind{message auditing}\ind{Bandersnatch} |