From 5a1300bc7019c603a777b173bd62cc309d74da8d Mon Sep 17 00:00:00 2001 From: Badlop Date: Wed, 4 Dec 2013 14:55:21 +0100 Subject: Add access rule to mod_roster (EJAB-72) --- doc/guide.tex | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'doc/guide.tex') diff --git a/doc/guide.tex b/doc/guide.tex index 4d3b2b4ff..468faf009 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -4039,6 +4039,13 @@ Options: This option is disabled by default. Important: if you use \modsharedroster{} or \modsharedrosterldap{}, you must disable this option. + \titem{access} \ind{options!access} + This option can be configured to specify rules to restrict roster management. + If a rule returns `deny' on the requested user name, + that user cannot modify his personal roster: + not add/remove/modify contacts, + or subscribe/unsubscribe presence. + By default there aren't restrictions. \end{description} This example configuration enables Roster Versioning with storage of current id: @@ -4051,6 +4058,24 @@ modules: ... \end{verbatim} +With this example configuration, only admins can manage their rosters; +everybody else cannot modify the roster: +\begin{verbatim} +acl: + admin: + user: + - "sarah": "example.org" +access: + roster: + admin: allow + +modules: + ... + mod_roster: + access: roster + ... +\end{verbatim} + \makesubsection{modservicelog}{\modservicelog{}} \ind{modules!\modservicelog{}}\ind{message auditing}\ind{Bandersnatch} -- cgit v1.2.3